Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Annoying Virus I Can't Get Rid Of [CLOSED]

Started by j_r_auden , Jul 23 2005 11:45 PM

  • This topic is locked This topic is locked

#1
j_r_auden
Posted 23 July 2005 - 11:45 PM

j_r_auden

    Member

  • Member
  • PipPip
  • 17 posts
I have read several of your posts, but I can not seem to get rid of this annoying virus. I know that the virus I have is ProSiteFinder, but it does not show up in the HiJackThis Log. I don't know why. Here is a copy of my log, please help. I really appreciate you guys doing this, I called a local IT company and they wanted $200 an hour to come out. I can't afford that.
Also, one more quick question. I have tried rebooting my computer in safe mode (pressing F8 once the computer starts up) but it does not work. I am running XP Professional. Any ideas why this might be. I can tell the OS is trying to do something because it freezes and I have to manually shut down(turn the power off) and restart.
Thanks again,
James

Logfile of HijackThis v1.99.1
Scan saved at 12:18:20 AM, on 7/24/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ipdv32.exe
C:\WINDOWS\system32\combo.exe
C:\WINDOWS\system32\intell32.exe
C:\Documents and Settings\JAuden\Desktop\James\AntiVirus\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\xfuib.dll/sp.html#49977
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\xfuib.dll/sp.html#49977
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\xfuib.dll/sp.html#49977
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\xfuib.dll/sp.html#49977
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\xfuib.dll/sp.html#49977
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\xfuib.dll/sp.html#49977
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\xfuib.dll/sp.html#49977
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {544BEE35-FE7B-8CC5-6542-98989C13A182} - C:\WINDOWS\system32\ipzs.dll
O2 - BHO: Class - {DF681A51-5F05-1F39-036E-D1C704F8F568} - C:\WINDOWS\ipla32.dll
O2 - BHO: Class - {FAA44DA8-BC87-EAF8-DE08-0B6C7CABB256} - C:\WINDOWS\sdkuv.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ipdv32.exe] C:\WINDOWS\system32\ipdv32.exe
O4 - HKLM\..\Run: [combo.exe] combo.exe
O4 - HKLM\..\Run: [intell32.exe] C:\WINDOWS\system32\intell32.exe
O4 - HKLM\..\RunOnce: [msac.exe] C:\WINDOWS\msac.exe
O4 - HKLM\..\RunOnce: [apprp.exe] C:\WINDOWS\apprp.exe
O4 - HKLM\..\RunOnce: [sdkej32.exe] C:\WINDOWS\sdkej32.exe
O4 - HKLM\..\RunOnce: [addya32.exe] C:\WINDOWS\addya32.exe
O4 - HKLM\..\RunOnce: [msln32.exe] C:\WINDOWS\system32\msln32.exe
O4 - HKLM\..\RunOnce: [ntwd32.exe] C:\WINDOWS\system32\ntwd32.exe
O4 - HKLM\..\RunOnce: [ipla32.exe] C:\WINDOWS\ipla32.exe
O4 - HKLM\..\RunOnce: [ntki.exe] C:\WINDOWS\ntki.exe
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_38.dll' missing
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...Bridge-c139.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - http://files.member....s/sbc/yinst.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1107630749379
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O23 - Service: Network Security Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\msac.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

Edited by j_r_auden, 24 July 2005 - 12:47 AM.

  • 0

Advertisements

#2
therock247uk
Posted 24 July 2005 - 08:57 AM

therock247uk

    Expert

  • Expert
  • 14,672 posts
  • MVP
Please download ewido security suite it is a trial version of the program.
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • Launch ewido, there should be an icon on your desktop double-click it.
  • The program will now go to the main screen
You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Then click on Start Update
The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Boot into safemode to do this keep tapping F8 on your keyboard while your PC is starting up you will get a menu select safemode.

Open Ewido again
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • While the scan is in progress you will be prompted to clean files, click OK
  • When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop.
Now close ewido security suite.

Reboot and Post the report Ewido made and a new Hijackthis log here in a reply.
  • 0

#3
j_r_auden
Posted 24 July 2005 - 01:14 PM

j_r_auden

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Ok, I did everything u said, here are the results:

And thanks again for the help !!!!!

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 2:05:12 PM, 7/24/2005
+ Report-Checksum: D1E76D6

+ Scan result:

HKLM\SOFTWARE\AKSoft -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AKSoft\X-Tractor -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0661C16F-8ED8-1431-8A0B-2C95C6994589} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{08A3BAAE-CEB8-766F-9585-A831A8E94068} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0AE716A6-1EDA-411D-6031-97E7FA0907DD} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0ECEBD98-802F-9B4D-7308-C983A18EDBEC} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1082088A-E784-5093-F9A0-07E5588FA67C} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1228458E-6B19-48F4-5449-A00AEE93F0FC} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1C1F1B09-C5DE-0C47-B128-B83F5668EB83} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2D99FD34-F395-DFB0-0852-36D4976F6E3D} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{357A87ED-3E5D-437d-B334-DEB7EB4982A3} -> Trojan.Agent.eo : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3A1550DD-FD7B-8D6E-989A-49A66DF1433F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3B9E0A95-3EBA-124F-52D1-033C73734625} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4E11A0FD-72A3-AEF3-D4E4-E168F75A238E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{63DCBFC8-9F1C-3DA5-A957-E5BCF32589B1} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{66EDF9AC-64E1-604D-EADE-7B853B8F23FF} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{676575DD-4D46-911D-8037-9B10D6EE8BB5} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{68005AEB-2632-F033-B29F-EA21C446CA22} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{69A88C5E-04E5-741D-6CA2-9CB5374EB263} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{72071605-48F5-CC68-B374-2CDDF451F27F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{735DDAC7-F8F1-47DD-D87A-6AF0100B6A48} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{786A41BB-009D-DD27-EA3E-15DCD01EC75C} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7A8EC00B-7964-C396-E2F8-621F6C9029FA} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{85F1C7FC-7359-D6D5-C42B-F3E410DB4CAD} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A6BFC374-18DF-B761-3902-53957EFA4847} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{AEF3E64A-B4FC-FC2A-5EF9-4FC735F322D9} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B91259B9-BE3B-D475-8861-62B879410E5E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C151BF9B-FE85-EC38-A53B-AE4D2044C94E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{EDE4719B-AC04-9EE1-7AEA-7712560B2832} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FC92C3DE-F786-C2A4-4565-359ECF140E14} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{05C3780D-3A0C-485A-B3CF-3AF35061C8C1} -> Spyware.HyperBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{4682934D-BFCE-4647-9E61-3D95BD163B6C} -> Spyware.HyperBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{D639D99D-2377-46B5-81A5-BD91B61C61B0} -> Spyware.HyperBar : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{C4AC1481-6C39-433E-BD39-2A05FBF45BA7} -> Spyware.HyperBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Update\{357A87ED-3E5D-437d-B334-DEB7EB4982A3} -> Trojan.Agent.eo : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SE -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SW -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-725345543-436374069-1060284298-1003\Software\Igor V. Gunko -> Spyware.HyperBar : Cleaned with backup
HKU\S-1-5-21-725345543-436374069-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0AE716A6-1EDA-411D-6031-97E7FA0907DD} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-725345543-436374069-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{66EDF9AC-64E1-604D-EADE-7B853B8F23FF} -> Spyware.CoolWebSearch : Cleaned with backup
C:\Documents and Settings\JAuden\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-7b3d82c6-44213523.class -> Trojan.ClassLoader.Dummy.d : Cleaned with backup
C:\Documents and Settings\JAuden\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\VerifierBug.class-407c3e1c-67fc8693.class -> Trojan.Byteverify : Cleaned with backup
C:\Documents and Settings\JAuden\Cookies\[email protected][1].txt -> Spyware.Cookie.Bpath : Cleaned with backup
C:\Documents and Settings\JAuden\Cookies\jauden@ivwbox[2].txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
C:\Documents and Settings\JAuden\Cookies\[email protected][2].txt -> Spyware.Cookie.Wegcash : Cleaned with backup
C:\Documents and Settings\JAuden\Cookies\[email protected][1].txt -> Spyware.Cookie.Epilot : Cleaned with backup
C:\Documents and Settings\JAuden\Local Settings\Temp\trA.exe -> Worm.Bagz.j : Cleaned with backup
C:\Documents and Settings\JAuden\Local Settings\Temporary Internet Files\Content.IE5\SR1BUAF9\outxxx[1].jpg -> TrojanDownloader.Small.azk : Cleaned with backup
C:\Program Files\Media Gateway\MediaGateway.exe -> Spyware.WinAD : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\18DF078E-74F9-446D-9AD6-E22DC8\1EC11D02-F82A-4A0D-8D14-3FE24E -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\addab.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addad32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addcw32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addfs.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addgf.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addis32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addlu32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addns32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addom32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addpo32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addqu.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addra.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addsr32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addtu32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\adduh.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\adduj.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addvh32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addvn.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addwr.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addxm32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addxs32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addya32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apicl.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apicx32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apida32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\apids32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apieb.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apife32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\apiju.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apilm.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apimc.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apiou32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apiur.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apivh.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\apixi.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apixj.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apixq.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apixt32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apiyr32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apizv.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appad32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appcr32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appgv.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appha32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appji32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\appka32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\applk32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appmn.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appob32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appot32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appqo32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apprp.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appty.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\appzh32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlet.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\atlet.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlfk32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlgk32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlhb32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlhs.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atljf32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atljk32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atljt.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlkn32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atllm.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlnk.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlpn.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlpo32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlqc32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlst32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlxj32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\atlxt32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlyw32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\cmhlo.txt:gaexa -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\cmhlo.txt:wjvnu -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\cmhlo.txt:yiwem -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\cmhlo.txt:yltpp -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\Codec Pack - All In 1 Setup Log.txt:actkh -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\Codec Pack - All In 1 Setup Log.txt:dnesc -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\Codec Pack - All In 1 Setup Log.txt:gieom -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\Codec Pack - All In 1 Setup Log.txt:gytft -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\Codec Pack - All In 1 Setup Log.txt:qacfqc -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\Codec Pack - All In 1 Setup Log.txt:qfolm -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\Codec Pack - All In 1 Setup Log.txt:rigsd -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\control.ini:ositp -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\control.ini:pjfoe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\control.ini:ypisy -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\control.ini:zwbke -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\crba.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crbi.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crcp.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crfm32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crhf.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crir32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crlu.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crnh32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\croh32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crwz.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crxq32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\cryy32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\cuqae.txt:dvxru -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\cuqae.txt:ewvrn -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\d3ao.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\d3ao.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3as.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\d3by32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3fg32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3fk32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3fm.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3fr.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3hm32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3ls.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3lz32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3my.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3ni32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3pk32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3ql.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\d3tp32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3us32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3xj32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3xw32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3zw.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\desktop.ini:hkggq -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\desktop.ini:jhetu -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\desktop.ini:oensi -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\desktop.ini:qbalk -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\MediaGatewayX.dll -> Spyware.WinAD : Cleaned with backup
C:\WINDOWS\HRS.INI:arguu -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ieal32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ieds.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ieef.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iefx.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iegg.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ieif32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iejn.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iekc32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ieor32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ieqv.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ierj.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\iern.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\iesk32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iesp32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ieun32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iewd.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iezp.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipar.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipbd.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipdo.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipdu.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipeo.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipfu32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipgw32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipky32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipla32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\ipla32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iplh.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipme32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipst32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipuh32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipuk32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipul32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipvp32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipvq.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipws32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipwy.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipzs32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javadh.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javadm.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javadn.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javaex.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javaib.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javala32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javamn32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\javaol.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javaop32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\javaop32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javapm.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javapr.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javasc.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\javash32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javatv32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javaux32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javaxn.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\jltys.dll -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\kkysm.txt:hcesb -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\kkysm.txt:mmgoz -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\kkysm.txt:vhzwb -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\mfcae.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcap32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfccd32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcds.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfchn.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfckl.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfckp.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcna32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcpg.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\mfcpv.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcqv.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcri32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfctv.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfctw32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcxl32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcxv32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfczc.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ModemLog_Communications cable between two computers.txt:lgizg -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\ModemLog_Communications cable between two computers.txt:qpkpwi -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ModemLog_Communications cable between two computers.txt:wchdd -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ModemLog_Communications cable between two computers.txt:ynwgd -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\msac.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msai32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msbm.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msce32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msdfmap.ini:tnbov -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\msdfmap.ini:yaosw -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\msdq32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\mset32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msfe32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msfj32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msgk32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msgl32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mshh.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msif32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msiu32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msla.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mslk.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msll.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msmw.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msnu32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mstg32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msve.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mswv32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mswz.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\NeroDigital.ini:mkjji -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\NeroDigital.ini:pyktf -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\NeroDigital.ini:rvnmh -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\NeroDigital.ini:xbhgt -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\netbf32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netdl.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netfr32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netiy.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netmn.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netol32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netot32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netqv.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netqw.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netrj32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\nettk.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netvs.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netyd32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netyi32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netyo32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netze32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntai32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntbe.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntdu32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntee32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\nteo.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntgo32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntki.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntmr.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntnl.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntnm.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntor32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntpy.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntra32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntsy.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntte.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntvc32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntvg.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntyg32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\ntzd32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\nuokw.txt:iavkh -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\nuokw.txt:pnepk -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\nuokw.txt:rqzly -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\nuokw.txt:sfqir -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ODBC.INI:aorid -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\ODBC.INI:apkrp -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ODBC.INI:atnfy -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\ODBC.INI:kmwhv -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\ODBC.INI:rxsqs -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ODBC.INI:utwnr -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\ODBC.INI:ygyve -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ODBC.INI:zhmot -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ODBCINST.INI:mutwk -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\OEWABLog.txt:dkzsz -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\OEWABLog.txt:gmfdt -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\OEWABLog.txt:infhz -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\OpPrintServer.INI:cbvuo -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\OpPrintServer.INI:qzvwy -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\OpPrintServer.INI:uxjol -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\PhotoSnapViewer.INI:aybcv -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\PhotoSnapViewer.INI:hrscd -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\PhotoSnapViewer.INI:lnozo -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\PhotoSnapViewer.INI:tczud -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\sbcxx.txt:keedt -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\sbcxx.txt:roiyy -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\SchedLgU.Txt:uctll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\sdkam.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkck32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkej32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkfn.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkgb.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkgr.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkju.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkjx.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\sdklf.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdklf32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdknb32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkri32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkrm32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkun32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkuv.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\sdkuv.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkvk32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkvx.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkwo32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkyf32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkyq32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkzl32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\setuplog.txt:wxhrj -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\svjoq.dll -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\sysav.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sysch32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sysde.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sysdo.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\syseo.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\syseo32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sysev.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sysfm32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sysgv.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\syshi.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sysik32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sysiv.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sysjr.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\syskk.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sysmv.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sysnh.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sysnv.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\syspe32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sysqx.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\syssw.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\systc32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system.ini:mrwais -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system.ini:rstuuy -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system.ini:ufusi -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system.ini:vceek -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32:rjaa.dll -> TrojanDownloader.Small.azk : Cleaned with backup
C:\WINDOWS\system32\1snkv825.exe -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\system32\addaj32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\adddd32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\addep32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\addgk32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\addgv32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\addiz.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\addqa32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\addtz.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\addvv.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\addzo.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apiaf32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apibr.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\apibs.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apijo32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apijy32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apikj.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apily.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apimu32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apinb.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apinw32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apipb32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apiqd32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apiqi32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\apira.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apiru.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apisb32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apisc.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apitf.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apiwg32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apiyl.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apizp.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\appaw32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\appbn32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\appbz.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\appcc32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\appee32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\appez32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\appfr32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\appgx32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apphz.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\appio32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\appjb32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\appjf.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\appjq.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\applu32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\appmd32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\appmf.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\appoa.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\appor32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apppe32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apppw32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\appqo32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\appsp32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apptg32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\appvz.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\appwv.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\appww32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\appyw.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\appzw.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\atlak.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\atlbx32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\atlco.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\atlcr32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\atldt32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\atlji.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\atllb32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\atlod32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\atlpi32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\atlqb32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\atlsh32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\atlvl32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\atlwf32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\atlwh32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\chnkss42.exe -> Adware.Saha : Cleaned with backup
C:\WINDOWS\system32\combo.exe -> Worm.Bagz.j : Cleaned with backup
C:\WINDOWS\system32\crah.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\crbx.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\crcc32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\crdb.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\crdm.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\cref32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\crfs.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\crhl32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\crkm.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\crwj32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\crxs32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\crys32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\d3co32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\d3cp32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\d3gi.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\d3gs32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\d3ic32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\d3kt32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\d3mz32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\d3nb32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\d3qe32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\d3qg.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\d3rm.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\d3rn32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\d3uv32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\d3uz.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\d3wr32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\d3xj32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\d3yr32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\f3ck1q17.dll -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\system32\gvuhx.dll -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\system32\iecj32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\iegj32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\iejq32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ieme32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ienw.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ieoh32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ierd.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ieti32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ievm32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\iewe32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ieyl.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ipbr32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ipdv32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\ipfn32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ipfz.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ipgj32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ipgl32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ipkm32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ipkr32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\iplw32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ipnz32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ippf32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ipru32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ipsk.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\iptq.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\iptr32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ipvm.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ipwi.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ipxe.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ipyw.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ipza32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ipzd32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ipzm32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ipzs.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\javaaf32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\javaap32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\javabw32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\javags32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\javahc32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\javaiu32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\javajm32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\javalg.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\javalg.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\javalt32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\javang32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\javanw32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\javapy.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\javaqr32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\javaso32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\javavj32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\javaww32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\javaxi32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mfcah.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mfcbg.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mfcdl32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mfcet32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mfcgo.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mfcgz.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mfchh32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mfcii.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mfcka.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mfclz32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mfcqc.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mfcqp32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mfcqw32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mfctk32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mfcvn.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mfcwk.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mfczq.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mfczw32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\msau.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mscy.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\msez.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\msgp32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mshr32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\msln32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\msnb32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\msnq32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mssd.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mssj32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mstf32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\msud32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\msvl32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mswd32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mswy32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\msxm32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\msyl32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mszr.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mszw32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\netaj32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\netaj32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\netao32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\netaz32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\netev.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\netfk32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\netga32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\nethc.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\netjc.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\netji.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\netlh32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\netlt32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\netnj32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\netox32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\netpj.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\netrf.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\netxs32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\netzv32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ntcd32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ntct32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ntcv.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ntcx.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ntfj.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ntfy.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ntha.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ntiv.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ntjv.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\ntjv.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ntjy32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ntkg32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ntli.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ntlr32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ntmp32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ntnh.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ntpn.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ntrg32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ntvu32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ntwd32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ntxg.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\pwpha.dll -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\system32\sdkae32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sdkdd.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sdkdi.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sdkdy32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sdkeh.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sdkem.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sdkhj32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sdkir.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sdkjq.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sdkjt.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sdkpp.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sdkro32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sdkru.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sdkrz.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sdksx32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sdktm.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sdkvy32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sdkwz.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sysbq32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\syscr32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sysej.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\sysex32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sysfx32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sysgo32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\syshf32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\syshu.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\syshz32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sysin.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sysit.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sysje.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sysjf32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\syskd.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\syslj32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sysly32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\sysmj.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sysmt.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\sysog.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sysqj32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\syssj.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\syssm.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\systy32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sysvz32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sysza.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\windl32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\winer32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\winey.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\winiu.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\winom.exe -> Trojan.Agent.bi : Cleaned with backup
C:\W
  • 0

#4
therock247uk
Posted 24 July 2005 - 02:39 PM

therock247uk

    Expert

  • Expert
  • 14,672 posts
  • MVP
Post a new Hijackthis log here in a reply.
  • 0

#5
j_r_auden
Posted 24 July 2005 - 03:07 PM

j_r_auden

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Sorry, thought I did.

Logfile of HijackThis v1.99.1
Scan saved at 2:08:57 PM, on 7/24/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Documents and Settings\JAuden\Desktop\James\AntiVirus\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\ovcvn.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\ovcvn.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\ovcvn.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\ovcvn.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\ovcvn.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\ovcvn.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\ovcvn.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {0E517276-A832-EE34-BD3B-46D57F295F61} - C:\WINDOWS\system32\appbz.dll (file missing)
O2 - BHO: Class - {56603766-6551-A44D-F4B2-DA5116B5BE34} - C:\WINDOWS\ntyg32.dll (file missing)
O2 - BHO: Class - {FAA44DA8-BC87-EAF8-DE08-0B6C7CABB256} - C:\WINDOWS\sdkuv.dll (file missing)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ipdv32.exe] C:\WINDOWS\system32\ipdv32.exe
O4 - HKLM\..\Run: [combo.exe] combo.exe
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_38.dll' missing
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...Bridge-c139.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - http://files.member....s/sbc/yinst.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1107630749379
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O23 - Service: Network Security Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\msac.exe (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
  • 0

#6
therock247uk
Posted 24 July 2005 - 03:35 PM

therock247uk

    Expert

  • Expert
  • 14,672 posts
  • MVP
1. Make sure your PC is set to show all hidden files and folders go here for instructions on how to do this. http://www.xtra.co.n...1916458,00.html

2. Boot into safemode to do this keep tapping F8 on your keyboard while your PC is starting up you will get a menu select safemode.

3. While in safemode open Hijackthis and click scan. Then tick and fix the following in Hijackthis with all windows closed except Hijackthis.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\ovcvn.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\ovcvn.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\ovcvn.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\ovcvn.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\ovcvn.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\ovcvn.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\ovcvn.dll/sp.html#37049
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {0E517276-A832-EE34-BD3B-46D57F295F61} - C:\WINDOWS\system32\appbz.dll (file missing)
O2 - BHO: Class - {56603766-6551-A44D-F4B2-DA5116B5BE34} - C:\WINDOWS\ntyg32.dll (file missing)
O2 - BHO: Class - {FAA44DA8-BC87-EAF8-DE08-0B6C7CABB256} - C:\WINDOWS\sdkuv.dll (file missing)
O4 - HKLM\..\Run: [ipdv32.exe] C:\WINDOWS\system32\ipdv32.exe
O4 - HKLM\..\Run: [combo.exe]
O23 - Service: Network Security Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\msac.exe (file missing)
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)

4. Delete the files. (if present)

C:\Windows\combo.exe or C:\Windows\System32\combo.exe

5. Reboot and Download about:buster by RubbeRDuckY Here.

Save the file somewhere you will remember like to the Desktop.

Please run about:buster by RubbeRDuckY:
  • Unzip the contents of AboutBuster.zip and an AboutBuster directory will be created.
  • Navigate to the AboutBuster directory and double-click on AboutBuster.exe.
  • Click "OK" at the prompt with instructions.
  • Click "Update" and then "Check For Update" to begin the update process.
  • If any updates exist please download them by clicking "Download Update" then click the X to close that window.
  • Boot into safemode again
  • Open About:buster again
  • Click Start and then OK to allow AboutBuster to scan for Alternate Data Streams.
  • Click Yes to allow it to shutdown explorer.exe.
  • It will begin to check your computer for malicious files. If it asks if you would like to do a second pass, allow it to do so.
  • When it has finished, click Save Log. Make sure you save it as I may need a copy of it later.
6. Reboot back into normal mode and download http://osc.geekstogo...rviceremove.reg run it it will ask to merge into the registery say yes.

7. Download and run http://cwshredder.ne.../CWShredder.exe click fix.

8. Then post the about:buster log and a new Hijackthis log here in a reply.
  • 0

#7
j_r_auden
Posted 24 July 2005 - 09:08 PM

j_r_auden

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
i will do everything, except i do not have internet access on the infected computer. I have ot use another one to post messages here. The virus seems to have messed up my internet access. Strange because this computer get on the internet using a wireless LAN between this computer and my infected one. thanks and i will post reply soon.
  • 0

#8
j_r_auden
Posted 25 July 2005 - 08:16 PM

j_r_auden

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
OK, I did everything u said except download the updates, i cant do that on the infected computer because i can't get on the interet. Here are the logs:

Scanned at: 9:00:20 PM on: 7/25/2005


-- Scan 1 ---------------------------
About:Buster Version 4.0
Reference List : 19


Removed Data Streams:
C:\WINDOWS\PhotoSnapViewer.INI:qjxkv
C:\WINDOWS\SchedLgU.Txt:fkhls


Removed 4 Random Key Entries
Attempted Clean Of Temp folder.
Removed Uninstall Key (HSA)
Pages Reset... Done!

-- Scan 2 ---------------------------
About:Buster Version 4.0
Reference List : 19


Removed Data Streams:
C:\WINDOWS\PhotoSnapViewer.INI:qjxkv
C:\WINDOWS\SchedLgU.Txt:fkhls


Attempted Clean Of Temp folder.
Pages Reset... Done!






Scanned at: 9:04:06 PM on: 7/25/2005


-- Scan 1 ---------------------------
About:Buster Version 4.0
Reference List : 19

No ADS found on system
Removed 3 Random Key Entries
Attempted Clean Of Temp folder.
Pages Reset... Done!

-- Scan 2 ---------------------------
About:Buster Version 4.0
Reference List : 19

No ADS found on system
Attempted Clean Of Temp folder.
Pages Reset... Done!





Logfile of HijackThis v1.99.1
Scan saved at 8:49:39 PM, on 7/25/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\JAuden\Desktop\James\AntiVirus\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ipdv32.exe] C:\WINDOWS\system32\ipdv32.exe
O4 - HKLM\..\Run: [intell32.exe] C:\WINDOWS\system32\intell32.exe
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_38.dll' missing
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...Bridge-c139.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - http://files.member....s/sbc/yinst.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1107630749379
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O23 - Service: Network Security Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\msac.exe (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe


Thanks again for your time,
James
  • 0

#9
therock247uk
Posted 26 July 2005 - 06:43 AM

therock247uk

    Expert

  • Expert
  • 14,672 posts
  • MVP
1. Make sure your PC is set to show all hidden files and folders go here for instructions on how to do this. http://www.xtra.co.n...1916458,00.html

2. Boot into safemode to do this keep tapping F8 on your keyboard while your PC is starting up you will get a menu select safemode.

3. While in safemode open Hijackthis and click scan. Then tick and fix the following in Hijackthis with all windows closed except Hijackthis.

O4 - HKLM\..\Run: [ipdv32.exe] C:\WINDOWS\system32\ipdv32.exe
O4 - HKLM\..\Run: [intell32.exe] C:\WINDOWS\system32\intell32.exe
O23 - Service: Network Security Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\msac.exe (file missing)

4. Delete the files. (if present)

C:\WINDOWS\system32\ipdv32.exe
C:\WINDOWS\system32\intell32.exe
C:\WINDOWS\msac.exe

5. Reboot and post a new Hijackthis log here in a reply.
  • 0

#10
j_r_auden
Posted 26 July 2005 - 08:07 PM

j_r_auden

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Okay, here is the new HiJackThis log.

And thanks again for your help and your time. I really appreciate it.

Logfile of HijackThis v1.99.1
Scan saved at 8:59:28 PM, on 7/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\JAuden\Desktop\James\AntiVirus\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_38.dll' missing
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...Bridge-c139.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - http://files.member....s/sbc/yinst.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1107630749379
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
  • 0

#11
j_r_auden
Posted 26 July 2005 - 09:38 PM

j_r_auden

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Okay, here is something I noticed. The file C:\Windows\system32\intell32.exe seems to be the source of the virus. I can not delete this file unless I am in safe mode. After I delete the file in safe mode, I can reboot in normal mode and my computer is fine. However, when I try to get on the internet the file will reappear. Also, this causes the 04-HKLM\...\Run [intell32.exe] file to reappear in my HiJackThis log.

I can't seem to get rid of it no matter what I try.
  • 0

#12
therock247uk
Posted 27 July 2005 - 06:44 AM

therock247uk

    Expert

  • Expert
  • 14,672 posts
  • MVP
Download smitRem.zip and save the file to your desktop.
Right click on the file and extract it to it's own folder on the desktop.

Place a shortcut to Panda ActiveScan on your desktop.

If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:
Ad-Aware SE Setup
Don't run it yet!

Next, please reboot your computer in SafeMode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.


Open Ad-aware and do a full scan. Remove all it finds.


Run Ewido:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • NOTE: During some scans with ewido it is finding cases of false positives.
  • You will need to step through the process of cleaning files one-by-one.
  • If ewido detects a file you KNOW to be legitimate, select none as the action.
  • DO NOT select "Perform action on all infections"
  • If you are unsure of any entry found select none for now.
  • When the scan is finished, click the Save report button at the bottom of the screen.
  • Save the report to your desktop
Close Ewido

Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present.

Reboot back into Windows and click the Panda ActiveScan shortcut, then do a full system scan. Make sure the autoclean box is checked!
Save the scan log and post it along with a new HijackThis Log, the contents of the smitfiles.txt log and the Ewido Log by using Add Reply.
Let us know if any problems persist.
  • 0

#13
therock247uk
Posted 18 August 2005 - 06:56 AM

therock247uk

    Expert

  • Expert
  • 14,672 posts
  • MVP
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP