[TJHagen]

I would consider myself not technical with computers, but in general I know how to use computers pretty efficently. The problems im having though are beyond my capabilities, so I have turned to the guys that do it best...you guys. I am having some serious Malware problems. I believe I have the 'Winfixer' problem, I know for a fact that I have the 'about:blank' problem along with the 'New PolyWin32' problem/virus...I will post a HiJackThis log and hopefully you guys can look at it for me? Thanks! BY THE WAY.. I hadnt ever used HiJackThis until about a week ago and when I used it the first time and it gave me that list of about 300 items, I accidently clicked on ever item it showed and clicked the 'Fix' aka Remove button...I didnt know what I was doing and I was just wondering if that is a problem or if it could possibly cause problems? Thanks again! Here is the log..


Logfile of HijackThis v1.99.1
Scan saved at 1:43:56 AM, on 12/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\ntum.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe
C:\WINDOWS\ipxm.exe
C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\iezrn.dll/sp.html#77035
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\iezrn.dll/sp.html#77035
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\iezrn.dll/sp.html#77035
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\iezrn.dll/sp.html#77035
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\iezrn.dll/sp.html#77035
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\iezrn.dll/sp.html#77035
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\iezrn.dll/sp.html#77035
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {04D84A7E-AF1A-27B3-7174-33D2BABA7210} - C:\WINDOWS\apijk32.dll
O4 - HKLM\..\Run: [ipxm.exe] C:\WINDOWS\ipxm.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\ntum.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

[Advertisements]

AAAH! I almost forgot.. When I ran my McAfree Virus Scan yesterday, it came up with the following.

I am infected with the following according to McAfree.

C:/windows/system32/ntum.exe (New PolyWin32 memory virus)
C:/windows/system32/ntum (New PolyWin32 virus)
C:/windows/system32/ipxm.exe (New PolyWin32 memory virus)
C:/windows/ipxm.exe (New PolyWin32 virus)

Help!

[TJHagen]

AAAH! I almost forgot.. When I ran my McAfree Virus Scan yesterday, it came up with the following.

I am infected with the following according to McAfree.

C:/windows/system32/ntum.exe (New PolyWin32 memory virus)
C:/windows/system32/ntum (New PolyWin32 virus)
C:/windows/system32/ipxm.exe (New PolyWin32 memory virus)
C:/windows/ipxm.exe (New PolyWin32 virus)

Help!

[Excal]

Hi TJHagen and welcome to GeeksToGo! My name is Excal and I will be helping you.

Well the good news is that you have HiJackthis in a proper folder

lets hope there isn't any bad news. We will get thru this

To restore the backups:

• Open HiJackThis
• Click on "View the list of Backups"
• Place a check mark next to everything in that window
• Click Restore
• Click Yes
• Reboot your computer
• Run HiJackThis and post a new HiJackThis log for review.

Lets start there


thanks,



Excal

[TJHagen]

Hello again. Ok, I believe you telling me to restore everything that I deleted by accident from HiJackThis. The problem is that, if I do that, I believe that the programs that infected me will come back and at that point I wont even be able to use my laptop because it basically freezes at point of startup and I cant do anything with it unless im in Safe Mode. Are you sure I should do that?

[Excal]

the only way I can help you is to see what bad stuff is on your computer. I need to make a plan of action on where to start on your highly infected machine. if you could get me a HiJackthis log from normal mode, with all the things restored, that would be perfect. If you have another machine in you house that you could transfer programs to your lap top, that would be good. Most of the work we will be doing will be in safe mode.



Excal

[TJHagen]

Hello again..

I did what you requested by going into HiJackThis and click on 'view list of backups'... the only problem is that it gave a list of NOTHING. There was absolutely nothing in the 'list of backups' and under configuration, which I have not messed with, the 'make backups before fixing items' is checked off...so I dont know what could have happened? What should I do now?

[Excal]

we can try and fix what is showing on HiJackthis now, and hopefully things that you checked off were of no server importance. If you would like to do that, please post a fresh HiJackthis log. (Make sure you go into msconfig startup and ensure that everything is checked off, then reboot)



Excal

[TJHagen]

Logfile of HijackThis v1.99.1
Scan saved at 2:26:12 PM, on 12/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\ntum.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\ipxm.exe
C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\klqvg.dll/sp.html#77035
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\klqvg.dll/sp.html#77035
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\klqvg.dll/sp.html#77035
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\klqvg.dll/sp.html#77035
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\klqvg.dll/sp.html#77035
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\klqvg.dll/sp.html#77035
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\klqvg.dll/sp.html#77035
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {04D84A7E-AF1A-27B3-7174-33D2BABA7210} - C:\WINDOWS\apijk32.dll
O2 - BHO: Class - {07AA0D39-02E3-677B-1C65-8949A994E0F0} - C:\WINDOWS\msvq.dll
O2 - BHO: Class - {37FEC172-7D9F-A669-CCD9-E33BBFC88EDD} - C:\WINDOWS\system32\syssg.dll
O2 - BHO: Class - {783BA5D8-5DBC-1F9E-1F4A-FEF17FBFA474} - C:\WINDOWS\system32\crqq.dll
O2 - BHO: Class - {7B4ECFD1-8BE1-9AC7-6F51-6E3AF4D60560} - C:\WINDOWS\sysav32.dll
O2 - BHO: Class - {CC736B40-8144-5D9C-A826-91485E5E97D8} - C:\WINDOWS\system32\apiei32.dll
O4 - HKLM\..\Run: [ipxm.exe] C:\WINDOWS\ipxm.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\ntum.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

[Excal]

DOWNLOAD PROGRAMS

Please download and install these programs - don't run them yet!!

Please download and unzip
About:Buster to a folder. Inside the folder is a readme file that has instructions on the use of the program.
AboutBuster MUST be updated before you use it.
Start AboutBuster, click the update button, check for updates. Please don't run it yet.

Please download and install AD-Aware.

Check Here on how setup and use it - please make sure you update it first.

Download and unzip HSfix to your desktop :
HSRegFix

Download and install CleanUp! Here*NOTE* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups.

Download CWShredder here to its own folder.

Update CWShredder

• Open CWShredder and click I AGREE
• Click Check For Update
• Close CWShredder

We will be using this program later.

Download the Host Here
Please do not use program yet


THE FIX

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

1. Click this link to be sure you can view hidden files.

2. Ensure you are NOT connected to the internet.

3. Open up the Host program.

• Make sure that the "make hosts writable?" button in the upper right corner is enabled.
• Click back up Host files
• then click Restore orginal host files
• close program

4. Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

5. Go to Start->Run and type in services.msc and hit OK. Then look for Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) and double click on it. Click on the Stop button and under Startup type, choose Disabled.

6. Close all browsers, windows and unneeded programs.

7. Open HiJack and do a scan.

8. Put a Check next to the following items:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\klqvg.dll/sp.html#77035
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\klqvg.dll/sp.html#77035
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\klqvg.dll/sp.html#77035
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\klqvg.dll/sp.html#77035
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\klqvg.dll/sp.html#77035
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\klqvg.dll/sp.html#77035
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\klqvg.dll/sp.html#77035
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {04D84A7E-AF1A-27B3-7174-33D2BABA7210} - C:\WINDOWS\apijk32.dll
O2 - BHO: Class - {07AA0D39-02E3-677B-1C65-8949A994E0F0} - C:\WINDOWS\msvq.dll
O2 - BHO: Class - {37FEC172-7D9F-A669-CCD9-E33BBFC88EDD} - C:\WINDOWS\system32\syssg.dll
O2 - BHO: Class - {783BA5D8-5DBC-1F9E-1F4A-FEF17FBFA474} - C:\WINDOWS\system32\crqq.dll
O2 - BHO: Class - {7B4ECFD1-8BE1-9AC7-6F51-6E3AF4D60560} - C:\WINDOWS\sysav32.dll
O2 - BHO: Class - {CC736B40-8144-5D9C-A826-91485E5E97D8} - C:\WINDOWS\system32\apiei32.dll
O4 - HKLM\..\Run: [ipxm.exe] C:\WINDOWS\ipxm.exe
O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\ntum.exe

9. click the Fix Checked box

10. Please remove just the files from the following paths using Windows Explorer (if present):

C:\WINDOWS\system32\ntum.exe
C:\WINDOWS\ipxm.exe

11. Please run about:buster by RubbeRDuckY:

• Click Begin Removal.
• It will begin to check your computer for malicious files.
• AboutBuster will finish and open a new page. Follow the instructions for protection on that page.
• Shut down AboutBuster. A log should have been created.Please Save this log and copy it in your next post.

12. Scan with AdAware and let it remove any bad files found.

13. Run the program CleanUp! (do not reboot yet)

14. Double click on the HSFix and when asked to merge say yes.

15. Now run CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about. Reboot your computer into normal windows.

16. Reboot into normal mode and please run this online virus scan: ActiveScan - Save the results from the scan!

[TJHagen]

Ok. So I got to Step 5 of the 'Fix' and I rebooted into SafeMode and then went into Start-Run and typed in services.msc. I then scrolled down to look for 'Network Security Service (NSS)' and I cant locate it (it doesnt exist). I did locate farther down though a 'Security Accounts Manager' (which is listed as automatic) and a 'Security Center' (which is listed as disabled), however, there is no Network Security Service (NSS). What should I do now?

[Excal]

Continue on with the fix please



Excal

[TJHagen]

Incident/Status/Location

Adware:Adware/IdeskBar Not disinfected C:\WINDOWS\SYSTEM32\IDEMLOG.EXE
Adware:Adware/SearchAid Not disinfected C:\WINDOWS\system32\mfckf32.exe
Adware:adware/ideskbar Not disinfected C:\WINDOWS\SYSTEM32\idesk.conf
Adware:adware/psguard Not disinfected C:\WINDOWS\SYSTEM32\intell32.exe
Spyware:spyware/smitfraud Not disinfected C:\WINDOWS\SYSTEM32\oleext.dll
Adware:adware/navipromo Not disinfected C:\WINDOWS\SYSTEM32\sdkro32.exe
Spyware:spyware/petro-line Not disinfected C:\Documents and Settings\T\Favorites\SITES ABOUT\Ab scissor.url
Adware:adware/searchaid Not disinfected C:\Documents and Settings\T\Favorites\Only sex website.url
Adware:adware/sbsoft Not disinfected C:\WINDOWS\rdt.ini
Adware:adware/cws.aboutblank Not disinfected Windows Registry
Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\Administrator\Desktop\backups\backup-20051210-193353-901.dll
Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\Administrator\Desktop\backups\backup-20051210-193622-466.dll
Adware:Adware/SearchAid Not disinfected C:\WINDOWS\appsk32.exe
Adware:Adware/SearchAid Not disinfected C:\WINDOWS\ieoq32.exe
Adware:Adware/SearchAid Not disinfected C:\WINDOWS\ipzz32.exe
Adware:Adware/SearchAid Not disinfected C:\WINDOWS\msjx32.exe
Adware:Adware/SearchAid Not disinfected C:\WINDOWS\system32\apppf.exe
Possible Virus. Not disinfected C:\WINDOWS\system32\hgqhp.exe
Virus:Bck/Webber.BE Not disinfected C:\WINDOWS\system32\Kabllc32.exe
Adware:Adware/WinHound Not disinfected C:\WINDOWS\system32\ldr296.dll
Adware:Adware/WinHound Not disinfected C:\WINDOWS\system32\ldr390.dll
Adware:Adware/WinHound Not disinfected C:\WINDOWS\system32\ldr461.dll
Adware:Adware/WinHound Not disinfected C:\WINDOWS\system32\ldr579.dll
Adware:Adware/WinHound Not disinfected C:\WINDOWS\system32\ldr593.dll
Adware:Adware/WinHound Not disinfected C:\WINDOWS\system32\ldr730.dll
Adware:Adware/WinHound Not disinfected C:\WINDOWS\system32\ldr779.dll
Adware:Adware/WinHound Not disinfected C:\WINDOWS\system32\ldr886.dll
Virus:Bck/Galapoper.HP Not disinfected C:\WINDOWS\system32\ll.exe
Adware:Adware/SearchAid Not disinfected C:\WINDOWS\system32\mfckf32.exe
Dialer:Dialer.ECD Not disinfected C:\WINDOWS\system32\mspostsp.exe
Virus:Trj/Jupillites.A Not disinfected C:\WINDOWS\system32\msupdate32.dll
Virus:Bck/Webber.BF Not disinfected C:\WINDOWS\system32\Pcpmnq32.dll
Adware:Adware/WinHound Not disinfected C:\WINDOWS\system32\run973.exe
Adware:Adware/SearchAid Not disinfected C:\WINDOWS\system32\sysfn.exe
---------------------------------------------------------------------------------------------------------------------------

AboutBuster 5.1, reference file 32
Scan started on [12/18/2005] at [8:56:14 PM]
------------------------------------------------
No Ads Found!
------------------------------------------------
Removed File! : C:\WINDOWS\ewtqj.dat
Removed File! : C:\WINDOWS\mfoqi.dat
Removed File! : C:\WINDOWS\xhddl.dat
Removed File! : C:\WINDOWS\zpend.dat
Removed File! : C:\WINDOWS\system32\szhuu.dat
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 8:57:14 PM



I've ran about:buster twice now and im still infected so I dont know what the deal with that is? Other than that.. i still get popups pretty bad. Where should I go from here? I downloaded everything and did the fix...what else should I do?

[Excal]

You have soooo many infections on your computer, its difficult to know where to start, we are going to do some scans in safe mode and hopefully take care of alot of this crud

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.


DOWNLOAD PROGRAMS

Download smitRem.exe© by noahdfear and save the file to your desktop.
Double click on the file to extract it to it's own folder on the desktop.

Please download ewido security suite it is a trial version of the program.

• Install ewido security suite
• When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
• Launch ewido, there should be an icon on your desktop double-click it.
• The program will now go to the main screen

You will need to update ewido to the latest definition files.

• On the left hand side of the main screen click update
• Then click on Start Update

The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates
Close Ewido, we will use this later.

Please read Ewido Setup Instructions
Install it, and update the definitions to the newest files. Do NOT run a scan yet.


THE FIX

1. Click this link to be sure you can view hidden files.

2. Ensure you are NOT connected to the internet.

3. Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

4. Close all browsers, windows and unneeded programs.

5. Open HiJack and do a scan.

6. Put a Check next to the following items:

O17 - HKLM\System\CS1\Services\Tcpip\..\{47C850D5-3646-4836-9DB9-58D3C9873A66}: NameServer = 66.133.170.2

7. click the Fix Checked box

8. Please remove the following folders using Windows Explorer (if present):

C:\Documents and Settings\T\Favorites\SITES ABOUT\Ab scissor.url
C:\Documents and Settings\T\Favorites\Only sex website.url

9. Please remove just the files from the following paths using Windows Explorer (if present):

Alot of these might be gone, but I want to make sure:

C:\WINDOWS\SYSTEM32\IDEMLOG.EXE
C:\WINDOWS\system32\mfckf32.exe
C:\WINDOWS\SYSTEM32\idesk.conf
C:\WINDOWS\SYSTEM32\sdkro32.exe
C:\WINDOWS\rdt.ini
C:\WINDOWS\appsk32.exe
C:\WINDOWS\ieoq32.exe
C:\WINDOWS\ipzz32.exe
C:\WINDOWS\msjx32.exe
C:\WINDOWS\system32\apppf.exe
C:\WINDOWS\system32\hgqhp.exe
C:\WINDOWS\system32\Kabllc32.exe
C:\WINDOWS\system32\ldr296.dll
C:\WINDOWS\system32\ldr390.dll
C:\WINDOWS\system32\ldr461.dll
C:\WINDOWS\system32\ldr579.dll
C:\WINDOWS\system32\ldr593.dll
C:\WINDOWS\system32\ldr730.dll
C:\WINDOWS\system32\ldr779.dll
C:\WINDOWS\system32\ldr886.dll
C:\WINDOWS\system32\ll.exe
C:\WINDOWS\system32\mfckf32.exe
C:\WINDOWS\system32\mspostsp.exe
C:\WINDOWS\system32\msupdate32.dll
C:\WINDOWS\system32\Pcpmnq32.dll
C:\WINDOWS\system32\run973.exe
C:\WINDOWS\system32\sysfn.exe

10. Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

11. Open Ad-aware and do a full scan. Remove all it finds.

12. Now open and run Ewido:

• Click on scanner
• Click Complete System Scan and the scan will begin.
• During the scan when it ask if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK
• When the scan is finished, look at the bottom of the screen and click the Save report button.
• Save the report to your desktop

Close Ewido

13. Next go to Control Panel click appearance and themes>click Display > Desktop Tab> click Customize Desktop > Web tab > Uncheck anthing in there if present.

14. Run the program CleanUp!

15. Reboot into normal mode and please run this online virus scan: ActiveScan - Save the results from the scan!

16. Please post the Active scan log, Ewido log, smitfiles.txt log and a fresh HiJackThis log. Let me know how your computer is running.

[TJHagen]

smitRem © log file
version 2.8

by noahdfear


Microsoft Windows XP [Version 5.1.2600]
The current date is: Mon 12/19/2005
The current time is: 19:31:12.12

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key


PSGuard.com key not present!

spyaxe uninstaller NOT present
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~

zlbw.dll
intell32.exe
oleext.dll
logfiles


~~~ Icons in System32 ~~~



~~~ Windows directory ~~~

warnhp.html


~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Killing PID 1464 'explorer.exe'
Killing PID 1464 'explorer.exe'

Starting registry repairs

Deleting files


Remaining Post-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~ Miscellaneous Files/folders ~~~




~~~ Wininet.dll ~~~

CLEAN!

-------------------------------------------------------------------------------------------------

ACTIVESCAN RESULTS

Incident/Status/Location

Adware:Adware/IdeskBar Not disinfected C:\WINDOWS\SYSTEM32\IDEMLOG.EXE
Adware:adware/ideskbar Not disinfected C:\WINDOWS\SYSTEM32\DRIVERS\zpmodemnt.sys
Adware:adware/searchaid Not disinfected C:\Documents and Settings\T\Favorites\Search the web.url
Adware:adware/navipromo Not disinfected C:\WINDOWS\sdkcm32.exe
Adware:adware/sbsoft Not disinfected Windows Registry
Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\Administrator\Desktop\backups\backup-20051210-193353-901.dll
Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\Administrator\Desktop\backups\backup-20051210-193622-466.dll
Adware:Adware/SearchAid Not disinfected C:\WINDOWS\addxz.exe
Adware:Adware/SearchAid Not disinfected C:\WINDOWS\apigj.exe
Adware:Adware/SearchAid Not disinfected C:\WINDOWS\appgc.exe
Adware:Adware/SearchAid Not disinfected C:\WINDOWS\d3pa.exe
Adware:Adware/SearchAid Not disinfected C:\WINDOWS\d3ug32.exe
Adware:Adware/SearchAid Not disinfected C:\WINDOWS\ipsq.exe
Adware:Adware/SearchAid Not disinfected C:\WINDOWS\mfcrw32.exe
Adware:Adware/SearchAid Not disinfected C:\WINDOWS\msfe.exe
Adware:Adware/SearchAid Not disinfected C:\WINDOWS\ntor.exe
Adware:Adware/SearchAid Not disinfected C:\WINDOWS\sdkub32.exe
Adware:Adware/SearchAid Not disinfected C:\WINDOWS\sdkzp32.exe
Adware:Adware/SearchAid Not disinfected C:\WINDOWS\sysqz32.exe
Adware:Adware/SearchAid Not disinfected C:\WINDOWS\syssd32.exe
Adware:Adware/SearchAid Not disinfected C:\WINDOWS\system32\atlls.exe
Adware:Adware/SearchAid Not disinfected C:\WINDOWS\system32\atlzf32.exe
Adware:Adware/SearchAid Not disinfected C:\WINDOWS\system32\croo32.exe
Adware:Adware/SearchAid Not disinfected C:\WINDOWS\system32\d3dw32.exe
Adware:Adware/SearchAid Not disinfected C:\WINDOWS\system32\ipgv32.exe
Adware:Adware/SearchAid Not disinfected C:\WINDOWS\system32\ipvt32.exe
Adware:Adware/SearchAid Not disinfected C:\WINDOWS\system32\netyr.exe
Adware:Adware/SearchAid Not disinfected C:\WINDOWS\system32\ntik.exe
Adware:Adware/SearchAid Not disinfected C:\WINDOWS\system32\ntqq32.exe
Adware:Adware/SearchAid Not disinfected C:\WINDOWS\system32\sysde.exe
Adware:Adware/SearchAid Not disinfected C:\WINDOWS\system32\syspz32.exe
-----------------------------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------------------------
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 9:32:10 PM, 12/19/2005
+ Report-Checksum: 87030502

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{033935E4-A208-AB9E-DD2A-6A9B7E426D04} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0ADEF183-C204-6BFB-2DA8-5C12061DE911} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{286ECE71-3F17-089B-F6BD-0E16D255AE8A} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2B5A2313-AE67-454E-9A8B-F74070E57F1B} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{30C5202D-2CDD-8C6D-6CD3-86CBAC73988B} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{36846EB6-C1B1-A145-B3CE-F5740FA22FF8} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4FCD2C21-6232-FD0F-36AA-4EFFC9284B2A} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7A8EC00B-7964-C396-E2F8-621F6C9029FA} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BF680029-9EFC-9F01-F3C3-ECC0A8DF53A1} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C151BF9B-FE85-EC38-A53B-AE4D2044C94E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C2FE095E-5BA7-FBC8-5387-2878C932A44F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E24280F1-5872-DD80-6349-14510DFCB851} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F22C21C3-2FA8-F0A7-72B3-7927ADEFC66E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F3267BA7-14CC-4368-6BFC-E59341D01507} -> Spyware.CoolWebSearch : Cleaned with backup
[188] VM_00D60000 -> Downloader.Agent.uj : Error during cleaning
[212] VM_00BF0000 -> Downloader.Agent.uj : Error during cleaning
[556] VM_009D0000 -> Downloader.Agent.uj : Error during cleaning
C:\Documents and Settings\Administrator\Desktop\backups\backup-20051210-193353-744.dll -> Downloader.WinShow.bg : Cleaned with backup
C:\Documents and Settings\Administrator\Desktop\backups\backup-20051218-205014-502.dll -> Downloader.WinShow.bg : Cleaned with backup
C:\Documents and Settings\Administrator\Desktop\backups\backup-20051218-205014-716.dll -> Downloader.WinShow.bg : Cleaned with backup
C:\Documents and Settings\Administrator\Desktop\backups\backup-20051218-205014-842.dll -> Downloader.WinShow.bg : Cleaned with backup
C:\Documents and Settings\Administrator\Desktop\backups\backup-20051218-205015-385.dll -> Downloader.WinShow.bg : Cleaned with backup
C:\Documents and Settings\Administrator\Desktop\backups\backup-20051218-205015-685.dll -> Downloader.WinShow.bg : Cleaned with backup
C:\Documents and Settings\Administrator\Desktop\backups\backup-20051218-205015-790.dll -> Downloader.WinShow.bg : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP19\A0003841.dll -> Spyware.MyWay : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP20\A0007011.dll -> Spyware.MyWay : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP20\A0009973.dll -> Spyware.MyWay : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP20\A0010369.dll -> Spyware.MyWay : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP38\A0021421.dll -> Adware.PSGuard : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP38\A0021426.exe -> Adware.PSGuard : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP38\A0021435.dll -> Adware.SpySheriff : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP38\A0021437.dll -> Spyware.SpywareNo : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP38\A0021438.dll -> Adware.SpySheriff : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP38\A0021444.exe -> Downloader.Agent.uj : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP38\A0022444.exe -> Downloader.Agent.uj : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP38\A0022486.exe -> Downloader.Agent.uj : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP38\A0023483.exe -> Downloader.Agent.uj : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP38\A0024483.exe -> Downloader.Agent.uj : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP38\A0025483.exe -> Downloader.Agent.uj : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP38\A0026483.exe -> Downloader.Agent.uj : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP38\A0027483.exe -> Downloader.Agent.uj : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP38\A0028483.exe -> Downloader.Agent.uj : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP38\A0028485.dll -> Spyware.MyWay : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP38\A0028486.exe -> Downloader.Agent.uj : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP38\A0028497.exe -> Downloader.Agent.uj : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP38\A0028502.exe -> Downloader.Agent.uj : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP38\A0029502.exe -> Downloader.Agent.uj : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP38\A0029506.exe -> Downloader.Agent.uj : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP38\A0029525.exe -> Downloader.Agent.uj : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP38\A0029534.dll -> Downloader.WinShow.bg : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP38\A0029542.exe -> Downloader.Agent.uj : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP38\A0029565.exe -> Downloader.Agent.uj : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP38\A0029584.exe -> Downloader.Agent.uj : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP38\A0029597.exe -> Downloader.Agent.uj : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP38\A0029609.exe -> Downloader.Agent.uj : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP38\A0029615.exe -> Hijacker.Spywad.l : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP38\A0029621.exe -> Adware.SpySheriff : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP38\A0029629.exe -> Downloader.Agent.uj : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP39\A0029649.exe -> Downloader.Agent.uj : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP39\A0029690.exe -> Downloader.Agent.uj : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP39\A0029703.exe -> Downloader.Agent.uj : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP40\A0029742.exe -> Downloader.Agent.uj : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP42\A0029790.exe -> Downloader.Agent.uj : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP42\A0029818.exe -> Downloader.Agent.uj : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP42\A0029850.exe -> Downloader.Agent.uj : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP42\A0029875.exe -> Downloader.Agent.uj : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP42\A0029893.exe -> Downloader.Agent.uj : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP45\A0030012.exe -> Downloader.Agent.td : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP45\A0030019.exe -> Downloader.Agent.uj : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP45\A0030037.exe -> Downloader.Agent.uj : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP45\A0030075.exe -> Downloader.Agent.uj : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP46\A0030110.exe -> Downloader.Agent.uj : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP46\A0030122.exe -> Downloader.Agent.uj : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP46\A0030137.exe -> Downloader.Agent.uj : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP46\A0030141.exe -> Downloader.Agent.uj : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP47\A0030155.exe -> Downloader.Agent.uj : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP47\A0030158.dll -> Downloader.WinShow.bg : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP47\A0030159.dll -> Downloader.WinShow.bg : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP47\A0030160.dll -> Downloader.WinShow.bg : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP47\A0030161.dll -> Downloader.WinShow.bg : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP47\A0030162.dll -> Downloader.WinShow.bg : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP47\A0030163.dll -> Downloader.WinShow.bg : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP47\A0030164.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP47\A0030174.exe -> Downloader.Agent.uj : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP47\A0030193.exe -> Downloader.Agent.td : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP47\A0030197.exe -> Downloader.Agent.uj : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP47\A0030205.ini:eurqq -> Downloader.WinShow.bg : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP47\A0030205.ini:funyu -> Downloader.WinShow.bg : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP47\A0030205.ini:pwdbm -> Downloader.Agent.td : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP47\A0030205.ini:tquoh -> Downloader.Agent.td : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP47\A0030233.exe -> Downloader.Agent.uj : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP47\A0030237.ini:funyu -> Downloader.WinShow.bg : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP47\A0030237.ini:pwdbm -> Downloader.Agent.td : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP47\A0030237.ini:tquoh -> Downloader.Agent.td : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP47\A0030248.exe -> Downloader.Agent.uj : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP47\A0030252.ini:eurqq -> Downloader.WinShow.bg : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP47\A0030252.ini:funyu -> Downloader.WinShow.bg : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP47\A0030252.ini:pwdbm -> Downloader.Agent.td : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP47\A0030252.ini:tquoh -> Downloader.Agent.td : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP47\A0030259.exe -> Downloader.Agent.uj : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP47\A0030263.ini:eurqq -> Downloader.WinShow.bg : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP47\A0030263.ini:funyu -> Downloader.WinShow.bg : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP47\A0030263.ini:pwdbm -> Downloader.Agent.td : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP47\A0030263.ini:tquoh -> Downloader.Agent.td : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP47\A0030264.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP47\A0030265.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP47\A0030266.exe -> Downloader.Agent.td : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP47\A0030268.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP47\A0030269.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP47\A0030270.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP47\A0030271.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP47\A0030273.exe -> Backdoor.Padodor.ax : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP47\A0030274.dll -> Downloader.Small.cat : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP47\A0030275.dll -> Downloader.Small.cat : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP47\A0030276.dll -> Downloader.Small.cat : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP47\A0030277.dll -> Downloader.Small.cat : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP47\A0030278.dll -> Downloader.Small.cat : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP47\A0030279.dll -> Downloader.Small.cat : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP47\A0030280.dll -> Downloader.Small.cat : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP47\A0030281.dll -> Downloader.Small.cat : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP47\A0030282.exe -> Proxy.Lager.f : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP47\A0030283.exe -> Trojan.Inject.i : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP47\A0030284.dll -> Downloader.Agent.abe : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP47\A0030285.dll -> Backdoor.Padodor : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP47\A0030286.exe -> Downloader.Small.cat : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP47\A0030287.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP47\A0030290.dll -> Trojan.Small.ev : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP5\A0001343.dll -> Trojan.Crypt.o : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP5\A0001344.dll -> Trojan.Crypt.o : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP5\A0001345.dll -> Trojan.Crypt.o : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP5\A0001346.dll -> Trojan.Crypt.o : Cleaned with backup
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP5\A0001347.dll -> Trojan.Crypt.o : Cleaned with backup
C:\WINDOWS\addcg32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\addgj32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\addke32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addkt.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\addky32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\addlc32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\addoe.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addph.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\addpz32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\addro.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\addwr.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\addya.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\addzx32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\apich32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\apidm.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\apiiu32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\apijb32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\apilq32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\apipb32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\apiqm32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\apisz.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\apiwe32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\apiwt32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\appfi32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\appit.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\appkf.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appks.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\appoz.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\apprc.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\apptq32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\appum.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\appxz.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\appyo.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\atlcl.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\atled32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\atlqn.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlrk.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\atlsw.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atltd32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\atlyp.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\crjg32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\crqi32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\crsh.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\crsw32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\crub.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\crum32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\crvg.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\crwv32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\crwx.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\crxd.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\crxg32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\d3cu32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\d3ee.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\d3ef32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3fz.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\d3gh.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\d3jc.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\d3md32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3mn32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\d3pa32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\d3sz.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\d3xz.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\d3zk32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\ieiz32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\iekl.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\ielf.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\iena.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\ieva.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\ievi32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\ipao.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\ipbs32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\ipee.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\iplm32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\ipuy32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\javafp.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\javahb.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\javajq.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\javami32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\javanl32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\javaoo32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\javapk.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\javapz32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\javaqs.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\javava32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\KB885836.log:cqtdo -> Downloader.WinShow.bg : Cleaned with backup
C:\WINDOWS\KB885836.log:cqtdo -> Downloader.WinShow.bg : Cleaned with backup
C:\WINDOWS\mfceb.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\mfchd.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\mfchn.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\mfchz32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\mfcic32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\mfckp32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\mfcld32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\mfcmd32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\mfcox.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\mfcqc32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\mfcsk32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\mfcue32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\mfcuz.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\mfcvl32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\mfcvs32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\mfcwu.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\mfczy32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\msdn32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msej.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\msel.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\msjm32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mskb32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\mskm.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\msmg32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\msoc.dll -> Downloader.WinShow.bg : Cleaned with backup
C:\WINDOWS\msqq32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\mssh.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mstg32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\msyq32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\msyt.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\netap.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\netbx32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\netgv32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\netgx.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\nethv32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\netmm32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\netof32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\netrg.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\nettc32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\netty32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\netxa.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\ntbc.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\ntcl.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\nter.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\ntla32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\ntlu.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\ntnb.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\ntor32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\ntta32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\nttu32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\ntui32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\sdkcd32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\sdken.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\sdkex.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\sdkgz32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\sdkhx.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\sdklq32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\sdkuj32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\sdkyk32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\setuplog.del:txmqt -> Downloader.WinShow.bg : Cleaned with backup
C:\WINDOWS\syscd.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\sysfh.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\sysgw.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\sysjv32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\syssx32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system.ini:erqbp -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\addhc32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\addiu.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\addji.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\addkb.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\addlx.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\addmi32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\addms.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\addmw32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\addnz32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\addsf32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\addxu.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\apian.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\apiba32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\apidy32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\apiee32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\apijx.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apiky32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\apimy.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\apiqo32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\apirp32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\apisd32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\apiux32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\apizz.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\appgm.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\apphr32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\appia32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\applu.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\appmb.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\appml.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\appnv.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\apppd32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\apppr.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\appta32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\apptn.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\appue.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\atlbo32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\atlct.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\atldf.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\atlev32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\atlgn32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\atllt.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\atlso.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\atlut.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\atlyz32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\crcz32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\crfo32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\crgm32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\crkx32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\crnj32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\crpv.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\crqy32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\crzs32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\d3db.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\d3fv32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\d3hi.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\d3ld.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\d3lf32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\d3rs32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\d3rw32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\d3tc.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\d3tj.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\ieew.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\iefm.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\iegy.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\ieiq32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\iejf.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\ieln32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ielw32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\iemh.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\iemr.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\iemy32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\ienx32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\ietz.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\ieyv32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\iezn32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\ipcz32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\ipfz32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\ipga32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ipgz32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\ipim.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\ipqh.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ipqo32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\iprz.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ipun.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\ipxe.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\ipzh.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\ipzw32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\javabp.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\javaed32.dll -> Downloader.WinShow.bg : Cleaned with backup
C:\WINDOWS\system32\javaef32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\javajy32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\javals32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\javamc.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\javang32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\javaqo32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\javarc.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\javauo.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\javaut.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\javava32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\javazg.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\mfcaf32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\mfcag.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\mfceb.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mfced32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\mfclf32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\mfcmh.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mfcos32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\mfcvj32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\mfcye32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mfczh32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\mfczs.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\msab.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\msbt.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mshs32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\msqz.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\msrs.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\mssv.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\msuu.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\msxm32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\mszr32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\netcf32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\nethq32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\netiv.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\netkj.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\netqi.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\netrf32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\netrk32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\nettx.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\netwe.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\netxt.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\ntbx32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\ntcg32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\ntgq32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ntlu32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\ntnv32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\ntog.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\ntru32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\ntse32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ntvl.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\ntzt.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\sdkbc.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\sdkeu.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\sdkgb.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\sdkge32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sdksz.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\sdktk32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\sdkuq32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\sdkwn.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\sdkxl32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\SetupCarnival.exe -> Adware.Casino : Cleaned with backup
C:\WINDOWS\system32\sysbf32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\sysfa.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\sysgc.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\sysil32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\sysim.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\sysir.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\sysiy.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\sysom.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\sysqg.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\sysxr.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\sysyd.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\syszv32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\winbm.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\winbs.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\winhd.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\winnw.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\winvm32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\system32\winvw.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\systu32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\systv.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\sysvb.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\syszx32.dll -> Downloader.WinShow.bg : Cleaned with backup
C:\WINDOWS\winba32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\winek.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\wingp32.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\wingt32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\winhr.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\winpg.exe -> Downloader.Agent.td : Cleaned with backup
C:\WINDOWS\winqd32.exe -> Downloade

[TJHagen]

Hmmm... Something tells me my post was to long and it didnt take it all so I'll try attaching some of the results from the scans?

I'll attach everything but the new HiJackThis Scan..


Logfile of HijackThis v1.99.1
Scan saved at 10:29:49 PM, on 12/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe
C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\hmnro.dll/sp.html#77035
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\hmnro.dll/sp.html#77035
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.espn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\hmnro.dll/sp.html#77035
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\hmnro.dll/sp.html#77035
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {5C4938F7-4F76-B565-345B-F5460D9DB10E} - C:\WINDOWS\msoc.dll (file missing)
O2 - BHO: Class - {8682881C-0143-08BD-57E1-64CD99067C6B} - C:\WINDOWS\system32\ipqu32.dll
O2 - BHO: Class - {9569D48E-2631-2D7C-A1D5-EDFA9B5AF4E1} - C:\WINDOWS\system32\javaed32.dll (file missing)
O2 - BHO: Class - {CF7DEC0F-EABE-38E9-30E8-68DD1BCDFA74} - C:\WINDOWS\syszx32.dll (file missing)
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\ieln32.exe" /s (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Attached Files

•  Activescan2.txt   9.94KB   127 downloads
•  smitfiles.txt   1.37KB   91 downloads
•  Scan_report_20051219.txt.txt   84.09KB   177 downloads