Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Dire Straights


  • This topic is locked This topic is locked
36 replies to this topic

#1 John Sapp

John Sapp

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:59 PM

Posted 18 July 2005 - 12:30 AM

My parents' computer has gotten so bad that Explorer doesn't even work. If the computer is left on for a few hours, about twenty popups will be there to greet you upon return. I end suspicious processes in Task Manager every time I get on the computer, and run updated AdAware daily and SpyBot biweekly. Obviously, I need ya'll's HJT skills. Here's my log file after just now running SpyBot; ran AdAware a few hours ago. Let me know if I've done it wrong--first time using HJT.

John
Jacksonville, FL


Logfile of HijackThis v1.99.1
Scan saved at 1:21:56 AM, on 7/18/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\inet20057\services.exe
C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\Program Files\AIM95\aim.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Owner\LOCALS~1\Temp\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\nzouz.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Owner\LOCALS~1\Temp\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F3 - REG:win.ini: run=C:\WINDOWS\inet20057\services.exe
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O2 - BHO: (no name) - {6042E881-B52A-4042-A951-10B2E8C49C84} - C:\WINDOWS\System32\bcdkp.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20057\services.exe
O4 - HKLM\..\Run: [Microsoft standard protector] C:\WINDOWS\winsocks5.exe
O4 - HKLM\..\Run: [AntivirusGold] C:\Program Files\AntivirusGold\AntivirusGold.exe /h
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [intel32.exe] C:\WINDOWS\System32\intel32.exe
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\Owner\LOCALS~1\Temp\se.dll,DllInstall
O4 - HKLM\..\RunOnce: [AAW] "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1"
O4 - HKCU\..\Run: [Intel system tool] C:\WINDOWS\System32\hookdump.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20057\services.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: (no name) - {085C6F63-E383-4CE2-85B5-E413855962F7} - (no file) (HKCU)
O9 - Extra button: (no name) - {08A3638B-0FC2-4A95-8A55-877C1616D6B3} - (no file) (HKCU)
O9 - Extra button: (no name) - {0DB4AFE4-DEA2-4053-94AA-C4001CBA0BF7} - (no file) (HKCU)
O9 - Extra button: (no name) - {14E97ACC-9A34-44E6-928E-1DA267CD0098} - (no file) (HKCU)
O9 - Extra button: (no name) - {3FD54D79-8A1C-4FAB-A7FF-EFD510CBF132} - C:\WINDOWS\System32\credui511h392o.dll (file missing) (HKCU)
O9 - Extra button: (no name) - {4275DE7A-5C94-40D3-B784-E4ACDA2C48B9} - (no file) (HKCU)
O9 - Extra button: (no name) - {792BB8B7-585D-494F-BDEB-39A952A2E534} - (no file) (HKCU)
O9 - Extra button: (no name) - {7C3093A2-C87D-4A72-9330-E6A95EA59655} - (no file) (HKCU)
O9 - Extra button: (no name) - {94934126-C0E0-40EF-9B11-F2DBBDC069AD} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {9594E1A7-4CB5-4E25-A6C9-07C298E82DAC} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {9594E1A7-4CB5-4E25-A6C9-07C298E82DAC} - (no file) (HKCU)
O9 - Extra button: (no name) - {A0C2A2D4-55FF-48FA-99C8-8454A67C0751} - C:\WINDOWS\System32\wmvcore2615n.dll (file missing) (HKCU)
O9 - Extra button: (no name) - {A71A0523-0176-4A04-901C-37194042E33E} - (no file) (HKCU)
O9 - Extra button: (no name) - {A8000DE5-D0A1-4419-8090-F121914AC286} - (no file) (HKCU)
O9 - Extra button: (no name) - {AEE9531D-8DC9-40C9-8780-9744C17405AA} - (no file) (HKCU)
O9 - Extra button: (no name) - {B10F2625-3B34-4C74-81B0-77A043DE6E63} - (no file) (HKCU)
O9 - Extra button: (no name) - {BC500C7B-1917-4798-A61F-0159EA53528A} - (no file) (HKCU)
O9 - Extra button: (no name) - {C4773F67-7300-4BE6-82D5-9E3265A2C084} - (no file) (HKCU)
O9 - Extra button: (no name) - {CD434103-07FF-4DE7-8D8D-9ACA9073DE49} - (no file) (HKCU)
O9 - Extra button: (no name) - {DB5A3AFB-D300-4691-B709-AB74BEB06A43} - C:\WINDOWS\System32\ir50_qc123i420h.dll (file missing) (HKCU)
O9 - Extra button: (no name) - {DD72AD34-0937-4FE3-BB19-4B722BAE6F69} - C:\WINDOWS\System32\upnp1068r.dll (file missing) (HKCU)
O9 - Extra button: (no name) - {E08B9920-F9E4-435B-BD44-37D17E072D2C} - C:\WINDOWS\System32\INLOADER233s.dll (file missing) (HKCU)
O9 - Extra button: (no name) - {E8E17B76-F0BC-4D7F-88F1-CF7AD759C07F} - (no file) (HKCU)
O9 - Extra button: (no name) - {F14852E7-8AA1-487E-9573-AD694DBCF84A} - (no file) (HKCU)
O12 - Plugin for .ipp: C:\Program Files\Internet Explorer\Plugins\npimth32.dll
O12 - Plugin for .ipt: C:\Program Files\Internet Explorer\Plugins\npimth32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...nt/3dstock.html
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab34120.cab
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.com/down/release/PlaxoInstall.cab
O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} -
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug/tr...Transporter.cab?
O16 - DPF: {3B02AAA2-327C-40ED-A849-4BE819AE5385} (ImgSizer Control) - file://C:\Documents and Settings\Owner\Local Settings\Temp\~DlfnTmp0\imgSizer.ocx
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_EN_XP.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/297b9b1fbf63e9fdc704/...ip/RdxIE601.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanmail.net/cab8/dmcc2.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab35645.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {FB2961FD-DD24-4F8A-8A92-6F9325FF6F11} - http://www.supaseek.com/toolbar/toolbar.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (ZPA_Backgammon Object) - http://zone.msn.com/bingame/zpagames/ZPA_B...on.cab36385.cab
O18 - Filter: text/html - {E2FC26D9-3C26-451A-837D-1920547AAFC6} - C:\WINDOWS\System32\bcdkp.dll
O18 - Filter: text/plain - {E2FC26D9-3C26-451A-837D-1920547AAFC6} - C:\WINDOWS\System32\bcdkp.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: VAIO Media Music Server (Application) (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (Application) (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (Application) (VAIOMediaPlatform-PhotoServer-AppServer) - Unknown owner - C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Edited by John Sapp, 18 July 2005 - 12:39 AM.


BC AdBot (Login to Remove)

 


#2 ddeerrff

ddeerrff

    Retired


  • Malware Response Team
  • 2,723 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Upper Midwest, US
  • Local time:02:59 PM

Posted 19 July 2005 - 01:04 PM

Hello John Sapp and welcome to BleepingComputer.


Configure Windows to enable viewing of Hidden and System files.

Please download CWShredder.exe to your desktop from: http://cwshredder.net/bin/CWSInstall.exe
- Run CWShedder.exe.
- Click on Check for Update to be sure you have the most current version.
- Close CWShredder, we will use it later.

Download AboutBuster.zip to your desktop.
- Unzip the contents of AboutBuster.zip to it's own folder.
- Navigate to the AboutBuster folder and double-click on AboutBuster.exe.
- Click Update to begin the update process.
- If any updates exist please install them.
- Close AboutBuster by clicking on Exit. AboutBuster will be used later.

Download CleanUp! and install it.
- Don't run it yet.

Download SpSeHjfix112.zip and unzip it to it's own folder.
- We will use it later.


Reboot into Safe Mode.


Run AboutBuster:
- Click Start and then OK to allow AboutBuster to scan for Alternate Data Streams.
- Click Yes to allow it to shutdown explorer.exe.
- It will begin to check your computer for malicious files. If it asks if you would like to do a second pass, allow it to do so.
- When it has finished, click Save Log. Make sure you save it as I may need a copy of it later.
- Reboot your computer into safe mode again

Run AboutBuster again following the same instructions as above, this time without the restart at the end. You should still be in safe mode.

Run CWShredder and click on the Fix button.

Run SpSeHjfix and click on Start Disinfection.
- As part of the cleaning process, it will reboot your machine.
- The tool will create a log of the fix which will appear in the folder that SpSeHjfix is located in.

Start CleanUp! and click on the CleanUp! button.
- Let it run to completion. It may take a few minutes depending on the size of your hard drive so be patient.
- Exit Cleanup


Start HJT and click on the SCAN button. Put a check mark in front of the following lines if they still show:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Owner\LOCALS~1\Temp\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\nzouz.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Owner\LOCALS~1\Temp\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing

F3 - REG:win.ini: run=C:\WINDOWS\inet20057\services.exe

O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O2 - BHO: (no name) - {6042E881-B52A-4042-A951-10B2E8C49C84} - C:\WINDOWS\System32\bcdkp.dll

O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)

O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20057\services.exe
O4 - HKLM\..\Run: [Microsoft standard protector] C:\WINDOWS\winsocks5.exe
O4 - HKLM\..\Run: [AntivirusGold] C:\Program Files\AntivirusGold\AntivirusGold.exe /h
O4 - HKLM\..\Run: [intel32.exe] C:\WINDOWS\System32\intel32.exe
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\Owner\LOCALS~1\Temp\se.dll,DllInstall
O4 - HKCU\..\Run: [Intel system tool] C:\WINDOWS\System32\hookdump.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20057\services.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O9 - Extra button: (no name) - {08A3638B-0FC2-4A95-8A55-877C1616D6B3} - (no file) (HKCU)
O9 - Extra button: (no name) - {0DB4AFE4-DEA2-4053-94AA-C4001CBA0BF7} - (no file) (HKCU)
O9 - Extra button: (no name) - {14E97ACC-9A34-44E6-928E-1DA267CD0098} - (no file) (HKCU)
O9 - Extra button: (no name) - {3FD54D79-8A1C-4FAB-A7FF-EFD510CBF132} - C:\WINDOWS\System32\credui511h392o.dll (file missing) (HKCU)
O9 - Extra button: (no name) - {4275DE7A-5C94-40D3-B784-E4ACDA2C48B9} - (no file) (HKCU)
O9 - Extra button: (no name) - {792BB8B7-585D-494F-BDEB-39A952A2E534} - (no file) (HKCU)
O9 - Extra button: (no name) - {7C3093A2-C87D-4A72-9330-E6A95EA59655} - (no file) (HKCU)
O9 - Extra button: (no name) - {94934126-C0E0-40EF-9B11-F2DBBDC069AD} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {9594E1A7-4CB5-4E25-A6C9-07C298E82DAC} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {9594E1A7-4CB5-4E25-A6C9-07C298E82DAC} - (no file) (HKCU)
O9 - Extra button: (no name) - {A0C2A2D4-55FF-48FA-99C8-8454A67C0751} - C:\WINDOWS\System32\wmvcore2615n.dll (file missing) (HKCU)
O9 - Extra button: (no name) - {A71A0523-0176-4A04-901C-37194042E33E} - (no file) (HKCU)
O9 - Extra button: (no name) - {A8000DE5-D0A1-4419-8090-F121914AC286} - (no file) (HKCU)
O9 - Extra button: (no name) - {AEE9531D-8DC9-40C9-8780-9744C17405AA} - (no file) (HKCU)
O9 - Extra button: (no name) - {B10F2625-3B34-4C74-81B0-77A043DE6E63} - (no file) (HKCU)
O9 - Extra button: (no name) - {BC500C7B-1917-4798-A61F-0159EA53528A} - (no file) (HKCU)
O9 - Extra button: (no name) - {C4773F67-7300-4BE6-82D5-9E3265A2C084} - (no file) (HKCU)
O9 - Extra button: (no name) - {CD434103-07FF-4DE7-8D8D-9ACA9073DE49} - (no file) (HKCU)
O9 - Extra button: (no name) - {DB5A3AFB-D300-4691-B709-AB74BEB06A43} - C:\WINDOWS\System32\ir50_qc123i420h.dll (file missing) (HKCU)
O9 - Extra button: (no name) - {DD72AD34-0937-4FE3-BB19-4B722BAE6F69} - C:\WINDOWS\System32\upnp1068r.dll (file missing) (HKCU)
O9 - Extra button: (no name) - {E08B9920-F9E4-435B-BD44-37D17E072D2C} - C:\WINDOWS\System32\INLOADER233s.dll (file missing) (HKCU)
O9 - Extra button: (no name) - {E8E17B76-F0BC-4D7F-88F1-CF7AD759C07F} - (no file) (HKCU)
O9 - Extra button: (no name) - {F14852E7-8AA1-487E-9573-AD694DBCF84A} - (no file) (HKCU)

O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} -
O16 - DPF: {3B02AAA2-327C-40ED-A849-4BE819AE5385} (ImgSizer Control) - file://C:\Documents and Settings\Owner\Local Settings\Temp\~DlfnTmp0\imgSizer.ocx
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_EN_XP.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/297b9b1fbf63e9fdc704/...ip/RdxIE601.cab
O16 - DPF: {FB2961FD-DD24-4F8A-8A92-6F9325FF6F11} - http://www.supaseek.com/toolbar/toolbar.cab

O18 - Filter: text/html - {E2FC26D9-3C26-451A-837D-1920547AAFC6} - C:\WINDOWS\System32\bcdkp.dll
O18 - Filter: text/plain - {E2FC26D9-3C26-451A-837D-1920547AAFC6} - C:\WINDOWS\System32\bcdkp.dll

O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)

With ALL OTHER WINDOWS CLOSED, click on Fix Checked.


Open Windows Explorer (Windows key+e), navigate to and delete the following files and folders (Don't be concerned if they can not be found):

C:\winstall.exe
C:\WINDOWS\winsocks5.exe <--Files
C:\WINDOWS\System32\bcdkp.dll
C:\WINDOWS\System32\intel32.exe
C:\WINDOWS\System32\hookdump.exe

C:\WINDOWS\inet20057\ <--Folders
C:\Program Files\AntivirusGold\

If any of these resist being deleted, boot into Safe Mode and try from there.


If not already there, reboot into normal mode.

Please run an on-line virus scan at Kaspersky OnLine Scan.
If that doesn't work, you can use TrendMicro or BitDefender.
Please post the results of the scan(s) in your next reply.

After all that, please post back with how things went as well as the logs requested and a new HiJackThis log.
Derfram
~~~~~~

#3 John Sapp

John Sapp
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:59 PM

Posted 19 July 2005 - 08:48 PM

Well I accidentally missed pressing F8 for Safe Mode once, so it rebooted into Windows (dangerous mode?). Followed all other instructions exactly I think, except running the online virus scans, which I couldn't do since Internet Explorer wouldn't open at all (before it would open, but go only to a search page). Here are the AboutBuster, SpSeHjfix and new HJT logs. Thanks for your help!

John Sapp

P.S. - Nice dog.

AboutBuster 5.0 reference file 31
Scan started on [7/19/2005] at [8:28:33 PM]
------------------------------------------------
Removed Stream! C:\WINDOWS\aerls.log:anflwd
Removed Stream! C:\WINDOWS\ahdgl.log:soyyyo
Removed Stream! C:\WINDOWS\alchem.ini:zmuxxb
Removed Stream! C:\WINDOWS\avhrp.dat:lpidty
Removed Stream! C:\WINDOWS\bbydp.log:dqbjva
Removed Stream! C:\WINDOWS\Bobsaver.scr:rmmcze
Removed Stream! C:\WINDOWS\eFaxView.a22:jfudwq
Removed Stream! C:\WINDOWS\erlzh.log:cfnira
Removed Stream! C:\WINDOWS\erlzh.log:nimoac
Removed Stream! C:\WINDOWS\eygwe.dat:yjxhxx
Removed Stream! C:\WINDOWS\FaxSetup.log:uyfotk
Removed Stream! C:\WINDOWS\Gqe.html:mzqbnn
Removed Stream! C:\WINDOWS\hpfmdl_s04_main.dat:vxktru
Removed Stream! C:\WINDOWS\intuprof.ini:pjxpcx
Removed Stream! C:\WINDOWS\jatjm.dat:xvuagn
Removed Stream! C:\WINDOWS\KB810243.log:hjpvwh
Removed Stream! C:\WINDOWS\KB810243.log:pwmgix
Removed Stream! C:\WINDOWS\KB823559.log:iwftca
Removed Stream! C:\WINDOWS\KB823559.log:zkiayj
Removed Stream! C:\WINDOWS\KB823980.log:nyvwnw
Removed Stream! C:\WINDOWS\KB824141.log:axpyek
Removed Stream! C:\WINDOWS\KB824141.log:klsfsu
Removed Stream! C:\WINDOWS\KB824141.log:vlugai
Removed Stream! C:\WINDOWS\KB824146.log:fznbhg
Removed Stream! C:\WINDOWS\KB826939.log:nlntct
Removed Stream! C:\WINDOWS\KB828028.log:jfktkv
Removed Stream! C:\WINDOWS\KB828028.log:jicgcz
Removed Stream! C:\WINDOWS\KB828035.log:yaypjr
Removed Stream! C:\WINDOWS\KB828741.log:gmfywv
Removed Stream! C:\WINDOWS\KB833987.log:bjvmeb
Removed Stream! C:\WINDOWS\KB833987.log:cgdzmy
Removed Stream! C:\WINDOWS\KB835732.log:qbqudt
Removed Stream! C:\WINDOWS\KB839643.log:ugvehi
Removed Stream! C:\WINDOWS\KB839643.log:ynqeyf
Removed Stream! C:\WINDOWS\KB839645.log:ujnzyl
Removed Stream! C:\WINDOWS\KB840987.log:ekyeaw
Removed Stream! C:\WINDOWS\KB840987.log:nhgrbt
Removed Stream! C:\WINDOWS\KB841533.log:tezknh
Removed Stream! C:\WINDOWS\KB873333.log:lxsppj
Removed Stream! C:\WINDOWS\KB885835.log:wycvjt
Removed Stream! C:\WINDOWS\KB888302.log:oyvime
Removed Stream! C:\WINDOWS\ModemLog_Lucent Technologies Soft Modem AMR.txt:srybpr
Removed Stream! C:\WINDOWS\netscape.ico:ctclde
Removed Stream! C:\WINDOWS\notepad.exe.bak:ecwbso
Removed Stream! C:\WINDOWS\nsreg.dat:grumwc
Removed Stream! C:\WINDOWS\ntdtcsetup.log:vtuzfo
Removed Stream! C:\WINDOWS\nuxoq.dat:zkmrqm
Removed Stream! C:\WINDOWS\n_aktbip.log:rlfxsx
Removed Stream! C:\WINDOWS\n_ccmvzm.dat:emmfjy
Removed Stream! C:\WINDOWS\n_ccmvzm.dat:iazbkq
Removed Stream! C:\WINDOWS\n_dojlcd.dat:xnfklb
Removed Stream! C:\WINDOWS\n_dtjsfz.log:basgea
Removed Stream! C:\WINDOWS\n_dtjsfz.log:rzdece
Removed Stream! C:\WINDOWS\n_echqan.txt:pgxxfl
Removed Stream! C:\WINDOWS\n_ecrzou.dat:janrep
Removed Stream! C:\WINDOWS\n_ecrzou.dat:tbkmgk
Removed Stream! C:\WINDOWS\n_fqolnu.log:cbgwyr
Removed Stream! C:\WINDOWS\n_fqolnu.log:igidiv
Removed Stream! C:\WINDOWS\n_fqolnu.log:mcvzan
Removed Stream! C:\WINDOWS\n_hezdoy.dat:ubycac
Removed Stream! C:\WINDOWS\ocgen.log:xdhomy
Removed Stream! C:\WINDOWS\ODBC.INI:nuneay
Removed Stream! C:\WINDOWS\ODBCINST.INI:nexvbf
Removed Stream! C:\WINDOWS\ODBCINST.INI:peztoj
Removed Stream! C:\WINDOWS\orun32.isu:ieszil
Removed Stream! C:\WINDOWS\orun32.isu:rejyew
Removed Stream! C:\WINDOWS\piouq.log:htesfm
Removed Stream! C:\WINDOWS\Progs_.ini:fnupnk
Removed Stream! C:\WINDOWS\ptegt.dat:zuxxhw
Removed Stream! C:\WINDOWS\pzjei.dat:suicch
Removed Stream! C:\WINDOWS\pzjei.dat:xomuiu
Removed Stream! C:\WINDOWS\Q306583.log:kvaiej
Removed Stream! C:\WINDOWS\Q307271.log:phxzke
Removed Stream! C:\WINDOWS\Q307274.log:whjbsi
Removed Stream! C:\WINDOWS\Q308402.log:ihpfeh
Removed Stream! C:\WINDOWS\Q308677.log:vgfvut
Removed Stream! C:\WINDOWS\Q310601.log:nzybxd
Removed Stream! C:\WINDOWS\Q310601.log:poqyqx
Removed Stream! C:\WINDOWS\Q311785.log:hrgdrg
Removed Stream! C:\WINDOWS\Q312131.log:hoidki
Removed Stream! C:\WINDOWS\Q312131.log:zsyrmr
Removed Stream! C:\WINDOWS\Q313450.log:apbqms
Removed Stream! C:\WINDOWS\Q313450.log:kdvwkc
Removed Stream! C:\WINDOWS\Q313450.log:stjwob
Removed Stream! C:\WINDOWS\Q315000.log:dwfken
Removed Stream! C:\WINDOWS\Q315000.log:kubbie
Removed Stream! C:\WINDOWS\Q315000.log:sqlwgv
Removed Stream! C:\WINDOWS\Q317277.log:vxypgx
Removed Stream! C:\WINDOWS\Q318623.log:stagio
Removed Stream! C:\WINDOWS\Q319580.log:oxruba
Removed Stream! C:\WINDOWS\Q323172.log:kutlcr
Removed Stream! C:\WINDOWS\Q324380.log:dumrwb
Removed Stream! C:\WINDOWS\Q329048.log:vvwwyl
Removed Stream! C:\WINDOWS\rcywq.log:ghjpwe
Removed Stream! C:\WINDOWS\rcywq.log:ktccdm
Removed Stream! C:\WINDOWS\regopt.log:arhqqz
Removed Stream! C:\WINDOWS\rrowh.log:ctvpfx
Removed Stream! C:\WINDOWS\rvkew.txt:jjvitr
Removed Stream! C:\WINDOWS\sbkep.log:vunvzh
Removed Stream! C:\WINDOWS\SchedLgU.Txt:cykmdf
Removed Stream! C:\WINDOWS\scvmy.dat:bjfnnb
Removed Stream! C:\WINDOWS\sndhv71.src:ckeqve
Removed Stream! C:\WINDOWS\sndhv71.src:ggtqfm
Removed Stream! C:\WINDOWS\svcpack.log:qgdehx
Removed Stream! C:\WINDOWS\Thumbs.db:encryptable
Removed Stream! C:\WINDOWS\tjncq.txt:ghjqfd
Removed Stream! C:\WINDOWS\TLCAPPS.INI:jhwjbh
Removed Stream! C:\WINDOWS\TMFilter.log:galbef
Removed Stream! C:\WINDOWS\tsxkd.txt:rimbtp
Removed Stream! C:\WINDOWS\udhnt.dat:jjfova
Removed Stream! C:\WINDOWS\ugrtq.txt:bipodk
Removed Stream! C:\WINDOWS\ugrtq.txt:zbepzh
Removed Stream! C:\WINDOWS\vbaddin.ini:rcwubs
Removed Stream! C:\WINDOWS\vminst.log:vtagvt
Removed Stream! C:\WINDOWS\wallpaper.bmp:ihzguz
Removed Stream! C:\WINDOWS\wallpaper.bmp:kdhzvc
Removed Stream! C:\WINDOWS\wallpaper.bmp:nttlpe
Removed Stream! C:\WINDOWS\wiaservc.log:szslok
Removed Stream! C:\WINDOWS\Windows Update.log:lljldv
Removed Stream! C:\WINDOWS\WININIT.INI:eeuqyx
Removed Stream! C:\WINDOWS\winnt.bmp:dbvekw
Removed Stream! C:\WINDOWS\wmsetup.log:wfmvai
Removed Stream! C:\WINDOWS\WMSysPrx.prx:pzxpcc
Removed Stream! C:\WINDOWS\wqdya.log:haiuee
Removed Stream! C:\WINDOWS\xpsp1hfm.log:ogfbus
Removed Stream! C:\WINDOWS\xsveb.log:sttnaz
Removed Stream! C:\WINDOWS\_delis32.ini:abprvk
Removed Stream! C:\WINDOWS\_delis32.ini:ahiqqv
Removed Stream! C:\WINDOWS\_delis32.ini:ahkxzh
Removed Stream! C:\WINDOWS\_delis32.ini:auixlw
Removed Stream! C:\WINDOWS\_delis32.ini:avblea
Removed Stream! C:\WINDOWS\_delis32.ini:avcwig
------------------------------------------------
Removed File! : C:\Windows\afkos.dat
Removed File! : C:\Windows\aljuq.dll
Removed File! : C:\Windows\antim.dll
Removed File! : C:\Windows\atscn.dll
Removed File! : C:\Windows\bhrxr.dll
Removed File! : C:\Windows\bkrht.dat
Removed File! : C:\Windows\bygqx.dll
Removed File! : C:\Windows\ccjma.dat
Removed File! : C:\Windows\clrbz.dat
Removed File! : C:\Windows\cocnc.dat
Removed File! : C:\Windows\crngt.dat
Removed File! : C:\Windows\cwvxs.dat
Removed File! : C:\Windows\dbnfj.dll
Removed File! : C:\Windows\dfrsj.dll
Removed File! : C:\Windows\dgcow.dll
Removed File! : C:\Windows\dnbsw.dll
Removed File! : C:\Windows\dppob.dat
Removed File! : C:\Windows\dqkku.dll
Removed File! : C:\Windows\dqpmr.dat
Removed File! : C:\Windows\dtzef.dll
Removed File! : C:\Windows\dunou.dat
Removed File! : C:\Windows\eawfc.dat
Removed File! : C:\Windows\eftyc.dat
Removed File! : C:\Windows\eglyn.dat
Removed File! : C:\Windows\eichv.dll
Removed File! : C:\Windows\eishc.dll
Removed File! : C:\Windows\ekdnx.dat
Removed File! : C:\Windows\euonm.dll
Removed File! : C:\Windows\eygwe.dat
Removed File! : C:\Windows\fbran.dll
Removed File! : C:\Windows\ffcwa.dll
Removed File! : C:\Windows\fktkv.dll
Removed File! : C:\Windows\frqpg.dll
Removed File! : C:\Windows\fxpey.dll
Removed File! : C:\Windows\gbpfi.dat
Removed File! : C:\Windows\gvgag.dat
Removed File! : C:\Windows\gzfrg.dat
Removed File! : C:\Windows\gzpgn.dat
Removed File! : C:\Windows\hdjqo.dll
Removed File! : C:\Windows\hdyfy.dll
Removed File! : C:\Windows\helhb.dll
Removed File! : C:\Windows\hhxjv.dat
Removed File! : C:\Windows\hlytd.dll
Removed File! : C:\Windows\hmetz.dat
Removed File! : C:\Windows\hodyn.dll
Removed File! : C:\Windows\hqgfv.dat
Removed File! : C:\Windows\hrstb.dat
Removed File! : C:\Windows\hteey.dll
Removed File! : C:\Windows\htiet.dll
Removed File! : C:\Windows\icoyj.dat
Removed File! : C:\Windows\idhcl.dll
Removed File! : C:\Windows\izqzo.dll
Removed File! : C:\Windows\jatjm.dat
Removed File! : C:\Windows\jaxni.dll
Removed File! : C:\Windows\jdirs.dat
Removed File! : C:\Windows\jnlve.dat
Removed File! : C:\Windows\jnziu.dat
Removed File! : C:\Windows\jrwat.dll
Removed File! : C:\Windows\jtzxu.dll
Removed File! : C:\Windows\jxpcx.dll
Removed File! : C:\Windows\kgpqw.dll
Removed File! : C:\Windows\kwffk.dat
Removed File! : C:\Windows\kwgxd.dat
Removed File! : C:\Windows\lbcks.dat
Removed File! : C:\Windows\lfgmg.dat
Removed File! : C:\Windows\lfzgo.dat
Removed File! : C:\Windows\lgogp.dat
Removed File! : C:\Windows\lgzta.dll
Removed File! : C:\Windows\ljhot.dat
Removed File! : C:\Windows\lkhbt.dat
Removed File! : C:\Windows\lvjqk.dll
Removed File! : C:\Windows\lwsrl.dll
Removed File! : C:\Windows\mdhkw.dat
Removed File! : C:\Windows\miecz.dll
Removed File! : C:\Windows\mvaei.dat
Removed File! : C:\Windows\mxlfz.dat
Removed File! : C:\Windows\mynrc.dat
Removed File! : C:\Windows\nawbg.dll
Removed File! : C:\Windows\nblro.dat
Removed File! : C:\Windows\ngpuu.dll
Removed File! : C:\Windows\nuxoq.dat
Removed File! : C:\Windows\nyeso.dat
Removed File! : C:\Windows\oqlnt.dll
Removed File! : C:\Windows\pmclu.dat
Removed File! : C:\Windows\pwjix.dll
Removed File! : C:\Windows\pyjqi.dll
Removed File! : C:\Windows\pzjei.dat
Removed File! : C:\Windows\qdktf.dll
Removed File! : C:\Windows\qlvik.dat
Removed File! : C:\Windows\qsman.dat
Removed File! : C:\Windows\qtgqj.dat
Removed File! : C:\Windows\qvqrz.dat
Removed File! : C:\Windows\rcovs.dll
Removed File! : C:\Windows\rgzfi.dll
Removed File! : C:\Windows\rjeqn.dll
Removed File! : C:\Windows\rlflf.dat
Removed File! : C:\Windows\rnbro.dll
Removed File! : C:\Windows\rugij.dll
Removed File! : C:\Windows\rwecu.dll
Removed File! : C:\Windows\scvmy.dat
Removed File! : C:\Windows\sezpo.dat
Removed File! : C:\Windows\sjitj.dll
Removed File! : C:\Windows\sszxr.dat
Removed File! : C:\Windows\swqwa.dll
Removed File! : C:\Windows\syaum.dll
Removed File! : C:\Windows\sysea.exe
Removed File! : C:\Windows\tadal.dll
Removed File! : C:\Windows\tliiq.dll
Removed File! : C:\Windows\torau.dll
Removed File! : C:\Windows\twale.dat
Removed File! : C:\Windows\udhnt.dat
Removed File! : C:\Windows\uiyex.dll
Removed File! : C:\Windows\uodvj.dat
Removed File! : C:\Windows\uokbq.dat
Removed File! : C:\Windows\uotoa.dll
Removed File! : C:\Windows\uzotw.dll
Removed File! : C:\Windows\vfzxf.dat
Removed File! : C:\Windows\vioew.dat
Removed File! : C:\Windows\vjypg.dll
Removed File! : C:\Windows\vkcop.dat
Removed File! : C:\Windows\vrbfx.dll
Removed File! : C:\Windows\wemtp.dll
Removed File! : C:\Windows\wieza.dll
Removed File! : C:\Windows\wihmg.dll
Removed File! : C:\Windows\xczkc.dll
Removed File! : C:\Windows\xdljy.dll
Removed File! : C:\Windows\xqglh.dll
Removed File! : C:\Windows\xypsz.dll
Removed File! : C:\Windows\yczvm.dll
Removed File! : C:\Windows\yxfel.dll
Removed File! : C:\Windows\zbdix.dll
Removed File! : C:\Windows\zdwsy.dat
Removed File! : C:\Windows\zgvhh.dat
Removed File! : C:\Windows\zlobz.dll
Removed File! : C:\Windows\zpdgj.dat
Removed File! : C:\Windows\zxwdf.dat
Removed File! : C:\Windows\System32\aefea.dll
Removed File! : C:\Windows\System32\anktl.dll
Removed File! : C:\Windows\System32\argsx.dat
Removed File! : C:\Windows\System32\arnup.dat
Removed File! : C:\Windows\System32\awqfk.dat
Removed File! : C:\Windows\System32\betik.dll
Removed File! : C:\Windows\System32\bheza.dat
Removed File! : C:\Windows\System32\bhtuj.dll
Removed File! : C:\Windows\System32\bjccr.dll
Removed File! : C:\Windows\System32\bpjel.dat
Removed File! : C:\Windows\System32\bpluf.dll
Removed File! : C:\Windows\System32\bqsvi.dll
Removed File! : C:\Windows\System32\brvxw.dat
Removed File! : C:\Windows\System32\btosh.dat
Removed File! : C:\Windows\System32\ccydj.dat
Removed File! : C:\Windows\System32\ckxkl.dat
Removed File! : C:\Windows\System32\cmcdg.dat
Removed File! : C:\Windows\System32\cmrjl.dat
Removed File! : C:\Windows\System32\cmsmo.dll
Removed File! : C:\Windows\System32\cqtrg.dll
Removed File! : C:\Windows\System32\csyez.dll
Removed File! : C:\Windows\System32\czbci.dll
Removed File! : C:\Windows\System32\dfret.dll
Removed File! : C:\Windows\System32\dgysa.dat
Removed File! : C:\Windows\System32\djffw.dll
Removed File! : C:\Windows\System32\dohjl.dat
Removed File! : C:\Windows\System32\egyfz.dat
Removed File! : C:\Windows\System32\eilrz.dll
Removed File! : C:\Windows\System32\epklg.dat
Removed File! : C:\Windows\System32\erbiv.dll
Removed File! : C:\Windows\System32\ermtz.dat
Removed File! : C:\Windows\System32\etwml.dll
Removed File! : C:\Windows\System32\ewlzi.dll
Removed File! : C:\Windows\System32\fzoyi.dat
Removed File! : C:\Windows\System32\gdjuk.dat
Removed File! : C:\Windows\System32\gfccn.dat
Removed File! : C:\Windows\System32\gfuxd.dll
Removed File! : C:\Windows\System32\gnhck.dll
Removed File! : C:\Windows\System32\hcruz.dll
Removed File! : C:\Windows\System32\hdoxr.dat
Removed File! : C:\Windows\System32\hegfq.dll
Removed File! : C:\Windows\System32\hgmjt.dll
Removed File! : C:\Windows\System32\houwy.dll
Removed File! : C:\Windows\System32\htofw.dll
Removed File! : C:\Windows\System32\imbqf.dat
Removed File! : C:\Windows\System32\imovm.dat
Removed File! : C:\Windows\System32\iwlnz.dll
Removed File! : C:\Windows\System32\jczyx.dll
Removed File! : C:\Windows\System32\jggri.dll
Removed File! : C:\Windows\System32\jldqw.dll
Removed File! : C:\Windows\System32\jlpnn.dat
Removed File! : C:\Windows\System32\jmjpd.dat
Removed File! : C:\Windows\System32\jmqrh.dat
Removed File! : C:\Windows\System32\jzkqc.dll
Removed File! : C:\Windows\System32\kbzhy.dat
Removed File! : C:\Windows\System32\kfpgu.dat
Removed File! : C:\Windows\System32\kjyfx.dat
Removed File! : C:\Windows\System32\lfbts.dat
Removed File! : C:\Windows\System32\ljqtu.dll
Removed File! : C:\Windows\System32\ljtzv.dat
Removed File! : C:\Windows\System32\lrvmr.dll
Removed File! : C:\Windows\System32\ltppx.dat
Removed File! : C:\Windows\System32\lzhok.dll
Removed File! : C:\Windows\System32\mxfub.dll
Removed File! : C:\Windows\System32\nkutj.dat
Removed File! : C:\Windows\System32\nnrxt.dll
Removed File! : C:\Windows\System32\noqhq.dat
Removed File! : C:\Windows\System32\nuehz.dll
Removed File! : C:\Windows\System32\nxvzo.dat
Removed File! : C:\Windows\System32\nyagq.dll
Removed File! : C:\Windows\System32\nypzj.dll
Removed File! : C:\Windows\System32\ofncj.dll
Removed File! : C:\Windows\System32\ojddc.dll
Removed File! : C:\Windows\System32\oquae.dll
Removed File! : C:\Windows\System32\pdasr.dat
Removed File! : C:\Windows\System32\pgoyc.dat
Removed File! : C:\Windows\System32\pnsep.dll
Removed File! : C:\Windows\System32\pucwb.dll
Removed File! : C:\Windows\System32\pvglj.dll
Removed File! : C:\Windows\System32\pwlki.dat
Removed File! : C:\Windows\System32\pybii.dll
Removed File! : C:\Windows\System32\qcqer.dat
Removed File! : C:\Windows\System32\qjirq.dll
Removed File! : C:\Windows\System32\qmpha.dll
Removed File! : C:\Windows\System32\qztii.dll
Removed File! : C:\Windows\System32\rgzje.dll
Removed File! : C:\Windows\System32\rirmc.dll
Removed File! : C:\Windows\System32\rtvly.dat
Removed File! : C:\Windows\System32\saabr.dat
Removed File! : C:\Windows\System32\sdkzx.exe
Removed File! : C:\Windows\System32\sgcwh.dat
Removed File! : C:\Windows\System32\sgtnl.dll
Removed File! : C:\Windows\System32\shdkg.dll
Removed File! : C:\Windows\System32\sjmjh.dat
Removed File! : C:\Windows\System32\sykqk.dll
Removed File! : C:\Windows\System32\szbjj.dll
Removed File! : C:\Windows\System32\tfajq.dll
Removed File! : C:\Windows\System32\tghde.dat
Removed File! : C:\Windows\System32\tklgy.dll
Removed File! : C:\Windows\System32\ttbea.dll
Removed File! : C:\Windows\System32\tuczu.dll
Removed File! : C:\Windows\System32\uaibs.dat
Removed File! : C:\Windows\System32\udjid.dat
Removed File! : C:\Windows\System32\ulppf.dat
Removed File! : C:\Windows\System32\uvfbw.dll
Removed File! : C:\Windows\System32\vkqpe.dat
Removed File! : C:\Windows\System32\vnexp.dll
Removed File! : C:\Windows\System32\vtrkv.dll
Removed File! : C:\Windows\System32\vuagn.dll
Removed File! : C:\Windows\System32\wbqam.dll
Removed File! : C:\Windows\System32\wchmx.dat
Removed File! : C:\Windows\System32\wdatw.dll
Removed File! : C:\Windows\System32\wdcnq.dll
Removed File! : C:\Windows\System32\wltqs.dll
Removed File! : C:\Windows\System32\wryme.dll
Removed File! : C:\Windows\System32\wsokw.dat
Removed File! : C:\Windows\System32\xbvdo.dat
Removed File! : C:\Windows\System32\xgcmq.dll
Removed File! : C:\Windows\System32\xkkek.dll
Removed File! : C:\Windows\System32\xtygc.dll
Removed File! : C:\Windows\System32\xvpus.dat
Removed File! : C:\Windows\System32\xzsvs.dat
Removed File! : C:\Windows\System32\ydhbo.dat
Removed File! : C:\Windows\System32\ygizl.dll
Removed File! : C:\Windows\System32\ygjbl.dat
Removed File! : C:\Windows\System32\ygjyc.dll
Removed File! : C:\Windows\System32\ygvpe.dat
Removed File! : C:\Windows\System32\ysztp.dat
Removed File! : C:\Windows\System32\yuyex.dat
Removed File! : C:\Windows\System32\yvgdb.dll
Removed File! : C:\Windows\System32\zaqxa.dat
Removed File! : C:\Windows\System32\zdvwv.dat
Removed File! : C:\Windows\System32\zkqli.dll
Removed File! : C:\Windows\System32\zmkrf.dll
Removed File! : C:\Windows\System32\zsnqz.dll
Removed File! : C:\Windows\System32\zyrku.dll
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 8:34:32 PM


AboutBuster 5.0 reference file 31
Scan started on [7/19/2005] at [8:42:59 PM]
------------------------------------------------
Removed Stream! C:\WINDOWS\netscape.ico:oqjzcz
Removed Stream! C:\WINDOWS\_delis32.ini:awmztq
Removed Stream! C:\WINDOWS\_delis32.ini:ayjoup
Removed Stream! C:\WINDOWS\_delis32.ini:berqmq
Removed Stream! C:\WINDOWS\_delis32.ini:bhjebn
Removed Stream! C:\WINDOWS\_delis32.ini:bittwa
Removed Stream! C:\WINDOWS\_delis32.ini:bkcnjq
Removed Stream! C:\WINDOWS\_delis32.ini:bpojqb
Removed Stream! C:\WINDOWS\_delis32.ini:bsnmkp
Removed Stream! C:\WINDOWS\_delis32.ini:bywdvn
Removed Stream! C:\WINDOWS\_delis32.ini:ccftdb
Removed Stream! C:\WINDOWS\_delis32.ini:cehzvq
Removed Stream! C:\WINDOWS\_delis32.ini:cmldyj
Removed Stream! C:\WINDOWS\_delis32.ini:crqfou
Removed Stream! C:\WINDOWS\_delis32.ini:daukno
Removed Stream! C:\WINDOWS\_delis32.ini:dofhwt
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 8:45:37 PM

**************************************************************



(7/19/05 9:00:02 PM) SPSeHjFix started v1.1.2
(7/19/05 9:00:02 PM) OS: WinXP Service Pack 1 (5.1.2600)
(7/19/05 9:00:02 PM) Language: english
(7/19/05 9:00:02 PM) Win-Path: C:\WINDOWS
(7/19/05 9:00:02 PM) System-Path: C:\WINDOWS\System32
(7/19/05 9:00:02 PM) Temp-Path: C:\DOCUME~1\Owner\LOCALS~1\Temp\
(7/19/05 9:00:33 PM) Disinfection started
(7/19/05 9:00:33 PM) Bad-Dll(IEP): (not found)
(7/19/05 9:00:33 PM) Bad-Dll(IEP) in BHO: (not found)
(7/19/05 9:00:33 PM) Searchassistant Uninstaller found: regsvr32 /s /u C:\WINDOWS\System32\ndg.dll
(7/19/05 9:00:33 PM) Searchassistant Uninstaller - Keys Deleted
(7/19/05 9:00:33 PM) UBF: 4 - UBB: 1 - UBR: 15
(7/19/05 9:00:33 PM) UBF: 4 - UBB: 1 - UBR: 15
(7/19/05 9:00:33 PM) Run-Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\sp=rundll32 C:\DOCUME~1\Owner\LOCALS~1\Temp\se.dll,DllInstall (deleted)
(7/19/05 9:00:33 PM) Bad IE-pages:
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Bar:
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Default_Page_URL:
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, HomeOldSP: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Bar:
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, SearchAssistant:
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Default_Page_URL: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Default_Search_URL:
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, HomeOldSP: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
(7/19/05 9:00:34 PM) Stealth-String not found
(7/19/05 9:00:34 PM) File added to delete: c:\windows\system32\ndg.dll
(7/19/05 9:00:34 PM) File added to delete: c:\docume~1\owner\locals~1\temp\se.dll
(7/19/05 9:00:34 PM) Reboot


(7/19/05 9:01:55 PM) SPSeHjFix started v1.1.2
(7/19/05 9:01:55 PM) OS: WinXP Service Pack 1 (5.1.2600)
(7/19/05 9:01:55 PM) Language: english
(7/19/05 9:01:55 PM) Win-Path: C:\WINDOWS
(7/19/05 9:01:55 PM) System-Path: C:\WINDOWS\System32
(7/19/05 9:01:55 PM) Temp-Path: C:\DOCUME~1\Owner\LOCALS~1\Temp\
(7/19/05 9:02:29 PM) Disinfection started
(7/19/05 9:02:29 PM) Bad-Dll(IEP): (not found)
(7/19/05 9:02:29 PM) Bad-Dll(IEP) in BHO: (not found)
(7/19/05 9:02:29 PM) UBF: 4 - UBB: 1 - UBR: 14
(7/19/05 9:02:29 PM) UBF: 4 - UBB: 1 - UBR: 14
(7/19/05 9:02:29 PM) Bad IE-pages: (none)
(7/19/05 9:02:29 PM) Stealth-String not found
(7/19/05 9:02:29 PM) Not infected->END

*****************************************************************

ogfile of HijackThis v1.99.1
Scan saved at 9:47:07 PM, on 7/19/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\msole32.exe
C:\WINDOWS\popuper.exe
c:\windows\system32\vhmvae.exe
C:\WINDOWS\System32\intmonp.exe
C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\Program Files\WebSiteViewer\127716.dlr
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\4.tmp\thnall1a.exe
C:\WINDOWS\svcproc.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [RegSvr32] C:\WINDOWS\System32\msmsgs.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [WinFixer 2005] C:\Program Files\WinFixer 2005\wfx5.exe
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [rkgzzn] c:\windows\system32\vhmvae.exe r
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20057\services.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .ipp: C:\Program Files\Internet Explorer\Plugins\npimth32.dll
O12 - Plugin for .ipt: C:\Program Files\Internet Explorer\Plugins\npimth32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...nt/3dstock.html
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab34120.cab
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.com/down/release/PlaxoInstall.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug/tr...Transporter.cab?
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanmail.net/cab8/dmcc2.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab35645.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (ZPA_Backgammon Object) - http://zone.msn.com/bingame/zpagames/ZPA_B...on.cab36385.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: VAIO Media Music Server (Application) (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (Application) (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (Application) (VAIOMediaPlatform-PhotoServer-AppServer) - Unknown owner - C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

#4 John Sapp

John Sapp
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:59 PM

Posted 19 July 2005 - 08:50 PM

Oops--to clarify, when I missed Safe Mode and it booted up Windows, I rebooted in Safe Mode before continuing the instructions. Also, I was using Mozilla instead of IExplorer, if that's important.

#5 ddeerrff

ddeerrff

    Retired


  • Malware Response Team
  • 2,723 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Upper Midwest, US
  • Local time:02:59 PM

Posted 19 July 2005 - 09:46 PM

Run the online virus scan at http://uk.trendmicro-europe.com/consumer/h...call_launch.php. That one will run under Mozilla. Please post any log that it creates. Does Internet Explorer not open or does it just not load any pages?


Click on Start, Run, type in services.msc and click the Ok button.
- Locate the "Power Manager" service and double click on it.
- Click the Stop button.
- In the Startup type dropdown select Disabled.
- Click the Apply button and then the Ok button.
- Repeat for the following services:"System Startup Service"

Close the Services window

Click Start, Run, type in cmd and click the Ok button. A command window will open.
- Copy/paste the line below into the Command Prompt window and press the Enter key:sc delete PowerManager
- Copy/paste the line below into the Command Prompt window and press the Enter key:sc delete SvcProc
Close the Command Prompt window


We will be working on the following line:

O4 - HKLM\..\Run: [rkgzzn] c:\windows\system32\vhmvae.exe r

If you have rebooted since the last HJT scan the name and filename on this line may have changed. Please rescan with HJT and note the current incarnation of this line. It will be the last 'O4 - HKLM' line and you can recognize it by the random filename and the 'r' at the end. Leave HJT open as we will use it shortly. If the line has changed, please substitute the current values for this line in the fix to follow. Do not reboot until requested to.

Download Process Explorer from http://www.sysinternals.com/Utilities/ProcessExplorer.html
- Unzip ProcessExplorer into it's own folder.
- Open the folder and run Procexp.exe.

In the list of processes, find vhmvae.exe (substitute the current O4 line random filename from the just completed HJT scan).
- Right click on the process and select "Suspend".
- Leave ProcessExplorer running

Back in HJT, in the lower right click on "Config..."
- Under the "Misc Tools" tab, open "Delete a file on Reboot".
- In the 'File Name' box, enter c:\windows\system32\vhmvae.exe (substitute the current O4 line path and filename)
- Click OK and allow the system to reboot.


Start HJT and click on the SCAN button. Put a check mark in front of the following lines if they still show:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll (file missing)

O4 - HKLM\..\Run: [RegSvr32] C:\WINDOWS\System32\msmsgs.exe
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [rkgzzn] c:\windows\system32\vhmvae.exe r
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20057\services.exe

O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe

With ALL OTHER WINDOWS CLOSED, click on Fix Checked.


Open Windows Explorer (Windows key+e), navigate to and delete the following files and folders (Let me know of any difficulties):

C:\WINDOWS\svchost.exe <--Files
C:\WINDOWS\svcproc.exe
C:\WINDOWS\wupdt.exe
C:\WINDOWS\System32\msmsgs.exe

C:\WINDOWS\inet20057\ <--Folder

If any of these resist being deleted, boot into Safe Mode and try from there.


Reboot and post a fresh HJT log along with any log produced by TrendMicro Housecall.
Derfram
~~~~~~

#6 John Sapp

John Sapp
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:59 PM

Posted 19 July 2005 - 09:54 PM

IExplorer doesn't open at all--as in, the hour glass cursor appears for a second, then goes back to a regular cursor and no program opens. Now following other instructions... Thanks!

#7 John Sapp

John Sapp
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:59 PM

Posted 19 July 2005 - 10:40 PM

Unable to run Housecall scan. My browser met the requirements, but when I proceeded to the next step, the small rectangle just showed the Java loading animation for about 5 minutes. Maybe I didn't wait long enough?

All other instructions completed without difficulty. See HJT log below (hey, this is kinda fun...like a spy movie or something).

Logfile of HijackThis v1.99.1
Scan saved at 11:38:49 PM, on 7/19/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\Program Files\WebSiteViewer\127716.dlr
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [WinFixer 2005] C:\Program Files\WinFixer 2005\wfx5.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .ipp: C:\Program Files\Internet Explorer\Plugins\npimth32.dll
O12 - Plugin for .ipt: C:\Program Files\Internet Explorer\Plugins\npimth32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...nt/3dstock.html
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab34120.cab
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.com/down/release/PlaxoInstall.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug/tr...Transporter.cab?
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanmail.net/cab8/dmcc2.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab35645.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (ZPA_Backgammon Object) - http://zone.msn.com/bingame/zpagames/ZPA_B...on.cab36385.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (Application) (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (Application) (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (Application) (VAIOMediaPlatform-PhotoServer-AppServer) - Unknown owner - C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

#8 John Sapp

John Sapp
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:59 PM

Posted 19 July 2005 - 10:42 PM

Thanks so much for your help; It's about time for me to hit the hay for tonight...gotta be up at 6. Looking forward to your reply later.

#9 John Sapp

John Sapp
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:59 PM

Posted 19 July 2005 - 11:32 PM

UPDATE: IExplorer is now working, and with no hijacks or redirects! I am so happy. It has been like a year since I could do all those things that Firefox just can't--like play MSN Backgammon. I am currently running Kaspersky virus scan, but it's taking forever, so I'll try to post the result when I wake up in the morning. So far, there are 37 viruses found, and 903 infected objects; that's at 39% completion. I scaned "My Computer" which is all drives. Should I choosen the "Critical Areas" option to make it faster?

P.S. - I love you!

#10 ddeerrff

ddeerrff

    Retired


  • Malware Response Team
  • 2,723 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Upper Midwest, US
  • Local time:02:59 PM

Posted 20 July 2005 - 12:18 AM

Looking pretty good. I still see the WebsiteViewer Virus (Symantec "Dialer.WSV") - hopefully Kaspersky will kill that.

There doesn't appear to be any Antivirus program running on that machine. Grisoft's AVG7 is a highly respected AV program and is free for personal use. I'd recommend you download and install AVG7 from here.

Then let's see another HJT log and see if we are all clear.
Derfram
~~~~~~

#11 John Sapp

John Sapp
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:59 PM

Posted 20 July 2005 - 06:10 AM

Hmm... the scan finished, but I didn't notice if there was a fix button, so I just saved the log and exited. I hope it automatically fixed what it found. Here is the log. I am instaling AVG and then going to work... won't be back until late tonight. Thanks for all the help.

-------------------------------------------------------------------------------
KASPERSKY ANTI-VIRUS WEB SCANNER REPORT
Wednesday, July 20, 2005 06:55:25
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky Anti-Virus Web Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 20/07/2005
Kaspersky Anti-Virus database records: 131178
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 60476
Number of viruses found: 53
Number of infected objects: 1813
Number of suspicious objects: 0
Duration of the scan process: 3379 sec

Infected Object Name - Virus Name
C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe/data0005 Infected: Trojan-Downloader.Win32.Agent.ec
C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe/data0008 Infected: Trojan-Downloader.Win32.Apropo.v
C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe Infected: Trojan-Downloader.Win32.Apropo.v
C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe/data0005 Infected: Trojan-Downloader.Win32.Agent.ec
C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe/data0008 Infected: Trojan-Downloader.Win32.Apropo.v
C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe Infected: Trojan-Downloader.Win32.Apropo.v
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\SecurityClassLoader.class-42aa640a-1d4daf99.class Infected: Trojan-Clicker.Win32.Spywad.b
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-1cf39f94-44a996e1.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-1cf39f94-44a996e1.zip/InsecureClassLoader.class Infected: Exploit.Java.Bytverify
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-1cf39f94-44a996e1.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-1cf39f94-44a996e1.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-1cf39f94-44a996e1.zip Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-4dd78ab8-6ec13791.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-4dd78ab8-6ec13791.zip/InsecureClassLoader.class Infected: Exploit.Java.Bytverify
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-4dd78ab8-6ec13791.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-4dd78ab8-6ec13791.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-4dd78ab8-6ec13791.zip Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-1101e5-68092e30.zip/BlackBox.class Infected: Exploit.Java.ByteVerify
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-1101e5-68092e30.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-1101e5-68092e30.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-1101e5-68092e30.zip Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\misb.exe Infected: Trojan-Proxy.Win32.Sobit.e
C:\Program Files\backups\backup-20050619-220518-250.dll Infected: Trojan-Clicker.Win32.Agent.dj
C:\Program Files\WebSiteViewer\127706.exe Infected: Trojan-Proxy.Win32.Sobit.e
C:\Program Files\WebSiteViewer\127716.exe Infected: Trojan-Proxy.Win32.Sobit.e
C:\RECYCLER\S-1-5-21-3725260815-3689853989-222395546-1003\Dc2.exe Infected: Trojan.Win32.Stervis.c
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150277.exe Infected: Email-Worm.Win32.Delf.i
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150281.exe Infected: Trojan.Win32.Puper.aa
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150282.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150286.exe Infected: Trojan.Win32.Stervis.c
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150289.exe Infected: Trojan.Win32.Stervis.c
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150292.exe Infected: Trojan-Downloader.Win32.Intexp.c
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150293.exe Infected: Trojan.Win32.Puper.aa
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150295.ini:wqpink:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150296.scr:wyhktq:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150297.ini:kwbdcb:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150297.ini:ykxzlp:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150298.ico:dkqzrg:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150301.isu:gdojzm:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150302.ini:mmuara:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150303.src:tgrdza:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150303.src:xldcps:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150304.INI:cyrvvd:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150304.INI:eidvvn:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150304.INI:uxgcm:$DATA Infected: Trojan-Downloader.Win32.Agent.jb
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150305.ini:dfvza:$DATA Infected: Trojan-Downloader.Win32.Agent.lz
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150305.ini:mqiktj:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150305.ini:yywpsi:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150306.INI:jnlujh:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:adnaui:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:aedcka:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:aewnsj:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:aexypz:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:afovhe:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:ahdglo:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:aomuua:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:aotadk:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:aqmcux:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:arefbo:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:arhsta:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:ashufw:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:avhrpf:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:awqfkp:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:bcpiry:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:bdglsa:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:biaubo:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:bmquhk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:bqrwqi:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:btsmya:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:bungad:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:caacxw:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:cafxzu:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:ceyhyx:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:cjjimz:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:cjyzxl:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:ckfybm:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:ckudwn:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:ckxklj:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:clcgof:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:cleihu:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:coempa:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:cpamxz:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:ctpiny:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:cufpgt:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:cvoyvv:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:daqvlo:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:dchcvy:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:deqxu:$DATA Infected: Trojan-Downloader.Win32.Agent.lz
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:dfwakw:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:dlvmfm:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:dmimgp:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:dpwldv:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:drimjn:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:dunouj:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:dxajf:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:dxcttw:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:dynnda:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:dyzrq:$DATA Infected: Trojan-Downloader.Win32.Agent.lz
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:edukbi:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:eflodg:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:ekdnxb:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:eljvgg:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:enblsa:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:enlnoh:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:ennang:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:eoots:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:eqnsvi:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:eqxmlc:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:ermtzq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:erzaaa:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:etodfm:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:ettujj:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:evzjzz:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:exrvko:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:ezyjrb:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:fakhhl:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:fdypss:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:feunyv:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:fgalzz:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:fguxdc:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:fidcbo:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:fjfrjt:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:fmagxb:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:fnxjkm:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:fprhxc:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:fpvpwj:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:fsfapz:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:fwckni:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:fydcep:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:fzldrl:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:fzxpcg:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:gbntzf:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:gcazbq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:gclxj:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:gcyhmx:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:ggpqpk:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:ggznib:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:ghkzqp:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:ginrzg:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:gjvmyl:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:gmojjf:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:gnlux:$DATA Infected: Trojan-Downloader.Win32.Agent.lz
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:gnotjq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:gpdfbb:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:grhduu:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:hbtxqo:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:hduvay:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:hhmnt:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:hijytz:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:hioell:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:hkctxn:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:hqnnuu:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:huomvd:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:hyvkjo:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:ibcivj:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:iczxfa:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:ienknx:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:igmuut:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:ihttrm:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:iiipzd:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:iilray:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:ikfvjh:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:ioqrrd:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:ipupzm:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:iqhfky:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:irpplu:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:isaca:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:itubgt:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:ivgdb:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:ivxahf:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:iyiwcj:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:izmrhd:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:jatjmx:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:jbfosw:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:jbgpgm:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:jcwdwo:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:jcxybu:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:jgzowj:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:jhmtyu:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:jicedo:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:jkmeiy:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:jlypna:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:jmdgb:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:jomgvp:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:jvvftr:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:jwwvuf:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:jxahmb:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:jxhvh:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:jxhvhv:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:jyxepj:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:jzurxj:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:karxc:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:kblypn:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:kbospg:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:kednim:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:keurio:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:kjgldb:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:kjkyul:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:kmlrxm:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:koino:$DATA Infected: Trojan-Downloader.Win32.Agent.lz
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:ktbnsu:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:ktxdln:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:kuvjsz:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:kwdufx:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:kwped:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:kwsabv:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:kxuijq:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:kyqhhl:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:kysyl:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:kztsjx:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:lbeuag:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:ldtzt:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:lebtie:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:lfgmgm:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:ljtzvq:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:lnwoyg:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:lpfhpl:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:lrbema:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:lsbljk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:lskkqv:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:luzady:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:lyjwlg:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:lytbr:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:lzccf:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:lztut:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:lzxqrd:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:makgo:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:maxbvm:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:mcgkyi:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:mckfhx:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:mdbadk:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:mepaeh:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:mmuvlv:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:molcty:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:mpagex:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:mqtoff:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:msrhee:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:msvylk:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:mtihhh:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:mxyqqe:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:mynrcr:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:nadxmp:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:naowc:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:naztfb:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:neipwo:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:nfgioy:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:nfiapb:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:ngckoy:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:nhumfv:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:nirizs:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:nityl:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:nmohgs:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:nuowit:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:nuuzzg:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:nwgbxo:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:nxshno:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:nzsypb:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:oaunfu:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:oazoac:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:ondnpg:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:ookzgr:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:oskhv:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:otbbs:$DATA Infected: Trojan-Downloader.Win32.Agent.lz
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:owhsv:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:pefwg:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:pfuhsj:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:pganpc:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:phslyo:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:pibsod:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:plbgsx:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:pmllks:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:ppwzho:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:prelet:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:prgmg:$DATA Infected: Trojan-Downloader.Win32.Agent.lz
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:ptegts:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:ptxzi:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:pufvnd:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:pwuebl:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:pxcvqu:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:pxdfhe:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:pxdzaj:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:pyirxh:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:pyiuig:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:qgabhh:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:qgtgek:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:qhxqly:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:qjmhpx:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:qjorsw:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:qnfyos:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:qqvzux:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:qqwcij:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:qtkmfj:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:qukjna:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:qvymps:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:qymzny:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:rankmc:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:ravfvv:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:rbxwzr:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:rdegzv:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:rltevc:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:rmsicz:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:rnwtzz:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:rplaes:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:rponu:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:rqrwk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:rsvnny:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:rvdszh:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:rvtpdm:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:rwypqe:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:rzwfel:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:sasknd:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:sdjegd:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:sevhek:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:sfpsul:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:sfwkry:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:slckx:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:stkexo:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:sxqdlw:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:tadsja:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:tbqtv:$DATA Infected: Trojan-Downloader.Win32.Agent.lz
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:teqfgu:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:teyyuc:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:tmifpx:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:tpmnyu:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:trfsru:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:trizsq:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:tvfmcg:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:tvljwv:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:twalea:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:twhakn:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:tytmge:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:uexunz:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:ufkxmv:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:ulvumh:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:urjcst:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:usnnmp:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:uwhdpf:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:uxhbwp:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:uxkxbn:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:uzkssf:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:vbuwpl:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:vdiwls:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:vejmbh:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:vhhcfi:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:vkcopk:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:vlxdvw:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:vmodmo:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:vnsris:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:vpprfy:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:vqsszj:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:vudroq:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:vupubd:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:vvovdm:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:vzvrh:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:wanvb:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:wawfq:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:wbiany:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:wgwbxr:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:witety:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:wkjayn:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:wmnszx:$DATA Infected: Trojan-Downloader.Win32.Agent.bq
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP1073\A0150308.ini:wntpvm:

#12 ddeerrff

ddeerrff

    Retired


  • Malware Response Team
  • 2,723 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Upper Midwest, US
  • Local time:02:59 PM

Posted 20 July 2005 - 11:57 AM

Hmm... the scan finished, but I didn't notice if there was a fix button, so I just saved the log and exited. I hope it automatically fixed what it found.

Hmm indeed. I just went to the Kaspersky page I listed and it looks like they moved the complete system online scanner. Glad you found it. I believe it does clean, but we'll make sure.


Most of what Kaspersky found was in the /_restore folder. Clearing your restore points will remove anything remaining there:

Purge Restore points:

XP System Restore periodically creates a partial system backup. It is quite likely that some of the now removed malware has been 'backed up' in those files.

Disable System Restore by following the instructions here,
Reboot,
Re-enble System Restore by following the instructions here.



There are infections listed in your Sun JAVA cache. Open Control Panel and double click on the JAVA icon.

Depending on what version of JAVA you have, either:
1) Open the CACHE tab and click on CLEAR cache. or
2) On the GENERAL tab, click on 'Delete Files..' and OK the popup.



The following files/folders are infected. Attempt a manual delete if they still exist:

C:\misb.exe <--Files
C:\Program Files\backups\backup-20050619-220518-250.dll
C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe

C:\Program Files\WebSiteViewer\ <--Folder


Empty the Recycle bin.

That takes care of everything Kaspersky found.


After you get AVG7 installed, allow that to scan your system and see if it finds anything else. Then post a new HJT log please.
Derfram
~~~~~~

#13 John Sapp

John Sapp
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:59 PM

Posted 20 July 2005 - 07:31 PM

INSTRUCTIONS PROGRESS:
1. Purge system restore points: check!
2. Empty JAVA cache: failed. When I went to open the JAVA control panel, I got this error message from Java Virtual Machine Launcher, "Could not find the main class. Program will exit." So, I decided to try the Java plug-in control panel, which was right after it, to see what that would do. There was a clear cache option, so I did it.
3. Manually delete infected files/folders and empty recycle bin: all check!
4. Scan with AVG7: check! It found over 300 objects--wow I needed that! Don't ask me why I never had antivirus/firewall software running...because I'm retarded, okay?? I copied the log in case it is helpful; you will find it pasted after the HJT log.
5. New HJT log: check! See below.

FURTHER ISSUES: Just FYI
A. By the way, although I can use IExplorer again, I still cannot set the homepage--it is stuck on "about:blank".
***************************
UPDATE (2 min later): I just checked, and the homepage is not stuck on about:blank (Ihad set it to Google), but Explorer cannot load any webpages. It gives the message in the title bar, "Invalid Syntax Error," and shows the "Page cannot be displayed" error screen.
***************************
B. Also, whenever I open a program, or sometimes seemingly spontaneously, AGV pops up with "VIRUS FOUND" over C:\WINDOWS\system32\sqloi.dll. The file cannot be healed, or put in the vault, so i just click continue each time.
C. When I reboot, something like 3 to 5 error messages pop up saying "so-and-so software cannot be found/cannot open/whatever."



*************************************************
Logfile of HijackThis v1.99.1
Scan saved at 8:24:09 PM, on 7/20/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [WinFixer 2005] C:\Program Files\WinFixer 2005\wfx5.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O12 - Plugin for .ipp: C:\Program Files\Internet Explorer\Plugins\npimth32.dll
O12 - Plugin for .ipt: C:\Program Files\Internet Explorer\Plugins\npimth32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...nt/3dstock.html
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab34120.cab
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.com/down/release/PlaxoInstall.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kav...can_unicode.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug/tr...Transporter.cab?
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanmail.net/cab8/dmcc2.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab35645.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (ZPA_Backgammon Object) - http://zone.msn.com/bingame/zpagames/ZPA_B...on.cab36385.cab
O20 - AppInit_DLLs: C:\WINDOWS\System32\sqloi.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (Application) (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (Application) (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (Application) (VAIOMediaPlatform-PhotoServer-AppServer) - Unknown owner - C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe



********************************************
AVG7 Log


C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-1cf39f94-44a996e1.zip:\GetAccess.class Trojan horse Java/ClassLoader Infected, Embedded object
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-1cf39f94-44a996e1.zip:\InsecureClassLoader.class Virus identified Java/ByteVerify Infected, Embedded object
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-1cf39f94-44a996e1.zip:\Installer.class Virus identified Java/ByteVerify Infected, Embedded object
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-1cf39f94-44a996e1.zip Trojan horse Java/ClassLoader Infected, Archive
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-4dd78ab8-6ec13791.zip:\GetAccess.class Trojan horse Java/ClassLoader Infected, Embedded object
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-4dd78ab8-6ec13791.zip:\InsecureClassLoader.class Virus identified Java/ByteVerify Infected, Embedded object
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-4dd78ab8-6ec13791.zip:\Installer.class Virus identified Java/ByteVerify Infected, Embedded object
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-4dd78ab8-6ec13791.zip Trojan horse Java/ClassLoader Infected, Archive
C:\misb.exe Deleted
C:\Program Files\backups\backup-20050619-220518-250.dll Deleted
C:\Program Files\WebSiteViewer\127706.dlr Deleted
C:\Program Files\WebSiteViewer\127706.exe Deleted
C:\Program Files\WebSiteViewer\127716.dlr Deleted
C:\Program Files\WebSiteViewer\127716.exe Deleted
C:\Program Files\Windows Media Player\70odhr0b.exe Deleted
C:\RECYCLER\S-1-5-21-3725260815-3689853989-222395546-1003\Dc2.exe Deleted
C:\WINDOWS\adddi32.exe Deleted
C:\WINDOWS\addnb.dll Deleted
C:\WINDOWS\addrm32.dll Deleted
C:\WINDOWS\addud.exe Deleted
C:\WINDOWS\apidj.dll Deleted
C:\WINDOWS\apisn.dll Deleted
C:\WINDOWS\apivc32.exe Deleted
C:\WINDOWS\apivn.dll Deleted
C:\WINDOWS\apivs32.exe Deleted
C:\WINDOWS\apizt32.dll Deleted
C:\WINDOWS\appbr32.dll Deleted
C:\WINDOWS\appeu32.dll Deleted
C:\WINDOWS\appkw32.exe Deleted
C:\WINDOWS\appod.dll Deleted
C:\WINDOWS\appqb.dll Deleted
C:\WINDOWS\appsg.dll Deleted
C:\WINDOWS\apput.exe Deleted
C:\WINDOWS\appvc.dll Deleted
C:\WINDOWS\appww.dll Deleted
C:\WINDOWS\appzk.dll Deleted
C:\WINDOWS\assest.dll Deleted
C:\WINDOWS\atlbd32.exe Deleted
C:\WINDOWS\atlcn.dll Deleted
C:\WINDOWS\atlly32.dll Deleted
C:\WINDOWS\atltv32.dll Deleted
C:\WINDOWS\atlxp.dll Deleted
C:\WINDOWS\crdo32.exe Deleted
C:\WINDOWS\crfx32.dll Deleted
C:\WINDOWS\crjw32.dll Deleted
C:\WINDOWS\crkq.exe Deleted
C:\WINDOWS\crnz.dll Deleted
C:\WINDOWS\crtl32.dll Deleted
C:\WINDOWS\d3fm.dll Deleted
C:\WINDOWS\d3ih32.dll Deleted
C:\WINDOWS\d3iw32.exe Deleted
C:\WINDOWS\d3ml.dll Deleted
C:\WINDOWS\d3od32.dll Deleted
C:\WINDOWS\d3ok32.exe Deleted
C:\WINDOWS\d3oq32.dll Deleted
C:\WINDOWS\d3xr.dll Deleted
C:\WINDOWS\d3xr32.dll Deleted
C:\WINDOWS\d3ya.exe Deleted
C:\WINDOWS\ef.exe Deleted
C:\WINDOWS\frennk.dll Deleted
C:\WINDOWS\ibs.exe Deleted
C:\WINDOWS\iebr32.dll Deleted
C:\WINDOWS\iecs32.exe Deleted
C:\WINDOWS\ieeb32.dll Deleted
C:\WINDOWS\iegh32.exe Deleted
C:\WINDOWS\iekk.dll Deleted
C:\WINDOWS\iekw32.dll Deleted
C:\WINDOWS\iess32.dll Deleted
C:\WINDOWS\ievl32.exe Deleted
C:\WINDOWS\iexc32.dll Deleted
C:\WINDOWS\ieye32.exe Deleted
C:\WINDOWS\ipbo.dll Deleted
C:\WINDOWS\ipfr.dll Deleted
C:\WINDOWS\ipob32.dll Deleted
C:\WINDOWS\ipti32.dll Deleted
C:\WINDOWS\ipum32.dll Deleted
C:\WINDOWS\javafi32.dll Deleted
C:\WINDOWS\javahw.dll Deleted
C:\WINDOWS\javajc32.dll Deleted
C:\WINDOWS\javalf32.exe Deleted
C:\WINDOWS\javalj.dll Deleted
C:\WINDOWS\javari32.dll Deleted
C:\WINDOWS\mfcbq32.dll Deleted
C:\WINDOWS\mfccq.exe Deleted
C:\WINDOWS\mfccs32.exe Deleted
C:\WINDOWS\mfcdp.exe Deleted
C:\WINDOWS\mfceb.dll Deleted
C:\WINDOWS\mfcic.dll Deleted
C:\WINDOWS\mfcnd32.dll Deleted
C:\WINDOWS\mfcoi.exe Deleted
C:\WINDOWS\mfctq.exe Deleted
C:\WINDOWS\mfcva32.exe Deleted
C:\WINDOWS\mfcxq32.exe Deleted
C:\WINDOWS\msam.dll Deleted
C:\WINDOWS\msbd32.dll Deleted
C:\WINDOWS\msgf.exe Deleted
C:\WINDOWS\mshm.dll Deleted
C:\WINDOWS\mski32.dll Deleted
C:\WINDOWS\mslf32.dll Deleted
C:\WINDOWS\msmb.exe Deleted
C:\WINDOWS\msmv.exe Deleted
C:\WINDOWS\mspr.dll Deleted
C:\WINDOWS\mssh32.dll Deleted
C:\WINDOWS\mswp32.dll Deleted
C:\WINDOWS\mswr32.dll Deleted
C:\WINDOWS\msyg32.dll Deleted
C:\WINDOWS\netcn.exe Deleted
C:\WINDOWS\nethy.dll Deleted
C:\WINDOWS\netig.dll Deleted
C:\WINDOWS\netje.dll Deleted
C:\WINDOWS\netjx32.dll Deleted
C:\WINDOWS\netqu32.dll Deleted
C:\WINDOWS\netsx32.exe Deleted
C:\WINDOWS\netve32.dll Deleted
C:\WINDOWS\netwp.dll Deleted
C:\WINDOWS\netxw.dll Deleted
C:\WINDOWS\ntku32.exe Deleted
C:\WINDOWS\ntsa.exe Deleted
C:\WINDOWS\ntss.dll Deleted
C:\WINDOWS\ntvz.dll Deleted
C:\WINDOWS\ntyn.dll Deleted
C:\WINDOWS\n_aufstw.txt Deleted
C:\WINDOWS\n_bnpyrn.log Deleted
C:\WINDOWS\n_dspcsi.dat Deleted
C:\WINDOWS\n_jcfefh.log Deleted
C:\WINDOWS\n_jkhfas.dat Deleted
C:\WINDOWS\n_kxsinu.txt Deleted
C:\WINDOWS\n_ntfwho.dat Deleted
C:\WINDOWS\n_ojtrto.dat Deleted
C:\WINDOWS\n_pdfyjd.txt Deleted
C:\WINDOWS\n_tsyzez.log Deleted
C:\WINDOWS\n_xyziik.dat Deleted
C:\WINDOWS\sdkbi32.exe Deleted
C:\WINDOWS\sdkcp.dll Deleted
C:\WINDOWS\sdkcp32.dll Deleted
C:\WINDOWS\sdkdu.dll Deleted
C:\WINDOWS\sdkez.dll Deleted
C:\WINDOWS\sdkgk.exe Deleted
C:\WINDOWS\sdkgx32.dll Deleted
C:\WINDOWS\sdkhm.exe Deleted
C:\WINDOWS\sdkit32.dll Deleted
C:\WINDOWS\sdkki.exe Deleted
C:\WINDOWS\sdkmf32.exe Deleted
C:\WINDOWS\sdkuh.dll Deleted
C:\WINDOWS\sdkzg32.dll Deleted
C:\WINDOWS\sysdt32.dll Deleted
C:\WINDOWS\syses32.dll Deleted
C:\WINDOWS\sysmb.dll Deleted
C:\WINDOWS\sysoj.dll Deleted
C:\WINDOWS\syssw.dll Deleted
C:\WINDOWS\systx32.exe Deleted
C:\WINDOWS\sysxz.exe Deleted
C:\WINDOWS\sysyl.dll Deleted
C:\WINDOWS\wince32.dll Deleted
C:\WINDOWS\winct.exe Deleted
C:\WINDOWS\winlj.exe Deleted
C:\WINDOWS\winpv.dll Deleted
C:\WINDOWS\winqh32.dll Deleted
C:\WINDOWS\winrj.dll Deleted
C:\WINDOWS\winsj.dll Deleted
C:\WINDOWS\winsocks5.exe Deleted
C:\WINDOWS\wintc32.dll Deleted
C:\WINDOWS\system32\addil32.dll Deleted
C:\WINDOWS\system32\addjw.exe Deleted
C:\WINDOWS\system32\addlm32.exe Deleted
C:\WINDOWS\system32\addmx32.exe Deleted
C:\WINDOWS\system32\addoq32.dll Deleted
C:\WINDOWS\system32\addoq32.exe Deleted
C:\WINDOWS\system32\addpw32.dll Deleted
C:\WINDOWS\system32\addyl.dll Deleted
C:\WINDOWS\system32\all64.exe Deleted
C:\WINDOWS\system32\apicx32.dll Deleted
C:\WINDOWS\system32\apieh32.exe Deleted
C:\WINDOWS\system32\apign.exe Deleted
C:\WINDOWS\system32\apiih32.dll Deleted
C:\WINDOWS\system32\apike32.dll Deleted
C:\WINDOWS\system32\apile32.exe Deleted
C:\WINDOWS\system32\apinz.exe Deleted
C:\WINDOWS\system32\apiqz.dll Deleted
C:\WINDOWS\system32\apirc.dll Deleted
C:\WINDOWS\system32\apiun32.exe Deleted
C:\WINDOWS\system32\appci32.exe Deleted
C:\WINDOWS\system32\appei32.exe Deleted
C:\WINDOWS\system32\appfo32.dll Deleted
C:\WINDOWS\system32\apptv.dll Deleted
C:\WINDOWS\system32\appvl.dll Deleted
C:\WINDOWS\system32\appyh32.exe Deleted
C:\WINDOWS\system32\appyj.dll Deleted
C:\WINDOWS\system32\atlea32.dll Deleted
C:\WINDOWS\system32\atlfe32.dll Deleted
C:\WINDOWS\system32\atlmk.exe Deleted
C:\WINDOWS\system32\atlnc.exe Deleted
C:\WINDOWS\system32\atlnd32.exe Deleted
C:\WINDOWS\system32\ATPartners.dll Deleted
C:\WINDOWS\system32\AWM226.exe Deleted
C:\WINDOWS\system32\bckuts.exe Deleted
C:\WINDOWS\system32\craj32.dll Deleted
C:\WINDOWS\system32\crcx.dll Deleted
C:\WINDOWS\system32\crdd.dll Deleted
C:\WINDOWS\system32\crpu32.dll Deleted
C:\WINDOWS\system32\crrk.exe Deleted
C:\WINDOWS\system32\crwl32.dll Deleted
C:\WINDOWS\system32\crxm.dll Deleted
C:\WINDOWS\system32\d3bf.exe Deleted
C:\WINDOWS\system32\d3fn.dll Deleted
C:\WINDOWS\system32\d3ku32.exe Deleted
C:\WINDOWS\system32\d3lj.exe Deleted
C:\WINDOWS\system32\d3ls.dll Deleted
C:\WINDOWS\system32\d3tc32.dll Deleted
C:\WINDOWS\system32\d3yj32.exe Deleted
C:\WINDOWS\system32\fastvideoplayer.dll Deleted
C:\WINDOWS\system32\fb0mb.exe Deleted
C:\WINDOWS\system32\hhmpji.dll Deleted
C:\WINDOWS\system32\ieat32.exe Deleted
C:\WINDOWS\system32\iecc.exe Deleted
C:\WINDOWS\system32\iehs32.dll Deleted
C:\WINDOWS\system32\iehu32.exe Deleted
C:\WINDOWS\system32\ieof.exe Deleted
C:\WINDOWS\system32\ieus32.exe Deleted
C:\WINDOWS\system32\ieww.dll Deleted
C:\WINDOWS\system32\ieyd.dll Deleted
C:\WINDOWS\system32\ijilal.dll Deleted
C:\WINDOWS\system32\Inst.ocx Deleted
C:\WINDOWS\system32\iobhgk.dll Deleted
C:\WINDOWS\system32\ipbv32.exe Deleted
C:\WINDOWS\system32\ipof32.exe Deleted
C:\WINDOWS\system32\ippc32.dll Deleted
C:\WINDOWS\system32\ipqh32.dll Deleted
C:\WINDOWS\system32\ipth32.dll Deleted
C:\WINDOWS\system32\ipti32.dll Deleted
C:\WINDOWS\system32\iput.dll Deleted
C:\WINDOWS\system32\ipvb.dll Deleted
C:\WINDOWS\system32\ipzc.dll Deleted
C:\WINDOWS\system32\javadx32.dll Deleted
C:\WINDOWS\system32\javald.dll Deleted
C:\WINDOWS\system32\javaox32.exe Deleted
C:\WINDOWS\system32\javard.dll Deleted
C:\WINDOWS\system32\javarg.dll Deleted
C:\WINDOWS\system32\javasg32.dll Deleted
C:\WINDOWS\system32\javaub32.dll Deleted
C:\WINDOWS\system32\javauu.dll Deleted
C:\WINDOWS\system32\max32.exe Deleted
C:\WINDOWS\system32\mfcbx32.dll Deleted
C:\WINDOWS\system32\mfcen.dll Deleted
C:\WINDOWS\system32\mfcfg32.exe Deleted
C:\WINDOWS\system32\mfcns32.exe Deleted
C:\WINDOWS\system32\mfcoi32.dll Deleted
C:\WINDOWS\system32\mfcou32.dll Deleted
C:\WINDOWS\system32\mfcqq.dll Deleted
C:\WINDOWS\system32\mfcto32.exe Deleted
C:\WINDOWS\system32\mfcwl32.dll Deleted
C:\WINDOWS\system32\mkejjc.dll Deleted
C:\WINDOWS\system32\msas32.dll Deleted
C:\WINDOWS\system32\msgl32.dll Deleted
C:\WINDOWS\system32\mspi32.dll Deleted
C:\WINDOWS\system32\msql.dll Deleted
C:\WINDOWS\system32\msty.dll Deleted
C:\WINDOWS\system32\mswr.exe Deleted
C:\WINDOWS\system32\netcj32.dll Deleted
C:\WINDOWS\system32\neteo32.dll Deleted
C:\WINDOWS\system32\netoo32.dll Deleted
C:\WINDOWS\system32\netpp.dll Deleted
C:\WINDOWS\system32\nettk32.dll Deleted
C:\WINDOWS\system32\netun32.dll Deleted
C:\WINDOWS\system32\netvv32.dll Deleted
C:\WINDOWS\system32\netym32.exe Deleted
C:\WINDOWS\system32\netyz32.exe Deleted
C:\WINDOWS\system32\nhpp.dll Deleted
C:\WINDOWS\system32\ntcb.dll Deleted
C:\WINDOWS\system32\ntkk32.dll Deleted
C:\WINDOWS\system32\ntoq.exe Deleted
C:\WINDOWS\system32\ntpz32.dll Deleted
C:\WINDOWS\system32\ntuk.dll Deleted
C:\WINDOWS\system32\ntux.dll Deleted
C:\WINDOWS\system32\ntxy.dll Deleted
C:\WINDOWS\system32\ntyt.dll Deleted
C:\WINDOWS\system32\sdkbo32.dll Deleted
C:\WINDOWS\system32\sdkss32.dll Deleted
C:\WINDOWS\system32\sdksw.exe Deleted
C:\WINDOWS\system32\sdkuy32.dll Deleted
C:\WINDOWS\system32\sdkwz32.exe Deleted
C:\WINDOWS\system32\sysbw.dll Deleted
C:\WINDOWS\system32\sysga32.dll Deleted
C:\WINDOWS\system32\sysjm.dll Deleted
C:\WINDOWS\system32\sysne32.dll Deleted
C:\WINDOWS\system32\sysnx32.exe Deleted
C:\WINDOWS\system32\sysow32.dll Deleted
C:\WINDOWS\system32\sysqd32.dll Deleted
C:\WINDOWS\system32\sysrj32.exe Deleted
C:\WINDOWS\system32\systq32.dll Deleted
C:\WINDOWS\system32\syswu.dll Deleted
C:\WINDOWS\system32\sysxp32.dll Deleted
C:\WINDOWS\system32\txflog740a.exe Deleted
C:\WINDOWS\system32\VT334ad.exe Deleted
C:\WINDOWS\system32\winaj.exe Deleted
C:\WINDOWS\system32\wines32.dll Deleted
C:\WINDOWS\system32\winfb32.dll Deleted
C:\WINDOWS\system32\winlg32.exe Deleted
C:\WINDOWS\system32\winqr.dll Deleted
C:\WINDOWS\system32\z11.exe Deleted
[COLOR=red]

Edited by John Sapp, 20 July 2005 - 07:43 PM.


#14 ddeerrff

ddeerrff

    Retired


  • Malware Response Team
  • 2,723 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Upper Midwest, US
  • Local time:02:59 PM

Posted 20 July 2005 - 11:05 PM

Malware is like an onion. Peel off one layer and find more below.......

Please download the Symantec removal tool from here:
http://securityresponse.symantec.com/avcenter/FxAgentB.exe
Save it to the desktop, and run it. Allow it to scan your computer, and then restart your computer when requested. The tool should generate a log file --- please post the log file here so that I can see it.

I believe you still have CWShredder, if not:
Now please download CWShredder from here: http://cwshredder.net/bin/CWShredder.exe
Save it to the desktop.
Run it, and click "Fix".


Download WinPFind.zip
- Extract it to your C:\ folder. This will create a folder called WinPFind in the C:\ folder.

Reboot your computer into Safe Mode.

Open the C:\WinPFind folder and double-click on WinPFind.exe.
- Click on the Start Scan button and wait for it to finish.

This program will scan large amounts of files on your computer for known patterns so please be patient while it works as it can take a while. When it is done, the results of the scan will be displayed and it will create a log file at C:\WinPFind\WinPFind.txt. Pleased copy that log to your next reply.
Derfram
~~~~~~

#15 John Sapp

John Sapp
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:59 PM

Posted 21 July 2005 - 06:23 AM

Okay, I'm working late tonight, so if I don't get it done tonight, it will be tommorrow. Thanks for all your help!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users