Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Major Hijacking [RESOLVED]

Started by bigshonk , Aug 14 2005 03:33 AM

  • This topic is locked This topic is locked

#1
bigshonk
Posted 14 August 2005 - 03:33 AM

bigshonk

    Member

  • Member
  • PipPip
  • 13 posts
Hi guys,
you are my last chance before i format my drive I cant stand it any more.
I followed all your instructions e.g. downloaded ewido, trojan hunter etc and they found heaps of stuff. After reboot it was all crap again. Every instruction was followed to the letter, so here is my hijack this log.
I pray you can help.







Logfile of HijackThis v1.99.1
Scan saved at 5:23:29 PM, on 8/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\sstray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\OptusNet DSL Internet\DSC.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
C:\Program Files\Alias\Maya6.0\docs\Wrapper.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\Apache Group\Apache2\bin\Apache.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Alias\Maya6.0\docs\jre\bin\java.exe
C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
C:\Program Files\Apache Group\Apache2\bin\Apache.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\MySQL\MySQL Server 4.1\bin\mysqld-nt.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Documents and Settings\david lee\Desktop\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\yqbwv.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\yqbwv.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\yqbwv.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\yqbwv.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\yqbwv.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\yqbwv.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by OptusNet
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {3B79E239-8727-99EF-9B36-C6AA6A147783} - C:\WINDOWS\sdkfo32.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [Desktop Service Centre] C:\Program Files\OptusNet DSL Internet\DSC.exe
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [winyg32.exe] C:\WINDOWS\winyg32.exe
O4 - HKLM\..\Run: [msav.exe] C:\WINDOWS\system32\msav.exe
O4 - HKLM\..\Run: [apiaf.exe] C:\WINDOWS\apiaf.exe
O4 - HKLM\..\Run: [ipvn.exe] C:\WINDOWS\ipvn.exe
O4 - HKLM\..\Run: [appaa.exe] C:\WINDOWS\system32\appaa.exe
O4 - HKLM\..\Run: [atlvk.exe] C:\WINDOWS\system32\atlvk.exe
O4 - HKLM\..\Run: [apivy32.exe] C:\WINDOWS\system32\apivy32.exe
O4 - HKLM\..\Run: [netgq.exe] C:\WINDOWS\system32\netgq.exe
O4 - HKLM\..\Run: [crly.exe] C:\WINDOWS\system32\crly.exe
O4 - HKLM\..\Run: [ntwn.exe] C:\WINDOWS\system32\ntwn.exe
O4 - HKLM\..\Run: [crzf32.exe] C:\WINDOWS\system32\crzf32.exe
O4 - HKLM\..\Run: [mfcbg32.exe] C:\WINDOWS\system32\mfcbg32.exe
O4 - HKLM\..\Run: [sysrk32.exe] C:\WINDOWS\system32\sysrk32.exe
O4 - HKLM\..\Run: [netsv.exe] C:\WINDOWS\system32\netsv.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Internet Download Accelerator] C:\Program Files\IDA\ida.exe -autorun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-24.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1124063305937
O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://dolalol.lando...plugins/ncs.cab
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\addbw32.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Alias Documentation Server (aliasdocserver) - Unknown owner - C:\Program Files\Alias\Maya6.0\docs\Wrapper.exe" -s "C:\Program Files\Alias\Maya6.0\docs/Wrapper.conf (file missing)
O23 - Service: Apache2 - Unknown owner - C:\Program Files\Apache Group\Apache2\bin\Apache.exe" -k runservice (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)
  • 0

Advertisements

#2
tampabelle
Posted 14 August 2005 - 09:58 AM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

This will likely be a few step process in removing the malware that has infected your system. I encourage you to stick with it and follow my directions as closely as possible so as to avoid complicating the problem further.

You have a nasty CoolWebSearch infection. First we will need to download a few tools that will help us in the removal of your problem.

Download about:buster by RubbeRDuckY Here.
Download CWShredder Here.
Download SpSeHjfix Here.
Download and install CleanUp! Here

Save all of these files somewhere you will remember like to the Desktop.

Unzip SpSeHjfix to its own folder (ie c:\SpSeHjfix)

Run the CleanUp! installer. You dont need to do anything with it right now.

Update About:Buster
  • Unzip the contents of AboutBuster.zip and an AboutBuster directory will be created.
  • Navigate to the AboutBuster directory and double-click on AboutBuster.exe.
  • Click "OK" at the prompt with instructions.
  • Click "Update" and then "Check For Update" to begin the update process.
  • If any updates exist please download them by clicking "Download Update" then click the X to close that window.
  • Now close About:Buster
Update CWShredder
  • Open CWShredder and click I AGREE
  • Click Check For Update
  • Close CWShredder
Boot into Safe Mode:
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Please run about:buster by RubbeRDuckY:
  • Click Start and then OK to allow AboutBuster to scan for Alternate Data Streams.
  • Click Yes to allow it to shutdown explorer.exe.
  • It will begin to check your computer for malicious files. If it asks if you would like to do a second pass, allow it to do so.
  • When it has finished, click Save Log. Make sure you save it as I may need a copy of it later.
  • Reboot your computer into safe mode again
Run about:buster again following the same instructions as above, this time without the restart at the end

Now run CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about.

Now run SpSeHjfix. A log will be saved in the same folder that you put the exe into. Please post the results of that log in your next reply.

Now run CleanUp!. Click CleanUp and allow it to delete all the temporary files.Reboot your computer into normal windows.

Please run an on-line virus scan at Kaspersky OnLine Scan or if that doesnt work, you can use TrendMicro or BitDefender. (Please post the results of the scan(s) in your next reply)

After all that, please post back with how things went as well as the logs requested and a new HiJackThis log.
  • 0

#3
bigshonk
Posted 14 August 2005 - 11:11 PM

bigshonk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hi Tampabelle

thanks for taking the time to help. Below is the new hijack log and the results from trend micro scan.

Logfile of HijackThis v1.99.1
Scan saved at 1:10:26 PM, on 8/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\sstray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\OptusNet DSL Internet\DSC.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\Alias\Maya6.0\docs\Wrapper.exe
C:\Program Files\Apache Group\Apache2\bin\Apache.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Alias\Maya6.0\docs\jre\bin\java.exe
C:\Program Files\Apache Group\Apache2\bin\Apache.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\MySQL\MySQL Server 4.1\bin\mysqld-nt.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\MUSICM~1\COMMON\COMPON~1\MMCOMP~1.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\david lee\Desktop\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by OptusNet
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {3B79E239-8727-99EF-9B36-C6AA6A147783} - C:\WINDOWS\sdkfo32.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [Desktop Service Centre] C:\Program Files\OptusNet DSL Internet\DSC.exe
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [winyg32.exe] C:\WINDOWS\winyg32.exe
O4 - HKLM\..\Run: [msav.exe] C:\WINDOWS\system32\msav.exe
O4 - HKLM\..\Run: [apiaf.exe] C:\WINDOWS\apiaf.exe
O4 - HKLM\..\Run: [ipvn.exe] C:\WINDOWS\ipvn.exe
O4 - HKLM\..\Run: [appaa.exe] C:\WINDOWS\system32\appaa.exe
O4 - HKLM\..\Run: [atlvk.exe] C:\WINDOWS\system32\atlvk.exe
O4 - HKLM\..\Run: [apivy32.exe] C:\WINDOWS\system32\apivy32.exe
O4 - HKLM\..\Run: [netgq.exe] C:\WINDOWS\system32\netgq.exe
O4 - HKLM\..\Run: [crly.exe] C:\WINDOWS\system32\crly.exe
O4 - HKLM\..\Run: [ntwn.exe] C:\WINDOWS\system32\ntwn.exe
O4 - HKLM\..\Run: [crzf32.exe] C:\WINDOWS\system32\crzf32.exe
O4 - HKLM\..\Run: [mfcbg32.exe] C:\WINDOWS\system32\mfcbg32.exe
O4 - HKLM\..\Run: [sysrk32.exe] C:\WINDOWS\system32\sysrk32.exe
O4 - HKLM\..\Run: [netsv.exe] C:\WINDOWS\system32\netsv.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Internet Download Accelerator] C:\Program Files\IDA\ida.exe -autorun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-24.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1124063305937
O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://dolalol.lando...plugins/ncs.cab
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\addbw32.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Alias Documentation Server (aliasdocserver) - Unknown owner - C:\Program Files\Alias\Maya6.0\docs\Wrapper.exe" -s "C:\Program Files\Alias\Maya6.0\docs/Wrapper.conf (file missing)
O23 - Service: Apache2 - Unknown owner - C:\Program Files\Apache Group\Apache2\bin\Apache.exe" -k runservice (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)
:tazz:
Trend Micro Scan Results below
;)

Virus Scan 0 virus cleaned, 501 viruses deleted


Results:
We have detected 725 infected file(s) with 726 virus(es) on your computer. Only 500 out of 725 infected files are displayed: - 225 virus(es) passed, 0 virus(es) no action available
- 0 virus(es) cleaned, 0 virus(es) uncleanable
- 501 virus(es) deleted, 0 virus(es) undeletable
- 0 virus(es) not found, 0 virus(es) unaccessible
Detected File Associated Virus Name Action Taken
C:\Documents and Settings\david lee\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-1593be87-4db79f08.zip
- Dummy.class JAVA_BYTEVER.B Deletion successful
C:\Documents and Settings\david lee\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-562e712c-2fc550e9.zip
- Dummy.class JAVA_BYTEVER.B Deletion successful
C:\Documents and Settings\david lee\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-60904488-110477f7.zip
- Dummy.class JAVA_BYTEVER.B Deletion successful
C:\Documents and Settings\david lee\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-576048de-75025dc3.zip
- Dummy.class JAVA_BYTEVER.B Deletion successful
C:\Documents and Settings\david lee\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count3.jar-2a1f473-1487c9c0.zip
- BlackBox.class JAVA_BYTEVER.Q Deletion successful
- Dummy.class JAVA_BYTEVER.Q Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0008663.exe TROJ_ADCLICK.AD Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0008664.dll TROJ_STARTPAG.RE Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0008665.dll TROJ_STARTPAG.RE Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0008666.dll TROJ_STARTPAG.RE Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0008699.exe TROJ_ADCLICK.AD Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0008822.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0008824.exe TROJ_ADCLICK.AD Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0008953.exe TROJ_ADCLICK.AD Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0008955.EXE TROJ_ADCLICK.AD Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0008959.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0008960.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0008961.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0008962.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0008963.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0008964.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0008965.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0008966.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0008967.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0008968.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0008969.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0008970.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0008971.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0008972.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0008973.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0008974.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0008975.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0008976.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0008977.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0008978.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0008979.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0008980.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0008981.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0008982.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0008983.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0008984.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0008985.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0008986.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0008987.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0008988.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0008989.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0008990.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0008991.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0008992.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0008993.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0008994.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0008995.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0008996.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0008997.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0008998.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0008999.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009000.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009001.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009002.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009003.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009004.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009005.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009006.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009007.dll TROJ_ADCLICK.AD Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009008.exe TROJ_ADCLICK.AD Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009009.exe TROJ_ADCLICK.AD Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009010.exe TROJ_ADCLICK.AD Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009011.exe TROJ_ADCLICK.AD Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009012.dll TROJ_ADCLICK.AD Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009013.exe TROJ_ADCLICK.AD Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009014.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009015.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009016.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009017.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009018.EXE TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009019.EXE TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009020.EXE TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009021.EXE TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009022.EXE TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009023.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009024.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009025.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009026.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009027.EXE TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009028.EXE TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009029.EXE TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009030.EXE TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009032.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009033.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009049.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009050.dll TROJ_ADCLICK.AD Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009051.dll TROJ_ADCLICK.AD Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009052.dll TROJ_ADCLICK.AD Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009055.exe TROJ_ADCLICK.AD Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009056.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009057.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009060.dll TROJ_ADCLICK.AD Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009062.dll TROJ_ADCLICK.AD Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009063.dll TROJ_ADCLICK.AD Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009064.dll TROJ_ADCLICK.AD Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009065.dll TROJ_ADCLICK.AD Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009066.dll TROJ_ADCLICK.AD Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009067.dll TROJ_ADCLICK.AD Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009068.dll TROJ_ADCLICK.AD Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009069.dll TROJ_ADCLICK.AD Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009070.dll TROJ_ADCLICK.AD Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009071.dll TROJ_ADCLICK.AD Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009072.dll TROJ_ADCLICK.AD Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009073.dll TROJ_ADCLICK.AD Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009074.dll TROJ_ADCLICK.AD Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009075.dll TROJ_ADCLICK.AD Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009076.dll TROJ_ADCLICK.AD Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009077.dll TROJ_ADCLICK.AD Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009078.dll TROJ_ADCLICK.AD Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009079.dll TROJ_ADCLICK.AD Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009080.dll TROJ_ADCLICK.AD Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009081.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009083.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009085.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009086.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009087.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009088.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009090.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009091.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009093.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009096.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009097.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009100.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009101.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009103.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009106.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009107.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009109.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009110.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009111.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009112.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009113.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009114.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009115.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009116.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009117.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009118.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009119.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009120.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009121.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009122.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009123.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009124.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009125.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009126.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009127.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009128.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009129.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009130.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009131.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009132.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009133.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009134.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009135.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009136.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009137.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009138.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009139.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009140.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009141.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009142.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009143.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009144.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009145.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009146.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009147.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009148.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009149.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009150.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009151.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009152.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009153.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009154.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009155.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009156.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009157.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009158.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009159.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009160.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009161.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009162.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009163.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009164.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009165.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009166.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009167.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009168.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009169.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009170.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009172.exe TROJ_ADCLICK.AD Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009174.exe TROJ_ADCLICK.AD Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009175.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009176.exe TROJ_ADCLICK.AD Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009177.exe TROJ_ADCLICK.AD Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009178.exe TROJ_ADCLICK.AD Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009179.exe TROJ_ADCLICK.AD Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009180.exe TROJ_ADCLICK.AD Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009181.exe TROJ_ADCLICK.AD Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009182.exe TROJ_ADCLICK.AD Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009183.exe TROJ_ADCLICK.AD Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009184.exe TROJ_ADCLICK.AD Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009185.exe TROJ_ADCLICK.AD Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009186.exe TROJ_ADCLICK.AD Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009187.exe TROJ_ADCLICK.AD Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009188.exe TROJ_ADCLICK.AD Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009189.exe TROJ_ADCLICK.AD Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009190.exe TROJ_ADCLICK.AD Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009191.exe TROJ_ADCLICK.AD Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009192.exe TROJ_ADCLICK.AD Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009193.exe TROJ_ADCLICK.AD Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009194.exe TROJ_ADCLICK.AD Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009195.exe TROJ_ADCLICK.AD Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009196.exe TROJ_ADCLICK.AD Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009197.exe TROJ_ADCLICK.AD Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009198.exe TROJ_ADCLICK.AD Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009200.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009202.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009203.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009204.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009205.exe TROJ_AGENT.XH Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009206.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009207.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009208.exe TROJ_AGENT.XH Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009209.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009211.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009212.exe TROJ_AGENT.XH Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009214.exe TROJ_AGENT.XH Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009215.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009217.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009218.exe TROJ_AGENT.XH Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009219.exe TROJ_AGENT.XH Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009220.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009221.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009222.exe TROJ_AGENT.XH Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009223.exe TROJ_AGENT.XH Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009224.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009225.exe TROJ_AGENT.XH Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009227.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009228.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009229.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009230.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009231.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009233.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009236.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009237.exe TROJ_AGENT.XH Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009238.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009240.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009242.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009243.exe TROJ_AGENT.XH Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009244.exe TROJ_AGENT.XH Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009246.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009247.exe TROJ_AGENT.XH Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009248.exe TROJ_AGENT.XH Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009249.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009251.exe TROJ_AGENT.XH Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009252.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009253.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009254.exe TROJ_AGENT.XH Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009255.exe TROJ_AGENT.XH Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009256.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009257.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009258.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009259.exe TROJ_AGENT.XH Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009260.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009261.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009262.exe TROJ_AGENT.XH Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009263.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009264.exe TROJ_AGENT.XH Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009265.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009266.exe TROJ_AGENT.XH Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009267.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009268.exe TROJ_AGENT.XH Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009269.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009270.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009271.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009272.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009274.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009275.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009276.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009277.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009278.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009279.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009280.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009281.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009282.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009283.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009284.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009285.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009286.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009287.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009288.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009289.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009290.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009291.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009292.exe TROJ_AGENT.XG Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009296.exe TROJ_ADCLICK.AD Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009299.exe TROJ_ADCLICK.AD Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009300.exe TROJ_ADCLICK.AD Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009301.exe TROJ_ADCLICK.AD Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009302.exe TROJ_ADCLICK.AD Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009303.exe TROJ_ADCLICK.AD Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009304.exe TROJ_ADCLICK.AD Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009305.exe TROJ_ADCLICK.AD Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009306.exe TROJ_ADCLICK.AD Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009307.exe TROJ_ADCLICK.AD Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009308.exe TROJ_ADCLICK.AD Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009309.exe TROJ_ADCLICK.AD Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009310.exe TROJ_ADCLICK.AD Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009311.exe TROJ_ADCLICK.AD Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009312.exe TROJ_ADCLICK.AD Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009313.exe TROJ_ADCLICK.AD Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009314.exe TROJ_ADCLICK.AD Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009315.exe TROJ_ADCLICK.AD Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009316.exe TROJ_ADCLICK.AD Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009317.exe TROJ_ADCLICK.AD Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009318.exe TROJ_ADCLICK.AD Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP44\A0009321.exe TROJ_ADCLICK.AD Deletion successful
C:\System Volume Information\_restore{77ED0D88-4590-4
  • 0

#4
tampabelle
Posted 15 August 2005 - 07:46 AM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi ,

Please print out these instructions or copy them into a text file on your Desktop for easy access.

During the fix, u will be asked to fix some entries, delete some files or uninstall some programs. If in case, you do not see those entries / files / programs, please make a note of it. Continue with the fix and in your next post please inform me of all deviations from the fix prescribed.

1. Download Programs

Please download these programs and save them in a new folder on your desktop -

CleanUp
Ewido Security Suite

Install Ewido, and update the definitions to the newest files. Do NOT run a scan yet.


2. Remove Infections

Click on Start ---> Run. Type Services.msc and hit enter. Locate the item - Workstation NetLogon Service. Right click on it and then click on properties. In the Startup Type choose the option Disable. Close the window.

Restart the PC in Safe Mode (repeatedly tap the F8 key when the PC is starting up).

Run CleanUp and delete all temp files including temporary internet files

Run Ewido full scan. Let it fix any items it finds.

3. Run Hijack This

Run Hijack This and click on scan. The following items need to be fixed -

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {3B79E239-8727-99EF-9B36-C6AA6A147783} - C:\WINDOWS\sdkfo32.dll (file missing)
O4 - HKLM\..\Run: [winyg32.exe] C:\WINDOWS\winyg32.exe
O4 - HKLM\..\Run: [msav.exe] C:\WINDOWS\system32\msav.exe
O4 - HKLM\..\Run: [apiaf.exe] C:\WINDOWS\apiaf.exe
O4 - HKLM\..\Run: [ipvn.exe] C:\WINDOWS\ipvn.exe
O4 - HKLM\..\Run: [appaa.exe] C:\WINDOWS\system32\appaa.exe
O4 - HKLM\..\Run: [atlvk.exe] C:\WINDOWS\system32\atlvk.exe
O4 - HKLM\..\Run: [apivy32.exe] C:\WINDOWS\system32\apivy32.exe
O4 - HKLM\..\Run: [netgq.exe] C:\WINDOWS\system32\netgq.exe
O4 - HKLM\..\Run: [crly.exe] C:\WINDOWS\system32\crly.exe
O4 - HKLM\..\Run: [ntwn.exe] C:\WINDOWS\system32\ntwn.exe
O4 - HKLM\..\Run: [crzf32.exe] C:\WINDOWS\system32\crzf32.exe
O4 - HKLM\..\Run: [mfcbg32.exe] C:\WINDOWS\system32\mfcbg32.exe
O4 - HKLM\..\Run: [sysrk32.exe] C:\WINDOWS\system32\sysrk32.exe
O4 - HKLM\..\Run: [netsv.exe] C:\WINDOWS\system32\netsv.exe
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)

Close all windows other than Hijack This. Check the boxes next to above items and click on Fix checked.

4. Delete Rogue files

Open Windows Explorer (right click on Start and then click on explore). Locate and delete the following files -

Files
C:\WINDOWS\winyg32.exe
C:\WINDOWS\system32\msav.exe
C:\WINDOWS\apiaf.exe
C:\WINDOWS\ipvn.exe
C:\WINDOWS\system32\appaa.exe
C:\WINDOWS\system32\atlvk.exe
C:\WINDOWS\system32\apivy32.exe
C:\WINDOWS\system32\netgq.exe
C:\WINDOWS\system32\crly.exe
C:\WINDOWS\system32\ntwn.exe
C:\WINDOWS\system32\crzf32.exe
C:\WINDOWS\system32\mfcbg32.exe
C:\WINDOWS\system32\sysrk32.exe
C:\WINDOWS\system32\netsv.exe
C:\WINDOWS\system32\addbw32.exe

Clear out the files in the Prefetch folder. Go to start> run> type into the box Prefetch. It will open the folder Prefetch. Delete all the files in that folder. Dont delete the folder, only the files in it !!!!!!!!


Reboot the PC in Normal Mode.


Run Hijack This and post a fresh HJT log along with Ewido scan report.
  • 0

#5
bigshonk
Posted 16 August 2005 - 12:44 AM

bigshonk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hi Tampabelle

I followed all your instructions. When i went to step 4 to delete the "rogue files" they werent there. Apart from that everything else was completed.
Below is the new hijack this log and an ewido scan results after I had completed all steps.



Logfile of HijackThis v1.99.1
Scan saved at 1:15:53 PM, on 8/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alias\Maya6.0\docs\Wrapper.exe
C:\Program Files\Apache Group\Apache2\bin\Apache.exe
C:\Program Files\Alias\Maya6.0\docs\jre\bin\java.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Apache Group\Apache2\bin\Apache.exe
C:\Program Files\MySQL\MySQL Server 4.1\bin\mysqld-nt.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\sstray.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\OptusNet DSL Internet\DSC.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\david lee\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by OptusNet
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [Desktop Service Centre] C:\Program Files\OptusNet DSL Internet\DSC.exe
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Internet Download Accelerator] C:\Program Files\IDA\ida.exe -autorun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-24.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1124063305937
O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://dolalol.lando...plugins/ncs.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Alias Documentation Server (aliasdocserver) - Unknown owner - C:\Program Files\Alias\Maya6.0\docs\Wrapper.exe" -s "C:\Program Files\Alias\Maya6.0\docs/Wrapper.conf (file missing)
O23 - Service: Apache2 - Unknown owner - C:\Program Files\Apache Group\Apache2\bin\Apache.exe" -k runservice (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)

:tazz:
below are the ewido scan results
:)


---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 2:37:09 PM, 8/16/2005
+ Report-Checksum: 2BC07B36

+ Scan result:

C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP46\A0010494.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP46\A0010495.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP46\A0010496.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP46\A0010497.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP46\A0010498.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP46\A0010499.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP46\A0010500.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP46\A0010501.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP46\A0010502.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP46\A0010503.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP46\A0010504.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP46\A0010505.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP46\A0010506.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP46\A0010507.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP46\A0010508.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{77ED0D88-4590-442D-9990-987A523E690E}\RP46\A0010509.dll -> TrojanDownloader.Agent.bc : Cleaned with backup


::Report End





Thanks
David Lee
  • 0

#6
bigshonk
Posted 16 August 2005 - 12:53 AM

bigshonk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
One other thing tampabelle

Can i re enable the workstation net logon, I am not sure what it is but i cant seem to network with my laptop since i did that.


Dave
  • 0

#7
tampabelle
Posted 16 August 2005 - 08:03 AM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi David,


The entry that we fixed was -

O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\addbw32.exe (file missing)


There are two things I dont like about this entry - the random characters in the brackets and second the file name. The filename is also random and doesnt seem to have anything to do with Windows.

I have looked over the entire log and cant pinpoint any reason as to why your network connectivity is lost. I would however recommend that you reconfigure your network connectivity from scratch and set it up. Please contact the Network administrator for more details.


The entries found in the scan refer to System Restore entries. These entries dont pose any problems right now. We will fix these entries at the very end.



You need to update Java on your PC. Clcik on Start ---> Settings ---> Control Panel. Double click on Java (icon resembling a coffee cup). Clcik on Update tab and then click on Update Now.



Do you have any other issues with your PC????
  • 0

#8
bigshonk
Posted 16 August 2005 - 07:37 PM

bigshonk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hi Tampabelle

Everything seems to be ok now. I have updated java and I have sorted my network problem (cable fell out, how embarrassing). The only very minor problem i have is that i have lost my xp style option. I only have classic style and cant get back to the xp look. It is very minor and I can probably sort it out.

Let me know what I need to do with the system restore settings when you are ready.

Is there a standard donation amount for this sort of service because I am stoked with your help and will definitely contribute to the cause.

Thanks Mate
Dave
  • 0

#9
tampabelle
Posted 17 August 2005 - 06:02 AM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi Dave,


It is a big relief to know that I didnt screw up your PC in anyway. It would have been bad for me especially after logging in so much of experience in this area.

To sort out your themes issue -


download the attached file luna.zip and save it on your desktop.

Unzip it and MOVE the luna.msstyles which is present in that folder you unzipped to next folder: C:\WINDOWS\Resources\Themes\Luna
Don't move it to anywhere else than that folder!

When moved it there, rightclick on your desktop > properties ... and look if Windows XPstyle is now present again. Choose apply and OK.

If not, reboot first, and try again to select Windows XPstyle. Let me know how it goes.

All the work we do here is voluntary work. So we have no expectation of any specific contribution. Any contribution by you would be a testimony of the fact that I and my team here helped you.
  • 0

#10
bigshonk
Posted 19 August 2005 - 12:31 AM

bigshonk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hi Tampabelle

How do I find the attatchment Luna.zip.
Plus how do i fix the system restore thingy.


Thanks
Dave
:tazz:
  • 0

Advertisements

#11
tampabelle
Posted 19 August 2005 - 06:42 AM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi Dave,

I am aware of the system restore issue. In fact I ask the users to clean it up for each of my logs. So I will tell you right at the end.

I had attached luna.zip but then deleted after a couple of days. Anyway I am attaching it again.

download the attached file luna.zip and save it on your desktop.

Unzip it and MOVE the luna.msstyles which is present in that folder you unzipped to next folder: C:\WINDOWS\Resources\Themes\Luna
Don't move it to anywhere else than that folder!

When moved it there, rightclick on your desktop > properties ... and look if Windows XPstyle is now present again. Choose apply and OK.

If not, reboot first, and try again to select Windows XPstyle. Let me know how it goes.

Attached Files

  • Attached File  luna.zip   561.5KB   379 downloads

  • 0

#12
bigshonk
Posted 19 August 2005 - 10:09 AM

bigshonk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hi Tampabelle

That luna file worked perfectly thanks.
Is that it now? Everything seems to be running sweet and I have just purchased norton internet security which apparently prevents spyware and the like.

Dave
  • 0

#13
tampabelle
Posted 19 August 2005 - 10:18 AM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi Dave,

Did you purchase the Norton System Works ???

It is a very system intensive program. There are better (and cheaper) options to it !!!!
  • 0

#14
bigshonk
Posted 19 August 2005 - 08:55 PM

bigshonk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hey Tampabelle

I have ordered it in at my local computer shop but I havent paid for it yet. What do you suggest?

thanks
Dave
  • 0

#15
tampabelle
Posted 20 August 2005 - 07:10 AM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Is everything else fine with your PC ???

I will suggest a whole host of programs which you should have on your PC. These programs are amongst the best, they are good at what they do and also take up limited system resources. Good news is that they are free for personal use.

Please delete the following prgrams -
About:buster
CWShredder
SpSeHjfix


Uninstall Ewido as it is only a trial version program.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP