Need Help Removing Malware. Thank You For Any Help

[weeble8604]

Logfile of HijackThis v1.99.1

Scan saved at 12:55:30 AM, on 7/25/2005

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\ACS.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\WINDOWS\System32\DVDRAMSV.exe

C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe

c:\Toshiba\IVP\swupdate\swupdtmr.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\System32\wdfmgr.exe

C:\WINDOWS\wanmpsvc.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\ltmoh\Ltmoh.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe

C:\WINDOWS\System32\TPSMain.exe

C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

C:\WINDOWS\System32\ctfmon.exe

C:\WINDOWS\System32\TPSBattM.exe

C:\WINDOWS\system32\RAMASST.exe

C:\WINDOWS\System32\wuauclt.exe

C:\toshiba\ivp\ism\ivpsvmgr.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\netij.exe

C:\WINDOWS\system32\apiya.exe

C:\Documents and Settings\David\Desktop\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\kirco.dll/sp.html#37049

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\kirco.dll/sp.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\kirco.dll/sp.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\kirco.dll/sp.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\kirco.dll/sp.html#37049

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\kirco.dll/sp.html#37049

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\kirco.dll/sp.html#37049

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.espn.com/

R3 - Default URLSearchHook is missing

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O2 - BHO: Class - {F77519B6-CC0B-35F0-2326-90B7924B4D7B} - C:\WINDOWS\system32\netoq.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll (file missing)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe

O4 - HKLM\..\Run: [TPSMain] TPSMain.exe

O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [urlLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe

O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.Exe -boot

O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain

O4 - HKLM\..\Run: [ieho.exe] C:\WINDOWS\system32\ieho.exe

O4 - HKLM\..\Run: [crof.exe] C:\WINDOWS\system32\crof.exe

O4 - HKLM\..\Run: [d3zo32.exe] C:\WINDOWS\d3zo32.exe

O4 - HKLM\..\Run: [apiya.exe] C:\WINDOWS\system32\apiya.exe

O4 - HKLM\..\RunOnce: [netij.exe] C:\WINDOWS\netij.exe

O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe

O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl

O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE

O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe

O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe

O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm

O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab

O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\ACS.exe

O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

[Rawe]

Hello and welcome!

Please print these instructions out, or write them down, as you can't read them during the fix.

You have a nasty CoolWebSearch infection. First we will need to download a few tools that will help us in the removal of your problem.

Download about:buster by RubbeRDuckY Here.

Download CWShredder Here.

Download SpSeHjfix Here.

Download and install CleanUp! Here

Save all of these files somewhere you will remember like to the Desktop.

Unzip SpSeHjfix to its own folder (ie c:\SpSeHjfix)

Run the CleanUp! installer. You dont need to do anything with it right now.

Update About:Buster

• Unzip the contents of AboutBuster.zip and an AboutBuster directory will be created.
  
• Navigate to the AboutBuster directory and double-click on AboutBuster.exe.
  
• Click "OK" at the prompt with instructions.
  
• Click "Update" and then "Check For Update" to begin the update process.
  
• If any updates exist please download them by clicking "Download Update" then click the X to close that window.
  
• Now close About:Buster
  

Update CWShredder

• Open CWShredder and click I AGREE
  
• Click Check For Update
  
• Close CWShredder
  

Boot into Safe Mode:

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Please run about:buster by RubbeRDuckY:

• Click Start and then OK to allow AboutBuster to scan for Alternate Data Streams.
  
• Click Yes to allow it to shutdown explorer.exe.
  
• It will begin to check your computer for malicious files. If it asks if you would like to do a second pass, allow it to do so.
  
• When it has finished, click Save Log. Make sure you save it as I may need a copy of it later.
  
• Reboot your computer into safe mode again
  

Run about:buster again following the same instructions as above, this time without the restart at the end

Now run CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about.

Now run SpSeHjfix. A log will be saved in the same folder that you put the exe into. Please post the results of that log in your next reply.

Now run CleanUp! Click CleanUp and allow it to delete all the temporary files. REBOOT!!

Please run an free online anti-virus scan; Kaspersky or if that doesnt work, you can use TrendMicro or BitDefender. (Please post the results of the scan(s) in your next reply)

After all that, please post back with how things went as well as the logs requested and a new HiJackThis log.

- Rawe

[weeble8604]

Thank you for replying so quickly. Here is my about buster log...

