Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IE Quick Web Search on about:blank


  • Please log in to reply
9 replies to this topic

#1 teknomaniac

teknomaniac

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:11 PM

Posted 10 July 2005 - 05:26 PM

Hi,

I read up on how to fix this in several other forums, but the problem seems to keep sticking to the about:blank page. Whenever I open it up, there is a Quick Web Search utility that loads up as well, and when I search on Yahoo, it causes pop-ups to keep coming up.

I checked out another HJT log, and performed similar procedures but to no avail. Can anyone help me out? Here's a copy of my HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 3:23:40 PM, on 7/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
D:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
D:\Program Files\Norton AntiVirus\navapsvc.exe
D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
D:\WINDOWS\system32\wdfmgr.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\WINDOWS\System32\alg.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\2Wire\2PortalMon.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Program Files\a2 Trojan Remover\a2guard.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\WINDOWS\system32\iefa32.exe
D:\Program Files\Messenger\msmsgs.exe
D:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://D:\WINDOWS\system32\wliyv.dll/sp.html#45052
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://D:\WINDOWS\system32\wliyv.dll/sp.html#45052
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://D:\WINDOWS\system32\wliyv.dll/sp.html#45052
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://D:\WINDOWS\system32\wliyv.dll/sp.html#45052
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://D:\WINDOWS\system32\wliyv.dll/sp.html#45052
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://D:\WINDOWS\system32\wliyv.dll/sp.html#45052
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://D:\WINDOWS\system32\wliyv.dll/sp.html#45052
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {713BB4D3-0B7C-1D3D-8240-26C661FA80FC} - D:\WINDOWS\ipop32.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [QuickTime Task] "D:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [2wSysTray] D:\Program Files\2Wire\2PortalMon.exe
O4 - HKLM\..\Run: [IEXPLORE.EXE] D:\Program Files\Internet Explorer\IEXPLORE.EXE
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] D:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [msgv.exe] D:\WINDOWS\msgv.exe
O4 - HKLM\..\Run: [crkv.exe] D:\WINDOWS\system32\crkv.exe
O4 - HKLM\..\Run: [addto32.exe] D:\WINDOWS\system32\addto32.exe
O4 - HKLM\..\Run: [iefa32.exe] D:\WINDOWS\system32\iefa32.exe
O4 - HKLM\..\RunOnce: [ntzx.exe] D:\WINDOWS\system32\ntzx.exe
O4 - HKLM\..\RunOnce: [appea32.exe] D:\WINDOWS\system32\appea32.exe
O4 - HKLM\..\RunOnce: [sdkij32.exe] D:\WINDOWS\sdkij32.exe
O4 - HKLM\..\RunOnce: [iplt.exe] D:\WINDOWS\system32\iplt.exe
O4 - HKLM\..\RunOnce: [atlvl.exe] D:\WINDOWS\atlvl.exe
O4 - HKLM\..\RunOnce: [sdkav32.exe] D:\WINDOWS\system32\sdkav32.exe
O4 - HKLM\..\RunOnce: [mswt.exe] D:\WINDOWS\system32\mswt.exe
O4 - HKLM\..\RunOnce: [crca.exe] D:\WINDOWS\crca.exe
O4 - HKLM\..\RunOnce: [iees32.exe] D:\WINDOWS\iees32.exe
O4 - HKLM\..\RunOnce: [sysbq32.exe] D:\WINDOWS\sysbq32.exe
O4 - HKLM\..\RunOnce: [ielu.exe] D:\WINDOWS\system32\ielu.exe
O4 - HKLM\..\RunOnce: [javakh.exe] D:\WINDOWS\javakh.exe
O4 - HKLM\..\RunOnce: [netiv.exe] D:\WINDOWS\system32\netiv.exe
O4 - HKLM\..\RunOnce: [crez.exe] D:\WINDOWS\system32\crez.exe
O4 - HKLM\..\RunOnce: [atlwj.exe] D:\WINDOWS\system32\atlwj.exe
O4 - HKLM\..\RunOnce: [atluz32.exe] D:\WINDOWS\atluz32.exe
O4 - HKCU\..\Run: [a-squared] "D:\Program Files\a2 Trojan Remover\a2guard.exe"
O4 - HKCU\..\Run: [AIM] D:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab32846.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - D:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - D:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - Unknown owner - D:\WINDOWS\system32\pctspk.exe
O23 - Service: SAVScan - Symantec Corporation - D:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - D:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Hopefully, that's not too insane. But if it is, please let me know. Thanks.

--Tek

BC AdBot (Login to Remove)

 


m

#2 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 11 July 2005 - 05:05 PM

Hi teknomaniac and Welcome to the Bleeping Computer!

Thats a nasty CWS Infection you have there!!

Copy these Instructions to Notepad and Save them to your Desktop,you will need them in Safe Mode!

Please Download these utilities but dont run them until I ask you to!

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/

Please read Ewido Setup Instructions
Install it, and update the definitions to the newest files. Do NOT run a scan yet.


ABout Buster
http://www.besttechie.net/forums/index.php?showtopic=1488

Follow the Instructions inside the link to Update it,We will run it it Safe Mode!


CleanUp!
http://downloads.stevengould.org/cleanup/CleanUp40.exe


Reboot into SAFE MODE(Tap F8 when restarting)
Here is a link on how to boot into Safe Mode:
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam


After restarting in Safe Mode,Configure Windows to Show All Hidden Files and Folders,this must be done after restarting in Safe Mode!!
Here is a link to help with that:
http://www.bleepingcomputer.com/forums/ind...showtutorial=62


Once in Safe Mode-> Scan the System with Ewido-> Clean All Infections found-> Click the Tab to Save a Report!


Run ABout Buster just as described in the link!

Please run it until you get these Results:

No ADS found on system
Attempted Clean Of Temp folder.
Pages Reset... Done!



Run CleanUp!-> Click the Cleanup Tab and let it remove all the Temporary files it finds-> Click Close-> Click "NO" when prompted to log off!


Run MSCONFIG and enable everything in the startup area. To get to MSCONFIG, click on Start -> Run -> type in MSCONFIG -> click OK!

Under the "General" Tab
Make Sure Normal Startup is Checked!!

Click Apply>>OK>>Follow the Prompts to Restart!!


Restart Normal and have the PC Scanned here:
Panda Active Scan

You will need to be using Internet Explorer for the Scan to work!

Save the Report it generates


Post back with a fresh HijackThis log and the reports from Ewido and Panda!

#3 teknomaniac

teknomaniac
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  

Posted 11 July 2005 - 10:20 PM

Hi Cretemonster,

Well, that got rid of the Quick Web Search. Here's the HJT log, the Ewidos report, and the Panda Online Scan:

Logfile of HijackThis v1.99.1
Scan saved at 8:15:17 PM, on 7/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
D:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
D:\Program Files\Norton AntiVirus\navapsvc.exe
D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
D:\WINDOWS\system32\wdfmgr.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\WINDOWS\System32\alg.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\2Wire\2PortalMon.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Program Files\a2 Trojan Remover\a2guard.exe
D:\Program Files\Messenger\msmsgs.exe
D:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://D:\WINDOWS\cnjsv.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://D:\WINDOWS\cnjsv.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://D:\WINDOWS\cnjsv.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://D:\WINDOWS\cnjsv.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://D:\WINDOWS\cnjsv.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://D:\WINDOWS\cnjsv.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://D:\WINDOWS\cnjsv.dll/sp.html#37049
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {3C590378-0A5C-B10E-AF30-95DF78FBEABD} - D:\WINDOWS\apism32.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {DEFF3B98-3686-8151-5CDB-C593651F3170} - D:\WINDOWS\netqg32.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [QuickTime Task] "D:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [2wSysTray] D:\Program Files\2Wire\2PortalMon.exe
O4 - HKLM\..\Run: [IEXPLORE.EXE] D:\Program Files\Internet Explorer\IEXPLORE.EXE
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] D:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [msgv.exe] D:\WINDOWS\msgv.exe
O4 - HKLM\..\Run: [crkv.exe] D:\WINDOWS\system32\crkv.exe
O4 - HKLM\..\Run: [addto32.exe] D:\WINDOWS\system32\addto32.exe
O4 - HKLM\..\Run: [iefa32.exe] D:\WINDOWS\system32\iefa32.exe
O4 - HKLM\..\Run: [ieat32.exe] D:\WINDOWS\ieat32.exe
O4 - HKLM\..\Run: [atljc32.exe] D:\WINDOWS\system32\atljc32.exe
O4 - HKCU\..\Run: [a-squared] "D:\Program Files\a2 Trojan Remover\a2guard.exe"
O4 - HKCU\..\Run: [AIM] D:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab32846.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O23 - Service: Network Security Service (NSS) ( 11F#`I) - Unknown owner - D:\WINDOWS\system32\appea32.exe" /s (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - D:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - D:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - Unknown owner - D:\WINDOWS\system32\pctspk.exe
O23 - Service: SAVScan - Symantec Corporation - D:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - D:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


EWIDOS REPORT

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 6:18:24 PM, 7/11/2005
+ Report-Checksum: 3C1CFDA

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{2621D1BF-0A92-2D9C-E595-02A9C3F76F46} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{676575DD-4D46-911D-8037-9B10D6EE8BB5} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{742CF04D-EE46-1423-E899-B91C547ABC20} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{792E2C95-AEBD-D9B8-E958-AD1BB5A3D9BA} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{ACC4DBFF-71AF-4227-A86D-8777429F56BD} -> Spyware.ScratchAndWin : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{CBFC713D-894B-789B-06EB-F9B92FE15B18} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SE -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SW -> Spyware.CoolWebSearch : Cleaned with backup
C:\WINDOWS\Cookies\nima olang@www.popuptraffic[2].txt -> Spyware.Cookie.Popuptraffic : Cleaned with backup
C:\WINDOWS\Cookies\nima olang@adorigin[2].txt -> Spyware.Cookie.Adorigin : Cleaned with backup
C:\WINDOWS\Cookies\nima olang@ads.adorigin[1].txt -> Spyware.Cookie.Adorigin : Cleaned with backup
C:\WINDOWS\Cookies\nima olang@ads18.bpath[1].txt -> Spyware.Cookie.Bpath : Cleaned with backup
C:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP688\A0128933.exe -> TrojanDownloader.Small.Fo : Cleaned with backup
C:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP688\A0128936.exe -> TrojanDropper.Small.hx : Cleaned with backup
C:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP705\A0133536.exe -> Spyware.Lop : Cleaned with backup
D:\Program Files\DAP XP\DAP.exe -> Heuristic.Win32.Dialer : Cleaned with backup
D:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Spyware.Wheaterbug : Cleaned with backup
D:\WINDOWS\system32\mfcqr.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\system32\crvt.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\system32\iefa32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
D:\WINDOWS\system32\atlwj.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\system32\ievm.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\system32\netdo.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\system32\iesj.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\system32\appwn32.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\system32\netcb.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\system32\apivj.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\system32\addsl32.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\system32\d3yr32.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\system32\iplt.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\system32\crkg32.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\system32\netpi.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\system32\apief.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\system32\msyr.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\system32\ntdl32.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\system32\crrb32.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\system32\netwv.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\system32\ntpw32.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\system32\ntnp.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\system32\netdk.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\system32\ipqg32.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\system32\addwj.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\system32\iean.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\system32\sdkfh32.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\system32\netpn32.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\system32\javast32.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\system32\addca.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\system32\d3hu32.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\system32\sysmy.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\system32\sdkrs32.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\system32\atltr.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\system32\ieyl.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\system32\d3jq32.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\system32\winpd.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\system32\javagl32.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\system32\mfcmf.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\system32\mfcxk32.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\system32\ntos.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\system32\msmf32.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\system32\ntrh.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\system32\winok.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\system32\javate.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\system32\d3yn32.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\system32\mfcug.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\system32\addjp32.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\system32\mfcmk.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\system32\javaqx.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\system32\apiwr32.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\system32\d3ob32.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\system32\ntch32.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\system32\ntou.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\system32\d3bp.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\system32\ipaf32.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\system32\winjk.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
D:\WINDOWS\system32\iewr.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\system32\d3qv.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\system32\ievt.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\system32\ntav.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\system32\sdkvh32.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\system32\atlaj.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\system32\netqt.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\system32\apiyy.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\system32\nethk32.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\system32\netba.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\system32\winou32.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\system32\mfcip.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\system32\nttd.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\system32\ipcr.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\system32\mfcpz.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\system32\sdkav32.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\system32\winec.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\system32\mswp.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
D:\WINDOWS\system32\mswt.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\system32\apino32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
D:\WINDOWS\system32\ielu.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\system32\winiy32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
D:\WINDOWS\system32\wliyv.dll -> Spyware.SearchPage : Cleaned with backup
D:\WINDOWS\system32\netiv.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\system32\crez.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\system32\sdkon.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\system32\atlti32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
D:\WINDOWS\system32\mswa.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
D:\WINDOWS\system32\ipjr32.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\system32\iehq.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\system32\ieul.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\system32\atlyd.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\system32\apiix32.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\system32\sysyx32.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\system32\apior.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\system32\netrj.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\system32\sdklg32.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\system32\netdn.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\system32\d3nt32.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\system32\addmh.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\system32\apilc32.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\system32\ntyc32.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\system32\crmp.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\system32\winiq.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\system32\mfceg.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\system32\atljc32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
D:\WINDOWS\system32\atljc32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
D:\WINDOWS\system32\msow.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\system32\winyj32.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\system32\netsi32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
D:\WINDOWS\system32\nkdvb.dll -> Spyware.SearchPage : Cleaned with backup
D:\WINDOWS\system32\sysdv32.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\system32\apize32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
D:\WINDOWS\system32\apirh32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
D:\WINDOWS\system32\apiuu.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
D:\WINDOWS\system32\appve32.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\system32\appth32.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\system32\ipdg32.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\system32\msod32.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\system32\mfcwu.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\ipop32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
D:\WINDOWS\d3sw.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\d3ay.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\ipon32.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\winoq32.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\iecp.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\sdkij32.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\appwm32.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\msbg.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\crqd32.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\appih32.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\msnj.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\wingc32.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\crle.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\atlah.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\atldq32.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\msiv32.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\d3xq.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\crkl.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\apiyn.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\apipi.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\winuk32.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\adddo.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\apicj32.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\ntqj32.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\atlvl.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\ieub32.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\nthv32.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\atluz32.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\sysdf.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\ntee.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
D:\WINDOWS\appbm.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\ieat32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
D:\WINDOWS\ipah32.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\addfb.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\msuz.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
D:\WINDOWS\d3fg.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\netdz.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\winit32.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\appvs32.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\apisv.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\javagf32.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\syskj.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\atlol32.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\syspy32.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\nethy32.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\ntan.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\atlfh32.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\crgl.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\nettn.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\addzh32.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\syskn.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\iemn32.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\atlfj32.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\sdkxg.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\sysot32.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\sysjt32.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\winfu32.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\addhx.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\sdkqh32.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\msvd.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\msyr32.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\ieyz32.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\netku.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\sdkdv32.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\iekm.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\javanx.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\apppz32.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\netuh.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\atllq.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\ieql32.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\apien.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\ipjo.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\ntmb.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\ieff.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\sysoz.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\ierp.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\addfw32.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\ippx.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\winmy.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
D:\WINDOWS\javanh32.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\kklnhs.txt -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\addxk.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
D:\WINDOWS\crle32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
D:\WINDOWS\netqg32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
D:\WINDOWS\useact.txt -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\mfcwr.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
D:\WINDOWS\cnjsv.dll -> Spyware.SearchPage : Cleaned with backup
D:\WINDOWS\sdkdv.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\atlvg32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
D:\WINDOWS\apism32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
D:\WINDOWS\sysxv.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\crxm.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\sdknh.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\atlmp32.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\appnz.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\winls32.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\addue.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\appaa32.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\d3fu32.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\msoi.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\syscl32.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\crtg32.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\sdksf.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\javawm32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
D:\WINDOWS\winhi.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
D:\WINDOWS\sdkgi.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
D:\WINDOWS\apprv.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
D:\WINDOWS\crca.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\nethd.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
D:\WINDOWS\netpp32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
D:\WINDOWS\winvr.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
D:\WINDOWS\cral.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
D:\WINDOWS\iees32.exe -> Trojan.Agent.bi : Cleaned with backup
D:\WINDOWS\sysbq32.exe -> Trojan.Agent.bi : Cleaned with backup
D:\Documents and Settings\Nima Olang\Cookies\nima olang@www2.enigmasoftwaregroup[2].txt -> Spyware.Cookie.Enigmasoftwaregroup : Cleaned with backup
D:\Documents and Settings\Nima Olang\Cookies\nima olang@perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
D:\Documents and Settings\Nima Olang\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-3598e98a-65fc9db5.zip/Gummy.class -> Trojan.Java.Femad : Cleaned with backup
D:\Documents and Settings\Nima Olang\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-5f21fc27-46c4f3a1.zip/Gummy.class -> Trojan.Java.Femad : Cleaned with backup
D:\Documents and Settings\Nima Olang\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\ok.class-1607cddc-5925c430.class -> Trojan.Nocheat : Cleaned with backup
D:\Documents and Settings\Mom\Cookies\mom@edge.ru4[2].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
D:\Documents and Settings\Mom\Cookies\mom@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
D:\Documents and Settings\Mom\Cookies\mom@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP705\A0133532.EXE -> TrojanDownloader.Agent.bq : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP705\A0133538.dll -> Spyware.SearchPage : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP707\A0133561.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP707\A0133573.dll -> Spyware.SearchPage : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133586.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133587.EXE -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133601.EXE -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133619.EXE -> TrojanDownloader.Agent.bq : Cleaned with backup


::Report End

Edited by teknomaniac, 11 July 2005 - 10:29 PM.


#4 teknomaniac

teknomaniac
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:11 PM

Posted 11 July 2005 - 10:31 PM

PANDA SCAN, PART 1

Incident Status Location

Adware:Adware/SaveNow No disinfected Windows Registry
Adware:Adware/Antivirus-gold No disinfected D:\WINDOWS\screen.html
Adware:Adware/nCase No disinfected C:\WINDOWS\SYSTEM\ncase.dll
Adware:Adware/Specofer No disinfected C:\WINDOWS\SYSTEM\httppost.exe
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\aexwmy.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\hbeazr.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\vzibll.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\okaygs.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\jlppil.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\cdaurg.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\lmthdo.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\nxmdyv.dat
Adware:Adware/Antivirus-gold No disinfected D:\WINDOWS\screen.html
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\xhpesc.log
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\grvxrd.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\amsujv.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\tkriry.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\vguenw.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\oknahd.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\encpcm.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\uxohpf.log
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\unjemf.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\gqvmpt.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\mtpixy.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\oeafkf.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\unjzfr.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\wycwsy.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\yfdlzz.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\aiohmg.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\nqtdru.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\ptlaea.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\bimupj.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\jbwbzk.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\jiryph.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\ktjvko.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\xlwvro.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\zoprev.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\dofbxc.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\xzyyki.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\cleqcq.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\nvnnfr.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\mkisco.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\notppu.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\alnpzc.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\uhlnwm.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\awsrjf.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\vldkfq.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\wovgrw.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\wwqmht.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\phbicz.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\kywjja.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\ecoxwh.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\icfhpn.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\knxdcu.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\phpntt.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\qkikga.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\okmoes.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\qvfkrz.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\wikokc.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\ojsayl.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\ljylhs.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\fmjicy.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\ffwkec.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\fzjqzn.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\ykbmmu.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\ueazpb.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\cmvffy.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\vpfcae.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\trmfhe.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\uuebul.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\tcredn.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\xnfand.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\hpdmxk.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\isnijq.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\ltatsh.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\bxcqwb.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\rcnlnb.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\npykqq.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\osrgcx.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\hqvlqc.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\acftej.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\zeavdf.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\yiotgo.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\sthqtv.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\temkdy.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\ycsxwj.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\upxgqf.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\qgsvky.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\skdrxf.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\ehxrhm.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\gkiobt.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\udamik.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\ogljvr.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\zhvmna.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\cdllkk.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\puglrk.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\qyzamr.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\vevelm.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\xpnaxs.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\vypjxx.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\ojigke.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\bkuoqb.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\uwnklh.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\uphyyt.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\ntsmsa.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\pkglca.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\rvqhoh.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\piknok.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\jlvjbr.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\vzulpi.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\xkeiko.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\fetblt.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\wmotoz.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\yxhpjf.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\oqsuvp.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\ptcqqw.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\viqrdd.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\xeopan.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\srwkmk.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\rglnze.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\ptzvhq.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\femlac.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\ghfivi.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\qfjstw.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\xmxwtt.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\zphtfz.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\sownll.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\urojfs.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\ludahm.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\nqaqfw.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\ztpthx.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\jmvket.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\kxngra.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\aehpbe.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\nbaugi.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\hnisoq.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\iybobx.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\tyixtb.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\arswat.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\bulsnz.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\bbuhgk.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\omhvsj.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\rcvreg.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\movdcg.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\nrgzpm.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\kffnzm.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\qixtps.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\cenvsr.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\tezjhj.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\vprfuq.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\oexenx.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\qppaae.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\dhcahe.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\ekvwcl.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\cveday.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\jklgnr.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\qpdnry.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\jtobee.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\iwenmg.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\kzxjgn.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\ohntrt.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\ikgqma.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\lmzjge.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\kjhmtx.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\isjswr.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\cvbpry.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\kofncp.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\idurhj.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\jycrbr.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\kbvooy.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\afffks.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\uipcfz.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\tpjpus.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\msumgy.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\deozsg.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\wigvnm.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\ucmpti.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\ngwlgp.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\mtiqxs.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\nwbnsz.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\arrpgq.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\tvkltx.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\khegne.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\lsovzl.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\rojdeb.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\szczzh.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\tsjcvv.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\vohtse.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\ozrpnl.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\hwkpls.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\jzdlgz.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\gjeccv.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\hnorxc.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\tggiah.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\inqrxb.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\seactw.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\uaytrg.dat

Edited by teknomaniac, 11 July 2005 - 11:10 PM.


#5 teknomaniac

teknomaniac
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:11 PM

Posted 11 July 2005 - 11:10 PM

Part 2


Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\poblyt.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\rrmilz.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\hcufpx.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\awutvl.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\uzfpis.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\hrauak.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\jutqnr.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\tjugvs.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\nfswsc.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\kufhar.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\mqdgyb.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\xcfjmb.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\ynpghi.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\xuxgyq.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\zfpclx.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\qxooge.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\rihktk.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\tuihds.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\vqyxac.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\gkudqo.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\igkcoy.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\kpwxfn.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\lsplau.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\tuvfby.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\vxobvf.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\svkqlh.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\mripir.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\yuupuf.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\zxelgl.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\fpjbgp.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\hscxtw.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\qvsjvc.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\sykfpj.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\hjnzko.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\jedqhy.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\itohdj.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\tisrjx.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\czvbmd.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\zzbmwk.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\bcmijq.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\asgogn.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\bvrltt.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\cnrhxi.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\eqjdsp.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\dgwbhl.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\ejpycs.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\xltepy.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\rpeace.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\ehadzo.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\fklzuu.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\ergfkr.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\gdycwx.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\wdynrf.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\ygijel.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\xndhui.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\zywdpo.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\lzzhhc.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\oncshp.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\hlvanw.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\awnwid.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\xtpjxa.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\qehfkh.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\lxqenx.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\miiaae.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\boftlr.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\crypgy.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\xukmxf.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\zxvakl.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\ymkijt.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\apvfwa.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\ouwrlx.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\qquqjh.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\nhqxdb.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\pdoval.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\otqunj.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\qpokkt.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\sjcjvm.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\tmugit.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\xxwrzy.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\yignme.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\lqgqgp.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\fbymsv.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\huajfm.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\jxtfst.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\tgvnyn.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\njojsu.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\zmzrwi.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\apsnro.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\wpdovi.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\xsvlho.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\wlbpda.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\yxumqg.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\qmruyu.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\rpbqtb.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\gaovnk.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\idgsir.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\whfuol.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\yddtmv.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\ujtdzi.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\wumzlo.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\baxlbp.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\eyrxxd.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\ythvun.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\ukvnoq.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\uwnmnf.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\vvfjbx.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\dwdkch.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\fpsacy.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\qtwmcp.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\rfhvor.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\atvqaz.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\qbjkrm.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\utfweq.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\ytcmab.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\wcqvky.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\rrjwjq.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\etltqd.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\lkhqeb.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\dxuvaf.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\jdvrko.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\qgltjo.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\bwavmo.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\cztryu.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\ziahcz.dat
Virus:Exploit/ByteVerify Disinfected D:\Documents and Settings\Nima Olang\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv526.jar-15a398fd-598c4d52.zip[Matrix.class]
Virus:Exploit/ByteVerify Disinfected D:\Documents and Settings\Nima Olang\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv526.jar-15a398fd-598c4d52.zip[Dummy.class]

#6 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 12 July 2005 - 05:00 AM

By the looks of the HijackThis log you got it!

The only thing I am unsure of is if AboutBuster Scanned the D drive!

If you saved a log from About Buster,you Should be able to tell!

Lets go ahead and Make a Second Pass

Click Start-> Run-> Type in Services.msc and Click OK!

Scroll the list and locate this Entry

Network Security Service

Right Click the entry and Select "Properties"-> Click "Stop"-> Go up and Change the "Startup Type" to "Disabled"!

Exit the Services Page!

Download CWShredder
http://cwshredder.net/bin/CWShredder.exe

Double Click CWShredder.exe to run it>>Click Check Check For Update
Close it out once updated,We will run it in Safe Mode!

Make sure Ewido and About Buster are Updated!

Reboot into SAFE MODE(Tap F8 when restarting)
Here is a link on how to boot into Safe Mode:
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

After restarting in Safe Mode,Configure Windows to Show All Hidden Files and Folders Here is a link to help with that:
http://www.bleepingcomputer.com/forums/ind...showtutorial=62

Open HijackThis and put a check by these but DO NOT hit the Fix Checked button yet!

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://D:\WINDOWS\cnjsv.dll/sp.html#37049

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://D:\WINDOWS\cnjsv.dll/sp.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://D:\WINDOWS\cnjsv.dll/sp.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://D:\WINDOWS\cnjsv.dll/sp.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://D:\WINDOWS\cnjsv.dll/sp.html#37049

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://D:\WINDOWS\cnjsv.dll/sp.html#37049

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://D:\WINDOWS\cnjsv.dll/sp.html#37049

R3 - Default URLSearchHook is missing

O2 - BHO: Class - {3C590378-0A5C-B10E-AF30-95DF78FBEABD} - D:\WINDOWS\apism32.dll (file missing)

O2 - BHO: Class - {DEFF3B98-3686-8151-5CDB-C593651F3170} - D:\WINDOWS\netqg32.dll (file missing)

O4 - HKLM\..\Run: [QuickTime Task] "D:\WINDOWS\system32\qttask.exe" -atboottime

O4 - HKLM\..\Run: [IEXPLORE.EXE] D:\Program Files\Internet Explorer\IEXPLORE.EXE

O4 - HKLM\..\Run: [msgv.exe] D:\WINDOWS\msgv.exe

O4 - HKLM\..\Run: [crkv.exe] D:\WINDOWS\system32\crkv.exe

O4 - HKLM\..\Run: [addto32.exe] D:\WINDOWS\system32\addto32.exe

O4 - HKLM\..\Run: [iefa32.exe] D:\WINDOWS\system32\iefa32.exe

O4 - HKLM\..\Run: [ieat32.exe] D:\WINDOWS\ieat32.exe

O4 - HKLM\..\Run: [atljc32.exe] D:\WINDOWS\system32\atljc32.exe

O23 - Service: Network Security Service (NSS) ( 11F#`I) - Unknown owner - D:\WINDOWS\system32\appea32.exe" /s (file missing)

Now Make sure ALL WINDOWS and BROWSERS are CLOSED and hit the Fix Checked Button!

Lcoate and Delete if found!

D:\WINDOWS\system32\qttask.exe<< File Only!

D:\WINDOWS\system32\appea32.exe<< File Only!

D:\WINDOWS\system32\atljc32.exe<< File Only!

D:\WINDOWS\system32\iefa32.exe<< File Only!

D:\WINDOWS\system32\addto32.exe<< File Only!

D:\WINDOWS\system32\crkv.exe<< File Only!

D:\WINDOWS\cnjsv.dll<< File Only!

D:\WINDOWS\msgv.exe<< File Only!

D:\WINDOWS\ieat32.exe<< File Only!

Look in Both D:\Windows and D:\Windows\System32 for all those .dat files that Panda flagged!

Delete any found!

Run CWShredder

Click "Fix ->" and click "OK" at the prompt.
CWShredder will scan and clean your system of CWS files.
Click "Next->" and then "Exit"

Run ABout Buster just as described in the link!

Please run it until you get these Results:

No ADS found on system
Attempted Clean Of Temp folder.
Pages Reset... Done!


Scan again with Ewido and Save the Report!

Restart Normal and Scan once more at Panda to see if those files have returned!

Post a fresh HijackThis log along with the reports from Ewido and Panda!

Edited by Cretemonster, 12 July 2005 - 05:01 AM.


#7 teknomaniac

teknomaniac
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:11 PM

Posted 12 July 2005 - 11:28 PM

Alright, well, Windows is installed on my D: drive. That's why it checks that drive. But even then, it says "System not NTFS." Is that OK? Here are the logs again, I got rid of a lot of DAT files!!! So far, so good. Anything else?

HiJackThis

Logfile of HijackThis v1.99.1
Scan saved at 8:56:55 PM, on 7/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
D:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
D:\Program Files\Norton AntiVirus\navapsvc.exe
D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
D:\WINDOWS\system32\wdfmgr.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\2Wire\2PortalMon.exe
D:\Program Files\a2 Trojan Remover\a2guard.exe
D:\WINDOWS\System32\alg.exe
D:\WINDOWS\system32\wuauclt.exe
D:\HijackThis\HijackThis.exe

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [2wSysTray] D:\Program Files\2Wire\2PortalMon.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] D:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [a-squared] "D:\Program Files\a2 Trojan Remover\a2guard.exe"
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab32846.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - D:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - D:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - Unknown owner - D:\WINDOWS\system32\pctspk.exe
O23 - Service: SAVScan - Symantec Corporation - D:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - D:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Ewido Report

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 3:46:18 PM, 7/12/2005
+ Report-Checksum: A72C24D7

+ Scan result:

D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133630.dll -> Spyware.Wheaterbug : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133631.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133632.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133633.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133634.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133635.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133636.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133637.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133638.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133639.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133640.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133641.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133642.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133643.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133644.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133645.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133646.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133647.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133648.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133649.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133650.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133651.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133652.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133653.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133654.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133655.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133656.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133657.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133658.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133659.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133660.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133661.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133662.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133663.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133664.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133665.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133666.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133667.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133668.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133669.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133670.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133671.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133672.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133673.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133674.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133675.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133676.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133677.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133678.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133679.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133680.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133681.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133682.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133683.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133684.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133685.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133686.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133687.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133688.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133689.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133690.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133691.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133692.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133693.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133694.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133695.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133696.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133697.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133698.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133699.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133700.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133701.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133702.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133703.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133704.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133705.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133706.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133707.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133708.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133709.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133710.dll -> Spyware.SearchPage : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133711.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133712.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133713.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133714.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133715.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133716.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133717.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133718.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133719.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133720.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133721.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133722.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133723.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133724.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133725.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133726.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133727.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133728.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133729.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133730.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133731.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133732.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133733.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133734.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133735.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133736.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133737.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133738.dll -> Spyware.SearchPage : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133739.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133740.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133741.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133742.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133743.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133744.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133745.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133746.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133747.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133748.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133749.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133750.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133751.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133752.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133753.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133754.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133755.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133756.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133757.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133758.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133759.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133760.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133761.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133762.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133763.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133764.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133765.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133766.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133767.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133768.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133769.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133770.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133771.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133772.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133773.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133774.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133775.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133776.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133777.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133778.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133779.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133780.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133781.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133782.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133783.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133784.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133785.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133786.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133787.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133788.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133789.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133790.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133791.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133792.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133793.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133794.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133795.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133796.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133797.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133798.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133799.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133800.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133801.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133802.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133803.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133804.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133805.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133806.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133807.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133808.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133809.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133810.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133811.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133812.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133813.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133814.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133815.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133816.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133817.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133818.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133819.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133820.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133821.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133822.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133823.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133824.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133825.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133826.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133827.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133828.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133829.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133830.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133831.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133832.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133833.dll -> Spyware.SearchPage : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133834.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133835.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133836.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133837.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133838.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133839.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133840.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133841.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133842.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133843.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133844.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133845.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133846.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133847.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133848.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133849.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133850.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133851.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133852.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133853.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133854.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133855.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133856.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133857.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133858.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133859.exe -> Trojan.Agent.bi : Cleaned with backup
D:\System Volume Information\_restore{3DBAD986-EE8F-425D-80AA-A89FF53DB92B}\RP708\A0133860.exe -> Trojan.Agent.bi : Cleaned with backup


::Report End

Panda Scan Report


Incident Status Location

Adware:Adware/SaveNow No disinfected Windows Registry
Adware:Adware/Antivirus-gold No disinfected D:\WINDOWS\screen.html
Adware:Adware/nCase No disinfected C:\WINDOWS\SYSTEM\ncase.dll
Adware:Adware/Specofer No disinfected C:\WINDOWS\SYSTEM\httppost.exe
Adware:Adware/Antivirus-gold No disinfected D:\WINDOWS\screen.html
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\xhpesc.log
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\iodipl.log
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\zzbmwk.dat
Adware:Adware/Startpage.VQ No disinfected D:\WINDOWS\wpdovi.dat

#8 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 13 July 2005 - 06:31 AM

The HijackThis log,looks Great! :thumbsup:

Make sure you get all the files Panda Identified!

D:\WINDOWS\screen.html

C:\WINDOWS\SYSTEM\ncase.dll

C:\WINDOWS\SYSTEM\httppost.exe

D:\WINDOWS\screen.html

D:\WINDOWS\xhpesc.log

D:\WINDOWS\iodipl.log

D:\WINDOWS\zzbmwk.dat

D:\WINDOWS\wpdovi.dat


Go ahead and Disable System Restore
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam


If you havent allready,Install Spyware Blaster for some added Browsing Security!

SpywareBlaster:
http://www.javacoolsoftware.com/spywareblaster.html
Update Immediatly!


Post back and let me know how the file deletion went and how the PC is running?

#9 teknomaniac

teknomaniac
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  

Posted 15 July 2005 - 05:39 AM

Everything's just dandy, Cretemonster. I appreciate your help. The computer is running smoothly, and everything seems to be in order. Thank you very much!! :thumbsup: :flowers:

#10 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 15 July 2005 - 06:15 AM

Not problem...Quite enjoyed your company! :thumbsup:


Go ahead and Renable System Restore and the next time you restart,the PC should automatically create a fresh Restore Point if you ever need it!


Read through the little black links in my signature and get some good heads up info for navigating the Internet!

If you need us in the future,you know where we are,fell free o come back anytime you please! :flowers:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users