[jerryrm]

This is my hijack log:

Logfile of HijackThis v1.99.1
Scan saved at 12:01:46 PM, on 8/18/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\SpamBlockerUtility\Bin\4.6.1.0\SbOEAddOn.exe
C:\PROGRA~1\SPAMBL~1\Bin\461~1.0\SBInst.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\PicoZip\PicoZipTray.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinZip\WINZIP32.EXE
C:\Documents and Settings\Aaron Johnson\Local Settings\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R3 - URLSearchHook: (no name) - {BB936323-19FA-4521-BA29-ECA6A121BC78} - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7A1693A1-AFAF-4F1E-9B05-EEC38A85FBF3} - C:\WINDOWS\system32\rm6r9.dll (file missing)
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\downlo~1\CnsHook.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: (no name) - {BB936323-19FA-4521-BA29-ECA6A121BC78} - (no file)
O3 - Toolbar: (no name) - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [helper.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKLM\..\Run: [Dueh5mc] C:\WINDOWS\mcffvq.exe
O4 - HKLM\..\Run: [yxutqbsl] C:\WINDOWS\yxutqbsl.exe
O4 - HKLM\..\Run: [assistse] "C:\PROGRA~1\3721\assistse.exe"
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\downlo~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [Dueh$vùõš/‚²�ÆßfÏNC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mcffvq.exe
O4 - HKLM\..\Run: [Batqvf] C:\Program Files\Pvldszg\Vivhg.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\SpamBlockerUtility\Bin\4.6.1.0\SbWeatherOnTray.exe
O4 - HKLM\..\Run: [SpamBlocker] C:\Program Files\SpamBlockerUtility\Bin\4.6.1.0\SbOEAddOn.exe
O4 - HKLM\..\Run: [Spam Blocker for Outlook Express] C:\PROGRA~1\SPAMBL~1\Bin\461~1.0\SBInst.exe
O4 - HKLM\..\RunOnce: [CnsMinEx.dll] regsvr32.exe /s
O4 - HKLM\..\RunOnce: [cnshint.dll] regsvr32 /s C:\WINDOWS\downlo~1\cnshint.dll
O4 - HKLM\..\RunOnce: [CnsHook.dll] regsvr32 /s C:\WINDOWS\downlo~1\CnsHook.dll
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PicoZip] C:\PROGRA~1\PicoZip\PicoZipTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Quick Search (Yisou.com) - res://C:\WINDOWS\downlo~1\CnsMinEx.dll/1003
O9 - Extra button: Short Message - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm (file missing)
O9 - Extra button: Yahoo 1G mail - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.mail.yahoo.com/promo/rd1 (file missing)
O9 - Extra button: E bazar - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://hot.3721.com/rd/shop_btn.htm (file missing)
O9 - Extra button: 3721 Assistant - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://assistant.372...ndex.htm?fb=Cns (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Instant Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.c...nger.yahoo.com/ (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.372...ity1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: Repair Browser - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.372...ity1.htm?fb=Cns (file missing)
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.372...ean1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: Clean Internet access record - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.372...ean1.htm?fb=Cns (file missing)
O11 - Options group: [!CNS] Chinese keywords
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} (SbInstObj) - http://installs.spam...ckerutility.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe

[Advertisements]

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.

Notes
I see you already have ewido!! Excellent, Please make sure your Ewido definitions are upto date and we will use it in safe mode


Downloads
Download the Istbar Removal tool DO NOT RUN IT YET

Boot Into Safe Mode
Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work.


View Hidden Files and Folders
Go to My Computer >Tools >Folder Options >View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing / visible. Uncheck the Hide protected operating system files option.


Run the Symantec Istbar Removal Tool and follow the prompts for removal.


Start HijackThis Fix
Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any)

R3 - URLSearchHook: (no name) - {BB936323-19FA-4521-BA29-ECA6A121BC78} - (no file)
O2 - BHO: (no name) - {7A1693A1-AFAF-4F1E-9B05-EEC38A85FBF3} - C:\WINDOWS\system32\rm6r9.dll (file missing)
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\downlo~1\CnsHook.dll
O3 - Toolbar: (no name) - {BB936323-19FA-4521-BA29-ECA6A121BC78} - (no file)
O3 - Toolbar: (no name) - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - (no file)
O4 - HKLM\..\Run: [helper.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKLM\..\Run: [Dueh5mc] C:\WINDOWS\mcffvq.exe
O4 - HKLM\..\Run: [yxutqbsl] C:\WINDOWS\yxutqbsl.exe
O4 - HKLM\..\Run: [assistse] "C:\PROGRA~1\3721\assistse.exe"
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\downlo~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [Dueh$vùõš/‚²�ÆßfÏNC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mcffvq.exe
O4 - HKLM\..\Run: [Batqvf] C:\Program Files\Pvldszg\Vivhg.exe
O4 - HKLM\..\RunOnce: [CnsMinEx.dll] regsvr32.exe /s
O4 - HKLM\..\RunOnce: [cnshint.dll] regsvr32 /s C:\WINDOWS\downlo~1\cnshint.dll
O4 - HKLM\..\RunOnce: [CnsHook.dll] regsvr32 /s C:\WINDOWS\downlo~1\CnsHook.dll
O8 - Extra context menu item: Quick Search (Yisou.com) - res://C:\WINDOWS\downlo~1\CnsMinEx.dll/1003
O9 - Extra button: Short Message - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm (file missing)
O9 - Extra button: E bazar - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://hot.3721.com/rd/shop_btn.htm (file missing)
O9 - Extra button: 3721 Assistant - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://assistant.372...ndex.htm?fb=Cns (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.372...ity1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: Repair Browser - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.372...ity1.htm?fb=Cns (file missing)
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.372...ean1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: Clean Internet access record - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.372...ean1.htm?fb=Cns (file missing)
O11 - Options group: [!CNS] Chinese keywords

Please remember to close all other windows, including browsers then click Fix checked.


Run Ewido

• Click on scanner
• Click on Complete System Scan and the scan will begin.
• You will be prompted to clean the first infection.
• Select "Perform action on all infections", then proceed.
• Once the scan has completed, there will be a button located on the bottom of the screen named Save report
• Click Save report.
• Save the report .txt file to your desktop or a location where you can find it easily.

Close ewido security suite.


File/Folder Deletions
Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist.
for files like C:\WINDOWS\downlo~1 look for the first folder with "downlo" as its first six letters

C:\WINDOWS\system32\rm6r9.dll
C:\WINDOWS\downlo~1\CnsHook.dll
C:\Program Files\3721\
C:\WINDOWS\mcffvq.exe
C:\WINDOWS\yxutqbsl.exe
C:\WINDOWS\downlo~1\CnsMin.dll
C:\WINDOWS\mcffvq.exe
C:\Program Files\ISTsvc\
C:\Program Files\Pvldszg\
C:\WINDOWS\downlo~1\cnshint.dll
C:\WINDOWS\downlo~1\CnsMinEx.dll


Reboot your system in Normal Mode.


Please post a fresh HijackThis log and the Ewido logso that we can check if your system is clean.

Edited by skate_punk_21, 22 August 2005 - 09:11 PM.

[skate_punk_21]

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.

Notes
I see you already have ewido!! Excellent, Please make sure your Ewido definitions are upto date and we will use it in safe mode


Downloads
Download the Istbar Removal tool DO NOT RUN IT YET

Boot Into Safe Mode
Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work.


View Hidden Files and Folders
Go to My Computer >Tools >Folder Options >View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing / visible. Uncheck the Hide protected operating system files option.


Run the Symantec Istbar Removal Tool and follow the prompts for removal.


Start HijackThis Fix
Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any)

R3 - URLSearchHook: (no name) - {BB936323-19FA-4521-BA29-ECA6A121BC78} - (no file)
O2 - BHO: (no name) - {7A1693A1-AFAF-4F1E-9B05-EEC38A85FBF3} - C:\WINDOWS\system32\rm6r9.dll (file missing)
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\downlo~1\CnsHook.dll
O3 - Toolbar: (no name) - {BB936323-19FA-4521-BA29-ECA6A121BC78} - (no file)
O3 - Toolbar: (no name) - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - (no file)
O4 - HKLM\..\Run: [helper.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKLM\..\Run: [Dueh5mc] C:\WINDOWS\mcffvq.exe
O4 - HKLM\..\Run: [yxutqbsl] C:\WINDOWS\yxutqbsl.exe
O4 - HKLM\..\Run: [assistse] "C:\PROGRA~1\3721\assistse.exe"
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\downlo~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [Dueh$vùõš/‚²�ÆßfÏNC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\mcffvq.exe
O4 - HKLM\..\Run: [Batqvf] C:\Program Files\Pvldszg\Vivhg.exe
O4 - HKLM\..\RunOnce: [CnsMinEx.dll] regsvr32.exe /s
O4 - HKLM\..\RunOnce: [cnshint.dll] regsvr32 /s C:\WINDOWS\downlo~1\cnshint.dll
O4 - HKLM\..\RunOnce: [CnsHook.dll] regsvr32 /s C:\WINDOWS\downlo~1\CnsHook.dll
O8 - Extra context menu item: Quick Search (Yisou.com) - res://C:\WINDOWS\downlo~1\CnsMinEx.dll/1003
O9 - Extra button: Short Message - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm (file missing)
O9 - Extra button: E bazar - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://hot.3721.com/rd/shop_btn.htm (file missing)
O9 - Extra button: 3721 Assistant - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://assistant.372...ndex.htm?fb=Cns (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.372...ity1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: Repair Browser - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.372...ity1.htm?fb=Cns (file missing)
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.372...ean1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: Clean Internet access record - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.372...ean1.htm?fb=Cns (file missing)
O11 - Options group: [!CNS] Chinese keywords

Please remember to close all other windows, including browsers then click Fix checked.


Run Ewido

• Click on scanner
• Click on Complete System Scan and the scan will begin.
• You will be prompted to clean the first infection.
• Select "Perform action on all infections", then proceed.
• Once the scan has completed, there will be a button located on the bottom of the screen named Save report
• Click Save report.
• Save the report .txt file to your desktop or a location where you can find it easily.

Close ewido security suite.


File/Folder Deletions
Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist.
for files like C:\WINDOWS\downlo~1 look for the first folder with "downlo" as its first six letters

C:\WINDOWS\system32\rm6r9.dll
C:\WINDOWS\downlo~1\CnsHook.dll
C:\Program Files\3721\
C:\WINDOWS\mcffvq.exe
C:\WINDOWS\yxutqbsl.exe
C:\WINDOWS\downlo~1\CnsMin.dll
C:\WINDOWS\mcffvq.exe
C:\Program Files\ISTsvc\
C:\Program Files\Pvldszg\
C:\WINDOWS\downlo~1\cnshint.dll
C:\WINDOWS\downlo~1\CnsMinEx.dll


Reboot your system in Normal Mode.


Please post a fresh HijackThis log and the Ewido logso that we can check if your system is clean.

Edited by skate_punk_21, 22 August 2005 - 09:11 PM.

[jerryrm]

You guys are awesome

Hijack log:
Logfile of HijackThis v1.99.1
Scan saved at 11:48:02 AM, on 8/23/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\SpamBlockerUtility\Bin\4.6.1.0\SbOEAddOn.exe
C:\PROGRA~1\SPAMBL~1\Bin\461~1.0\SBInst.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Aaron Johnson\Desktop\Tifany\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\downlo~1\cnshook.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\downlo~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\SpamBlockerUtility\Bin\4.6.1.0\SbWeatherOnTray.exe
O4 - HKLM\..\Run: [SpamBlocker] C:\Program Files\SpamBlockerUtility\Bin\4.6.1.0\SbOEAddOn.exe
O4 - HKLM\..\Run: [Spam Blocker for Outlook Express] C:\PROGRA~1\SPAMBL~1\Bin\461~1.0\SBInst.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PicoZip] C:\Program Files\PicoZip\PicoZipTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Quick Search (Yisou.com) - res://C:\WINDOWS\downlo~1\CnsMinEx.dll/1003
O9 - Extra button: Short Message - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm (file missing)
O9 - Extra button: Yahoo 1G mail - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.mail.yahoo.com/promo/rd1 (file missing)
O9 - Extra button: E bazar - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://hot.3721.com/rd/shop_btn.htm (file missing)
O9 - Extra button: 3721 Assistant - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://assistant.372...ndex.htm?fb=Cns (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Instant Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.c...nger.yahoo.com/ (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.372...ity1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: Repair Browser - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.372...ity1.htm?fb=Cns (file missing)
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.372...ean1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: Clean Internet access record - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.372...ean1.htm?fb=Cns (file missing)
O11 - Options group: [!CNS] Chinese keywords
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} (SbInstObj) - http://installs.spam...ckerutility.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe

Ewido:

ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 11:45:41 AM, 8/23/2005
+ Report-Checksum: 257DFE73

+ Scan result:

HKLM\SOFTWARE\3721 -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\3721\Assist -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\3721\Assist\Modules -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\3721\AutoLive -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\3721\AutoLive\scrblock -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\3721\CnsMin -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\3721\CnsMin\CnsMinEx -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\3721\CnsMin\Variant -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\3721\CnsMinCg -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\AutoLive.Live -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\AutoLive.Live\CLSID -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\AutoLive.Live\CurVer -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7CA83CF1-3AEA-42D0-A4E3-1594FC6E48B2} -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{ABEC6103-F6AC-43A3-834F-FB03FBA339A2} -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B83FC273-3522-4CC6-92EC-75CC86678DA4} -> Spyware.CnsMin : Error during cleaning
HKLM\SOFTWARE\Classes\CLSID\{D157330A-9EF3-49F8-9A67-4141AC41ADD4} -> Spyware.CnsMin : Error during cleaning
HKLM\SOFTWARE\Classes\CnsHelper.CH -> Spyware.CnsMin : Error during cleaning
HKLM\SOFTWARE\Classes\CnsHelper.CH\CLSID -> Spyware.CnsMin : Error during cleaning
HKLM\SOFTWARE\Classes\CnsHelper.CH\CurVer -> Spyware.CnsMin : Error during cleaning
HKLM\SOFTWARE\Classes\CnsMinHK.CnsHook -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\CnsMinHK.CnsHook\CLSID -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\CnsMinHK.CnsHook\CurVer -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{1BB0ABBE-2D95-4847-B9D8-6F90DE3714C1} -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{BE08F6BC-C3E6-4149-BEB1-CB449E1B372E} -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{4158DB95-DE71-41FF-BEA1-2C3D1C679DF1} -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{A5ADEAE7-A8B4-4F94-9128-BF8D8DB5E927} -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\!CNS -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\!CNS\AutoUpdate -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\!CNS\Enable -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\!CNS\Hint -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\!CNS\Menu -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\!CNS\ResetCatch -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D157330A-9EF3-49F8-9A67-4141AC41ADD4} -> Spyware.CnsMin : Error during cleaning
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CnsMin -> Spyware.CnsMin : Cleaned with backup
HKU\S-1-5-21-1547161642-1383384898-839522115-1003\Software\3721 -> Spyware.CnsMin : Cleaned with backup
HKU\S-1-5-21-1547161642-1383384898-839522115-1003\Software\3721\CnsMin -> Spyware.CnsMin : Cleaned with backup
HKU\S-1-5-21-1547161642-1383384898-839522115-1003\Software\3721\CnsMin\Variant -> Spyware.CnsMin : Cleaned with backup
HKU\S-1-5-21-1547161642-1383384898-839522115-1003\Software\3721\CnsUrl -> Spyware.CnsMin : Cleaned with backup
HKU\S-1-5-21-1547161642-1383384898-839522115-1003\Software\3721\InputCns -> Spyware.CnsMin : Cleaned with backup
C:\Documents and Settings\Aaron Johnson\Cookies\aaron johnson@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Aaron Johnson\Cookies\aaron [email protected][2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Aaron Johnson\Cookies\aaron [email protected][1].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Aaron Johnson\Cookies\aaron [email protected][2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Aaron Johnson\Cookies\aaron johnson@bluestreak[1].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Aaron Johnson\Cookies\aaron [email protected][1].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Aaron Johnson\Cookies\aaron johnson@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Aaron Johnson\Cookies\aaron johnson@statcounter[1].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Aaron Johnson\Cookies\aaron johnson@trafficmp[2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP124\A0005560.exe -> Trojan.Kolweb.b : Cleaned with backup
C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005703.sys -> Trojan.Kolweb.b : Cleaned with backup
C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0006248.exe -> Trojan.Delf.cf : Cleaned with backup
C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0006443.exe -> Trojan.Kolweb.b : Cleaned with backup
C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0006761.sys -> Trojan.Kolweb.b : Cleaned with backup
C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP137\A0006974.exe -> Trojan.Kolweb.b : Cleaned with backup
C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP158\A0007227.dll -> TrojanDownloader.Dyfuca.dt : Cleaned with backup
C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP158\A0007229.exe -> TrojanDownloader.Dyfuca.ei : Cleaned with backup
C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP158\A0007240.exe -> TrojanDownloader.Dyfuca.dp : Cleaned with backup
C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP158\A0007241.exe -> TrojanDownloader.Dyfuca.ei : Cleaned with backup
C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP158\A0007242.exe -> Trojan.Small.cy : Cleaned with backup
C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP158\A0007251.exe -> TrojanDownloader.Dyfuca.dp : Cleaned with backup
C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP158\A0007280.dll -> Spyware.CnsMin : Cleaned with backup
C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP158\A0007281.dll -> Spyware.CnsMin : Cleaned with backup
C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP158\A0007284.dll -> Spyware.CnsMin : Cleaned with backup
C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP158\A0007316.dll -> Spyware.Shopper : Cleaned with backup
C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP163\A0007479.exe -> Trojan.Small.cy : Cleaned with backup
C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP163\A0007480.exe -> Spyware.HotBar : Cleaned with backup
C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP163\A0007482.exe -> TrojanDownloader.IstBar : Cleaned with backup
C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP163\A0007484.dll -> Spyware.HotBar : Cleaned with backup
C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP163\A0007485.exe -> Spyware.HotBar : Cleaned with backup
C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP163\A0007486.exe -> Trojan.Delf.cf : Cleaned with backup
C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP163\A0007487.dll -> Trojan.Kolweb.b : Cleaned with backup
C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP163\A0007488.exe -> Trojan.Delf.cf : Cleaned with backup
C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP163\A0007489.sys -> Trojan.Kolweb.b : Cleaned with backup
C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP163\A0007490.exe -> Trojan.Kolweb.b : Cleaned with backup
C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP163\A0007491.exe -> Spyware.HotBar : Cleaned with backup
C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP163\A0007492.sys -> Trojan.Kolweb.b : Cleaned with backup
C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP163\A0007498.dll -> Spyware.HotBar : Cleaned with backup
C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP95\A0002174.sys -> Trojan.Delf.cf : Cleaned with backup
C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP95\A0002175.exe -> Trojan.Delf.cf : Cleaned with backup
C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP95\A0002176.exe -> Trojan.Delf.cf : Cleaned with backup
C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP95\A0002177.sys -> Trojan.Delf.cf : Cleaned with backup
C:\WINDOWS\system32\AdCache -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_0_445800.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_0_446000.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_516700.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_518300.htm -> Adware.Cydoor : Cleaned with backup
-> : Error during cleaning
C:\WINDOWS\system32\AdCache\B_434_0_1_529900.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_529900.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_531300.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_531300.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_535300.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_535300.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_560400.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_560400.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_562000.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_562000.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_566800.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_566800.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_567900.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_567900.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_579800.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_579800.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_586000.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_586000.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_588400.htm -> Adware.Cydoor : Cleaned with backup
-> : Error during cleaning
C:\WINDOWS\system32\AdCache\B_434_0_1_590300.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_590300.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_593100.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_593900.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_593900.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_598200.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_598200.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_598700.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_598700.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_598800.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_598800.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_600800.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_600800.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_611600.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_611600.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_622100.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_623600.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_623600.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_625500.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_625500.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_625700.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_625700.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_628800.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_628800.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_631500.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_631500.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_632000.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_632000.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_632500.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_632500.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_632700.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_632700.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_635500.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_635500.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_656300.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_656300.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_656500.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_656500.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_658500.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_659200.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_659200.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_659300.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_659300.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_677200.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_737400.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_737400.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_759800.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_1_759800.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_1_0_448500.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_1_0_448600.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_1_0_453800.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_2_0_447600.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_2_0_447700.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_2_0_453200.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_2_0_526700.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_2_0_573300.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_2_0_814200.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_2_0_815600.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_2_0_815900.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_2_1_515500.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_2_1_549800.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_2_1_550600.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_2_1_558300.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_2_1_573300.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_2_1_579200.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_2_1_581800.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_2_1_588200.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_2_1_591500.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_2_1_591500.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_2_1_593000.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_2_1_593000.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_2_1_601500.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_2_1_601500.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_2_1_608300.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_2_1_608300.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_2_1_616100.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_2_1_616500.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_2_1_616500.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_2_1_622400.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_2_1_622400.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_2_1_636300.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_2_1_636300.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_2_1_638800.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_2_1_638800.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_2_1_658100.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_2_1_658100.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_2_1_658300.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_2_1_658300.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_2_1_658600.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_2_1_658600.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_2_1_658700.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_2_1_658700.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_2_1_658900.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_2_1_658900.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_2_1_662100.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_2_1_662100.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_2_1_662200.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_2_1_662200.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_2_1_683100.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_2_1_683100.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_2_1_738900.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_2_1_738900.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_2_1_762000.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_2_1_762000.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_2_1_777200.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_2_1_777200.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_2_2_504300.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_2_2_548200.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_2_2_602800.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_2_2_617600.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_2_4_612300.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_2_4_638500.htm -> Adware.Cydoor : Cleaned with backup


::Report End

[skate_punk_21]

download the attachment below to your desktop, and rename it to regfix.reg. Once renamed, double click it and allow it to merge with the registry...
Please post an updated HijackThis Log...

Edited by skate_punk_21, 23 August 2005 - 01:07 PM.

[jerryrm]

My new hijack log:

Logfile of HijackThis v1.99.1
Scan saved at 7:28:28 AM, on 8/24/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\SpamBlockerUtility\Bin\4.6.1.0\SbOEAddOn.exe
C:\PROGRA~1\SPAMBL~1\Bin\461~1.0\SBInst.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Aaron Johnson\Desktop\Tifany\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\downlo~1\cnshook.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\downlo~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\SpamBlockerUtility\Bin\4.6.1.0\SbWeatherOnTray.exe
O4 - HKLM\..\Run: [SpamBlocker] C:\Program Files\SpamBlockerUtility\Bin\4.6.1.0\SbOEAddOn.exe
O4 - HKLM\..\Run: [Spam Blocker for Outlook Express] C:\PROGRA~1\SPAMBL~1\Bin\461~1.0\SBInst.exe
O4 - HKLM\..\Run: [helper.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKLM\..\RunOnce: [cnshint.dll] regsvr32 /s C:\WINDOWS\downlo~1\cnshint.dll
O4 - HKLM\..\RunOnce: [CnsHook.dll] regsvr32 /s C:\WINDOWS\downlo~1\CnsHook.dll
O4 - HKLM\..\RunOnce: [CnsMinEx.dll] regsvr32.exe /s
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PicoZip] C:\Program Files\PicoZip\PicoZipTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Quick Search (Yisou.com) - res://C:\WINDOWS\downlo~1\CnsMinEx.dll/1003
O9 - Extra button: Short Message - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm (file missing)
O9 - Extra button: Yahoo 1G mail - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.mail.yahoo.com/promo/rd1 (file missing)
O9 - Extra button: E bazar - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://hot.3721.com/rd/shop_btn.htm (file missing)
O9 - Extra button: 3721 Assistant - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://assistant.372...ndex.htm?fb=Cns (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Instant Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.c...nger.yahoo.com/ (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.372...ity1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: Repair Browser - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.372...ity1.htm?fb=Cns (file missing)
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.372...ean1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: Clean Internet access record - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.372...ean1.htm?fb=Cns (file missing)
O11 - Options group: [!CNS] Chinese keywords
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} (SbInstObj) - http://installs.spam...ckerutility.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe

[skate_punk_21]

And We're Back!

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.

Notes
Stubborn isnt it? lmao

Downloads
Download Killbox


Run KillBox and check the box that says 'End Explorer Shell While Killing File'. Next click on 'Delete on Reboot'. For each of the following files below, check the box that says 'Unregister .dll Before Deleting' if it's not grayed out. Copy and paste each of the following into KillBox (hitting the X button for each file - choose NO when it asks if you want to reboot) Click Yes at the 'Pending Operations prompt'. if you see it:

C:\WINDOWS\downlo~1\cnshook.dll
C:\WINDOWS\downlo~1\CnsMin.dll
C:\WINDOWS\downlo~1\cnshint.dll
C:\PROGRA~1\3721\helper.dll

* If you received a message such as: "PendingFileRenameOperations registry data has been removed by external process", you have to restart Windows manually .

* If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, download and run missingfilesetup.exe. Then try Killbox again.


REBOOT NOW


Start HijackThis Fix
Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\downlo~1\cnshook.dll
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\downlo~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [helper.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKLM\..\RunOnce: [cnshint.dll] regsvr32 /s C:\WINDOWS\downlo~1\cnshint.dll
O4 - HKLM\..\RunOnce: [CnsHook.dll] regsvr32 /s C:\WINDOWS\downlo~1\CnsHook.dll
O4 - HKLM\..\RunOnce: [CnsMinEx.dll] regsvr32.exe /s
O9 - Extra button: Short Message - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm (file missing)
O9 - Extra button: E bazar - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://hot.3721.com/rd/shop_btn.htm (file missing)
O9 - Extra button: 3721 Assistant - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://assistant.372...ndex.htm?fb=Cns (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.372...ity1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: Repair Browser - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.372...ity1.htm?fb=Cns (file missing)
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.372...ean1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: Clean Internet access record - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.372...ean1.htm?fb=Cns (file missing)
O11 - Options group: [!CNS] Chinese keywords

Please remember to close all other windows, including browsers then click Fix checked.


REBOOT ONCE MORE


Please post a fresh Hijack This log so that we can check if your system is clean.

Edited by skate_punk_21, 25 August 2005 - 12:22 PM.

[jerryrm]

sorry I've been away for a few days, I'll get right on this

[jerryrm]

Did I mention that you guys are awesome?

My fresh hijack log:

Logfile of HijackThis v1.99.1
Scan saved at 8:46:18 AM, on 8/29/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\SpamBlockerUtility\Bin\4.6.1.0\SbOEAddOn.exe
C:\PROGRA~1\SPAMBL~1\Bin\461~1.0\SBInst.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\imapi.exe
C:\Documents and Settings\Aaron Johnson\Desktop\Tifany\HijackThis.exe

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\downlo~1\cnshook.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\downlo~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\SpamBlockerUtility\Bin\4.6.1.0\SbWeatherOnTray.exe
O4 - HKLM\..\Run: [SpamBlocker] C:\Program Files\SpamBlockerUtility\Bin\4.6.1.0\SbOEAddOn.exe
O4 - HKLM\..\Run: [Spam Blocker for Outlook Express] C:\PROGRA~1\SPAMBL~1\Bin\461~1.0\SBInst.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PicoZip] C:\Program Files\PicoZip\PicoZipTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Quick Search (Yisou.com) - res://C:\WINDOWS\downlo~1\CnsMinEx.dll/1003
O9 - Extra button: Short Message - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm (file missing)
O9 - Extra button: Yahoo 1G mail - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.mail.yahoo.com/promo/rd1 (file missing)
O9 - Extra button: E bazar - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://hot.3721.com/rd/shop_btn.htm (file missing)
O9 - Extra button: 3721 Assistant - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://assistant.372...ndex.htm?fb=Cns (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Instant Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.c...nger.yahoo.com/ (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.372...ity1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: Repair Browser - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.372...ity1.htm?fb=Cns (file missing)
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.372...ean1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: Clean Internet access record - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.372...ean1.htm?fb=Cns (file missing)
O11 - Options group: [!CNS] Chinese keywords
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} (SbInstObj) - http://installs.spam...ckerutility.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe

[skate_punk_21]

Please download MWaveScan

Double-click mwav.exe and unzip it to its predetermined Directory (C:\Kaspersky)

Locate "kavupd.exe" in the New Folder and Double Click to Update.

If it says the signatures are more than 30 days old, keep trying!
Keep trying until you get the actual signatures!

When you see Updates downloaded Successfully, please press enter to continue but dont run it yet, go ahead and close it out for now.

Now go to the Kaspersky folder-> Locate and Double Click "mwavscan.com" to launch the MWAV Scanner!

Once opened-> Leave the "Default Settings ticked" and add a "tick" to"Drives"-> this will light up "All Drives"-> Add a "tick" to "Scan all Files"-> Click "Scan Clean" to begin!

This Scan may take Several Hours or more to Complete,Depending on the Hard Drive Size!

Please be sure it is Completed before proceeding!

Once the Scan has finished,All entries Identified as Infected will displayed in the lower pane!

Highlight everything that is inside the lower pane and press Ctrl+C at the same time to Copy!

Open a Blank Notepad Page and Paste the results (Ctrl+V) to it and Save it to your Desktop!

Post those results here

Edited by skate_punk_21, 29 August 2005 - 07:20 AM.

[jerryrm]

File C:\PROGRA~1\SPAMBL~1\Bin\461~1.0\SBOEAD~1.EXE tagged as not-a-virus:AdWare.ToolBar.Hotbar.ar. No Action Taken.
File C:\WINDOWS\System32\wjvyulsv.exe tagged as not-a-virus:AdWare.ToolBar.Shopper.c. No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer.zip infected by "Password-protected-EXE" Virus. Action Taken: File Renamed.
File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechISTsvc1.zip infected by "Password-protected-EXE" Virus. Action Taken: File Renamed.
File C:\Program Files\SpamBlockerUtility\bin\4.6.1.0\SbCoreSrv.dll tagged as not-a-virus:AdWare.HotBar.an. No Action Taken.
File C:\Program Files\SpamBlockerUtility\bin\4.6.1.0\SbOEAddOn.exe tagged as not-a-virus:AdWare.ToolBar.Hotbar.ar. No Action Taken.
File C:\Program Files\SpamBlockerUtility\bin\4.6.1.0\SbShprRprt.exe tagged as not-a-virus:AdWare.ToolBar.Shopper.c. No Action Taken.
File C:\Program Files\SpamBlockerUtility\bin\4.6.1.0\sbuinst.exe tagged as not-a-virus:AdWare.ToolBar.Shopper.c. No Action Taken.
File C:\Program Files\SpamBlockerUtility\bin\4.6.1.0\SbWallpaper.dll tagged as not-a-virus:AdWare.ToolBar.Hotbar.an. No Action Taken.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP111\A0005307.dll infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP120\A0005511.dll infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP120\A0005512.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP123\A0005535.dll infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005704.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005705.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005706.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005707.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005708.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005709.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005710.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005711.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005712.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005713.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005714.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005715.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005716.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005717.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005718.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005719.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005720.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005721.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005722.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005723.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005724.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005725.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005726.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005727.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005728.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005729.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005730.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005731.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005732.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005733.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005734.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005735.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005736.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005737.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005738.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005739.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005740.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005741.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005742.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005743.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005744.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005745.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005746.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005747.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005748.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005749.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005750.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005751.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005752.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005753.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005754.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005755.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005756.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005757.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005758.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005759.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005760.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005761.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005762.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005763.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005764.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005765.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005766.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005767.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005768.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005769.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005770.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005771.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005772.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005773.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005774.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005775.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005776.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005777.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005778.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005779.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005780.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005781.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005782.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005783.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005784.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005785.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005786.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005787.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005788.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005789.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005790.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005791.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005792.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005793.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005794.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005795.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005796.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005797.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005798.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005799.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005800.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005801.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005802.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005803.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005804.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005805.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005806.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005807.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005808.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005809.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005810.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005811.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005812.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005813.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005814.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005815.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005816.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005817.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005818.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005819.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005820.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005821.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005822.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005823.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005824.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005825.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005826.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005827.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005828.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005829.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005830.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005831.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005832.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005833.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005834.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005835.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005836.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005837.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005838.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005839.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005840.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005841.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005842.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005843.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005844.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005845.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005846.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005847.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005848.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005849.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005850.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005851.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005852.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005853.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005854.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005855.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005856.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005857.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005858.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005859.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005860.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005861.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005862.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005863.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005864.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005865.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005866.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005867.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005868.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005869.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005870.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005871.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005872.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005873.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005874.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005875.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005876.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005877.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005878.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005879.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005880.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005881.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005882.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005883.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005884.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005885.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005886.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005887.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005888.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005889.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005890.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005891.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005892.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005893.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005894.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005895.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005896.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005897.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005898.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005899.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005900.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005901.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005902.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005903.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005904.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005905.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005906.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005907.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005908.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005909.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005910.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005911.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005912.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005913.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005914.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005915.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005916.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005917.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005918.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005919.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005920.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005921.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005922.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005923.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005924.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005925.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005926.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005927.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005928.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005929.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005930.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005931.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005932.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005933.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005934.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005935.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005936.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005937.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005938.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005939.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005940.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005941.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005942.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005943.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005944.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005945.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005946.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005947.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005948.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005949.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005950.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005951.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005952.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005953.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005954.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005955.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005956.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005957.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005958.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005959.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005960.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005961.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005962.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005963.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005964.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005965.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005966.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005967.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005968.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005969.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005970.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005971.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005972.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005973.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005974.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005975.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005976.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005977.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005978.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005979.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005980.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005981.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005982.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005983.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005984.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005985.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005986.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005987.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005988.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005989.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005990.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005991.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005992.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005993.exe infected by "Trojan-Downloader.Win32.Agent.pm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{7A2DC154-7747-4712-BBC5-D4E1AD43DB30}\RP131\A0005994.dll infected by "Trojan.Win32.Delf.cf" Virus. Action Taken:

[skate_punk_21]

OK I may have a basic solution - I've seen it work but before starting lets get a fresh hijackthis log. first ok?

[jerryrm]

My fresh Hijack log, apparently the things you keep telling me to delete are being stubborn:

Logfile of HijackThis v1.99.1
Scan saved at 7:35:41 AM, on 9/1/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\SpamBlockerUtility\Bin\4.6.1.0\SbOEAddOn.exe
C:\PROGRA~1\SPAMBL~1\Bin\461~1.0\SBInst.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\FlashGet\flashget.exe
C:\Documents and Settings\Aaron Johnson\Desktop\Tifany\HijackThis.exe

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\downlo~1\cnshook.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\downlo~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SpamBlocker] C:\Program Files\SpamBlockerUtility\Bin\4.6.1.0\SbOEAddOn.exe
O4 - HKLM\..\Run: [Spam Blocker for Outlook Express] C:\PROGRA~1\SPAMBL~1\Bin\461~1.0\SBInst.exe
O4 - HKLM\..\Run: [helper.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKLM\..\RunOnce: [CnsHook.dll] regsvr32 /s C:\WINDOWS\downlo~1\CnsHook.dll
O4 - HKLM\..\RunOnce: [CnsMinEx.dll] regsvr32.exe /s
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Quick Search (Yisou.com) - res://C:\WINDOWS\downlo~1\CnsMinEx.dll/1003
O9 - Extra button: Short Message - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm (file missing)
O9 - Extra button: Yahoo 1G mail - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.mail.yahoo.com/promo/rd1 (file missing)
O9 - Extra button: E bazar - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://hot.3721.com/rd/shop_btn.htm (file missing)
O9 - Extra button: 3721 Assistant - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://assistant.372...ndex.htm?fb=Cns (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Instant Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.c...nger.yahoo.com/ (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.372...ity1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: Repair Browser - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.372...ity1.htm?fb=Cns (file missing)
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.372...ean1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: Clean Internet access record - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.372...ean1.htm?fb=Cns (file missing)
O11 - Options group: [!CNS] Chinese keywords
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} (SbInstObj) - http://installs.spam...ckerutility.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe

[skate_punk_21]

Notes
If this doesnt work I think im going to bring in an Expert...

Downloads
1: Please download Ad-aware and install it if you don't have it already. Make sure it's the newest version and check for any updates before running it. Also go Here to download the plug-in for fixing VX2 variants. To run this tool, go into Ad-aware->Add-ons and select VX2 Cleaner. Then click Run Tool and OK to start it. If it's clean, it will say Status System Clean. Otherwise, you will have to click on the Clean button to remove the VX2 infection. Also make sure to customize the settings in Ad-aware at for better scan results. Do Not Run It Yet

2. Download and install Spybot S&D. Run Spybot and click on the 'Search for Updates' button.Install any updates that are available.

Now click Mode menu and choose 'Advanced Mode'. Next click on Immunize to your left. Click the Immunize button (green cross) on top to Immunize your computer - you should do this each time there is an update. Do not run it yet

3. Update Ewido Security Suite Do not run it yet


Boot Into Safe Mode
Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work.


1. Run Ad-aware using your customized settings and Clean anything that it finds...To run the VX2 Cleaner, go into Ad-aware->Add-ons and select VX2 Cleaner. Then click Run Tool and OK to start it. If it's clean, it will say Status System Clean. Otherwise, you will have to click on the Clean button to remove the VX2 infection.

2. Run SpyBot - Now click on the 'Spybot-S&D' option on the top left to go back to the main screen. Next click on the 'Check for Problems' button. Let it run the scan. If it finds something, check all those in RED and hit the 'Fix Selected Problems' button. Exit Spybot. If you keep getting the DSO Exploit entries, even after you updated Windows and fixed them, then download the Spybot DSO Exploit Fix and install it over the current Spybot installation.

3. Run Ewido Security Suite

• Click on scanner
• Click on Complete System Scan and the scan will begin.
• You will be prompted to clean the first infection.
• Select "Perform action on all infections", then proceed.
• Once the scan has completed, there will be a button located on the bottom of the screen named Save report
• Click Save report.
• Save the report .txt file to your desktop or a location where you can find it easily.

Close ewido security suite.

Start HijackThis Fix
Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any)

O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\downlo~1\cnshook.dll
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\downlo~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [helper.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKLM\..\RunOnce: [CnsHook.dll] regsvr32 /s C:\WINDOWS\downlo~1\CnsHook.dll
O4 - HKLM\..\RunOnce: [CnsMinEx.dll] regsvr32.exe /s
O8 - Extra context menu item: Quick Search (Yisou.com) - res://C:\WINDOWS\downlo~1\CnsMinEx.dll/1003
O9 - Extra button: Short Message - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm (file missing)
O9 - Extra button: Yahoo 1G mail - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.mail.yahoo.com/promo/rd1 (file missing)
O9 - Extra button: E bazar - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://hot.3721.com/rd/shop_btn.htm (file missing)
O9 - Extra button: 3721 Assistant - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://assistant.372...ndex.htm?fb=Cns (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.372...ity1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: Repair Browser - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.372...ity1.htm?fb=Cns (file missing)
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.372...ean1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: Clean Internet access record - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.372...ean1.htm?fb=Cns (file missing)
O11 - Options group: [!CNS] Chinese keywords

Please remember to close all other windows, including browsers then click Fix checked.


File/Folder Deletions
Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist.
for downlo~1 your looking for the first folder that has downlo as its first six letters.
C:\WINDOWS\downlo~1\CnsMin.dll
C:\PROGRA~1\3721\
C:\WINDOWS\downlo~1\CnsHook.dll
C:\WINDOWS\downlo~1\CnsMinEx.dll

Reboot your system in Normal Mode.

Further Scanning
Please run a Scan at the Following site
Panda ActiveScan

Make sure that you choose the "fix" or "clean" option when available
at the end of this scan you will be given then option to save a log from the scan -SAVE THAT LOG- and post it here

Please post a fresh HijackThis log, Ewido Log & the Log from Panda so that we can check if your system is clean.

Edited by skate_punk_21, 01 September 2005 - 11:38 AM.

[jerryrm]

I will get this done tomorrow

[jerryrm]

I can't do the panda scan for some reason. It gives me an error message