-- Scan 1 ---------------------------

About:Buster Version 4.0

Reference List : 31

No ADS found on system

Removed 2 Random Key Entries

Removed! : C:\WINDOWS\addyt.exe

Removed! : C:\WINDOWS\adrtt.dat

Removed! : C:\WINDOWS\aecdl.dat

Removed! : C:\WINDOWS\apizw32.exe

Removed! : C:\WINDOWS\bcubu.dat

Removed! : C:\WINDOWS\bihwx.dat

Removed! : C:\WINDOWS\cpbsr.dat

Removed! : C:\WINDOWS\dfyxl.dat

Removed! : C:\WINDOWS\dtvru.dat

Removed! : C:\WINDOWS\dvsys.dat

Removed! : C:\WINDOWS\emhkm.dat

Removed! : C:\WINDOWS\exsia.dat

Removed! : C:\WINDOWS\fscdn.dat

Removed! : C:\WINDOWS\glmpr.dat

Removed! : C:\WINDOWS\iemn.exe

Removed! : C:\WINDOWS\ivppv.dat

Removed! : C:\WINDOWS\jhwrv.dat

Removed! : C:\WINDOWS\kfstz.dat

Removed! : C:\WINDOWS\kirco.dll

Removed! : C:\WINDOWS\mayfl.dat

Removed! : C:\WINDOWS\mrmdn.dat

Removed! : C:\WINDOWS\msdw32.exe

Removed! : C:\WINDOWS\myure.dat

Removed! : C:\WINDOWS\nintm.dat

Removed! : C:\WINDOWS\ogxhb.dat

Removed! : C:\WINDOWS\ojpdq.dat

Removed! : C:\WINDOWS\ovdrf.dat

Removed! : C:\WINDOWS\oyakt.dat

Removed! : C:\WINDOWS\pneea.dat

Removed! : C:\WINDOWS\pngib.dat

Removed! : C:\WINDOWS\purfl.dat

Removed! : C:\WINDOWS\qapau.dat

Removed! : C:\WINDOWS\qgund.dat

Removed! : C:\WINDOWS\rcsgo.dat

Removed! : C:\WINDOWS\rkpjv.dat

Removed! : C:\WINDOWS\rpdyn.dat

Removed! : C:\WINDOWS\sjymy.dat

Removed! : C:\WINDOWS\sqyqo.dat

Removed! : C:\WINDOWS\ssodd.dat

Removed! : C:\WINDOWS\sxjkw.dat

Removed! : C:\WINDOWS\sxqda.dat

Removed! : C:\WINDOWS\sysfj.exe

Removed! : C:\WINDOWS\tmoow.dat

Removed! : C:\WINDOWS\ttebe.dat

Removed! : C:\WINDOWS\tzjng.dat

Removed! : C:\WINDOWS\tzxgz.dat

Removed! : C:\WINDOWS\udjau.dat

Removed! : C:\WINDOWS\uifmq.dat

Removed! : C:\WINDOWS\uwmic.dat

Removed! : C:\WINDOWS\vhzzm.dat

Removed! : C:\WINDOWS\zgawo.dat

Removed! : C:\WINDOWS\zgxjp.dat

Removed! : C:\WINDOWS\System32\agjtx.dat

Removed! : C:\WINDOWS\System32\aqtok.dat

Removed! : C:\WINDOWS\System32\atlir.exe

Removed! : C:\WINDOWS\System32\bwgyd.dat

Removed! : C:\WINDOWS\System32\d3bn32.exe

Removed! : C:\WINDOWS\System32\dgraa.dat

Removed! : C:\WINDOWS\System32\dkjxu.dat

Removed! : C:\WINDOWS\System32\fbewj.dat

Removed! : C:\WINDOWS\System32\fllym.dat

Removed! : C:\WINDOWS\System32\gbftq.dat

Removed! : C:\WINDOWS\System32\gidie.dat

Removed! : C:\WINDOWS\System32\guzcv.dat

Removed! : C:\WINDOWS\System32\hjiik.dat

Removed! : C:\WINDOWS\System32\icvww.dat

Removed! : C:\WINDOWS\System32\ipoie.dat

Removed! : C:\WINDOWS\System32\iryfq.dat

Removed! : C:\WINDOWS\System32\itjjg.dat

Removed! : C:\WINDOWS\System32\javaly32.exe

Removed! : C:\WINDOWS\System32\jbscu.dat

Removed! : C:\WINDOWS\System32\jxoav.dat

Removed! : C:\WINDOWS\System32\ksdds.dat

Removed! : C:\WINDOWS\System32\lbmsu.dat

Removed! : C:\WINDOWS\System32\lmbds.dat

Removed! : C:\WINDOWS\System32\lycxq.dat

Removed! : C:\WINDOWS\System32\mjhxb.dat

Removed! : C:\WINDOWS\System32\msja32.exe

Removed! : C:\WINDOWS\System32\muxog.dat

Removed! : C:\WINDOWS\System32\netvr.exe

Removed! : C:\WINDOWS\System32\nuhvu.dat

Removed! : C:\WINDOWS\System32\obbxz.dat

Removed! : C:\WINDOWS\System32\onpig.dat

Removed! : C:\WINDOWS\System32\pfhti.dat

Removed! : C:\WINDOWS\System32\plytj.dat

Removed! : C:\WINDOWS\System32\pxrgo.dat

Removed! : C:\WINDOWS\System32\qphzs.dat

Removed! : C:\WINDOWS\System32\qszcd.dat

Removed! : C:\WINDOWS\System32\qvjtm.dat

Removed! : C:\WINDOWS\System32\razwr.dat

Removed! : C:\WINDOWS\System32\rnwuc.dat

Removed! : C:\WINDOWS\System32\roxau.dat

Removed! : C:\WINDOWS\System32\sysas32.exe

Removed! : C:\WINDOWS\System32\sysev.exe

Removed! : C:\WINDOWS\System32\sysuc32.exe

Removed! : C:\WINDOWS\System32\tdmho.dat

Removed! : C:\WINDOWS\System32\tkbxm.dat

Removed! : C:\WINDOWS\System32\tltwf.dat

Removed! : C:\WINDOWS\System32\txyyt.dat

Removed! : C:\WINDOWS\System32\vxifz.dat

Removed! : C:\WINDOWS\System32\wfoty.dat

Removed! : C:\WINDOWS\System32\wpkjn.dat

Removed! : C:\WINDOWS\System32\xeozi.dat

Removed! : C:\WINDOWS\System32\xjmdp.dat

Removed! : C:\WINDOWS\System32\xnlqi.dat

Removed! : C:\WINDOWS\System32\xqjnh.dat

Removed! : C:\WINDOWS\System32\xrstx.dat

Removed! : C:\WINDOWS\System32\yjqmi.dat

Removed! : C:\WINDOWS\System32\ypndn.dat

Removed! : C:\WINDOWS\System32\yqnhr.dat

Removed! : C:\WINDOWS\System32\zahva.dll

Removed! : C:\WINDOWS\System32\zgzwg.dat

Removed! : C:\WINDOWS\System32\zwgcb.dat

Attempted Clean Of Temp folder.

Removed Uninstall Key (HSA)

Removed Uninstall Key (SE)

Removed Uninstall Key (SW)

Pages Reset... Done!

-- Scan 2 ---------------------------

About:Buster Version 4.0

Reference List : 31

No ADS found on system

Attempted Clean Of Temp folder.

Pages Reset... Done!

Here is the SpSeHjfix log...

(7/26/05 12:50:14 AM) SPSeHjFix started v1.1.2

(7/26/05 12:50:14 AM) OS: WinXP Service Pack 1 (5.1.2600)

(7/26/05 12:50:14 AM) Language: english

(7/26/05 12:50:14 AM) Win-Path: C:\WINDOWS

(7/26/05 12:50:14 AM) System-Path: C:\WINDOWS\System32

(7/26/05 12:50:14 AM) Temp-Path: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\

(7/26/05 12:50:36 AM) Disinfection started

(7/26/05 12:50:36 AM) Bad-Dll(IEP): (not found)

(7/26/05 12:50:36 AM) Bad-Dll(IEP) in BHO: (not found)

(7/26/05 12:50:36 AM) UBF: 8 - UBB: 3 - UBR: 28

(7/26/05 12:50:36 AM) UBF: 8 - UBB: 3 - UBR: 28

(7/26/05 12:50:36 AM) Bad IE-pages:

deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Bar:

(7/26/05 12:50:36 AM) Stealth-String not found

(7/26/05 12:50:36 AM) Not infected->END

I used BitDefender to scan my computer. Here are those results... (they are long)

BitDefender Online Scanner

Scan report generated at: Tue, Jul 26, 2005 - 12:03:38

Scan path: C:\;D:\;

Statistics

Time

00:26:55

Files

107862

Folders

2943

Boot Sectors

2

Archives

1034

Packed Files

13635

Results

Identified Viruses

13

Infected Files

1025

Suspect Files

2

Warnings

0

Disinfected

0

Deleted Files

1033

Engines Info

Virus Definitions

197118

Engine build

AVCORE v1.0 (build 2292) (i386) (Mar 3 2005 11:57:29)

Scan plugins

13

Archive plugins

39

Unpack plugins

4

E-mail plugins

6

System plugins

1

Scan Settings

First Action

Disinfect

Second Action

Delete

Heuristics

Yes

Enable Warnings

Yes

Scanned Extensions

exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;pp

t;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm

;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas;

Exclude Extensions

Scan Emails

Yes

Scan Archives

Yes

Scan Packed

Yes

Scan Files

Yes

Scan Boot

Yes

Scanned File

Status

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0601665D.class=>(Quarantine-2)

Infected with: Java.Trojan.Exploit.Bytverify

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0601665D.class=>(Quarantine-2)

Disinfection failed

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0601665D.class=>(Quarantine-2)

Deleted

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\189B0534.class=>(Quarantine-2)

Infected with: Trojan.Java.Classloader.Dummy.A

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\189B0534.class=>(Quarantine-2)

Disinfection failed

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\189B0534.class=>(Quarantine-2)

Deleted

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\50DF08D1.class=>(Quarantine-2)

Infected with: Java.Trojan.ClassLoader.Z

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\50DF08D1.class=>(Quarantine-2)

Disinfection failed

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\50DF08D1.class=>(Quarantine-2)

Deleted

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\50E232CE.class=>(Quarantine-2)

Infected with: Java.Trojan.Downloader.OpenConnection.V

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\50E232CE.class=>(Quarantine-2)

Disinfection failed

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\50E232CE.class=>(Quarantine-2)

Deleted

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\51C810AD.class=>(Quarantine-2)

Infected with: Java.Trojan.ClassLoader.Z

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\51C810AD.class=>(Quarantine-2)

Disinfection failed

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\51C810AD.class=>(Quarantine-2)

Deleted

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\63C44332.exe=>(Quarantine-2)

Suspected of: BehavesLike:Trojan.Downloader

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\63C44332.exe=>(Quarantine-2)

Disinfection failed

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\63C44332.exe=>(Quarantine-2)

Deleted

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\63C76D2F.class=>(Quarantine-2)

Infected with: Java.Trojan.Exploit.Bytverify

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\63C76D2F.class=>(Quarantine-2)

Disinfection failed

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\63C76D2F.class=>(Quarantine-2)

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP293\A0063639.pif=>:zygtcc:$DATA

Infected with: Trojan.Agent.BI

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP293\A0063639.pif=>:zygtcc:$DATA

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP293\A0063639.pif

Updated

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP294\A0063644.ini=>:qxpxre:$DATA

Infected with: Trojan.Downloader.Agent.BQ

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP294\A0063644.ini=>:qxpxre:$DATA

Disinfection failed

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP294\A0063644.ini=>:qxpxre:$DATA

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP294\A0063644.ini

Updated

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP294\A0063647.pif=>:zygtcc:$DATA

Infected with: Trojan.Agent.BI

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP294\A0063647.pif=>:zygtcc:$DATA

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP294\A0063647.pif

Updated

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP294\A0063649.ini=>:ygdqkk:$DATA

Infected with: Trojan.StartPage.563

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP294\A0063649.ini=>:ygdqkk:$DATA

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP294\A0063649.ini

Updated

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP294\A0063650.ini=>:zhmwhg:$DATA

Infected with: Trojan.Agent.BI

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP294\A0063650.ini=>:zhmwhg:$DATA

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP294\A0063650.ini

Updated

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP294\A0064593.pif=>:zygtcc:$DATA

Infected with: Trojan.Agent.BI

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP294\A0064593.pif=>:zygtcc:$DATA

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP294\A0064593.pif

Updated

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP295\A0064595.pif=>:zygtcc:$DATA

Infected with: Trojan.Agent.BI

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP295\A0064595.pif=>:zygtcc:$DATA

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP295\A0064595.pif

Updated

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP295\A0064597.INI=>:xqvtug:$DATA

Infected with: Trojan.Agent.BI

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP295\A0064597.INI=>:xqvtug:$DATA

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP295\A0064597.INI

Updated

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP295\A0064597.INI=>:uzfemv:$DATA

Infected with: Trojan.Agent.BI

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP295\A0064597.INI=>:uzfemv:$DATA

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP295\A0064597.INI

Updated

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP295\A0064597.INI=>:oxeudh:$DATA

Infected with: Trojan.Downloader.Agent.BQ

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP295\A0064597.INI=>:oxeudh:$DATA

Disinfection failed

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP295\A0064597.INI=>:oxeudh:$DATA

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP295\A0064597.INI

Updated

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP295\A0064597.INI=>:lfiueu:$DATA

Infected with: Trojan.Agent.BI

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP295\A0064597.INI=>:lfiueu:$DATA

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP295\A0064597.INI

Updated

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP295\A0064598.ini=>:snerxo:$DATA

Infected with: Trojan.Agent.BI

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP295\A0064598.ini=>:snerxo:$DATA

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP295\A0064598.ini

Updated

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP295\A0064611.pif=>:zygtcc:$DATA

Infected with: Trojan.Agent.BI

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP295\A0064611.pif=>:zygtcc:$DATA

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP295\A0064611.pif

Updated

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP296\A0064621.pif=>:zygtcc:$DATA

Infected with: Trojan.Agent.BI

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP296\A0064621.pif=>:zygtcc:$DATA

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP296\A0064621.pif

Updated

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP296\A0064623.INI=>:xeozip:$DATA

Infected with: Trojan.Downloader.Agent.BQ

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP296\A0064623.INI=>:xeozip:$DATA

Disinfection failed

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP296\A0064623.INI=>:xeozip:$DATA

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP296\A0064623.INI

Updated

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP296\A0064624.dll

Infected with: Trojan.Downloader.Winshow.AK

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP296\A0064624.dll

Disinfection failed

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP296\A0064624.dll

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP296\A0064627.dll

Infected with: Trojan.Downloader.Winshow.AK

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP296\A0064627.dll

Disinfection failed

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP296\A0064627.dll

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP297\A0064630.pif=>:zygtcc:$DATA

Infected with: Trojan.Agent.BI

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP297\A0064630.pif=>:zygtcc:$DATA

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP297\A0064630.pif

Updated

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP297\A0064645.pif=>:zygtcc:$DATA

Infected with: Trojan.Agent.BI

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP297\A0064645.pif=>:zygtcc:$DATA

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP297\A0064645.pif

Updated

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP299\A0064661.ini=>:zbhnvr:$DATA

Infected with: Trojan.Agent.BI

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP299\A0064661.ini=>:zbhnvr:$DATA

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP299\A0064661.ini

Updated

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP299\A0064662.pif=>:zygtcc:$DATA

Infected with: Trojan.Agent.BI

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP299\A0064662.pif=>:zygtcc:$DATA

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP299\A0064662.pif

Updated

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP299\A0064663.INI=>:ubvhpz:$DATA

Infected with: Trojan.Agent.BI

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP299\A0064663.INI=>:ubvhpz:$DATA

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP299\A0064663.INI

Updated

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP299\A0064663.INI=>:sqkbmv:$DATA

Infected with: Trojan.Agent.BI

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP299\A0064663.INI=>:sqkbmv:$DATA

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP299\A0064663.INI

Updated

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP299\A0065643.pif=>:zygtcc:$DATA

Infected with: Trojan.Agent.BI

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP299\A0065643.pif=>:zygtcc:$DATA

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP299\A0065643.pif

Updated

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP299\A0065646.INI=>:ubvhpz:$DATA

Infected with: Trojan.Agent.BI

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP299\A0065646.INI=>:ubvhpz:$DATA

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP299\A0065646.INI

Updated

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP299\A0065646.INI=>:sqkbmv:$DATA

Infected with: Trojan.Agent.BI

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP299\A0065646.INI=>:sqkbmv:$DATA

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP299\A0065646.INI

Updated

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP299\A0065648.ini=>:ykbcwf:$DATA

Infected with: Trojan.Downloader.Agent.BQ

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP299\A0065648.ini=>:ykbcwf:$DATA

Disinfection failed

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP299\A0065648.ini=>:ykbcwf:$DATA

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP299\A0065648.ini

Updated

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP300\A0065659.pif=>:zygtcc:$DATA

Infected with: Trojan.Agent.BI

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP300\A0065659.pif=>:zygtcc:$DATA

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP300\A0065659.pif

Updated

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP300\A0065676.pif=>:zygtcc:$DATA

Infected with: Trojan.Agent.BI

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP300\A0065676.pif=>:zygtcc:$DATA

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP300\A0065676.pif

Updated

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP301\A0065682.pif=>:zygtcc:$DATA

Infected with: Trojan.Agent.BI

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP301\A0065682.pif=>:zygtcc:$DATA

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP301\A0065682.pif

Updated

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP301\A0065688.ini=>:ygdqkk:$DATA

Infected with: Trojan.StartPage.563

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP301\A0065688.ini=>:ygdqkk:$DATA

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP301\A0065688.ini

Updated

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP302\A0065691.pif=>:zygtcc:$DATA

Infected with: Trojan.Agent.BI

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP302\A0065691.pif=>:zygtcc:$DATA

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP302\A0065691.pif

Updated

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP302\A0065698.ini=>:ygdqkk:$DATA

Infected with: Trojan.StartPage.563

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP302\A0065698.ini=>:ygdqkk:$DATA

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP302\A0065698.ini

Updated

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065705.pif=>:zygtcc:$DATA

Infected with: Trojan.Agent.BI

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065705.pif=>:zygtcc:$DATA

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065705.pif

Updated

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065708.dll

Infected with: Trojan.Downloader.Agent.BC

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065708.dll

Disinfection failed

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065708.dll

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065709.dll

Infected with: Trojan.Downloader.Agent.BC

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065709.dll

Disinfection failed

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065709.dll

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065710.dll

Infected with: Trojan.Downloader.Agent.BC

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065710.dll

Disinfection failed

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065710.dll

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065711.dll

Infected with: Trojan.Downloader.Agent.BC

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065711.dll

Disinfection failed

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065711.dll

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065712.dll

Infected with: Trojan.Downloader.Agent.BC

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065712.dll

Disinfection failed

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065712.dll

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065713.dll

Infected with: Trojan.Downloader.Agent.BC

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065713.dll

Disinfection failed

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065713.dll

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065714.dll

Infected with: Trojan.Downloader.Agent.BC

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065714.dll

Disinfection failed

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065714.dll

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065715.exe

Infected with: Trojan.Agent.BI

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065715.exe

Disinfection failed

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065715.exe

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065716.dll

Infected with: Trojan.Downloader.Agent.BC

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065716.dll

Disinfection failed

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065716.dll

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065717.dll

Infected with: Trojan.Downloader.Agent.BC

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065717.dll

Disinfection failed

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065717.dll

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065718.dll

Infected with: Trojan.Downloader.Agent.BC

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065718.dll

Disinfection failed

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065718.dll

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065719.dll

Infected with: Trojan.Downloader.Agent.BC

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065719.dll

Disinfection failed

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065719.dll

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065720.dll

Infected with: Trojan.Downloader.Agent.BC

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065720.dll

Disinfection failed

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065720.dll

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065722.exe

Infected with: Trojan.Agent.EM

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065722.exe

Disinfection failed

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065722.exe

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065723.exe

Infected with: Trojan.Agent.EM

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065723.exe

Disinfection failed

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065723.exe

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065724.exe

Infected with: Trojan.Agent.EM

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065724.exe

Disinfection failed

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065724.exe

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065725.exe

Infected with: Trojan.Agent.EM

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065725.exe

Disinfection failed

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065725.exe

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065726.exe

Infected with: Trojan.Agent.EM

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065726.exe

Disinfection failed

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065726.exe

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065727.exe

Infected with: Trojan.Agent.EM

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065727.exe

Disinfection failed

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065727.exe

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065728.exe

Infected with: Trojan.Agent.EM

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065728.exe

Disinfection failed

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065728.exe

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065729.exe

Infected with: Trojan.Agent.EM

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065729.exe

Disinfection failed

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065729.exe

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065730.exe

Infected with: Trojan.Agent.EM

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065730.exe

Disinfection failed

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065730.exe

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065731.dll

Infected with: Trojan.Downloader.Winshow.AK

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065731.dll

Disinfection failed

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065731.dll

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065732.exe

Infected with: Trojan.Downloader.Agent.BQ

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065732.exe

Disinfection failed

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065732.exe

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065733.dll

Infected with: Trojan.Downloader.Agent.BC

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065733.dll

Disinfection failed

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065733.dll

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065734.exe

Infected with: Trojan.Agent.BI

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065734.exe

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065735.dll

Infected with: Trojan.Downloader.Agent.BC

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065735.dll

Disinfection failed

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065735.dll

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065736.dll

Infected with: Trojan.Downloader.Agent.BC

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065736.dll

Disinfection failed

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065736.dll

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065737.dll

Infected with: Trojan.Downloader.Agent.BC

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065737.dll

Disinfection failed

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065737.dll

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065738.dll

Infected with: Trojan.Downloader.Agent.BC

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065738.dll

Disinfection failed

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065738.dll

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065739.dll

Infected with: Trojan.Downloader.Agent.BC

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065739.dll

Disinfection failed

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065739.dll

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065740.exe

Infected with: Trojan.Downloader.Agent.BQ

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065740.exe

Disinfection failed

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065740.exe

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065741.exe

Infected with: Trojan.Downloader.Agent.BQ

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065741.exe

Disinfection failed

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065741.exe

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065742.exe

Infected with: Trojan.Agent.BI

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065742.exe

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065743.exe

Infected with: Trojan.Downloader.Agent.AP

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065743.exe

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065744.dll

Infected with: Trojan.Downloader.Agent.BC

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065744.dll

Disinfection failed

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065744.dll

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065745.exe

Infected with: Trojan.Downloader.Agent.BQ

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065745.exe

Disinfection failed

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065745.exe

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065746.dll

Infected with: Trojan.Downloader.Agent.BC

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065746.dll

Disinfection failed

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065746.dll

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065747.exe

Infected with: Trojan.Agent.BI

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065747.exe

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065748.exe

Infected with: Trojan.Downloader.Agent.BQ

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065748.exe

Disinfection failed

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065748.exe

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065749.exe

Infected with: Trojan.Agent.BI

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065749.exe

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065750.dll

Infected with: Trojan.Downloader.Agent.BC

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065750.dll

Disinfection failed

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065750.dll

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065751.exe

Infected with: Trojan.Downloader.Agent.BQ

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065751.exe

Disinfection failed

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065751.exe

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065752.dll

Infected with: Trojan.Downloader.Agent.BC

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065752.dll

Disinfection failed

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065752.dll

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065753.exe

Infected with: Trojan.Agent.BI

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065753.exe

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065754.exe

Infected with: Trojan.Downloader.Agent.BQ

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065754.exe

Disinfection failed

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065754.exe

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065755.exe

Infected with: Trojan.Downloader.Agent.BQ

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065755.exe

Disinfection failed

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065755.exe

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065756.exe

Infected with: Trojan.Agent.BI

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065756.exe

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065757.exe

Infected with: Trojan.Downloader.Agent.BQ

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065757.exe

Disinfection failed

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065757.exe

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065758.exe

Infected with: Trojan.Downloader.Agent.BQ

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065758.exe

Disinfection failed

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065758.exe

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065759.exe

Infected with: Trojan.Agent.BI

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065759.exe

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065760.exe

Infected with: Trojan.Agent.BI

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065760.exe

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065761.exe

Infected with: Trojan.Downloader.Agent.BQ

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065761.exe

Disinfection failed

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065761.exe

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065762.dll

Infected with: Trojan.Downloader.Winshow.AK

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065762.dll

Disinfection failed

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065762.dll

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065763.dll

Infected with: Trojan.Downloader.Agent.BC

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065763.dll

Disinfection failed

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065763.dll

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065764.exe

Infected with: Trojan.Agent.BI

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065764.exe

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065765.dll

Infected with: Trojan.Downloader.Agent.BC

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065765.dll

Disinfection failed

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065765.dll

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065766.exe

Infected with: Trojan.Agent.BI

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065766.exe

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065767.exe

Infected with: Trojan.Downloader.Agent.BQ

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065767.exe

Disinfection failed

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065767.exe

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065768.dll

Infected with: Trojan.Downloader.Agent.BC

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065768.dll

Disinfection failed

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065768.dll

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065769.dll

Infected with: Trojan.Downloader.Agent.BC

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065769.dll

Disinfection failed

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065769.dll

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065770.exe

Infected with: Trojan.Downloader.Agent.BQ

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065770.exe

Disinfection failed

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065770.exe

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065771.exe

Infected with: Trojan.Agent.BI

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065771.exe

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065772.exe

Infected with: Trojan.Agent.BI

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065772.exe

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065773.dll

Infected with: Trojan.Downloader.Agent.BC

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065773.dll

Disinfection failed

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065773.dll

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065774.exe

Infected with: Trojan.Downloader.Agent.BQ

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065774.exe

Disinfection failed

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065774.exe

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065775.dll

Infected with: Trojan.Downloader.Agent.BC

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065775.dll

Disinfection failed

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065775.dll

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065776.exe

Infected with: Trojan.Agent.BI

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065776.exe

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065777.exe

Infected with: Trojan.Agent.BI

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065777.exe

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065778.exe

Infected with: Trojan.Agent.BI

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065778.exe

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065779.exe

Infected with: Trojan.Agent.BI

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065779.exe

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065780.dll

Infected with: Trojan.Downloader.Agent.BC

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065780.dll

Disinfection failed

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065780.dll

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065781.exe

Infected with: Trojan.Agent.BI

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065781.exe

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065782.dll

Infected with: Trojan.Downloader.Agent.BC

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065782.dll

Disinfection failed

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065782.dll

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065783.dll

Infected with: Trojan.Downloader.Agent.BC

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065783.dll

Disinfection failed

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065783.dll

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065784.dll

Infected with: Trojan.Downloader.Agent.BC

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065784.dll

Disinfection failed

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065784.dll

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065785.exe

Infected with: Trojan.Agent.BI

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065785.exe

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065786.dll

Infected with: Trojan.Downloader.Agent.BC

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065786.dll

Disinfection failed

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065786.dll

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065787.exe

Infected with: Trojan.Downloader.Agent.BQ

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065787.exe

Disinfection failed

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065787.exe

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065788.exe

Infected with: Trojan.Downloader.Agent.BQ

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065788.exe

Disinfection failed

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065788.exe

Deleted

C:\System Volume Information\_restore{28192166-DCD0-4901-AD1A-CB57DD193595}\RP303\A0065789.exe

Infected with: Trojan.Agent.BI

C:\System Volume Information&

[Rawe]

Ok..

Please print these instructions out, or write them down, as you can't read them during the fix.

First;

Please download Ewido Security Suite it is a free version of the program.

1. Install Ewido Security Suite
   
2. When installing, under "Additional Options" uncheck..
   • Install background guard
     
   • Install scan via context menu
     

[*]Launch Ewido, there should be an icon on your desktop, double-click it.

[*]The program will now open to the main screen.

[*]When you run Ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.

[*]You will need to update Ewido to the latest definition files.

• On the left hand side of the main screen click update.
  
• Then click on Start Update.
  

[*]The update will start and a progress bar will show the updates being installed.

(the status bar at the bottom will display "Update successful")

[*]Exit Ewido. DO NOT run a scan yet.

If you are having problems with the updater, you can use this link to manually update Ewido.

Ewido manual updates

Next, please reboot your computer in Safe Mode by doing the following:

1) Restart your computer

2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.

3) Instead of Windows loading as normal, a menu should appear

4) Select the first option, to run Windows in Safe Mode.

Now open Ewido and do a scan of your system.

• Click on scanner
  
• Click on Complete System Scan and the scan will begin.
  
• NOTE; During some scans with Ewido it is finding cases of false positives.**
  • You will need to step through the process of cleaning files one-by-one.
    
  • If Ewido detects a file you KNOW to be legitimate, select none as the action.
    
  • DO NOT select "Perform action on all infections"
    
  • If you are unsure of any entry found, select none for now as the action.
    

  [*]Once the scan has completed, there will be a button located on the bottom of the screen named Save report

  [*]Click Save report.

  [*]Save the report .txt file to your desktop or a location where you can find it easily.

Run CleanUp! making sure to reboot when prompted.

Boot up into normal mode, run a new scan with HiJackThis and post the fresh log here along with the Ewido log.

- Rawe

[weeble8604]

Logfile of HijackThis v1.99.1

Scan saved at 7:07:12 PM, on 7/26/2005

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\ACS.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\WINDOWS\System32\DVDRAMSV.exe

C:\Program Files\ewido\security suite\ewidoctrl.exe

C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe

c:\Toshiba\IVP\swupdate\swupdtmr.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\wanmpsvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\ltmoh\Ltmoh.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe

C:\WINDOWS\System32\TPSMain.exe

C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

C:\toshiba\ivp\ism\pinger.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\WINDOWS\kdx\KHost.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

C:\WINDOWS\System32\ctfmon.exe

C:\WINDOWS\System32\TPSBattM.exe

C:\WINDOWS\system32\RAMASST.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Documents and Settings\David\Desktop\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\xkqit.dll/sp.html#37049

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\xkqit.dll/sp.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\xkqit.dll/sp.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\xkqit.dll/sp.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\xkqit.dll/sp.html#37049

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\xkqit.dll/sp.html#37049

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\xkqit.dll/sp.html#37049

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.espn.com/

R3 - Default URLSearchHook is missing

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: Class - {70AADA51-3691-0336-8370-F073BF05AD05} - C:\WINDOWS\system32\d3la32.dll (file missing)

O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll (file missing)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe

O4 - HKLM\..\Run: [TPSMain] TPSMain.exe

O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [urlLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe

O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.Exe -boot

O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain

O4 - HKLM\..\Run: [ieho.exe] C:\WINDOWS\system32\ieho.exe

O4 - HKLM\..\Run: [crof.exe] C:\WINDOWS\system32\crof.exe

O4 - HKLM\..\Run: [d3zo32.exe] C:\WINDOWS\d3zo32.exe

O4 - HKLM\..\Run: [apiya.exe] C:\WINDOWS\system32\apiya.exe

O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe

O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl

O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE

O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe

O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe

O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm

O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com

O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab

O23 - Service: Network Security Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\netij.exe" /s (file missing)

O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\ACS.exe

O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe

O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

---------------------------------------------------------

ewido security suite - Scan report

---------------------------------------------------------

+ Created on: 6:45:31 PM, 7/26/2005

+ Report-Checksum: 6165DD4E

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{07F0CAA0-8206-9DCC-5402-D4CC24EC1764} -> Spyware.CoolWebSearch : Cleaned with backup

HKLM\SOFTWARE\Classes\CLSID\{09248DC7-285D-A208-7675-8D1BAC7208C9} -> Spyware.CoolWebSearch : Cleaned with backup

HKLM\SOFTWARE\Classes\CLSID\{18DF9808-F6C9-984B-EDE3-0B7624EC452A} -> Spyware.CoolWebSearch : Cleaned with backup

HKLM\SOFTWARE\Classes\CLSID\{252B02AB-6C7E-32B3-827D-F05DA151232D} -> Spyware.CoolWebSearch : Cleaned with backup

HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup

HKLM\SOFTWARE\Classes\CLSID\{36A41F9E-B433-C078-89AE-486D2624C972} -> Spyware.CoolWebSearch : Cleaned with backup

HKLM\SOFTWARE\Classes\CLSID\{491288EB-D314-5571-9C18-B1EAC89ADE09} -> Spyware.CoolWebSearch : Cleaned with backup

HKLM\SOFTWARE\Classes\CLSID\{4FCD2C21-6232-FD0F-36AA-4EFFC9284B2A} -> Spyware.CoolWebSearch : Cleaned with backup

HKLM\SOFTWARE\Classes\CLSID\{50B9D537-5DB0-52B1-FF6F-ED6C70DA477E} -> Spyware.CoolWebSearch : Cleaned with backup

HKLM\SOFTWARE\Classes\CLSID\{5932F9CB-E60E-11C7-5BA5-2CD8198CBDB4} -> Spyware.CoolWebSearch : Cleaned with backup

HKLM\SOFTWARE\Classes\CLSID\{59411F8E-CF6C-7B7A-F0C0-DB33873458BD} -> Spyware.CoolWebSearch : Cleaned with backup

HKLM\SOFTWARE\Classes\CLSID\{676575DD-4D46-911D-8037-9B10D6EE8BB5} -> Spyware.CoolWebSearch : Cleaned with backup

HKLM\SOFTWARE\Classes\CLSID\{710089CF-87C3-763F-C8F6-5A0DBFD3AEC3} -> Spyware.CoolWebSearch : Cleaned with backup

HKLM\SOFTWARE\Classes\CLSID\{77845652-D4FE-D2AD-12FA-F27B477D9B31} -> Spyware.CoolWebSearch : Cleaned with backup

HKLM\SOFTWARE\Classes\CLSID\{7E2B347A-52AA-597F-9371-80822A8D1263} -> Spyware.CoolWebSearch : Cleaned with backup

HKLM\SOFTWARE\Classes\CLSID\{85E6B001-B482-61AE-78C6-6EAE60D74D00} -> Spyware.CoolWebSearch : Cleaned with backup

HKLM\SOFTWARE\Classes\CLSID\{85F1C7FC-7359-D6D5-C42B-F3E410DB4CAD} -> Spyware.CoolWebSearch : Cleaned with backup

HKLM\SOFTWARE\Classes\CLSID\{913EAD11-DA6B-5C8F-D264-E3D4FC8BA5DD} -> Spyware.CoolWebSearch : Cleaned with backup

HKLM\SOFTWARE\Classes\CLSID\{98832348-0E38-D102-51A5-517934760119} -> Spyware.CoolWebSearch : Cleaned with backup

HKLM\SOFTWARE\Classes\CLSID\{9B9D4A7D-1232-E364-432D-B58ECFAE5AF4} -> Spyware.CoolWebSearch : Cleaned with backup

HKLM\SOFTWARE\Classes\CLSID\{A6BFC374-18DF-B761-3902-53957EFA4847} -> Spyware.CoolWebSearch : Cleaned with backup

HKLM\SOFTWARE\Classes\CLSID\{B33C5B98-F4B9-B550-C81A-4EE9720874BF} -> Spyware.CoolWebSearch : Cleaned with backup

HKLM\SOFTWARE\Classes\CLSID\{D75B9D6B-FB2A-EE40-24DA-791D27C77147} -> Spyware.CoolWebSearch : Cleaned with backup

HKLM\SOFTWARE\Classes\CLSID\{E365460D-7563-2763-5E38-85F172854EAC} -> Spyware.CoolWebSearch : Cleaned with backup

HKLM\SOFTWARE\Classes\CLSID\{E8A06DEA-6626-407D-5720-FE211C989AC1} -> Spyware.CoolWebSearch : Cleaned with backup

HKLM\SOFTWARE\Classes\CLSID\{F80F0D50-2D6C-75C3-606A-3DFE0F4FC5D0} -> Spyware.CoolWebSearch : Cleaned with backup

HKLM\SOFTWARE\Classes\CLSID\{FA986CDE-0FA2-33A9-ECFD-8291DFA81985} -> Spyware.CoolWebSearch : Cleaned with backup

HKLM\SOFTWARE\eXactUtil -> Spyware.BargainBuddy : Cleaned with backup

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SE -> Spyware.CoolWebSearch : Cleaned with backup

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SW -> Spyware.CoolWebSearch : Cleaned with backup

C:\Documents and Settings\David\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-13e2130d-576c3d9e.zip/Gagaga.class -> TrojanDropper.Java.Beyond.g : Cleaned with backup

C:\Documents and Settings\David\Cookies\[email protected][1].txt -> Spyware.Cookie.Pointroll : Cleaned with backup

C:\Documents and Settings\David\Cookies\david@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup

C:\Documents and Settings\David\Cookies\david@doubleclick[2].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup

C:\Documents and Settings\David\Cookies\david@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup

C:\Program Files\GDivX Zenith Player\SaveInstWm.exe -> Adware.SaveNow : Cleaned with backup

C:\WINDOWS\adczn.txt:rheldm -> TrojanDownloader.Agent.bq : Cleaned with backup

C:\WINDOWS\addbf.exe -> TrojanDownloader.Agent.bq : Cleaned with backup

C:\WINDOWS\addcf32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup

C:\WINDOWS\adddf32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup

C:\WINDOWS\addgg.exe -> TrojanDownloader.Agent.bq : Cleaned with backup

C:\WINDOWS\addjb32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup

C:\WINDOWS\addrc.exe -> TrojanDownloader.Agent.bq : Cleaned with backup

C:\WINDOWS\apikd32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup

C:\WINDOWS\apioi.exe -> TrojanDownloader.Agent.bq : Cleaned with backup

C:\WINDOWS\apiqc.dll -> TrojanDownloader.Agent.bc : Cleaned with backup

C:\WINDOWS\appmv32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup

C:\WINDOWS\apppl32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup

C:\WINDOWS\appqi.exe -> TrojanDownloader.Agent.bq : Cleaned with backup

C:\WINDOWS\atlcs32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup

C:\WINDOWS\atlfi32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup

C:\WINDOWS\atllf.exe -> TrojanDownloader.Agent.bq : Cleaned with backup

C:\WINDOWS\atlly32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup

C:\WINDOWS\atlvc.exe -> TrojanDownloader.Agent.bq : Cleaned with backup

C:\WINDOWS\atlza32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup

C:\WINDOWS\avrack.ini:ggahlt -> Trojan.Agent.bi : Cleaned with backup

C:\WINDOWS\avrack.ini:grlgpb -> Spyware.Ipyn : Cleaned with backup

C:\WINDOWS\avrack.ini:hzdgar -> Trojan.Agent.bi : Cleaned with backup

C:\WINDOWS\bbchk.exe -> Spyware.BargainBuddy : Cleaned with backup

C:\WINDOWS\bchaa.txt:bklxzi -> Trojan.Agent.bi : Cleaned with backup

C:\WINDOWS\bchaa.txt:lgthjo -> Spyware.SearchPage : Cleaned with backup

C:\WINDOWS\bchaa.txt:tjnhve -> Trojan.Agent.bi : Cleaned with backup

C:\WINDOWS\bgqzx.txt:ultzwm -> Trojan.Agent.bi : Cleaned with backup

C:\WINDOWS\bgqzx.txt:wuqswh -> Spyware.Ipyn : Cleaned with backup

C:\WINDOWS\bihdz.txt:mjgupp -> TrojanDownloader.Agent.bq : Cleaned with backup

C:\WINDOWS\BVER.BAT:asfudo -> Trojan.Agent.bi : Cleaned with backup

C:\WINDOWS\BVER.BAT:cnafxk -> TrojanDownloader.Agent.bq : Cleaned with backup

C:\WINDOWS\BVER.BAT:ddnyey -> Spyware.Ipyn : Cleaned with backup

C:\WINDOWS\BVER.BAT:poluuy -> Trojan.Agent.bi : Cleaned with backup

C:\WINDOWS\cjxmu.txt:jwvatv -> Spyware.SearchPage : Cleaned with backup

C:\WINDOWS\control.ini:nhrndg -> Spyware.Ipyn : Cleaned with backup

C:\WINDOWS\crar32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup

C:\WINDOWS\crck.dll -> TrojanDownloader.Agent.bc : Cleaned with backup

C:\WINDOWS\crdi32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup

C:\WINDOWS\crlx32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup

C:\WINDOWS\crzh.exe -> TrojanDownloader.Agent.bq : Cleaned with backup

C:\WINDOWS\CS_SETUP.ini:famkhc -> Trojan.Agent.bi : Cleaned with backup

C:\WINDOWS\CS_SETUP.ini:qnnhai -> Spyware.Ipyn : Cleaned with backup

C:\WINDOWS\cuoqf.txt:guifdz -> Trojan.Agent.bi : Cleaned with backup

C:\WINDOWS\cuoqf.txt:hyiqju -> Spyware.Ipyn : Cleaned with backup

C:\WINDOWS\cuoqf.txt:nzditr -> Trojan.Agent.bi : Cleaned with backup

C:\WINDOWS\cuoqf.txt:ysczam -> Trojan.Agent.bi : Cleaned with backup

C:\WINDOWS\drqxs.txt:feaeex -> Trojan.Agent.bi : Cleaned with backup

C:\WINDOWS\drqxs.txt:minoat -> Trojan.Agent.bi : Cleaned with backup

C:\WINDOWS\drqxs.txt:qbeqen -> Trojan.Agent.bi : Cleaned with backup

C:\WINDOWS\egnnd.txt:fmbgde -> Spyware.Ipyn : Cleaned with backup

C:\WINDOWS\egnnd.txt:itzypu -> Spyware.Ipyn : Cleaned with backup

C:\WINDOWS\ezcoz.txt:hmxbfr -> Trojan.Agent.bi : Cleaned with backup

C:\WINDOWS\ezcoz.txt:tmlekv -> Spyware.Ipyn : Cleaned with backup

C:\WINDOWS\fbcpu.txt:bdmhny -> Trojan.Agent.bi : Cleaned with backup

C:\WINDOWS\fdaon.txt:snigzc -> Spyware.Ipyn : Cleaned with backup

C:\WINDOWS\fzojq.txt:flfnmr -> Trojan.Agent.bi : Cleaned with backup

C:\WINDOWS\fzojq.txt:hbnymt -> Trojan.Agent.bi : Cleaned with backup

C:\WINDOWS\fzojq.txt:knalbe -> Spyware.Ipyn : Cleaned with backup

C:\WINDOWS\hhvqo.txt:suofyc -> Trojan.Agent.bi : Cleaned with backup

C:\WINDOWS\ieda32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup

C:\WINDOWS\ieie.exe -> TrojanDownloader.Agent.bq : Cleaned with backup

C:\WINDOWS\ierc32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup

C:\WINDOWS\ietf32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup

C:\WINDOWS\iPlayer.INI:fppwfj -> Spyware.Ipyn : Cleaned with backup

C:\WINDOWS\iPlayer.INI:lnvivv -> Spyware.Ipyn : Cleaned with backup

C:\WINDOWS\iPlayer.INI:qarlb -> TrojanDropper.Small.tn : Cleaned with backup

C:\WINDOWS\ivhsw.txt:lxrgyd -> Trojan.Agent.bi : Cleaned with backup

C:\WINDOWS\ivhsw.txt:zrohji -> Spyware.Ipyn : Cleaned with backup

C:\WINDOWS\javabo.dll -> TrojanDownloader.Agent.bc : Cleaned with backup

C:\WINDOWS\javake.exe -> TrojanDownloader.Agent.bq : Cleaned with backup

C:\WINDOWS\javaws.exe -> TrojanDownloader.Agent.bq : Cleaned with backup

C:\WINDOWS\javaxq32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup

C:\WINDOWS\jcbyf.txt:dybtan -> Spyware.Ipyn : Cleaned with backup

C:\WINDOWS\JDSecure20.INI:mcziwp -> TrojanDownloader.Agent.bq : Cleaned with backup

C:\WINDOWS\JDSecure20.INI:qwhxnw -> Trojan.Agent.bi : Cleaned with backup

C:\WINDOWS\joyaw.txt:iwrdpg -> TrojanDownloader.Agent.bq : Cleaned with backup

C:\WINDOWS\joyaw.txt:wgvjnu -> Trojan.Agent.bi : Cleaned with backup

C:\WINDOWS\kasgn.txt:ieanjv -> Trojan.Agent.bi : Cleaned with backup

C:\WINDOWS\kasgn.txt:pznppx -> Spyware.Ipyn : Cleaned with backup

C:\WINDOWS\kwemc.txt:ypofcf -> Trojan.Agent.bi : Cleaned with backup

C:\WINDOWS\ldmnk.txt:gdxvbf -> Spyware.Ipyn : Cleaned with backup

C:\WINDOWS\ldmnk.txt:nulgsd -> Spyware.Ipyn : Cleaned with backup

C:\WINDOWS\lebrl.txt:fmeqiw -> Trojan.Agent.bi : Cleaned with backup

C:\WINDOWS\lebrl.txt:njamgl -> Trojan.Agent.bi : Cleaned with backup

C:\WINDOWS\lhpgm.txt:gjtsaw -> Trojan.Agent.bi : Cleaned with backup

C:\WINDOWS\lhpgm.txt:ynxdkz -> Spyware.Ipyn : Cleaned with backup

C:\WINDOWS\mfcrc.exe -> TrojanDownloader.Agent.bq : Cleaned with backup

C:\WINDOWS\mfcyb.dll -> TrojanDownloader.Agent.bc : Cleaned with backup

C:\WINDOWS\mkslt.txt:epyqrc -> Trojan.Agent.bi : Cleaned with backup

C:\WINDOWS\mkslt.txt:kroeyv -> Trojan.Agent.bi : Cleaned with backup

C:\WINDOWS\mkslt.txt:ncdsbb -> Spyware.Ipyn : Cleaned with backup

C:\WINDOWS\mkslt.txt:tuvlgv -> Trojan.Agent.bi : Cleaned with backup

C:\WINDOWS\mkslt.txt:wrogyv -> Spyware.Ipyn : Cleaned with backup

C:\WINDOWS\mkslt.txt:xbhbls -> Spyware.Ipyn : Cleaned with backup

C:\WINDOWS\msbi32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup

C:\WINDOWS\msdv32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup

C:\WINDOWS\msok.dll -> TrojanDownloader.Agent.bc : Cleaned with backup

C:\WINDOWS\msub.exe -> TrojanDownloader.Agent.bq : Cleaned with backup

C:\WINDOWS\NDSTray.INI:kqlact -> Trojan.Agent.bi : Cleaned with backup

C:\WINDOWS\NDSTray.INI:rftkt -> TrojanDropper.Small.tn : Cleaned with backup

C:\WINDOWS\netij.exe -> Trojan.Agent.bi : Cleaned with backup

C:\WINDOWS\netyx32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup

C:\WINDOWS\ntbtlog.txt:gcfrup -> Spyware.Ipyn : Cleaned with backup

C:\WINDOWS\ntbtlog.txt:tbnwub -> Trojan.Agent.bi : Cleaned with backup

C:\WINDOWS\ntbtlog.txt:xabkf -> Spyware.Ipyn : Cleaned with backup

C:\WINDOWS\nthh32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup

C:\WINDOWS\ntvd.exe -> TrojanDownloader.Agent.bq : Cleaned with backup

C:\WINDOWS\n_ieoqnn.txt -> TrojanDownloader.Agent.bq : Cleaned with backup

C:\WINDOWS\n_kbekpj.txt -> TrojanDownloader.Agent.bq : Cleaned with backup

C:\WINDOWS\n_urkglk.txt:dgtzgw -> Trojan.Agent.bi : Cleaned with backup

C:\WINDOWS\n_zgtqdv.txt:bknkfr -> Trojan.Agent.bi : Cleaned with backup

C:\WINDOWS\n_zgtqdv.txt:dmddvc -> Trojan.Agent.bi : Cleaned with backup

C:\WINDOWS\n_zgtqdv.txt:mjwptw -> Trojan.Agent.bi : Cleaned with backup

C:\WINDOWS\n_zgtqdv.txt:xrqdem -> Trojan.Agent.bi : Cleaned with backup

C:\WINDOWS\n_zioutl.txt -> TrojanDownloader.Agent.bq : Cleaned with backup

C:\WINDOWS\ODBC.INI:ekovwy -> Spyware.Ipyn : Cleaned with backup

C:\WINDOWS\ODBC.INI:ipdtxu -> Trojan.Agent.bi : Cleaned with backup

C:\WINDOWS\ODBC.INI:nvdrcg -> Trojan.Agent.bi : Cleaned with backup

C:\WINDOWS\ODBC.INI:onuqpd -> Trojan.Agent.bi : Cleaned with backup

C:\WINDOWS\ODBC.INI:roxaui -> Spyware.Ipyn : Cleaned with backup

C:\WINDOWS\ODBC.INI:vfwixn -> Trojan.Agent.bi : Cleaned with backup

C:\WINDOWS\OEWABLog.txt:gomvsg -> Spyware.Ipyn : Cleaned with backup

C:\WINDOWS\orun32.ini:eewnhj -> Spyware.Ipyn : Cleaned with backup

C:\WINDOWS\orun32.ini:gvvwxi -> Spyware.Ipyn : Cleaned with backup

C:\WINDOWS\pxckdlauninstall.exe -> Spyware.NoName : Cleaned with backup

C:\WINDOWS\pxxkp.txt:btzpqc -> Trojan.Agent.bi : Cleaned with backup

C:\WINDOWS\pzdqw.txt:kjlmqs -> Spyware.Ipyn : Cleaned with backup

C:\WINDOWS\pzdqw.txt:qzjbcp -> Trojan.Agent.bi : Cleaned with backup

C:\WINDOWS\pzdqw.txt:tmkukm -> TrojanDownloader.Agent.bq : Cleaned with backup

C:\WINDOWS\pzraz.txt:boyxth -> Spyware.SearchPage : Cleaned with backup

C:\WINDOWS\QUICKEN.INI:fkyknt -> Trojan.Agent.bi : Cleaned with backup

C:\WINDOWS\QUICKEN.INI:njqkat -> Trojan.Agent.bi : Cleaned with backup

C:\WINDOWS\QUICKEN.INI:ntgneb -> Spyware.Ipyn : Cleaned with backup

C:\WINDOWS\RtlRack.ini:hfaili -> Spyware.Ipyn : Cleaned with backup

C:\WINDOWS\RtlRack.ini:jjofjc -> Spyware.SearchPage : Cleaned with backup

C:\WINDOWS\RtlRack.ini:lpbqsr -> Spyware.SearchPage : Cleaned with backup

C:\WINDOWS\SchedLgU.Txt:kcgpxn -> Trojan.Agent.bi : Cleaned with backup

C:\WINDOWS\SchedLgU.Txt:sbarlf -> Trojan.Agent.bi : Cleaned with backup

C:\WINDOWS\SchedLgU.Txt:yvcrhb -> Trojan.Agent.bi : Cleaned with backup

C:\WINDOWS\SchedLgU.Txt:zyvfqq -> Spyware.Ipyn : Cleaned with backup

C:\WINDOWS\sdkld32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup

C:\WINDOWS\sdknu.exe -> TrojanDownloader.Agent.bq : Cleaned with backup

C:\WINDOWS\sdkov32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup

C:\WINDOWS\setuplog.txt:gdrfko -> Trojan.Agent.bi : Cleaned with backup

C:\WINDOWS\setuplog.txt:xtdqeq -> Spyware.Ipyn : Cleaned with backup

C:\WINDOWS\smscfg.ini:nodkng -> Trojan.Agent.bi : Cleaned with backup

C:\WINDOWS\smscfg.ini:qgjosx -> Trojan.Agent.bi : Cleaned with backup

C:\WINDOWS\smscfg.ini:qwmwnh -> Trojan.Agent.bi : Cleaned with backup

C:\WINDOWS\smscfg.ini:reolyw -> Spyware.Ipyn : Cleaned with backup

C:\WINDOWS\sokct.txt:jrwumh -> Trojan.Agent.bi : Cleaned with backup

C:\WINDOWS\sokct.txt:navyck -> Trojan.Agent.bi : Cleaned with backup

C:\WINDOWS\sokct.txt:nzwdwx -> Trojan.Agent.bi : Cleaned with backup

C:\WINDOWS\soytu.txt:jxfbpr -> Trojan.Agent.bi : Cleaned with backup

C:\WINDOWS\soytu.txt:ntshzt -> Trojan.Agent.bi : Cleaned with backup

C:\WINDOWS\soytu.txt:xpfrev -> Trojan.Agent.bi : Cleaned with backup

C:\WINDOWS\sysca32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup

C:\WINDOWS\sysdb.exe -> TrojanDownloader.Agent.bq : Cleaned with backup

C:\WINDOWS\sysje.exe -> TrojanDownloader.Agent.bq : Cleaned with backup

C:\WINDOWS\sysms32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup

C:\WINDOWS\syssx32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup

C:\WINDOWS\system32\addfj32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup

C:\WINDOWS\system32\addqw.dll -> TrojanDownloader.Agent.bc : Cleaned with backup

C:\WINDOWS\system32\addrz.exe -> TrojanDownloader.Agent.bq : Cleaned with backup

C:\WINDOWS\system32\apicn.exe -> TrojanDownloader.Agent.bq : Cleaned with backup

C:\WINDOWS\system32\apisi32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup

C:\WINDOWS\system32\apiva.exe -> TrojanDownloader.Agent.bq : Cleaned with backup

C:\WINDOWS\system32\apiya.exe -> TrojanDownloader.Agent.bq : Cleaned with backup

C:\WINDOWS\system32\appdp32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup

C:\WINDOWS\system32\atlon.exe -> TrojanDownloader.Agent.bq : Cleaned with backup

C:\WINDOWS\system32\crao.dll -> TrojanDownloader.Agent.bc : Cleaned with backup

C:\WINDOWS\system32\crfc32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup

C:\WINDOWS\system32\criv.exe -> TrojanDownloader.Agent.bq : Cleaned with backup

C:\WINDOWS\system32\d3eg32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup

C:\WINDOWS\system32\d3hk.exe -> TrojanDownloader.Agent.bq : Cleaned with backup

C:\WINDOWS\system32\d3la32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup

C:\WINDOWS\system32\d3so.dll -> TrojanDownloader.Agent.bc : Cleaned with backup

C:\WINDOWS\system32\d3va.exe -> TrojanDownloader.Agent.bq : Cleaned with backup

C:\WINDOWS\system32\iecn.exe -> TrojanDownloader.Agent.bq : Cleaned with backup

C:\WINDOWS\system32\ieqr.exe -> TrojanDownloader.Agent.bq : Cleaned with backup

C:\WINDOWS\system32\iesy32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup

C:\WINDOWS\system32\iewe.exe -> TrojanDownloader.Agent.bq : Cleaned with backup

C:\WINDOWS\system32\ipfw32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup

C:\WINDOWS\system32\ipod32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup

C:\WINDOWS\system32\javaiy32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup

C:\WINDOWS\system32\javapu32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup

C:\WINDOWS\system32\javath32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup

C:\WINDOWS\system32\mfcfl32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup

C:\WINDOWS\system32\mfcud.exe -> TrojanDownloader.Agent.bq : Cleaned with backup

C:\WINDOWS\system32\mfcuq32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup

C:\WINDOWS\system32\mfcze32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup

C:\WINDOWS\system32\msij32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup

C:\WINDOWS\system32\mskh32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup

C:\WINDOWS\system32\msoz32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup

C:\WINDOWS\system32\mspt32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup

C:\WINDOWS\system32\netqu32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup

C:\WINDOWS\system32\netrf.exe -> TrojanDownloader.Agent.bq : Cleaned with backup

C:\WINDOWS\system32\netzv32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup

C:\WINDOWS\system32\ntrg32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup

C:\WINDOWS\system32\ntsn.dll -> TrojanDownloader.Agent.bc : Cleaned with backup

C:\WINDOWS\system32\sdkfw32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup

C:\WINDOWS\system32\sdkgp.exe -> TrojanDownloader.Agent.bq : Cleaned with backup

C:\WINDOWS\system32\sdkmr.dll -> TrojanDownloader.Agent.bc : Cleaned with backup

C:\WINDOWS\system32\sdksw.exe -> TrojanDownloader.Agent.bq : Cleaned with backup

C:\WINDOWS\system32\sdktr32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup

C:\WINDOWS\system32\sdkxe32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup

C:\WINDOWS\system32\syswv.exe -> TrojanDownloader.Agent.bq : Cleaned with backup

C:\WINDOWS\system32\wingx.exe -> TrojanDownloader.Agent.bq : Cleaned with backup

C:\WINDOWS\system32\winil32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup

C:\WINDOWS\system32\winju32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup

C:\WINDOWS\system32\winmf32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup

C:\WINDOWS\system32\winus.dll -> TrojanDownloader.Agent.bc : Cleaned with backup

C:\WINDOWS\system32\winuv.exe -> TrojanDownloader.Agent.bq : Cleaned with backup

C:\WINDOWS\system32\winyy32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup

C:\WINDOWS\T30DebugLogFile.txt:ixxdkj -> Spyware.Ipyn : Cleaned with backup

C:\WINDOWS\ToshDefs.reg:aycype -> Spyware.SearchPage : Cleaned with backup

C:\WINDOWS\ToshDefs.reg:gcgmkv -> TrojanDropper.Small.tn : Cleaned with backup

C:\WINDOWS\ToshDefs.reg:lmriif -> Trojan.Agent.bi : Cleaned with backup

C:\WINDOWS\ToshDefs.reg:mcoke -> Spyware.Ipyn : Cleaned with backup

C:\WINDOWS\ToshDefs.reg:nzspjt -> Spyware.Ipyn : Cleaned with backup

C:\WINDOWS\ToshDefs.reg:sxxfa -> TrojanDropper.Small.tn : Cleaned with backup

C:\WINDOWS\ToshDefs.reg:uifmqu -> Spyware.Ipyn : Cleaned with backup

C:\WINDOWS\TSession.reg:quyryx -> Spyware.Ipyn : Cleaned with backup

C:\WINDOWS\TSession.reg:rqrtox -> Trojan.Agent.bi : Cleaned with backup

C:\WINDOWS\urltc.txt:kttvfd -> Trojan.Agent.bi : Cleaned with backup

C:\WINDOWS\urybl.txt:tdnzds -> Spyware.SearchPage : Cleaned with backup

C:\WINDOWS\urybl.txt:xieclr -> Spyware.Ipyn : Cleaned with backup

C:\WINDOWS\vb.ini:jzfbxm -> Spyware.Ipyn : Cleaned with backup

C:\WINDOWS\vb.ini:nrfmez -> Trojan.Agent.bi : Cleaned with backup

C:\WINDOWS\vbaddin.ini:feizo -> Spyware.Ipyn : Cleaned with backup

C:\WINDOWS\vvyvh.txt:lowerq -> Trojan.Agent.bi : Cleaned with backup

C:\WINDOWS\vvyvh.txt:mmtrxr -> Trojan.Agent.bi : Cleaned with backup

C:\WINDOWS\vvyvh.txt:ykmkjv -> Trojan.Agent.bi : Cleaned with backup

C:\WINDOWS\wcflc.txt:fsolhl -> Spyware.SearchPage : Cleaned with backup

C:\WINDOWS\wgskc.txt:vndgfk -> Spyware.Ipyn : Cleaned with backup

C:\WINDOWS\winamp.ini:akgpns -> Trojan.Agent.bi : Cleaned with backup

C:\WINDOWS\winew32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup

C:\WINDOWS\wininit.ini:ekrutf -> Spyware.SearchPage : Cleaned with backup

C:\WINDOWS\wininit.ini:hkngqq -> Trojan.Agent.bi : Cleaned with backup

C:\WINDOWS\winpj.exe -> TrojanDownloader.Agent.bq : Cleaned with backup

C:\WINDOWS\wt\wtvh.dll -> Spyware.WildTangent : Cleaned with backup

C:\WINDOWS\wunez.txt:scklho -> Spyware.Ipyn : Cleaned with backup

C:\WINDOWS\wunez.txt:utvcuo -> Trojan.Agent.bi : Cleaned with backup

C:\WINDOWS\xkqit.dll -> Spyware.SearchPage : Cleaned with backup

C:\WINDOWS\zbhph.txt:pzmevo -> Trojan.Agent.bi : Cleaned with backup

C:\WINDOWS\zjvvy.txt:zzekpr -> Spyware.Ipyn : Cleaned with backup

C:\WINDOWS\zkjxo.txt:lgabtd -> Trojan.Agent.bi : Cleaned with backup

C:\WINDOWS\znysc.txt:ctcctm -> Spyware.Ipyn : Cleaned with backup

C:\WINDOWS\znysc.txt:dtcrwp -> Spyware.Ipyn : Cleaned with backup

C:\WINDOWS\znysc.txt:gyjtug -> Spyware.SearchPage : Cleaned with backup

C:\WINDOWS\znysc.txt:rgouaa -> TrojanDownloader.Agent.bq : Cleaned with backup

::Report End

[Rawe]

Yep, it's looking better all the time.

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):

• Click the Free Trial link on the right - next to "SpySweeper for Home Computers" to download the program.
  
• Double-click the file to install it as follows:
  • Click "Next", read the agreement, Click "Next"
    
  • Choose "Custom" click "Next".
    
  • Leave the default installation directoy as it is, then click "Next".
    
  • UNcheck "Run SpySweeper at Windows Startup" and "Add Sweep for Spyware to Windows Explorer Context Menu". Click "Next".
    
  • On the following screen you can leave the e-mail address field blank, if you wish. Click "Next".
    
  • Finally, click "Install"
    

  [*]Once the program is installed, it will open.

  [*]It will prompt you to update to the latest definitions, click Yes.

  Disable SpySweeper Shields

  • Click Shields on the left.
    
  • Click Internet Explorer and uncheck all items.
    
  • Click Windows System and uncheck all items.
    
  • Click Startup Programs and uncheck all items.
    

  [*]Once the definitions are installed and shields disabled, click Sweep Now on the left side.

  [*]Click the Start button.

  [*]When it's done scanning, click the Next button.

  [*]Make sure everything has a check next to it, then click the Next button.

  [*]It will remove all of the items found.

  [*]Click Session Log in the upper right corner, copy everything in that window.

  [*]Click the Summary tab and click Finish.

  [*]Paste the contents of the session log you copied into your next reply.

Run CleanUp!

and reboot. Run a scan with this free online scan; Trend Micro, make sure to use "Auto-clean" - option, let it clean anything it finds and save the log it produces. Post it here along with SpySweeper session log & and a fresh HiJackThis log.

- Rawe

Edited July 27, 2005 by Rawe

[Rawe]

You can also go ahead and uninstall these programs;

About:buster

CWShredder

SpSeHjfix (Remember to delete the folders and empty recycle bin.)

Leave Ewido, HiJackThis and CleanUp for now. And of course SpySweeper until I see the log.

- Rawe

[Rawe]

Due to lack of feedback this topic is closed. If you are the original topic starter, still need help and want this topic reopened - shoot me a PM. Everyone else please begin a New Topic.