Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

NaviSearch,CashBack,BullsEyeNetwork,SurfSideKick3 [CLOSED]

Started by ColdFyre , Aug 02 2005 12:19 PM

  • This topic is locked This topic is locked

#1
ColdFyre
Posted 02 August 2005 - 12:19 PM

ColdFyre

    New Member

  • Member
  • Pip
  • 6 posts
:tazz:

As a generally internet and technology savy person, I pride myself on having had no bad system infections in over a year on my computer. My mom on the otherhand "fails at the internet." We had to reformat about 4 days ago due to an infection. After the reformat it took her less than a DAY to get a MASSIVE infection.

I have spent the last 2 days repeatedly removing the spy/malware, running ad-aware, microsoft anti-spyware, search and destroy, and even trying the uninstall files that came with these damned programs. Every time the problem is fixed, I come back a few hours later because my mom is yelling and lo and behold. All the same crap is back, plus a few of their friends. It started out as just navisearch, ad-destroyer and virtual bouncer, but now the list has grown to immense proportions.

Current folders believed to be spyware residing in program files:
NaviSearch, CashBack, BullsEyeNetwork, SurfSideKick3, AdDestroyer, VBouncer, Media Access, Rebate Retriever, eZula, and Web Offer.

Here is my Ad-Aware logfile:

Lavasoft Ad-aware Personal Build 6.181
Logfile created on :Tuesday, August 02, 2005 11:03:37 AM
Created with Ad-aware Personal, free for private use.
Using reference-file :01R347 26.10.2004
______________________________________________________

Reffile status:
=========================
Reference file loaded:
Reference Number : 01R347 26.10.2004
Internal build : 281
File location : C:\Program Files\Lavasoft\Ad-aware 6\reflist.ref
Total size : 1379284 Bytes
Signature data size : 1356739 Bytes
Reference data size : 22481 Bytes
Signatures total : 29961
Target categories : 10
Target families : 587

Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Non Intel
Memory available:43 %
Total physical memory:523764 kb
Available physical memory:222708 kb
Total page file size:1278276 kb
Available on page file:970240 kb
Total virtual memory:2097024 kb
Available virtual memory:2044356 kb
OS:

Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file


8-2-2005 11:03:37 AM - Scan started. (Smart mode)

Listing running processes
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ThreadCreationTime : 8-2-2005 10:07:57 AM
BasePriority : Normal


#:2 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ThreadCreationTime : 8-2-2005 10:08:09 AM
BasePriority : High


#:3 [services.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 8-2-2005 10:08:09 AM
BasePriority : Normal
FileSize : 105 KB
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
OriginalFilename : services.exe
ProductName : Microsoft
Created on : 8/18/2001 12:00:00 PM
Last accessed : 8/2/2005 5:50:04 PM
Last modified : 8/4/2004 7:56:55 AM

#:4 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 8-2-2005 10:08:09 AM
BasePriority : Normal
FileSize : 13 KB
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
OriginalFilename : lsass.exe
ProductName : Microsoft
Created on : 8/18/2001 12:00:00 PM
Last accessed : 8/2/2005 5:50:04 PM
Last modified : 8/4/2004 7:56:50 AM

#:5 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 8-2-2005 10:08:10 AM
BasePriority : Normal
FileSize : 14 KB
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 8/18/2001 12:00:00 PM
Last accessed : 8/2/2005 5:50:03 PM
Last modified : 8/4/2004 7:56:57 AM

#:6 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 8-2-2005 10:08:10 AM
BasePriority : Normal
FileSize : 14 KB
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 8/18/2001 12:00:00 PM
Last accessed : 8/2/2005 5:50:03 PM
Last modified : 8/4/2004 7:56:57 AM

#:7 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 8-2-2005 10:08:11 AM
BasePriority : Normal
FileSize : 56 KB
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
OriginalFilename : spoolsv.exe
ProductName : Microsoft
Created on : 8/18/2001 12:00:00 PM
Last accessed : 8/2/2005 5:50:05 PM
Last modified : 8/4/2004 7:56:57 AM

#:8 [sagent2.exe]
FilePath : C:\Program Files\Common Files\EPSON\EBAPI\
ThreadCreationTime : 8-2-2005 10:08:11 AM
BasePriority : Normal
FileSize : 112 KB
FileVersion : 1, 1, 0, 0
ProductVersion : 1, 0, 0, 0
Copyright : Copyright © SEIKO EPSON CORP. 2000
CompanyName : SEIKO EPSON CORPORATION
FileDescription : EPSON Printer Status Agent
InternalName : SAgent2
OriginalFilename : SAgent2.exe
ProductName : EPSON Bidirectional Printer
Created on : 11/23/2003 2:10:26 AM
Last accessed : 8/2/2005 5:50:04 PM
Last modified : 7/13/2000 9:01:00 AM

#:9 [kodakccs.exe]
FilePath : C:\WINDOWS\system32\drivers\
ThreadCreationTime : 8-2-2005 10:08:11 AM
BasePriority : Normal
FileSize : 288 KB
FileVersion : 1.1.4900.0
ProductVersion : 4.3.1.0
Copyright : Copyright © Eastman Kodak Co. 2000-2003
CompanyName : Eastman Kodak Company
FileDescription : Kodak DC Ring 3 Conduit (Win32)
InternalName : DcFsSvc.exe
OriginalFilename : DcFsSvc.exe
ProductName : Kodak DC File System Driver (Win32)
Created on : 6/18/2003 4:54:10 PM
Last accessed : 8/2/2005 5:50:04 PM
Last modified : 6/18/2003 4:54:10 PM

#:10 [scsiaccess.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 8-2-2005 10:08:42 AM
BasePriority : Normal
FileSize : 177 KB
Created on : 2/4/2003 3:22:30 PM
Last accessed : 8/2/2005 5:50:04 PM
Last modified : 2/4/2003 3:22:30 PM

#:11 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 8-2-2005 10:08:42 AM
BasePriority : Normal
FileSize : 14 KB
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 8/18/2001 12:00:00 PM
Last accessed : 8/2/2005 5:50:03 PM
Last modified : 8/4/2004 7:56:57 AM

#:12 [quznsvc.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 8-2-2005 10:08:42 AM
BasePriority : Normal
FileSize : 59 KB
Created on : 8/1/2005 6:17:30 PM
Last accessed : 8/2/2005 5:50:05 PM
Last modified : 12/12/1989 5:10:10 PM

#:13 [rundll32.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 8-2-2005 10:08:50 AM
BasePriority : Normal
FileSize : 32 KB
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
OriginalFilename : RUNDLL.EXE
ProductName : Microsoft
Created on : 8/18/2001 12:00:00 PM
Last accessed : 8/2/2005 5:54:10 PM
Last modified : 8/4/2004 7:56:55 AM

#:14 [wscntfy.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 8-2-2005 10:08:51 AM
BasePriority : Normal
FileSize : 13 KB
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
CompanyName : Microsoft Corporation
FileDescription : Windows Security Center Notification App
InternalName : wscntfy.exe
OriginalFilename : wscntfy.exe
ProductName : Microsoft
Created on : 8/4/2004 7:56:57 AM
Last accessed : 8/2/2005 6:03:37 PM
Last modified : 8/4/2004 7:56:57 AM

#:15 [explorer.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 8-2-2005 10:08:53 AM
BasePriority : Normal
FileSize : 1008 KB
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Microsoft
Created on : 8/18/2001 12:00:00 PM
Last accessed : 8/2/2005 5:51:17 PM
Last modified : 8/4/2004 7:56:49 AM

#:16 [onetouch.exe]
FilePath : C:\PROGRA~1\Maxtor\OneTouch\Utils\
ThreadCreationTime : 8-2-2005 10:08:58 AM
BasePriority : Normal
FileSize : 44 KB
FileVersion : 2, 0, 0, 0
ProductVersion : 2, 0, 0, 0
Copyright : Copyright © 2003 Maxtor Corp.
CompanyName : Maxtor
FileDescription : Maxtor OneTouch Detection
InternalName : ComboButton
OriginalFilename : OneTouch.EXE
ProductName : Maxtor OneTouch
Created on : 5/21/2003 10:30:52 PM
Last accessed : 8/2/2005 6:03:37 PM
Last modified : 5/21/2003 10:30:52 PM

#:17 [mxoaldr.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 8-2-2005 10:08:58 AM
BasePriority : Normal
FileSize : 116 KB
FileVersion : 6.00.1010.0
ProductVersion : 6.00.1010.0
Copyright : Copyright © 1998-2002 Cypress Semiconductor
CompanyName : Cypress Semiconductor
FileDescription : Maxtor MXO Auto Loader Application
InternalName : MXOALDR.EXE
OriginalFilename : MXOALDR.EXE
ProductName : MXO Storage Adapter
Created on : 4/8/2003 1:09:48 AM
Last accessed : 8/2/2005 6:03:37 PM
Last modified : 4/8/2003 1:09:48 AM

#:18 [jbaqra.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 8-2-2005 10:08:58 AM
BasePriority : Normal
FileSize : 60 KB
Created on : 8/1/2005 3:55:02 AM
Last accessed : 8/2/2005 5:28:49 PM
Last modified : 8/1/2005 3:55:02 AM

#:19 [pokapoka62.exe]
FilePath : C:\WINDOWS\etb\
ThreadCreationTime : 8-2-2005 10:08:59 AM
BasePriority : Normal


#:20 [ufbbdll.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 8-2-2005 10:08:59 AM
BasePriority : Normal
FileSize : 18 KB
FileVersion : 1.00
ProductVersion : 1.00
CompanyName : UpdateMonitor
FileDescription : Update Monitor
InternalName : UpdMon
OriginalFilename : UpdMon.exe
ProductName : Update Monitor
Created on : 8/1/2005 6:17:31 PM
Last accessed : 8/2/2005 6:03:37 PM
Last modified : 12/12/1989 5:10:10 PM

#:21 [ufbbenc.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 8-2-2005 10:08:59 AM
BasePriority : Normal
FileSize : 30 KB
FileVersion : 1.00
ProductVersion : 1.00
CompanyName : System Service
FileDescription : SysMon
InternalName : SysMon
OriginalFilename : SysMon.exe
ProductName : System Monitor Service
Created on : 8/1/2005 6:17:31 PM
Last accessed : 8/2/2005 6:03:37 PM
Last modified : 12/12/1989 5:10:10 PM

#:22 [cicetlib.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 8-2-2005 10:09:00 AM
BasePriority : Normal
FileSize : 244 KB
Created on : 8/1/2005 7:05:58 PM
Last accessed : 8/2/2005 6:03:37 PM
Last modified : 8/1/2005 7:05:50 PM

#:23 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ThreadCreationTime : 8-2-2005 10:09:02 AM
BasePriority : Normal
FileSize : 1628 KB
FileVersion : 4.7.3000
ProductVersion : Version 4.7.3000
Copyright : Copyright © Microsoft Corporation 2004
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
OriginalFilename : msmsgs.exe
ProductName : Messenger
Created on : 7/28/2005 8:25:20 PM
Last accessed : 8/2/2005 5:48:12 PM
Last modified : 8/4/2004 7:56:53 AM

#:24 [gcasdtserv.exe]
FilePath : C:\Program Files\Microsoft AntiSpyware\
ThreadCreationTime : 8-2-2005 10:09:02 AM
BasePriority : Normal
FileSize : 738 KB
FileVersion : 1.00.0615
ProductVersion : 1.00.0615
Copyright : Copyright
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Data Service
InternalName : gcasDtServ
OriginalFilename : gcasDtServ.exe
ProductName : Microsoft AntiSpyware (Beta 1)
Created on : 7/12/2005 10:35:20 PM
Last accessed : 8/2/2005 6:03:38 PM
Last modified : 7/12/2005 10:35:20 PM

#:25 [onlo.exe]
FilePath : C:\Program Files\manw\
ThreadCreationTime : 8-2-2005 10:09:06 AM
BasePriority : Normal
FileSize : 65 KB
Created on : 8/1/2005 5:35:55 AM
Last accessed : 8/2/2005 6:03:38 PM
Last modified : 8/2/2005 10:09:06 AM

#:26 [cergn32.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 8-2-2005 10:09:21 AM
BasePriority : Normal
FileSize : 100 KB
Created on : 8/1/2005 7:05:57 PM
Last accessed : 8/2/2005 6:03:38 PM
Last modified : 8/1/2005 7:05:50 PM

#:27 [mmod.exe]
FilePath : C:\PROGRA~1\ezula\
ThreadCreationTime : 8-2-2005 10:09:23 AM
BasePriority : Normal
FileSize : 188 KB
FileVersion : 3, 0, 70, 11
ProductVersion : 1, 0, 0, 1
Copyright : Copyright 2000
CompanyName : BundlewareWO
FileDescription : mmod Module
InternalName : mmod
OriginalFilename : mmod.EXE
ProductName : mmod Module
Created on : 8/2/2005 9:10:42 AM
Last accessed : 8/2/2005 5:09:01 PM
Last modified : 6/24/2005 9:45:30 PM

#:28 [wo.exe]
FilePath : C:\PROGRA~1\Web Offer\
ThreadCreationTime : 8-2-2005 10:09:25 AM
BasePriority : Normal
FileSize : 136 KB
FileVersion : 3, 0, 80, 0
ProductVersion : 1, 0, 0, 1
Copyright : Copyright 2000
CompanyName : BundlewareWO
FileDescription : wo Module
InternalName : wo
OriginalFilename : wo.EXE
ProductName : wo Module
Created on : 8/2/2005 9:11:04 AM
Last accessed : 8/2/2005 5:47:57 PM
Last modified : 3/25/2005 6:13:34 PM

#:29 [casclient.exe]
FilePath : C:\Program Files\Cas\Client\
ThreadCreationTime : 8-2-2005 10:09:26 AM
BasePriority : Normal
FileSize : 280 KB
Created on : 6/22/2005 7:04:38 PM
Last accessed : 8/2/2005 6:03:38 PM
Last modified : 6/22/2005 7:04:38 PM

#:30 [backweb-7288971.exe]
FilePath : C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\
ThreadCreationTime : 8-2-2005 10:09:30 AM
BasePriority : Normal
FileSize : 16 KB
Created on : 6/9/2003 12:48:18 AM
Last accessed : 8/2/2005 6:03:38 PM
Last modified : 6/9/2003 12:48:18 AM

#:31 [wuauclt.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 8-2-2005 10:09:48 AM
BasePriority : Normal
FileSize : 121 KB
FileVersion : 5.8.0.2469 built by: lab01_n(wmbla)
ProductVersion : 5.8.0.2469
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
OriginalFilename : wuauclt.exe
ProductName : Microsoft
Created on : 7/28/2005 8:24:58 PM
Last accessed : 8/2/2005 6:03:38 PM
Last modified : 5/26/2005 11:16:30 AM

#:32 [nls.exe]
FilePath : C:\Program Files\NaviSearch\bin\
ThreadCreationTime : 8-2-2005 11:29:02 AM
BasePriority : Normal
FileSize : 84 KB
FileVersion : 1, 0, 0, 5
ProductVersion : 1, 0, 0, 5
Copyright : Copyright
CompanyName : eXact Advertising
FileDescription : NLS Module
InternalName : NLS
OriginalFilename : nls.exe
ProductName : NAVISearch Module
Created on : 8/2/2005 11:29:01 AM
Last accessed : 8/2/2005 6:03:38 PM
Last modified : 11/12/2004 9:18:45 PM

#:33 [wintask.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 8-2-2005 11:40:55 AM
BasePriority : Normal
FileSize : 2 KB
Created on : 8/2/2005 11:40:55 AM
Last accessed : 8/2/2005 6:03:38 PM
Last modified : 8/2/2005 11:40:55 AM

#:34 [rundll32.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 8-2-2005 11:58:55 AM
BasePriority : Normal
FileSize : 32 KB
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
OriginalFilename : RUNDLL.EXE
ProductName : Microsoft
Created on : 8/18/2001 12:00:00 PM
Last accessed : 8/2/2005 5:54:10 PM
Last modified : 8/4/2004 7:56:55 AM

#:35 [exp.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 8-2-2005 12:04:59 PM
BasePriority : Normal
FileSize : 2 KB
Created on : 8/2/2005 12:04:59 PM
Last accessed : 8/2/2005 6:03:38 PM
Last modified : 8/2/2005 12:04:59 PM

#:36 [mediaacck.exe]
FilePath : C:\Program Files\Media Access\
ThreadCreationTime : 8-2-2005 12:04:59 PM
BasePriority : Normal
FileSize : 20 KB
Created on : 8/2/2005 12:04:59 PM
Last accessed : 8/2/2005 6:03:38 PM
Last modified : 8/2/2005 12:04:59 PM

#:37 [wmdpst.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 8-2-2005 2:04:00 PM
BasePriority : Normal
FileSize : 64 KB
FileVersion : 1.00.0329
ProductVersion : 1.00.0329
CompanyName : mcsft
InternalName : skytown
OriginalFilename : skytown.exe
Created on : 8/2/2005 2:03:56 PM
Last accessed : 8/2/2005 6:03:38 PM
Last modified : 8/2/2005 2:03:57 PM

#:38 [wmdpst.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 8-2-2005 2:04:00 PM
BasePriority : Normal
FileSize : 64 KB
FileVersion : 1.00.0329
ProductVersion : 1.00.0329
CompanyName : mcsft
InternalName : skytown
OriginalFilename : skytown.exe
Created on : 8/2/2005 2:03:56 PM
Last accessed : 8/2/2005 6:03:38 PM
Last modified : 8/2/2005 2:03:57 PM

#:39 [mediaaccess.exe]
FilePath : C:\Program Files\Media Access\
ThreadCreationTime : 8-2-2005 5:48:24 PM
BasePriority : Normal
FileSize : 47 KB
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
Copyright : Copyright 2005
FileDescription : LoaderX Module
InternalName : LoaderX
OriginalFilename : LoaderX.EXE
ProductName : LoaderX Module
Created on : 8/2/2005 12:04:59 PM
Last accessed : 8/2/2005 5:47:48 PM
Last modified : 8/2/2005 12:04:59 PM

#:40 [firefox.exe]
FilePath : C:\PROGRA~1\MOZILL~1\
ThreadCreationTime : 8-2-2005 5:48:47 PM
BasePriority : Normal
FileSize : 6466 KB
FileVersion : 1.0
ProductVersion : 1.7.5: 2004110711
Copyright : Mozilla
CompanyName : Mozilla
FileDescription : Firefox
InternalName : Firefox
OriginalFilename : firefox.exe
ProductName : Firefox
Created on : 12/20/2004 12:45:34 AM
Last accessed : 8/2/2005 5:57:17 PM
Last modified : 11/7/2004 8:57:00 PM

#:41 [notepad.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 8-2-2005 5:53:04 PM
BasePriority : Normal
FileSize : 67 KB
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
CompanyName : Microsoft Corporation
FileDescription : Notepad
InternalName : Notepad
OriginalFilename : NOTEPAD.EXE
ProductName : Microsoft
Created on : 8/18/2001 12:00:00 PM
Last accessed : 8/2/2005 5:52:04 PM
Last modified : 8/4/2004 7:56:54 AM

#:42 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ThreadCreationTime : 8-2-2005 5:53:55 PM
BasePriority : Normal
FileSize : 91 KB
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
OriginalFilename : IEXPLORE.EXE
ProductName : Microsoft
Created on : 7/28/2005 8:26:45 PM
Last accessed : 8/2/2005 5:48:08 PM
Last modified : 8/4/2004 7:56:50 AM

#:43 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-aware 6\
ThreadCreationTime : 8-2-2005 5:59:10 PM
BasePriority : Normal
FileSize : 668 KB
FileVersion : 6.0.1.181
ProductVersion : 6.0.0.0
Copyright : Copyright
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 5/9/2004 1:35:37 AM
Last accessed : 8/2/2005 5:59:10 PM
Last modified : 7/13/2003 4:00:20 AM

Memory scan result :
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 0


Started registry scan
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

AdDestroyer Object recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\addestroyer


AdDestroyer Object recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\vb and vba program settings\addestroyer


BargainBuddy Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Bargains


BargainBuddy Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy


BargainBuddy Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : cb.urlcatcher.1


BargainBuddy Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : cb.urlcatcher


BargainBuddy Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : nls.urlcatcher.1


BargainBuddy Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : nls.urlcatcher


BargainBuddy Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : adp.urlcatcher.1


BargainBuddy Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : adp.urlcatcher


BookedSpace Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : BookedSpace.Extension


BookedSpace Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : BookedSpace.Extension.5


ClickSpring Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\ClickSpring


EzuLa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{07f0a543-47ba-11d4-8a6d-0050da2ee1be}


EzuLa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{07f0a545-47ba-11d4-8a6d-0050da2ee1be}


EzuLa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{19dfb2cb-9b27-11d4-b192-0050dab79376}


EzuLa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{2079884b-6ef3-11d4-8a74-0050da2ee1be}


EzuLa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{2306abe4-4d42-11d4-8a6d-0050da2ee1be}


EzuLa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{2babd334-5c3f-11d4-b184-0050dab79376}


EzuLa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{3d7247e8-5db8-11d4-8a72-0050da2ee1be}


EzuLa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{55910916-8b4e-4c1e-9253-cce296ea71eb}


EzuLa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{58359010-bf36-11d3-99a2-0050da2ee1be}


EzuLa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{b1dd8a69-1b96-11d4-b175-0050dab79376}


EzuLa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{c03351a4-6755-11d4-8a73-0050da2ee1be}


EzuLa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{c4fee4a7-4b8b-11d4-8a6d-0050da2ee1be}


EzuLa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{d290d6e7-bf9d-42f0-9c1b-3bc8ae769b57}


EzuLa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : ezulaagent.ezulactrlhost


EzuLa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : ezulaagent.ezulactrlhost.1


EzuLa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : ezulaagent.ieobject


EzuLa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : ezulaagent.ieobject.1


EzuLa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : ezulaagent.plugprot


EzuLa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : ezulaagent.plugprot.1


EzuLa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : ezulaagent.toolbarband


EzuLa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : ezulaagent.toolbarband.1


EzuLa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : ezulabootexe.installctrl


EzuLa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : ezulabootexe.installctrl.1


EzuLa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : ezulafsearcheng.ezulacode


EzuLa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : ezulafsearcheng.ezulacode.1


EzuLa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : ezulafsearcheng.ezulahash


EzuLa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : ezulafsearcheng.ezulahash.1


EzuLa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : ezulafsearcheng.ezulasearch


EzuLa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : ezulafsearcheng.ezulasearch.1


EzuLa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : ezulafsearcheng.popupdisplay


EzuLa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : ezulafsearcheng.popupdisplay.1


EzuLa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : ezulafsearcheng.resulthelper


EzuLa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : ezulafsearcheng.resulthelper.1


EzuLa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : ezulafsearcheng.searchhelper


EzuLa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : ezulafsearcheng.searchhelper.1


EzuLa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : ezulamain.ezulasearchpipe


EzuLa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : ezulamain.ezulasearchpipe.1


EzuLa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : ezulamain.trayiconm


EzuLa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : ezulamain.trayiconm.1


EzuLa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Classes\AppID\eZulaBootExe.EXE


EzuLa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Classes\AppID\eZulaMain.EXE


EzuLa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Classes\AppID\{8A044397-5DA2-11D4-B185-0050DAB79376}


EzuLa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Classes\AppID\{C0335198-6755-11D4-8A73-0050DA2EE1BE}


EzuLa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Classes\CLSID\{07F0A543-47BA-11D4-8A6D-0050DA2EE1BE}


EzuLa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Classes\CLSID\{07F0A545-47BA-11D4-8A6D-0050DA2EE1BE}


EzuLa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Classes\CLSID\{19DFB2CB-9B27-11D4-B192-0050DAB79376}


EzuLa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Classes\CLSID\{2079884B-6EF3-11D4-8A74-0050DA2EE1BE}


EzuLa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Classes\CLSID\{2306ABE4-4D42-11D4-8A6D-0050DA2EE1BE}


EzuLa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Classes\CLSID\{2BABD334-5C3F-11D4-B184-0050DAB79376}


EzuLa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Classes\CLSID\{3D7247E8-5DB8-11D4-8A72-0050DA2EE1BE}


EzuLa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Classes\CLSID\{55910916-8B4E-4C1E-9253-CCE296EA71EB}


EzuLa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Classes\CLSID\{58359010-BF36-11d3-99A2-0050DA2EE1BE}


EzuLa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Classes\CLSID\{B1DD8A69-1B96-11D4-B175-0050DAB79376}


EzuLa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Classes\CLSID\{C03351A4-6755-11D4-8A73-0050DA2EE1BE}


EzuLa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Classes\CLSID\{C4FEE4A7-4B8B-11D4-8A6D-0050DA2EE1BE}


EzuLa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Classes\CLSID\{D290D6E7-BF9D-42F0-9C1B-3BC8AE769B57}


EzuLa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Classes\EZulaAgent.eZulaCtrlHost


EzuLa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Classes\EZulaAgent.eZulaCtrlHost.1


EzuLa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Classes\eZulaAgent.IEObject


EzuLa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Classes\eZulaAgent.IEObject.1


EzuLa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Classes\EZulaAgent.PlugProt


EzuLa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Classes\EZulaAgent.PlugProt.1


EzuLa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Classes\eZulaAgent.ToolBarBand


EzuLa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Classes\eZulaAgent.ToolBarBand.1


EzuLa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Classes\EZulaBootExe.InstallCtrl


EzuLa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Classes\EZulaBootExe.InstallCtrl.1


EzuLa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Classes\EZulaFSearchEng.eZulaCode


EzuLa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Classes\EZulaFSearchEng.eZulaCode.1


EzuLa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Classes\EZulaFSearchEng.eZulaHash


EzuLa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Classes\EZulaFSearchEng.eZulaHash.1


EzuLa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Classes\EZulaFSearchEng.eZulaSearch


EzuLa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Classes\EZulaFSearchEng.eZulaSearch.1


EzuLa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Classes\EZulaFSearchEng.PopupDisplay


EzuLa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Classes\EZulaFSearchEng.PopupDisplay.1


EzuLa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Classes\EZulaFSearchEng.ResultHelper


EzuLa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Classes\EZulaFSearchEng.ResultHelper.1


EzuLa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Classes\EZulaFSearchEng.SearchHelper


EzuLa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Classes\EZulaFSearchEng.SearchHelper.1


EzuLa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Classes\EZulaMain.eZulaSearchPipe


EzuLa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Classes\EZulaMain.eZulaSearchPipe.1


EzuLa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Classes\EZulaMain.TrayIConM


EzuLa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Classes\EZulaMain.TrayIConM.1


EzuLa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Classes\Interface\{07F0A542-47BA-11D4-8A6D-0050DA2EE1BE}


EzuLa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Classes\Interface\{07F0A544-47BA-11D4-8A6D-0050DA2EE1BE}


EzuLa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Classes\Interface\{1823BC4B-A253-4767-9CFC-9ACA62A6B136}


EzuLa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Classes\Interface\{19DFB2CA-9B27-11D4-B192-0050DAB79376}


EzuLa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Classes\Interface\{27BC6871-4D5A-11D4-8A6D-0050DA2EE1BE}


EzuLa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Classes\Interface\{3D7247F1-5DB8-11D4-8A72-0050DA2EE1BE}


EzuLa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Classes\Interface\{4FD8645F-9B3E-46C1-9727-9837842A84AB}


EzuLa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Classes\Interface\{58359012-BF36-11D3-99A2-0050DA2EE1BE}


EzuLa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Classes\Interface\{7EDC96E1-5DD3-11D4-B185-0050DAB79376}


EzuLa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Classes\Interface\{8A0443A2-5DA2-11D4-B185-0050DAB79376}


EzuLa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Classes\Interface\{8EBB1743-9A2F-11D4-8A7E-0050DA2EE1BE}


EzuLa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Classes\Interface\{C03351A3-6755-11D4-8A73-0050DA2EE1BE}


EzuLa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Classes\Interface\{C4FEE4A6-4B8B-11D4-8A6D-0050DA2EE1BE}


EzuLa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Classes\Interface\{EF0372DC-F552-11D3-8528-0050DAB79376}


EzuLa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Classes\Interface\{EF0372DE-F552-11D3-8528-0050DAB79376}


EzuLa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Classes\TypeLib\{07F0A536-47BA-11D4-8A6D-0050DA2EE1BE}


EzuLa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Classes\TypeLib\{083FA8F4-84F4-11D4-8A77-0050DA2EE1BE}


EzuLa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Classes\TypeLib\{58359011-BF36-11D3-99A2-0050DA2EE1BE}


EzuLa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Classes\TypeLib\{8A044396-5DA2-11D4-B185-0050DAB79376}


EzuLa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Classes\TypeLib\{C0335197-6755-11D4-8A73-0050DA2EE1BE}


EzuLa Object recognized!
Type : RegKey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : Software\Ezula


EzuLa Object recognized!
Type : RegKey
Data
  • 0

Advertisements

#2
Rawe
Posted 02 August 2005 - 12:51 PM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Hello and welcome, we'll get this sorted for you! ;)

Please print these instructions out, or write them down, as you can't read them during the fix.

Firstly, and nearly most importantly, PLEASE uninstall your current version of Ad-aware Personal. It's WAY TOO old version to be running.

Go to Add/Remove programs, and uninstall Ad-aware. Go to C:\Program Files - directory and delete the Ad-aware folder from there. Empty recycle bin.

Then, follow these download and setup instructions;
Ad-Aware SE Setup

Don't run a scan yet!

Next, make sure that your current version of SpyBot S&D is the latest one. Go to Add/Remove programs list and see your version there. If it is the version 1.3, please do the following;

Before installing Spybot S&D 1.4

1. Undo immunization
2. If SDHelper and TeaTimer are enabled, deactivate them first.
3. If Opera Browser is installed, de-select protection for Opera Immunity
4. Uninstall old version of Spybot S&D
5. Reboot

Download & install the latest version, Click Here.

(Note, don't enable TeaTimer just yet, we have to get you clean first. It might interfere with the fixes.)

If you have MS Anti-spyware's real-time protection on, please disable it for now until you're clean. It might interfere with the fixes also.

When you get newest SpyBot S&D installed, launch it. Go to "Mode" - menu. Choose Advanced Mode.
Go to "Settings" - menu and choose settings from there. Enable this setting; "Display Available Beta- versions".

Check for updates, and download all available updates.
Hit "Immunize", then hit "immunize" again.

Exit SpyBot for now, we'll use it later..

Download
CleanUp

Run the CleanUp! installer and get the program ready to be used but don't run it yet.

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/

Please read Ewido Setup Instructions
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

(If you have Ewido already installed, PLEASE make sure it's the latest version (3.5) and in that case you have the latest, update it.)

Ok, this should be enough for now.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

Once in Safe Mode, launch Ad-aware SE.
Make sure this setting is applied;

Click on Tweak => Cleaning engine => UNcheck "Always try to unload modules before deletion".

Ok, click "Scan Now". Choose to "Perform A Full System Scan".
Deselect "Search for negligible risk entries" - but make sure to use "Search for low-risk threats" - setting.

Run the scan. Remove ANYTHING it finds.

Next, please launch SpyBot S&D. Do the following;

Click "Settings". Go to "Ignore Products". Right-click somewhere on the screen and hit "Deselect all".
Now go back to the main screen of SpyBot, and start a scan. Check any objects in RED color for removal. Then hit "Fix Problems".
Ok, well if it wants you to reboot your PC, don't do it just quite yet. Now, go to the menu named "Recovery". Delete anything from there. Exit SpyBot.

Launch Ewido. Run a Full Scan, and let it clean anything it finds.
When the scan is finished, click the Save report button at the bottom of the screen.
Save the report to your desktop.
Close Ewido.

Launch CleanUp! and run it. Let it run completely and reboot when prompted.
Boot up into normal mode..

Get HiJackThis installer here.

Click "Unzip", then "Close".

Go to C:\Program Files\HijackThis.

Launch HiJackThis and run a scan with it. DO NOT FIX ANYTHING!
Once the scan has finished, click "Save Log". A notepad file will open with a log.. Copy & paste all of it's content here along with the Ewido log.

Also run this online scan and post the results of it too;

Panda Activescan

We'll go from there.

- Rawe :tazz:
  • 0

#3
Rawe
Posted 03 August 2005 - 05:35 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Can you also tell me do you have a firewall or anti-virus software? Their critical to have.
  • 0

#4
Metallica
Posted 18 August 2005 - 05:34 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#5
ColdFyre
Posted 23 August 2005 - 12:07 AM

ColdFyre

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Here's the Hijack this log. Thanks

Logfile of HijackThis v1.99.1
Scan saved at 2:07:50 PM, on 8/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RGFk\command.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\??crosoft.NET\ping.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\manw\onlo.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
O2 - BHO: SDWin32 Class - {DC7E876E-F933-410F-9141-2B67EE26E5EE} - C:\WINDOWS\system32\fwucp.dll
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\jbaqra.exe reg_run
O4 - HKLM\..\Run: [System service62] C:\WINDOWS\etb\pokapoka62.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [ufbbdll] C:\WINDOWS\ufbbdll.EXE
O4 - HKLM\..\Run: [ufbbenc] C:\WINDOWS\ufbbenc.EXE
O4 - HKLM\..\Run: [ttupt] C:\WINDOWS\ttupt.exe
O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\system32\exp.exe
O4 - HKLM\..\Run: [bhrqenc] C:\WINDOWS\bhrqenc.exe
O4 - HKLM\..\Run: [ewvjenc] C:\WINDOWS\ewvjenc.exe
O4 - HKLM\..\Run: [fnstdll] C:\WINDOWS\fnstdll.exe
O4 - HKLM\..\Run: [iqmyenc] C:\WINDOWS\iqmyenc.exe
O4 - HKLM\..\Run: [fgdzdll] C:\WINDOWS\fgdzdll.exe
O4 - HKLM\..\Run: [fgdzenc] C:\WINDOWS\fgdzenc.exe
O4 - HKLM\..\Run: [lkdxdll] C:\WINDOWS\lkdxdll.exe
O4 - HKLM\..\Run: [lkdxenc] C:\WINDOWS\lkdxenc.exe
O4 - HKLM\..\Run: [jiefdll] C:\WINDOWS\jiefdll.exe
O4 - HKLM\..\Run: [jiefenc] C:\WINDOWS\jiefenc.exe
O4 - HKLM\..\Run: [gwrddll] C:\WINDOWS\gwrddll.exe
O4 - HKLM\..\Run: [gwrdenc] C:\WINDOWS\gwrdenc.exe
O4 - HKLM\..\Run: [sxhxdll] C:\WINDOWS\sxhxdll.exe
O4 - HKLM\..\Run: [sxhxenc] C:\WINDOWS\sxhxenc.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [wmdpst] C:\WINDOWS\system32\wmdpst.exe
O4 - HKCU\..\Run: [Teo] C:\WINDOWS\system32\??crosoft.NET\ping.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O20 - Winlogon Notify: RunOnce - C:\WINDOWS\system32\EDSL2327.DLL
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\RGFk\command.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Windows VisFx Components - Unknown owner - C:\WINDOWS\quznsvc.exe (file missing)
  • 0

#6
Rawe
Posted 23 August 2005 - 12:09 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Panda & Ewido log please.. :tazz:
  • 0

#7
ColdFyre
Posted 23 August 2005 - 12:15 AM

ColdFyre

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
For some reason I am unable to run the panda scan. sorry.

Ewidio Log:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 4:51:02 PM, 8/2/2005
+ Report-Checksum: E19F2B38

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{B5AB638F-D76C-415B-A8F2-F3CEAC502212} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} -> Spyware.AproposMedia : Cleaned with backup
HKU\S-1-5-21-854245398-813497703-1343024091-1005\Software\intexp -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-854245398-813497703-1343024091-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9} -> Spyware.BookedSpace : Cleaned with backup
HKU\S-1-5-21-854245398-813497703-1343024091-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{016235BE-59D4-4CEB-ADD5-E2378282A1D9} -> Spyware.AproposMedia : Cleaned with backup
HKU\S-1-5-21-854245398-813497703-1343024091-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3643ABC2-21BF-46B9-B230-F247DB0C6FD6} -> Spyware.E2Give : Cleaned with backup
HKU\S-1-5-21-854245398-813497703-1343024091-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} -> Spyware.BargainBuddy : Cleaned with backup
HKU\S-1-5-21-854245398-813497703-1343024091-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CE188402-6EE7-4022-8868-AB25173A3E14} -> Spyware.BargainBuddy : Cleaned with backup
HKU\S-1-5-21-854245398-813497703-1343024091-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\cfgmgr52.dll -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\clientax.dll -> Spyware.180Solutions : Cleaned with backup
C:\WINDOWS\ru.exe -> Spyware.PurityScan : Cleaned with backup
C:\WINDOWS\system\grami.exe -> TrojanDownloader.Small.ayh : Cleaned with backup
C:\WINDOWS\system32\AUNPS2.dll -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system32\bmrxncm.exe -> TrojanDownloader.Qoologic.n : Cleaned with backup
C:\WINDOWS\system32\jbaqra.exe -> TrojanDownloader.Qoologic.n : Cleaned with backup
C:\WINDOWS\Temp\180SAAX.cab/clientax.dll -> Spyware.180Solutions : Cleaned with backup
C:\WINDOWS\Temp\180sainstallersca.exe/clientax.dll -> Spyware.180Solutions : Cleaned with backup
C:\WINDOWS\Temp\b.com -> TrojanDropper.Agent.pb : Cleaned with backup
C:\WINDOWS\Temp\clientax.dll -> Spyware.180Solutions : Cleaned with backup
C:\WINDOWS\Temp\Cookies\[email protected][2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\WINDOWS\Temp\MediaAccessInstPack.exe -> Spyware.WinAD : Cleaned with backup
C:\WINDOWS\Temp\pcs_0026.exe -> Spyware.Pacer : Cleaned with backup
C:\WINDOWS\Temp\ptf_0026.exe -> Spyware.Pacer : Cleaned with backup
C:\WINDOWS\ufbbenc.exe -> TrojanDownloader.VB.hj : Cleaned with backup


::Report End

Edited by ColdFyre, 23 August 2005 - 12:19 AM.

  • 0

#8
Rawe
Posted 23 August 2005 - 12:23 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Ok, doesn't matter.
  • Right-click on the Microsoft Anti-Spyware tray icon by your clock (looks like a target).
  • Click on "Security Agents Status".
  • Click on "Disable real-time protection".
Next, open Microsoft Anti-Spyware.
  • Click on the Options menu, then Settings.
  • Select "Real Time Protection" from the left column.
  • Uncheck "Enable (MSAS) Security Agents" and "Enable real-time spyware threat protection".
  • Click the Save button.
Finally, Right-click on the MSAS tray icon, select "Shutdown Microsoft Antispyware", and click "Yes" in the dialog that comes up.

We'll re-enable it once your system is clean.

Please go to the TrendMicro website HERE
  • Click Check my PC now
  • On the next page it will verify that Trendmicro scan can be run.
  • There should be 4 green checkmarks, if any of them stay a red X please let me know which one(s)
  • Read the agreement, the click continue with Next Step
  • Wait for the scanner to load, if you get a security warning about the Trend-Micro applet, click YES
  • It will install "Core-Packages", then please run the scan - let me know how many infected items it found and if any of them couldn't be cleaned and the name/location
:tazz:
  • 0

#9
ColdFyre
Posted 23 August 2005 - 01:38 PM

ColdFyre

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
It found 17 infected files and could not clean any of them. the infections are as follows:

Troj_clicker.ad infected 1
Troj_dloader.ot infected 1
Troj_adwaheck.a infected 1
Troj_small.aqc infected 1
Troj_vlince.a infected 13
  • 0

#10
Rawe
Posted 23 August 2005 - 10:55 PM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Please do an online scan with Kaspersky WebScanner

Next Click on Launch Kaspersky Anti-Virus Web Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Standard
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This program will start to scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#11
ColdFyre
Posted 25 August 2005 - 07:53 PM

ColdFyre

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Wednesday, August 24, 2005 20:24:12
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 25/08/2005
Kaspersky Anti-Virus database records: 136861
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 264928
Number of viruses found: 40
Number of infected objects: 140
Number of suspicious objects: 0
Duration of the scan process: 9918 sec

Infected Object Name - Virus Name
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\01234567\AppWrap[1].exe Infected: Trojan-Dropper.Win32.Agent.pb
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\YZ4PEPGP\AppWrap[1].exe Infected: Trojan-Dropper.Win32.Agent.pb
C:\Documents and Settings\Dad.HOME\Local Settings\Temporary Internet Files\Content.IE5\0JKLMN6P\AppWrap[1].exe Infected: Trojan-Dropper.Win32.Agent.pb
C:\Documents and Settings\Dad.HOME\Local Settings\Temporary Internet Files\Content.IE5\0JKLMN6P\AppWrap[2].exe Infected: Trojan-Dropper.Win32.Agent.pb
C:\Documents and Settings\Dad.HOME\Local Settings\Temporary Internet Files\Content.IE5\0JKLMN6P\AppWrap[3].exe Infected: Trojan-Dropper.Win32.Agent.pb
C:\Documents and Settings\Dad.HOME\Local Settings\Temporary Internet Files\Content.IE5\U09AOLSU\AppWrap[1].exe Infected: Trojan-Downloader.Win32.Small.ru
C:\Documents and Settings\Dad.HOME\Local Settings\Temporary Internet Files\Content.IE5\U09AOLSU\AppWrap[2].exe Infected: Trojan-Dropper.Win32.Agent.pb
C:\Documents and Settings\Dad.HOME\Local Settings\Temporary Internet Files\Content.IE5\UQ6948Q3\AppWrap[1].exe Infected: Trojan-Dropper.Win32.Agent.pb
C:\Documents and Settings\Dad.HOME\Local Settings\Temporary Internet Files\Content.IE5\UQ6948Q3\AppWrap[2].exe Infected: Trojan-Dropper.Win32.Agent.pb
C:\Documents and Settings\Dad.HOME\Local Settings\Temporary Internet Files\Content.IE5\UQ6948Q3\AppWrap[3].exe Infected: Trojan-Dropper.Win32.Agent.pb
C:\Documents and Settings\Mom.HOME\xKJSNSWPPGD.exe Infected: Trojan-Downloader.Win32.Agent.am
C:\Program Files\Microsoft AntiSpyware\Quarantine\4E0092B7-FC53-47AD-B002-015397\5A33F0FB-9F1B-4D66-9818-8EECA3 Infected: Trojan-Clicker.Win32.Small.ez
C:\RECYCLER\NPROTECT\95391098.exe Infected: Trojan-Downloader.Win32.Agent.am
C:\RECYCLER\NPROTECT\95391099.EXE Infected: Trojan-Downloader.Win32.Agent.am
C:\RECYCLER\NPROTECT\95391100.EXE Infected: Trojan-Downloader.Win32.Agent.am
C:\System Volume Information\_restore{9074B350-38B1-4BCE-8861-3C3A3BB3E1B7}\RP601\A0072554.exe Infected: Trojan-Downloader.Win32.Agent.jc
C:\System Volume Information\_restore{9074B350-38B1-4BCE-8861-3C3A3BB3E1B7}\RP601\A0072555.exe Infected: Trojan-Downloader.Win32.Agent.jc
C:\System Volume Information\_restore{9074B350-38B1-4BCE-8861-3C3A3BB3E1B7}\RP614\A0072773.exe Infected: Trojan-Downloader.Win32.Agent.am
C:\System Volume Information\_restore{9074B350-38B1-4BCE-8861-3C3A3BB3E1B7}\RP614\A0072774.EXE Infected: Trojan-Downloader.Win32.Agent.am
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP22\A0001809.exe Infected: Trojan-Downloader.Win32.Qoologic.v
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP22\A0001821.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP22\A0001834.exe Infected: Trojan-Downloader.Win32.QDown.z
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP22\A0001837.exe Infected: Trojan-Downloader.Win32.QDown.z
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP22\A0001844.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP22\A0001853.exe Infected: Trojan-Dropper.Win32.Agent.hl
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP22\A0001857.exe Infected: Trojan-Dropper.Win32.Agent.hl
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP22\A0001858.cpl Infected: Trojan-Downloader.Win32.Qoologic.p
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP22\A0001866.exe Infected: Trojan-Downloader.Win32.Apropo.ae
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP22\A0001867.exe Infected: Trojan-Downloader.Win32.Agent.qg
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP22\A0001868.exe Infected: Trojan-Downloader.Win32.Agent.qg
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP22\A0001880.exe/data0002 Infected: Trojan.Win32.Registrator.b
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP22\A0001880.exe/data0003 Infected: Trojan-Downloader.Win32.Small.ayh
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP22\A0001880.exe Infected: Trojan-Downloader.Win32.Small.ayh
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP22\A0001901.cpl Infected: Trojan-Downloader.Win32.Qoologic.p
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP22\A0001903.exe Infected: Trojan-Downloader.Win32.Qoologic.v
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP22\A0001905.exe Infected: Trojan-Downloader.Win32.QDown.z
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP22\A0001914.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP22\A0001923.exe/WISE0007.BIN Infected: Trojan-Downloader.Win32.TSUpdate.j
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP22\A0001923.exe Infected: Trojan-Downloader.Win32.TSUpdate.j
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP22\A0001927.exe Infected: Trojan-Downloader.Win32.TSUpdate.l
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP22\A0001928.exe Infected: Trojan-Downloader.Win32.TSUpdate.j
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP22\A0001929.exe Infected: Trojan-Downloader.Win32.TSUpdate.k
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP22\A0001939.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP22\A0001981.exe Infected: Trojan-Downloader.Win32.Small.bem
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP24\A0002041.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP24\A0002042.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP24\A0002061.exe Infected: Trojan-Dropper.Win32.Agent.hl
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP24\A0002066.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP24\A0002076.exe Infected: Trojan-Downloader.Win32.PurityScan.y
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP24\A0002104.exe Infected: Trojan-Downloader.Win32.Intexp.d
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP24\A0002110.dll Infected: Trojan.Win32.Agent.db
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP25\A0002120.exe Infected: Trojan-Downloader.Win32.Apropo.ae
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP25\A0002125.exe Infected: Trojan-Downloader.Win32.Small.abd
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP25\A0002126.exe Infected: Trojan-Downloader.Win32.Small.abd
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP25\A0002133.dll Infected: Trojan-Clicker.Win32.Small.ez
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP25\A0002134.exe Infected: Trojan-Downloader.Win32.TSUpdate.k
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP25\A0002135.exe Infected: Trojan-Dropper.Win32.Agent.hl
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP25\A0002149.exe Infected: Trojan-Downloader.Win32.Apropo.ag
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP25\A0002153.dll Infected: Trojan-Downloader.Win32.Apropo.ag
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP25\A0002157.exe Infected: Trojan-Downloader.Win32.Agent.qg
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP25\A0002160.exe Infected: Trojan-Downloader.Win32.Agent.qg
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP25\A0002164.exe/data0002 Infected: Trojan.Win32.Registrator.b
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP25\A0002164.exe/data0003 Infected: Trojan-Downloader.Win32.Small.ayh
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP25\A0002164.exe Infected: Trojan-Downloader.Win32.Small.ayh
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP25\A0002167.exe Infected: Trojan-Dropper.Win32.Agent.lu
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP25\A0002168.exe Infected: Trojan-Dropper.Win32.Agent.hl
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP25\A0002177.dll Infected: Trojan-Downloader.Win32.Qoologic.p
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP25\A0002193.dll Infected: Trojan-Downloader.Win32.Qoologic.n
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP25\A0002197.exe Infected: Trojan-Clicker.Win32.Agent.ei
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP25\A0002214.exe Infected: Trojan-Downloader.Win32.Adload.a
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP25\A0002215.exe Infected: Trojan-Dropper.Win32.Agent.hl
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP25\A0002217.exe Infected: Trojan-Dropper.Win32.Agent.lu
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP25\A0002218.exe Infected: Trojan-Downloader.Win32.Apropo.ae
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP25\A0002236.exe Infected: Trojan-Downloader.Win32.PurityScan.y
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP25\A0002295.exe Infected: Trojan-Downloader.Win32.PurityScan.y
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP36\A0002911.exe Infected: Trojan-Downloader.Win32.PurityScan.y
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP36\A0002971.exe Infected: Trojan-Downloader.Win32.OneClickNetSearch.k
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP36\A0002988.exe Infected: Trojan-Downloader.Win32.Small.abd
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP36\A0002989.exe Infected: Trojan-Downloader.Win32.Small.abd
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP36\A0003005.dll Infected: Trojan-Clicker.Win32.Small.ez
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP36\A0003010.exe Infected: Trojan-Downloader.Win32.Apropo.ag
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP36\A0003014.dll Infected: Trojan-Downloader.Win32.Apropo.ag
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP36\A0003034.exe Infected: Trojan-Downloader.Win32.PurityScan.y
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP38\A0006099.exe Infected: Trojan-Downloader.Win32.PurityScan.y
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP38\A0006125.exe Infected: Trojan-Dropper.Win32.Small.qn
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP38\A0006126.exe Infected: Trojan-Downloader.Win32.Adload.a
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP38\A0006128.exe Infected: Trojan-Dropper.Win32.Agent.hl
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP38\A0006138.exe Infected: Trojan-Downloader.Win32.PurityScan.y
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP39\A0006159.exe Infected: Trojan-Downloader.Win32.Small.aal
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP39\A0006161.exe Infected: Trojan-Downloader.Win32.Agent.qg
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP39\A0006174.exe Infected: Trojan-Downloader.Win32.PurityScan.y
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP39\A0006180.exe Infected: Trojan-Downloader.Win32.Agent.qg
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP39\A0006182.exe Infected: Trojan-Spy.Win32.VB.eh
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP39\A0007161.exe Infected: Trojan-Downloader.Win32.Adload.a
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP39\A0007163.exe Infected: Trojan-Dropper.Win32.Small.qn
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP39\A0007164.exe Infected: Trojan-Dropper.Win32.Agent.hl
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP39\A0007166.exe Infected: Trojan-Downloader.Win32.Apropo.ae
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP39\A0007167.exe Infected: Trojan-Dropper.Win32.Agent.lu
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP39\A0007169.exe Infected: Trojan-Downloader.Win32.Agent.qg
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP39\A0007170.exe Infected: Trojan-Downloader.Win32.Small.aal
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP39\A0007172.exe Infected: Trojan-Downloader.Win32.Agent.ro
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP39\A0007177.exe Infected: Trojan-Downloader.Win32.Apropo.g
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP39\A0007195.exe Infected: Trojan-Downloader.Win32.OneClickNetSearch.k
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP39\A0007251.exe Infected: Trojan-Downloader.Win32.Small.abd
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP39\A0007252.exe Infected: Trojan-Downloader.Win32.Small.abd
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP39\A0007259.cpl Infected: Trojan-Downloader.Win32.Qoologic.p
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP39\A0007260.dll Infected: Trojan-Downloader.Win32.Qoologic.p
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP39\A0007340.exe Infected: Trojan-Downloader.Win32.TSUpdate.l
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP39\A0007342.exe Infected: Trojan-Downloader.Win32.TSUpdate.j
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP39\A0007359.exe Infected: Trojan-Downloader.Win32.Small.ayh
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP39\A0007360.dll Infected: Trojan-Clicker.Win32.Small.ez
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP39\A0007361.exe Infected: Trojan-Downloader.Win32.Qoologic.n
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP39\A0007362.exe Infected: Trojan-Downloader.Win32.Qoologic.n
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP39\A0007363.exe Infected: Trojan-Downloader.Win32.VB.hj
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP39\A0010882.dll Infected: Trojan-Downloader.Win32.IstBar.dh
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP39\A0011039.exe Infected: Trojan-Downloader.Win32.Qoologic.n
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP40\A0011167.exe Infected: Trojan-Downloader.Win32.VB.hj
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP40\A0011169.exe Infected: Trojan-Downloader.Win32.Agent.ro
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP41\A0011207.exe Infected: Trojan-Dropper.Win32.Agent.mu
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP41\A0011208.exe Infected: Trojan-Spy.Win32.VB.eh
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP42\A0011218.exe Infected: Trojan-Downloader.Win32.Apropo.ag
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP42\A0011219.dll Infected: Trojan-Downloader.Win32.Apropo.ag
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP42\A0011232.dll Infected: Trojan-Downloader.Win32.Qoologic.n
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP42\A0011233.exe Infected: Trojan-Downloader.Win32.Agent.ro
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP42\A0011237.exe Infected: Trojan-Downloader.Win32.Agent.qg
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP43\A0011269.exe Infected: Trojan-Downloader.Win32.PurityScan.y
C:\System Volume Information\_restore{B8A42B96-F5ED-471C-9569-CC0A6E13A902}\RP49\A0011299.exe Infected: Trojan-Dropper.Win32.Agent.lu
C:\WINDOWS\system32\97_Ventura4_4_0_3_7.exe/WISE0007.BIN Infected: Trojan-Downloader.Win32.TSUpdate.j
C:\WINDOWS\system32\97_Ventura4_4_0_3_7.exe Infected: Trojan-Downloader.Win32.TSUpdate.j
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6Z6N4LMJ\!update-2234[1].0000 Infected: Trojan-Clicker.Win32.Agent.ei
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6Z6N4LMJ\!update-2254[1].0000 Infected: Trojan-Downloader.Win32.PurityScan.y
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\8DEVGDMF\!update-2204[1].0000 Infected: Trojan-Downloader.Win32.PurityScan.y
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\CHMZ01UR\!update-2274[1].0000 Infected: Trojan-Downloader.Win32.PurityScan.y
C:\WINDOWS\system32\d140113.a.Stub.exe Infected: Trojan-Downloader.Win32.Delmed.a
C:\WINDOWS\system32\lanbruns.exe/data0001 Infected: Trojan-Downloader.NSIS.Agent.i
C:\WINDOWS\system32\lanbruns.exe Infected: Trojan-Downloader.NSIS.Agent.i
C:\WINDOWS\system32\shopinst.exe Infected: Trojan-Downloader.Win32.Small.apm
C:\WINDOWS\system32\SSK39.exe Infected: Trojan-Dropper.Win32.Small.qn
C:\WINDOWS\Temp\b.com Infected: Trojan-Dropper.Win32.Agent.pb
C:\WINDOWS\visfxun.exe Infected: Trojan-Downloader.Win32.VB.kd

Scan process completed.
  • 0

#12
Rawe
Posted 26 August 2005 - 07:52 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Hello!

Disable System Restore;

1. Click Start > Programs > Accessories > Windows Explorer
2. Right-click My Computer, and then click Properties.
3. Click the System Restore tab.
4. Check the "Turn off System Restore"
5. Click Apply. An message shows up.
6. Click "Yes" to do this.
7. Confirm with "Ok".

Run CleanUp! and now reboot.

After the reboot.. Enable System Restore;

1. Click Start.
2. Right-click My Computer, and then click Properties.
3. Click the System Restore tab.
4. Uncheck the "Turn off System Restore" check box.
5. Click Apply, and then click "OK".

Then follow these steps:

1) Please download the Killbox.
Unzip it to the desktop but do NOT run it yet.

2) Then please reboot into Safe Mode by restarting your computer and pressing F8 as your computer is booting up. Then select the Safe Mode option.

3) Once in Safe Mode, please run Killbox.

4) Select "Delete on Reboot".

5) Open the text file with these instructions in it, and copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\Documents and Settings\Mom.HOME\xKJSNSWPPGD.exe
C:\RECYCLER\NPROTECT\95391098.exe
C:\RECYCLER\NPROTECT\95391099.EXE
C:\RECYCLER\NPROTECT\95391100.EXE
C:\WINDOWS\system32\97_Ventura4_4_0_3_7.exe/WISE0007.BIN
C:\WINDOWS\system32\97_Ventura4_4_0_3_7.exe
C:\WINDOWS\system32\d140113.a.Stub.exe
C:\WINDOWS\system32\lanbruns.exe/data0001
C:\WINDOWS\system32\lanbruns.exe
C:\WINDOWS\system32\shopinst.exe
C:\WINDOWS\system32\SSK39.exe
C:\WINDOWS\visfxun.exe

6) Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

7) Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here to download and run missingfilesetup.exe. Then try TheKillbox again..

Let the system reboot.

Post a fresh HiJackThis log.

- Rawe :tazz:

Edited by Rawe, 26 August 2005 - 07:53 AM.

  • 0

#13
ColdFyre
Posted 27 August 2005 - 02:26 AM

ColdFyre

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Logfile of HijackThis v1.99.1
Scan saved at 1:24:47 AM, on 8/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\??crosoft.NET\ping.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\manw\onlo.exe
C:\WINDOWS\system32\wuauclt.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
O2 - BHO: SDWin32 Class - {DC7E876E-F933-410F-9141-2B67EE26E5EE} - C:\WINDOWS\system32\fwucp.dll
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\jbaqra.exe reg_run
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [ufbbdll] C:\WINDOWS\ufbbdll.EXE
O4 - HKLM\..\Run: [ufbbenc] C:\WINDOWS\ufbbenc.EXE
O4 - HKLM\..\Run: [ttupt] C:\WINDOWS\ttupt.exe
O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\system32\exp.exe
O4 - HKLM\..\Run: [bhrqenc] C:\WINDOWS\bhrqenc.exe
O4 - HKLM\..\Run: [ewvjenc] C:\WINDOWS\ewvjenc.exe
O4 - HKLM\..\Run: [fnstdll] C:\WINDOWS\fnstdll.exe
O4 - HKLM\..\Run: [iqmyenc] C:\WINDOWS\iqmyenc.exe
O4 - HKLM\..\Run: [fgdzdll] C:\WINDOWS\fgdzdll.exe
O4 - HKLM\..\Run: [fgdzenc] C:\WINDOWS\fgdzenc.exe
O4 - HKLM\..\Run: [lkdxdll] C:\WINDOWS\lkdxdll.exe
O4 - HKLM\..\Run: [lkdxenc] C:\WINDOWS\lkdxenc.exe
O4 - HKLM\..\Run: [jiefdll] C:\WINDOWS\jiefdll.exe
O4 - HKLM\..\Run: [jiefenc] C:\WINDOWS\jiefenc.exe
O4 - HKLM\..\Run: [gwrddll] C:\WINDOWS\gwrddll.exe
O4 - HKLM\..\Run: [gwrdenc] C:\WINDOWS\gwrdenc.exe
O4 - HKLM\..\Run: [sxhxdll] C:\WINDOWS\sxhxdll.exe
O4 - HKLM\..\Run: [sxhxenc] C:\WINDOWS\sxhxenc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [wmdpst] C:\WINDOWS\system32\wmdpst.exe
O4 - HKCU\..\Run: [Teo] C:\WINDOWS\system32\??crosoft.NET\ping.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O20 - Winlogon Notify: Uninstall - C:\WINDOWS\system32\EDSL2327.DLL
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\RGFk\command.exe (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Windows VisFx Components - Unknown owner - C:\WINDOWS\quznsvc.exe (file missing)
  • 0

#14
Rawe
Posted 27 August 2005 - 02:35 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Hello!

Click Start => Run => and type in;

services.msc

Click "OK".

In the services window find service; Windows VisFx Components

Right-click and choose "Properties". On the "General" tab under "Service Status" click the "Stop" button to stop the service. Beside "Startup Type" in the dropdown menu select "Disabled". Click Apply then "Ok". Exit the Services utility.
  • Open HiJackThis
  • Click on the configure button on the bottom right
  • Click on the tab "Misc Tools"
  • Click on "delete an NT service"
  • Copy and paste this in: Windows VisFx Components
  • Click "ok", then reboot
Delete this file and empty recycle bin:

C:\WINDOWS\quznsvc.exe

Next,

Please download the l2mfix from one of the locations below;

http://www.atribune....oads/l2mfix.exe

http://www.downloads....org/l2mfix.exe

Save the file to your desktop and double-click l2mfix.exe

Click the Install - button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop.

Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log.

Copy the contents of that log and paste it into your next reply.

IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until I ask you to!

Note; if you recieve any error messages for CMD or Autoexec.bat>> select option 5 from the l2mfix and once at the site, click on the link that apply to your operating system!

Double-click the file it downloads and extract the files to its predetermined System32 folder!

Also post a fresh HijackThis log (Don't attach) along with L2Mfix log.

- Rawe :tazz:
  • 0

#15
Rawe
Posted 13 September 2005 - 09:45 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP