Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

problem with Exsplorer


  • Please log in to reply

#1
wooodrow

wooodrow

    New Member

  • Member
  • Pip
  • 3 posts
hay yeah i was wondering if anyone could help me, I have an IE icon called "Exsplorer" on my desktop, documents, quiklaunch, start menu and other places in my computer, and regardless of how many times i delete it it reaperas on start-up or later on in use
also peridocally an pop-up in a foreign language appears, on whcih if you press yes, no or Alt + F4 it still links you to a website
can anyone help me get rid of this!
heres my HJT log

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\appnx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\sysmon.exe
C:\WINDOWS\system32\sdkpn.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\LimeWire\LimeWire.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Opera\TrojanHunter.exe
C:\DOCUME~1\woody\LOCALS~1\Temp\is-75JBD.tmp\is-ORT8V.tmp
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\dugqu.dll/sp.html#62608
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\dugqu.dll/sp.html#62608
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\dugqu.dll/sp.html#62608
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\dugqu.dll/sp.html#62608
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\dugqu.dll/sp.html#62608
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\dugqu.dll/sp.html#62608
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\dugqu.dll/sp.html#62608
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Class - {62032CE7-6F44-B284-9F2B-FB404D7C3C8E} - C:\WINDOWS\system32\syspv32.dll
O2 - BHO: Class - {72B2792C-D29E-16A4-EE1D-D7DC8988D531} - C:\WINDOWS\system32\winay32.dll
O2 - BHO: Class - {73370541-FB2A-6DED-E594-D3DA5F033BD7} - C:\WINDOWS\apppe32.dll (file missing)
O2 - BHO: Class - {983D1105-2366-D1D5-E5DA-05F4CC5CDA8E} - C:\WINDOWS\addlo.dll (file missing)
O2 - BHO: Class - {B2819A5E-99B0-2567-6CB7-ABCAF513BCB6} - C:\WINDOWS\system32\netvb.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {CE9596F4-6291-9D52-7126-1963BA99D795} - C:\WINDOWS\sdkbz.dll (file missing)
O2 - BHO: Class - {CF546225-341C-30CE-6E17-98A3B9CEEB9D} - C:\WINDOWS\msju32.dll (file missing)
O2 - BHO: Toolbar Helper - {D44BBB61-E17F-4AE6-A502-8D7E0B29E616} - C:\WINDOWS\System32\s1930.dll
O2 - BHO: Class - {E2440651-7FE0-4276-6917-766C9FA742A6} - C:\WINDOWS\system32\sdklv32.dll (file missing)
O3 - Toolbar: Stumble&Upon - {22D003CE-6952-46C5-80B9-D19B479620AB} - C:\WINDOWS\System32\s1930.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IW ControlCenter] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [SupaDial] C:\Program Files\SupaDial\SupaDial.exe /A
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [apisa32.exe] C:\WINDOWS\system32\apisa32.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Systems] C:\WINDOWS\system32\sysmon.exe
O4 - HKLM\..\Run: [msca32.exe] C:\WINDOWS\system32\msca32.exe
O4 - HKLM\..\Run: [sdkpn.exe] C:\WINDOWS\system32\sdkpn.exe
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: StumbleUpon: &Blog This - res://C:\WINDOWS\System32\s1930.dll/blogimage
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.timecomputers.com
O15 - Trusted Zone: www.archiviosex.net
O15 - Trusted Zone: www.redfunny.com
O15 - Trusted Zone: www.skymasters.biz
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.c...es/MsnInstC.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1131624414984
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Network Security Service (NSS) ( 11F#`I) - Unknown owner - C:\WINDOWS\appnx.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)
  • 0

Advertisements


#2
Armodeluxe

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Hi wooodrow, welcome to GeeksToGo,

If you still need help, please post a new HijackThis log and I will be happy to assist you.

Regards,

Armodeluxe
  • 0

#3
wooodrow

wooodrow

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
chers armodeluxe, heres my new HJT

Logfile of HijackThis v1.99.1
Scan saved at 18:10:26, on 23/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\appnx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\sysmon.exe
C:\WINDOWS\system32\sdkpn.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\dugqu.dll/sp.html#62608
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\dugqu.dll/sp.html#62608
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\dugqu.dll/sp.html#62608
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\dugqu.dll/sp.html#62608
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\dugqu.dll/sp.html#62608
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\dugqu.dll/sp.html#62608
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\dugqu.dll/sp.html#62608
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Class - {62032CE7-6F44-B284-9F2B-FB404D7C3C8E} - C:\WINDOWS\system32\syspv32.dll
O2 - BHO: Class - {72B2792C-D29E-16A4-EE1D-D7DC8988D531} - C:\WINDOWS\system32\winay32.dll
O2 - BHO: Class - {73370541-FB2A-6DED-E594-D3DA5F033BD7} - C:\WINDOWS\apppe32.dll (file missing)
O2 - BHO: Class - {983D1105-2366-D1D5-E5DA-05F4CC5CDA8E} - C:\WINDOWS\addlo.dll (file missing)
O2 - BHO: Class - {B2819A5E-99B0-2567-6CB7-ABCAF513BCB6} - C:\WINDOWS\system32\netvb.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {CE9596F4-6291-9D52-7126-1963BA99D795} - C:\WINDOWS\sdkbz.dll (file missing)
O2 - BHO: Class - {CF546225-341C-30CE-6E17-98A3B9CEEB9D} - C:\WINDOWS\msju32.dll (file missing)
O2 - BHO: Toolbar Helper - {D44BBB61-E17F-4AE6-A502-8D7E0B29E616} - C:\WINDOWS\system32\s1932.dll
O2 - BHO: Class - {E2440651-7FE0-4276-6917-766C9FA742A6} - C:\WINDOWS\system32\sdklv32.dll (file missing)
O3 - Toolbar: Stumble&Upon - {22D003CE-6952-46C5-80B9-D19B479620AB} - C:\WINDOWS\system32\s1932.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IW ControlCenter] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [SupaDial] C:\Program Files\SupaDial\SupaDial.exe /A
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
O4 - HKLM\..\Run: [apisa32.exe] C:\WINDOWS\system32\apisa32.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Systems] C:\WINDOWS\system32\sysmon.exe
O4 - HKLM\..\Run: [msca32.exe] C:\WINDOWS\system32\msca32.exe
O4 - HKLM\..\Run: [sdkpn.exe] C:\WINDOWS\system32\sdkpn.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: StumbleUpon: &Blog This - res://C:\WINDOWS\system32\s1932.dll/blogimage
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.timecomputers.com
O15 - Trusted Zone: www.archiviosex.net
O15 - Trusted Zone: www.redfunny.com
O15 - Trusted Zone: www.skymasters.biz
O15 - Trusted Zone: *.stumbleupon.com
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.c...es/MsnInstC.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1131624414984
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Network Security Service (NSS) ( 11F#`I) - Unknown owner - C:\WINDOWS\appnx.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)


hope u can help, ive done everything i can think of
  • 0

#4
Armodeluxe

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Please print out this post so that you have a hard copy of these instructions. You will need to keep Internet Explorer and Windows Explorer (including My Computer) closed throughout the entire process.

Use Internet Explorer only once to download Firefox and use only Firefox until we get you clean.

First, download and install CleanUp! but do not run it yet.
*NOTE* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups.

Please download CWSServiceremove.zip from here:
http://www.geekstogo...=download&id=43
Unzip it to the desktop but do NOT run it yet.

Please download Intermute's CWShredder from here:
http://cwshredder.ne.../CWShredder.exe
Save it to the desktop but do NOT run it yet.

Then please download About:Buster from here:
http://www.malwareby...AboutBuster.zip
Unzip it to the desktop, run it, Check for Updates, and update the files, but do NOT run a scan yet.

Please download Ewido Security Suite (do NOT run it yet!)
  • Install ewido security suite
  • Launch ewido, there should be a big E icon on your desktop, double-click it.
  • The program will prompt you to update click the OK button
  • The program will now go to the main screen
  • You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Click on Start
  • The update will start and a progress bar will show the updates being installed
  • After the updates are installed, exit Ewido
Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter.

Once in Safe Mode,

Go to Start -> Run -> services.msc. Locate Network Security Service (NSS) ( 11F#`I), right-click on it, and choose Properties. Click Stop, and set the "Startup Type" to Disabled.

Open task manager (CTRL+ALT+DEL) and endtask this process if it's running: appnx.exe

Now double click on CWSServiveremove.reg and let it merge with the registry.

Then please run CWShredder, and click Fix.

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.

If Cleanup! asks if you want to reboot, click NO

Then please run About:Buster and click Start to begin the scan. If prompted to end the Explorer.exe process, click Yes. Your desktop may disappear --- this is normal. Allow the program to scan twice, and when complete click "Save Log". This will create a text file called "AB Logfile.txt" in the folder where About:Buster is saved. I will want to see this logfile later.

Open Ewido
  • Click on scanner
  • Click Complete System Scan
  • Let the program scan the machine
While the scan is in progress you will be prompted to clean the first infected file it finds. Choose "remove", then put a check next to "Perform action on all infections" in the left corner of the box so you don't have to sit and watch Ewido the whole time. Click OK.

Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report
  • Save the report to your desktop
  • Exit Ewido

Finally, please run HijackThis, click Scan, and put a check next to these: (if there are more O2 - BHO: Class entries than listed, put a check next to all of them)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\dugqu.dll/sp.html#62608
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\dugqu.dll/sp.html#62608
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\dugqu.dll/sp.html#62608
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\dugqu.dll/sp.html#62608
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\dugqu.dll/sp.html#62608
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\dugqu.dll/sp.html#62608
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\dugqu.dll/sp.html#62608
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {62032CE7-6F44-B284-9F2B-FB404D7C3C8E} - C:\WINDOWS\system32\syspv32.dll
O2 - BHO: Class - {72B2792C-D29E-16A4-EE1D-D7DC8988D531} - C:\WINDOWS\system32\winay32.dll
O2 - BHO: Class - {73370541-FB2A-6DED-E594-D3DA5F033BD7} - C:\WINDOWS\apppe32.dll (file missing)
O2 - BHO: Class - {983D1105-2366-D1D5-E5DA-05F4CC5CDA8E} - C:\WINDOWS\addlo.dll (file missing)
O2 - BHO: Class - {B2819A5E-99B0-2567-6CB7-ABCAF513BCB6} - C:\WINDOWS\system32\netvb.dll (file missing)
O2 - BHO: Class - {CE9596F4-6291-9D52-7126-1963BA99D795} - C:\WINDOWS\sdkbz.dll (file missing)
O2 - BHO: Class - {CF546225-341C-30CE-6E17-98A3B9CEEB9D} - C:\WINDOWS\msju32.dll (file missing)
O2 - BHO: Class - {E2440651-7FE0-4276-6917-766C9FA742A6} - C:\WINDOWS\system32\sdklv32.dll (file missing)
O4 - HKLM\..\Run: [apisa32.exe] C:\WINDOWS\system32\apisa32.exe
O4 - HKLM\..\Run: [Systems] C:\WINDOWS\system32\sysmon.exe
O4 - HKLM\..\Run: [msca32.exe] C:\WINDOWS\system32\msca32.exe
O4 - HKLM\..\Run: [sdkpn.exe] C:\WINDOWS\system32\sdkpn.exe
O15 - Trusted Zone: www.archiviosex.net
O15 - Trusted Zone: www.redfunny.com
O15 - Trusted Zone: www.skymasters.biz
O15 - Trusted Zone: *.stumbleupon.com
O23 - Service: Network Security Service (NSS) ( 11F#`I) - Unknown owner - C:\WINDOWS\appnx.exe


Close all open windows except for HijackThis and click Fix Checked.

Now look for and delete these files if still present:

C:\WINDOWS\system32\apisa32.exe
C:\WINDOWS\system32\sysmon.exe
C:\WINDOWS\system32\msca32.exe
C:\WINDOWS\system32\sdkpn.exe
C:\WINDOWS\appnx.exe

Then please restart your computer in Normal Mode, and post a new HijackThis log, as well as the logs from AboutBuster and Ewido.
  • 0

#5
wooodrow

wooodrow

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
hay, cheers for the help, i did everything you said, although some of the files you told me to delete wernt on the HJT log, but i presued that was just because they had been dleted by one of the other things

heres my logs

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HJT\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Toolbar Helper - {D44BBB61-E17F-4AE6-A502-8D7E0B29E616} - C:\WINDOWS\system32\s1932.dll
O3 - Toolbar: Stumble&Upon - {22D003CE-6952-46C5-80B9-D19B479620AB} - C:\WINDOWS\system32\s1932.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IW ControlCenter] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: StumbleUpon: &Blog This - res://C:\WINDOWS\system32\s1932.dll/blogimage
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.c...es/MsnInstC.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1131624414984
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

and heres my AB log

------------------------------------------------
Streams(ADS) not scanned: System not NTFS
------------------------------------------------
Removed File! : C:\WINDOWS\demtke.dat
Removed File! : C:\WINDOWS\svesvr.dat
Removed File! : C:\WINDOWS\nrvnu.dat
Removed File! : C:\WINDOWS\jadft.dat
Removed File! : C:\WINDOWS\sdbaor.dat
Removed File! : C:\WINDOWS\nozma.dat
Removed File! : C:\WINDOWS\system32\tykel.dat
Removed File! : C:\WINDOWS\system32\waodg.dat
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 18:18:02

and heres ewido

HKLM\SOFTWARE\Classes\CLSID\{04D2569C-ED83-79FB-0E43-F43DFA258774} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{676575DD-4D46-911D-8037-9B10D6EE8BB5} -> Spyware.CoolWebSearch : Cleaned with backup
C:\WINDOWS\system32\sysfind.exe -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\system32\sysfind.exe.tcf -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\system32\sysfind.exe2659.tcf -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\system32\ipri.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\d3zp32.exe -> TrojanDownloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\neter.exe -> TrojanDownloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\winay32.dll -> TrojanDownloader.WinShow.bg : Cleaned with backup
C:\WINDOWS\kpcill.dat -> TrojanDownloader.WinShow.bg : Cleaned with backup
C:\WINDOWS\dkarah.dat -> TrojanDownloader.Agent.td : Cleaned with backup
C:\WINDOWS\bhhvgb.dat -> TrojanDownloader.WinShow.bg : Cleaned with backup
C:\WINDOWS\uirzln.dat -> TrojanDownloader.Agent.td : Cleaned with backup
C:\WINDOWS\sgrfk.dll -> Adware.SearchPage : Cleaned with backup
C:\WINDOWS\ifyxyq.dat -> TrojanDownloader.Agent.td : Cleaned with backup
C:\WINDOWS\aqdiym.dat -> TrojanDownloader.Agent.td : Cleaned with backup
C:\WINDOWS\pjxnli.log -> Adware.SearchPage : Cleaned with backup
C:\WINDOWS\msyh32.exe -> TrojanDownloader.Agent.td : Cleaned with backup
C:\WINDOWS\cbvsnm.log -> TrojanDownloader.Agent.td : Cleaned with backup
C:\WINDOWS\cpsdye.log -> TrojanDownloader.Agent.td : Cleaned with backup
C:\WINDOWS\krqzqx.txt -> TrojanDownloader.Agent.td : Cleaned with backup
C:\WINDOWS\corpfm.dat -> TrojanDownloader.Agent.td : Cleaned with backup
C:\WINDOWS\koxxyc.dat -> Adware.SearchPage : Cleaned with backup
C:\WINDOWS\czadxp.dat -> TrojanDownloader.Agent.td : Cleaned with backup
C:\WINDOWS\appgc32.exe -> TrojanDownloader.Agent.td : Cleaned with backup
C:\WINDOWS\netpp.exe -> TrojanDownloader.Agent.td : Cleaned with backup
C:\WINDOWS\pmfpct.log -> TrojanDownloader.Agent.td : Cleaned with backup
C:\WINDOWS\vnozyi.log -> TrojanDownloader.Agent.td : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP1\A0000016.exe -> Heuristic.Win32.Dialer : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP29\A0026809.DLL -> Adware.SpySheriff : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP29\A0026810.DLL -> Adware.SpySheriff : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP29\A0026811.DLL -> Adware.SpySheriff : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP29\A0026812.dll -> Spyware.SpywareNo : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP29\A0026813.dll -> Adware.SpySheriff : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP29\A0026819.EXE -> Not-A-Virus.Hoax.Renos.p : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP29\A0026820.exe -> Adware.SpySheriff : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP29\A0027532.dll -> TrojanDownloader.Small.azk : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP29\A0027568.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP29\A0027571.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP32\A0028136.EXE -> TrojanDropper.Delf.fd : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP32\A0028467.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP32\A0028535.exe -> TrojanDownloader.Small.bsu : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP32\A0028468.exe.tcf -> Dialer.Generic : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030102.EXE -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030104.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030105.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030106.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030107.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030108.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030109.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030110.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030111.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030112.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030113.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030114.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030115.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030116.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030117.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030118.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030119.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030120.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030121.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030122.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030123.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030124.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030125.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030164.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030165.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030166.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030167.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030168.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030169.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030170.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030171.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030172.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030173.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030174.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030175.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030176.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030177.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030178.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030179.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030198.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030199.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030200.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030201.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030202.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030203.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030204.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030205.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030206.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030207.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030208.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030209.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030211.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030212.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030213.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030214.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030215.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030216.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030217.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030218.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030219.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030220.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030221.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030224.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030225.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030226.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030227.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030228.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030229.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030230.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030231.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030232.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030241.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030242.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030243.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030244.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030247.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030248.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030250.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030251.exe -> TrojanDownloader.Agent.td : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030254.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030255.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030259.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030278.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030279.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030280.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030281.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030298.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030300.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030301.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030302.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030310.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030313.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030319.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030324.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030344.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030345.exe -> TrojanDownloader.Agent.td : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030347.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030348.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030349.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030350.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030352.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030354.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030355.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030356.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030357.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030358.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030363.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030364.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030365.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030367.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030368.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030370.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030371.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030373.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP37\A0030375.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP41\A0030476.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP41\A0030477.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP41\A0030478.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP41\A0030479.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP41\A0030480.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP41\A0030481.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP41\A0030482.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP41\A0030483.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP41\A0030484.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP41\A0030485.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP41\A0030486.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP41\A0030487.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP41\A0030488.exe -> TrojanDownloader.Agent.td : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP41\A0030489.dll.tcf -> Spyware.SearchPage : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP41\A0030490.dll.tcf -> Spyware.SearchPage : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP41\A0030491.dll.tcf -> Spyware.SearchPage : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP69\A0031915.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP69\A0031916.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP69\A0031917.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP69\A0031918.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP69\A0031919.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP69\A0031920.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP69\A0031921.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP69\A0031922.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP69\A0031923.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP69\A0031924.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP69\A0031925.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP69\A0031926.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP69\A0031931.dll -> Adware.SearchPage : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP69\A0031952.dll -> Adware.SearchPage : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP69\A0031908.dll.tcf -> Spyware.SearchPage : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP69\A0031930.exe.tcf -> Dialer.Generic : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP69\A0031932.dll.tcf -> Spyware.SearchPage : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP99\A0037184.exe.tcf -> Dialer.Generic : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP99\A0037326.dll -> Adware.SearchPage : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP99\A0037327.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP102\A0039051.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP103\A0039249.exe -> TrojanDownloader.Small.bsu : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP103\A0039252.dll -> Adware.SearchPage : Cleaned with backup
C:\System Volume Information\_restore{73910013-50A7-4717-97D6-F2504B358FDD}\RP103\A0039267.EXE -> TrojanDownloader.Agent.td : Cleaned with backup

cheers!
  • 0

#6
Armodeluxe

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Hey it looks like we chopped its head off in one go :tazz:

Let's try to use IE and see if you'll get reinfected.

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post along with a new HijackThis log.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP