Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Home page hijacked


  • This topic is locked This topic is locked
12 replies to this topic

#1 johncini

johncini

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:01 PM

Posted 25 July 2005 - 09:09 PM

My problem started a while ago when my IE homepage kept defaulting to a different page. I was able to delete that page name but I still can't change the homepage address. I currently use Firefox so I was able to ignore the problem until recently.

Now, when I turn on the computer, it immediately takes me to the defaulted IE page and I get the error message:

The application or DLL apiuv32.exe - Bad Image C:\WINDOWS\system32\appjp.dll is not a valid Windows image. Please check this against your installation diskette.

Can someone help me out of this maze?

I ran Hijackthis and here is the log:

Logfile of HijackThis v1.99.1
Scan saved at 9:53:46 PM, on 7/25/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\EPSON\ESM2\eEBSVC.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\apiuv32.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ntnut.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\ntci.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Shutterfly Express\SflyMon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Gerard\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\pjtgf.dll/sp.html#55135
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\pjtgf.dll/sp.html#55135
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://C:\WINDOWS\system32\shdocpe.dll/security.htm#subID=BSW;677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\pjtgf.dll/sp.html#55135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\pjtgf.dll/sp.html#55135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\pjtgf.dll/sp.html#55135
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\pjtgf.dll/sp.html#55135
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://shdocpe.dll/asst.htm
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {8C7413DD-6325-E43D-BD47-63DEDEF0FC7C} - C:\WINDOWS\system32\ieib.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {FEF22621-9874-CE5F-4F45-E119822E35B8} - C:\WINDOWS\javaya32.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Fast start] C:\WINDOWS\system32\ntnut.exe home
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [ntci.exe] C:\WINDOWS\ntci.exe
O4 - HKLM\..\Run: [ieeg32.exe] C:\WINDOWS\system32\ieeg32.exe
O4 - HKLM\..\Run: [atlqi32.exe] C:\WINDOWS\system32\atlqi32.exe
O4 - HKLM\..\Run: [ipav.exe] C:\WINDOWS\ipav.exe
O4 - HKLM\..\Run: [iebq32.exe] C:\WINDOWS\iebq32.exe
O4 - HKLM\..\Run: [ntoz32.exe] C:\WINDOWS\ntoz32.exe
O4 - HKLM\..\Run: [crnf32.exe] C:\WINDOWS\crnf32.exe
O4 - HKLM\..\Run: [appyh32.exe] C:\WINDOWS\appyh32.exe
O4 - HKLM\..\Run: [ielz32.exe] C:\WINDOWS\system32\ielz32.exe
O4 - HKLM\..\Run: [appzu32.exe] C:\WINDOWS\appzu32.exe
O4 - HKLM\..\RunOnce: [javayd32.exe] C:\WINDOWS\javayd32.exe
O4 - HKLM\..\RunOnce: [addyb.exe] C:\WINDOWS\addyb.exe
O4 - HKLM\..\RunOnce: [addky.exe] C:\WINDOWS\addky.exe
O4 - HKLM\..\RunOnce: [crmn.exe] C:\WINDOWS\crmn.exe
O4 - HKLM\..\RunOnce: [atlsk32.exe] C:\WINDOWS\atlsk32.exe
O4 - HKLM\..\RunOnce: [addow.exe] C:\WINDOWS\system32\addow.exe
O4 - HKLM\..\RunOnce: [sdklj.exe] C:\WINDOWS\system32\sdklj.exe
O4 - HKLM\..\RunOnce: [crtx.exe] C:\WINDOWS\system32\crtx.exe
O4 - HKLM\..\RunOnce: [ntht.exe] C:\WINDOWS\ntht.exe
O4 - HKLM\..\RunOnce: [iewy32.exe] C:\WINDOWS\system32\iewy32.exe
O4 - HKLM\..\RunOnce: [syswg.exe] C:\WINDOWS\system32\syswg.exe
O4 - HKLM\..\RunOnce: [atlud32.exe] C:\WINDOWS\system32\atlud32.exe
O4 - HKLM\..\RunOnce: [apioo.exe] C:\WINDOWS\apioo.exe
O4 - HKLM\..\RunOnce: [msiq.exe] C:\WINDOWS\msiq.exe
O4 - HKLM\..\RunOnce: [netlj32.exe] C:\WINDOWS\netlj32.exe
O4 - HKLM\..\RunOnce: [appcq32.exe] C:\WINDOWS\system32\appcq32.exe
O4 - HKLM\..\RunOnce: [addkh.exe] C:\WINDOWS\system32\addkh.exe
O4 - HKLM\..\RunOnce: [winwq32.exe] C:\WINDOWS\winwq32.exe
O4 - HKLM\..\RunOnce: [ntrb32.exe] C:\WINDOWS\system32\ntrb32.exe
O4 - HKLM\..\RunOnce: [apiuv32.exe] C:\WINDOWS\apiuv32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: SflyMon.lnk = C:\Program Files\Shutterfly Express\SflyMon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe
O4 - Global Startup: EPSON Background Monitor.lnk = C:\Program Files\EPSON\ESM2\STMS.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Search &Dictionary - C:\Program files\Lexico\Toolbar\dictionary.htm
O8 - Extra context menu item: Search &Thesaurus - C:\Program files\Lexico\Toolbar\thesaurus.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - https://webmail1-ssl.hmco.com/iNotes.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1094237621250
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} - http://dictionary.reference.com/tools/toolbar/lexico.cab
O20 - Winlogon Notify: iexplore - ET\rO.dll (file missing)
O23 - Service: Remote Procedure Call (RPC) Helper ( 11F#`I) - Unknown owner - C:\WINDOWS\addyb.exe" /s (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\EPSON\ESM2\eEBSVC.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

BC AdBot (Login to Remove)

 


#2 John_McKenna

John_McKenna

    World Class Hairy Chest


  • Members
  • 497 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Liverpool
  • Local time:08:01 PM

Posted 26 July 2005 - 06:43 AM

Hi John and welcome to Bleeping. :thumbsup:

The following fix is based on the files present in your log 'currently'.

This infection tends to 'morph' quite a bit so it may take a few rounds.

Please continue to use Firefox until we've cleaned you up. The online virus scan at the end is Firefox compatible. :flowers:


Step 1

Download Killbox from here to your desktop.

Download and install About Buster 5.0 following the instructions here.
Update the program with the latest definitions and then close it.
Do NOT scan with About Buster yet.

Download, install and setup Ewido Security Suite by following the instructions here.
Update the program with the latest definitions and then close without scanning.

Download and install Cleanup! from here.

Download CWSServicemove.zip from here and unzip it to your desktop. Do NOT run this until told.

Ensure you're familiar with rebooting into Safe Mode.

Copy the below steps to notepad and save them to your desktop. Close Internet Explorer and disconnect from the internet.

Step 2

Run HJT again and checkmark the boxes next to the following:-R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\pjtgf.dll/sp.html#55135
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\pjtgf.dll/sp.html#55135
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://C:\WINDOWS\system32\shdocpe.dll/security.htm#subID=BSW;677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\pjtgf.dll/sp.html#55135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\pjtgf.dll/sp.html#55135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\pjtgf.dll/sp.html#55135
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\pjtgf.dll/sp.html#55135
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://shdocpe.dll/asst.htm
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {8C7413DD-6325-E43D-BD47-63DEDEF0FC7C} - C:\WINDOWS\system32\ieib.dll
O2 - BHO: Class - {FEF22621-9874-CE5F-4F45-E119822E35B8} - C:\WINDOWS\javaya32.dll
O4 - HKLM\..\Run: [Fast start] C:\WINDOWS\system32\ntnut.exe home
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [ntci.exe] C:\WINDOWS\ntci.exe
O4 - HKLM\..\Run: [ieeg32.exe] C:\WINDOWS\system32\ieeg32.exe
O4 - HKLM\..\Run: [atlqi32.exe] C:\WINDOWS\system32\atlqi32.exe
O4 - HKLM\..\Run: [ipav.exe] C:\WINDOWS\ipav.exe
O4 - HKLM\..\Run: [iebq32.exe] C:\WINDOWS\iebq32.exe
O4 - HKLM\..\Run: [ntoz32.exe] C:\WINDOWS\ntoz32.exe
O4 - HKLM\..\Run: [crnf32.exe] C:\WINDOWS\crnf32.exe
O4 - HKLM\..\Run: [appyh32.exe] C:\WINDOWS\appyh32.exe
O4 - HKLM\..\Run: [ielz32.exe] C:\WINDOWS\system32\ielz32.exe
O4 - HKLM\..\Run: [appzu32.exe] C:\WINDOWS\appzu32.exe
O4 - HKLM\..\RunOnce: [javayd32.exe] C:\WINDOWS\javayd32.exe
O4 - HKLM\..\RunOnce: [addyb.exe] C:\WINDOWS\addyb.exe
O4 - HKLM\..\RunOnce: [addky.exe] C:\WINDOWS\addky.exe
O4 - HKLM\..\RunOnce: [crmn.exe] C:\WINDOWS\crmn.exe
O4 - HKLM\..\RunOnce: [atlsk32.exe] C:\WINDOWS\atlsk32.exe
O4 - HKLM\..\RunOnce: [addow.exe] C:\WINDOWS\system32\addow.exe
O4 - HKLM\..\RunOnce: [sdklj.exe] C:\WINDOWS\system32\sdklj.exe
O4 - HKLM\..\RunOnce: [crtx.exe] C:\WINDOWS\system32\crtx.exe
O4 - HKLM\..\RunOnce: [ntht.exe] C:\WINDOWS\ntht.exe
O4 - HKLM\..\RunOnce: [iewy32.exe] C:\WINDOWS\system32\iewy32.exe
O4 - HKLM\..\RunOnce: [syswg.exe] C:\WINDOWS\system32\syswg.exe
O4 - HKLM\..\RunOnce: [atlud32.exe] C:\WINDOWS\system32\atlud32.exe
O4 - HKLM\..\RunOnce: [apioo.exe] C:\WINDOWS\apioo.exe
O4 - HKLM\..\RunOnce: [msiq.exe] C:\WINDOWS\msiq.exe
O4 - HKLM\..\RunOnce: [netlj32.exe] C:\WINDOWS\netlj32.exe
O4 - HKLM\..\RunOnce: [appcq32.exe] C:\WINDOWS\system32\appcq32.exe
O4 - HKLM\..\RunOnce: [addkh.exe] C:\WINDOWS\system32\addkh.exe
O4 - HKLM\..\RunOnce: [winwq32.exe] C:\WINDOWS\winwq32.exe
O4 - HKLM\..\RunOnce: [ntrb32.exe] C:\WINDOWS\system32\ntrb32.exe
O4 - HKLM\..\RunOnce: [apiuv32.exe] C:\WINDOWS\apiuv32.exe
O20 - Winlogon Notify: iexplore - ET\rO.dll (file missing)
O23 - Service: Remote Procedure Call (RPC) Helper ( 11F#`I) - Unknown owner - C:\WINDOWS\addyb.exe" /s (file missing)

Close ALL OPEN WINDOWS/BROWSERS and click "Fix Checked"


Step 3

Reboot into Safe Mode and start About Buster:
  • Close ALL open windows.
  • Click on 'Begin Removal' to start the scan.
  • When the scan has finished let it scan again.
  • Exit About Buster.
  • A log of the scan will appear in the folder
.

Step 4

Start CleanUp! and do the following:

Click the Options button and select:
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files <-- (XP only)
  • Scan local drives for temporary files
  • Cleanup! All Users
Click the Ok button to close the Options dialog.
Click the CleanUp! button to begin cleaning.
It may take a while depending on the size of the hard drive so be patient.
When complete, close CleanUp but decline to logoff when prompted.


Step 5

Double-click on KillBox.exe to launch the program.
Click on 'Delete on Reboot'.
Paste the line below into the top Full Path of File to Delete field.C:\WINDOWS\system32\ieib.dll
Click on the 'End Explorer Shell While Killing File' checkbox.
Click on the 'Unregister .dll Before Deleting' checkbox (if not greyed out).
Click the 'Delete File' button which looks like a stop sign.
Click No at the Pending Operations prompt.

Repeat the above steps for each of the following lines:C:\WINDOWS\javaya32.dll
C:\WINDOWS\system32\shdocpe.dll
C:\WINDOWS\pjtgf.dll
C:\WINDOWS\ntci.exe
C:\WINDOWS\addyb.exe
C:\WINDOWS\system32\ntnut.exe

After you add the last file and it prompts to reboot, you should press 'Yes' and allow it to do so.
**If you get a "PendingFileRenameOperations Registry Data has been Removed by External Process!" message, just restart manually.

As your machine starts to reboot, please start tapping F8 and go straight into Safe Mode - Very Important!!

Step 6

Now open Ewido Security Suite:
  • Click on Scanner
  • Click on Complete System Scan and the scan will begin.
  • While in progress you will be prompted to clean files.
  • When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.
  • When the scan is complete, click the Save Report button and save the report .txt file to your desktop.
  • Then close Ewido Security Suite.
WARNING: While the scan is in progress, do NOT open any folders or the Windows Control Panel !!

Step 7

Now double-click the CWSServicemove.reg on your desktop.

Confirm you wish to add the contents to the registry when prompted and then reboot back to normal mode.


Step 8

Run an online virus scan at Trend Micro (Europe) and save the scan log.

Reboot again when complete and post the following:
  • 1. New HijackThis log
  • 2. About Buster scan log
  • 3. Ewido scan log
  • 4. Trend Micro scan log.

Want to fight back? Click HERE and learn how to remove spyware.

If I've helped you, please consider donating to the Multiple Sclerosis Society (UK)

#3 johncini

johncini
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:01 PM

Posted 27 July 2005 - 09:39 PM

Thanks for the quick response. I downloaded all the downloads you list. However, when I re-ran hijackthis, the log looked very different from the one I sent originally. I was afraid to delete anything without verification. The new log looks like this:

Logfile of HijackThis v1.99.1
Scan saved at 10:10:34 PM, on 7/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\EPSON\ESM2\eEBSVC.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\adddl.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ntnut.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Shutterfly Express\SflyMon.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Documents and Settings\Gerard\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\nwcou.dll/sp.html#55135
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\nwcou.dll/sp.html#55135
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://C:\WINDOWS\system32\shdocpe.dll/security.htm#subID=BSW;677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\nwcou.dll/sp.html#55135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\nwcou.dll/sp.html#55135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\nwcou.dll/sp.html#55135
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\nwcou.dll/sp.html#55135
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://shdocpe.dll/asst.htm
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {A19B27CF-5741-F8BA-D784-95739AD24FF8} - C:\WINDOWS\system32\ntij32.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {FE912560-84DA-169C-94D6-8B410D6F44B3} - C:\WINDOWS\adddl.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Fast start] C:\WINDOWS\system32\ntnut.exe home
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [ieeg32.exe] C:\WINDOWS\system32\ieeg32.exe
O4 - HKLM\..\Run: [atlqi32.exe] C:\WINDOWS\system32\atlqi32.exe
O4 - HKLM\..\Run: [ipav.exe] C:\WINDOWS\ipav.exe
O4 - HKLM\..\Run: [iebq32.exe] C:\WINDOWS\iebq32.exe
O4 - HKLM\..\Run: [ntoz32.exe] C:\WINDOWS\ntoz32.exe
O4 - HKLM\..\Run: [crnf32.exe] C:\WINDOWS\crnf32.exe
O4 - HKLM\..\Run: [appyh32.exe] C:\WINDOWS\appyh32.exe
O4 - HKLM\..\Run: [ielz32.exe] C:\WINDOWS\system32\ielz32.exe
O4 - HKLM\..\Run: [appzu32.exe] C:\WINDOWS\appzu32.exe
O4 - HKLM\..\Run: [d3gc.exe] C:\WINDOWS\d3gc.exe
O4 - HKLM\..\Run: [netsq.exe] C:\WINDOWS\netsq.exe
O4 - HKLM\..\Run: [ipno.exe] C:\WINDOWS\ipno.exe
O4 - HKLM\..\Run: [adddl.exe] C:\WINDOWS\adddl.exe
O4 - HKLM\..\RunOnce: [javayd32.exe] C:\WINDOWS\javayd32.exe
O4 - HKLM\..\RunOnce: [addyb.exe] C:\WINDOWS\addyb.exe
O4 - HKLM\..\RunOnce: [crtx.exe] C:\WINDOWS\system32\crtx.exe
O4 - HKLM\..\RunOnce: [winwq32.exe] C:\WINDOWS\winwq32.exe
O4 - HKLM\..\RunOnce: [mfcrr32.exe] C:\WINDOWS\system32\mfcrr32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: SflyMon.lnk = C:\Program Files\Shutterfly Express\SflyMon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe
O4 - Global Startup: EPSON Background Monitor.lnk = C:\Program Files\EPSON\ESM2\STMS.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Search &Dictionary - C:\Program files\Lexico\Toolbar\dictionary.htm
O8 - Extra context menu item: Search &Thesaurus - C:\Program files\Lexico\Toolbar\thesaurus.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - https://webmail1-ssl.hmco.com/iNotes.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1094237621250
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} - http://dictionary.reference.com/tools/toolbar/lexico.cab
O20 - Winlogon Notify: iexplore - ET\rO.dll (file missing)
O23 - Service: Workstation NetLogon Service ( 11F#`I) - Unknown owner - C:\WINDOWS\javayd32.exe" /s (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\EPSON\ESM2\eEBSVC.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

#4 John_McKenna

John_McKenna

    World Class Hairy Chest


  • Members
  • 497 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Liverpool
  • Local time:08:01 PM

Posted 28 July 2005 - 11:22 AM

Hi John,

I was afraid of that happening. Due to the time differences between us, can I ask you to post a fresh log and then NOT reboot the machine again until I've posted further instructions. :thumbsup:
Want to fight back? Click HERE and learn how to remove spyware.

If I've helped you, please consider donating to the Multiple Sclerosis Society (UK)

#5 johncini

johncini
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:01 PM

Posted 28 July 2005 - 09:57 PM

Thanks again for the quick reply. Here's the new log. I'll keep the PC idle until I hear back from you.

Logfile of HijackThis v1.99.1
Scan saved at 10:54:01 PM, on 7/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\EPSON\ESM2\eEBSVC.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Shutterfly Express\SflyMon.exe
C:\Program Files\Norton AntiVirus\OPScan.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Gerard\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\nwcou.dll/sp.html#55135
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://C:\WINDOWS\system32\shdocpe.dll/security.htm#subID=BSW;677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\nwcou.dll/sp.html#55135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\nwcou.dll/sp.html#55135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\nwcou.dll/sp.html#55135
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://shdocpe.dll/asst.htm
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {A19B27CF-5741-F8BA-D784-95739AD24FF8} - C:\WINDOWS\system32\ntij32.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {FE912560-84DA-169C-94D6-8B410D6F44B3} - C:\WINDOWS\adddl.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Fast start] C:\WINDOWS\system32\ntnut.exe home
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [ieeg32.exe] C:\WINDOWS\system32\ieeg32.exe
O4 - HKLM\..\Run: [atlqi32.exe] C:\WINDOWS\system32\atlqi32.exe
O4 - HKLM\..\Run: [ipav.exe] C:\WINDOWS\ipav.exe
O4 - HKLM\..\Run: [iebq32.exe] C:\WINDOWS\iebq32.exe
O4 - HKLM\..\Run: [ntoz32.exe] C:\WINDOWS\ntoz32.exe
O4 - HKLM\..\Run: [crnf32.exe] C:\WINDOWS\crnf32.exe
O4 - HKLM\..\Run: [appyh32.exe] C:\WINDOWS\appyh32.exe
O4 - HKLM\..\Run: [ielz32.exe] C:\WINDOWS\system32\ielz32.exe
O4 - HKLM\..\Run: [appzu32.exe] C:\WINDOWS\appzu32.exe
O4 - HKLM\..\Run: [adddl.exe] C:\WINDOWS\adddl.exe
O4 - HKLM\..\Run: [iegw.exe] C:\WINDOWS\system32\iegw.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: SflyMon.lnk = C:\Program Files\Shutterfly Express\SflyMon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe
O4 - Global Startup: EPSON Background Monitor.lnk = C:\Program Files\EPSON\ESM2\STMS.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Search &Dictionary - C:\Program files\Lexico\Toolbar\dictionary.htm
O8 - Extra context menu item: Search &Thesaurus - C:\Program files\Lexico\Toolbar\thesaurus.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - https://webmail1-ssl.hmco.com/iNotes.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1094237621250
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} - http://dictionary.reference.com/tools/toolbar/lexico.cab
O20 - Winlogon Notify: iexplore - ET\rO.dll (file missing)
O23 - Service: Network Security Service (NSS) ( 11F#`I) - Unknown owner - C:\WINDOWS\javayd32.exe" /s (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\EPSON\ESM2\eEBSVC.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

#6 John_McKenna

John_McKenna

    World Class Hairy Chest


  • Members
  • 497 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Liverpool
  • Local time:08:01 PM

Posted 29 July 2005 - 01:08 AM

Ok, two of the files we needed to Kill have been removed. I'm guessing you've already scanned with something. I've therefore dropped the Killbox instructions from my original fix and replaced it with CWShredder which I understand now detects and helps remove this variant. Let me know what CWShredder finds please.


Step 1

Download CWShredder from here.


Step 2

Run HJT again and checkmark the boxes next to the following:-R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\nwcou.dll/sp.html#55135
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://C:\WINDOWS\system32\shdocpe.dll/security.htm#subID=BSW;677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\nwcou.dll/sp.html#55135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\nwcou.dll/sp.html#55135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\nwcou.dll/sp.html#55135
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://shdocpe.dll/asst.htm
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {A19B27CF-5741-F8BA-D784-95739AD24FF8} - C:\WINDOWS\system32\ntij32.dll (file missing)
O2 - BHO: Class - {FE912560-84DA-169C-94D6-8B410D6F44B3} - C:\WINDOWS\adddl.dll (file missing)
O4 - HKLM\..\Run: [Fast start] C:\WINDOWS\system32\ntnut.exe home
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [ieeg32.exe] C:\WINDOWS\system32\ieeg32.exe
O4 - HKLM\..\Run: [atlqi32.exe] C:\WINDOWS\system32\atlqi32.exe
O4 - HKLM\..\Run: [ipav.exe] C:\WINDOWS\ipav.exe
O4 - HKLM\..\Run: [iebq32.exe] C:\WINDOWS\iebq32.exe
O4 - HKLM\..\Run: [ntoz32.exe] C:\WINDOWS\ntoz32.exe
O4 - HKLM\..\Run: [crnf32.exe] C:\WINDOWS\crnf32.exe
O4 - HKLM\..\Run: [appyh32.exe] C:\WINDOWS\appyh32.exe
O4 - HKLM\..\Run: [ielz32.exe] C:\WINDOWS\system32\ielz32.exe
O4 - HKLM\..\Run: [appzu32.exe] C:\WINDOWS\appzu32.exe
O4 - HKLM\..\Run: [adddl.exe] C:\WINDOWS\adddl.exe
O4 - HKLM\..\Run: [iegw.exe] C:\WINDOWS\system32\iegw.exe
O20 - Winlogon Notify: iexplore - ET\rO.dll (file missing)
O23 - Service: Network Security Service (NSS) ( 11F#`I) - Unknown owner - C:\WINDOWS\javayd32.exe" /s (file missing)

Close ALL OPEN WINDOWS/BROWSERS and click "Fix Checked"


Step 3

Reboot into Safe Mode and start About Buster:
  • Close ALL open windows.
  • Click on 'Begin Removal' to start the scan.
  • When the scan has finished let it scan again.
  • Save the log and exit About Buster.
  • A log of the scan will appear in the folder
.

Step 4

Start CleanUp! and do the following:

Click the Options button and select:
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files <-- (XP only)
  • Scan local drives for temporary files
  • Cleanup! All Users
Click the Ok button to close the Options dialog.
Click the CleanUp! button to begin cleaning.
It may take a while depending on the size of the hard drive so be patient.
When complete, close CleanUp but decline to logoff when prompted.


Step 5

Double-click on CWShredder.exe
Click on 'Check for Updates' and download any new reference file.
Click on Fix
Let me know what it found/removed please.

Step 6

Now open Ewido Security Suite:
  • Click on Scanner
  • Click on Complete System Scan and the scan will begin.
  • While in progress you will be prompted to clean files.
  • When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.
  • When the scan is complete, click the Save Report button and save the report .txt file to your desktop.
  • Then close Ewido Security Suite.
WARNING: While the scan is in progress, do NOT open any folders or the Windows Control Panel !!

Step 7

Now double-click the CWSServicemove.reg on your desktop.

Confirm you wish to add the contents to the registry when prompted and then reboot back to normal mode.


Step 8

Run an online virus scan at Trend Micro (Europe) and save the scan log.

Reboot again when complete and post the following:
  • 1. New HijackThis log.
  • 2. About Buster scan log.
  • 3. Ewido scan log.
  • 4. Trend Micro scan log.
  • 5. Feedback on CWShredder.

Want to fight back? Click HERE and learn how to remove spyware.

If I've helped you, please consider donating to the Multiple Sclerosis Society (UK)

#7 johncini

johncini
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:01 PM

Posted 30 July 2005 - 02:54 PM

John,java script:emoticon(':thumbsup:')
smilie

Okay, I followed the steps you outlined and everything seems to have taken. IE has accepted my home page and, so far, no popups.

Thanks for your patience and your insight. This was an awesome experience.

Gerard


Here are the logs you requested:

hijack this:

Logfile of HijackThis v1.99.1
Scan saved at 3:34:23 PM, on 7/30/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\EPSON\ESM2\eEBSVC.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Shutterfly Express\SflyMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Documents and Settings\Gerard\Desktop\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: SflyMon.lnk = C:\Program Files\Shutterfly Express\SflyMon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe
O4 - Global Startup: EPSON Background Monitor.lnk = C:\Program Files\EPSON\ESM2\STMS.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Search &Dictionary - C:\Program files\Lexico\Toolbar\dictionary.htm
O8 - Extra context menu item: Search &Thesaurus - C:\Program files\Lexico\Toolbar\thesaurus.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - https://webmail1-ssl.hmco.com/iNotes.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1094237621250
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} - http://dictionary.reference.com/tools/toolbar/lexico.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\EPSON\ESM2\eEBSVC.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

AboutBuster:

Scan started on [7/30/2005] at [1:44:26 PM]
------------------------------------------------
Removed Stream! C:\WINDOWS\002172_.tmp:ksnrb
Removed Stream! C:\WINDOWS\002180_.tmp:rkrphn
Removed Stream! C:\WINDOWS\aptzc.dat:lvejr
Removed Stream! C:\WINDOWS\bhkvw.dat:jlbuby
Removed Stream! C:\WINDOWS\chipset.log:eggfib
Removed Stream! C:\WINDOWS\clock.avi:hvmcb
Removed Stream! C:\WINDOWS\clock.avi:mtuvxl
Removed Stream! C:\WINDOWS\Constrct.ini:funazv
Removed Stream! C:\WINDOWS\Constrct.ini:nwtgu
Removed Stream! C:\WINDOWS\desktop.ini:phjyeo
Removed Stream! C:\WINDOWS\Directx.log:bliid
Removed Stream! C:\WINDOWS\disney.ini:aqwms
Removed Stream! C:\WINDOWS\DMI.ini:iicdhy
Removed Stream! C:\WINDOWS\DMI.ini:nbliu
Removed Stream! C:\WINDOWS\dsmhd.log:pwzzl
Removed Stream! C:\WINDOWS\EReg077.dat:suctr
Removed Stream! C:\WINDOWS\eyzzj.dat:bdwcj
Removed Stream! C:\WINDOWS\FaxSetup.log:ozllo
Removed Stream! C:\WINDOWS\fbayb.log:yzpvkl
Removed Stream! C:\WINDOWS\GEARInstall.log:nlhvfi
Removed Stream! C:\WINDOWS\gybmd.txt:stndcu
Removed Stream! C:\WINDOWS\hmift.txt:oirsqg
Removed Stream! C:\WINDOWS\hmift.txt:yxdyi
Removed Stream! C:\WINDOWS\ielpx.txt:gwrhj
Removed Stream! C:\WINDOWS\iis6.log:anmsn
Removed Stream! C:\WINDOWS\iis6.log:pfqkz
Removed Stream! C:\WINDOWS\imsins.BAK:oussy
Removed Stream! C:\WINDOWS\INTURS.DAT:tfjlg
Removed Stream! C:\WINDOWS\jautoexp.dat:ynknbd
Removed Stream! C:\WINDOWS\KB834707-IE6SP1-20040929.091901.log:jryxgo
Removed Stream! C:\WINDOWS\KB834707-IE6SP1-20040929.091901.log:juret
Removed Stream! C:\WINDOWS\KB835732.log:ibdnno
Removed Stream! C:\WINDOWS\KB835732.log:rncsvf
Removed Stream! C:\WINDOWS\KB841356.log:uvskk
Removed Stream! C:\WINDOWS\KB841533.log:xbayck
Removed Stream! C:\WINDOWS\KB867282.log:rnzfpr
Removed Stream! C:\WINDOWS\KB871250.log:sqvel
Removed Stream! C:\WINDOWS\KB873376.log:ldzdel
Removed Stream! C:\WINDOWS\KB883939.log:zheuv
Removed Stream! C:\WINDOWS\KB885835.log:bwwvah
Removed Stream! C:\WINDOWS\KB885836.log:hfagt
Removed Stream! C:\WINDOWS\KB886185.log:twpbus
Removed Stream! C:\WINDOWS\KB886185.log:znbkv
Removed Stream! C:\WINDOWS\KB888302.log:wwimy
Removed Stream! C:\WINDOWS\KB890175.log:fryjjp
Removed Stream! C:\WINDOWS\KB890859.log:akrin
Removed Stream! C:\WINDOWS\KB890923.log:rpvaw
Removed Stream! C:\WINDOWS\KB890923.log:zzytqd
Removed Stream! C:\WINDOWS\KB891711.log:glaak
Removed Stream! C:\WINDOWS\KB891711.log:pzbuh
Removed Stream! C:\WINDOWS\KB893066.log:yzaiw
Removed Stream! C:\WINDOWS\KB896422.log:evcxt
Removed Stream! C:\WINDOWS\KB896422.log:mdqcq
Removed Stream! C:\WINDOWS\nsw.log:tijye
Removed Stream! C:\WINDOWS\nsw.log:tinss
Removed Stream! C:\WINDOWS\ocgen.log:ymatf
Removed Stream! C:\WINDOWS\ocmsn.log:msbbqu
Removed Stream! C:\WINDOWS\ODBCINST.INI:isutp
Removed Stream! C:\WINDOWS\OpPrintServer.INI:mfqzp
Removed Stream! C:\WINDOWS\QUICKEN.INI:wtxxod
Removed Stream! C:\WINDOWS\REGLOCS.OLD:advsd
Removed Stream! C:\WINDOWS\regopt.log:gozqd
Removed Stream! C:\WINDOWS\sasyo.log:gbjzn
Removed Stream! C:\WINDOWS\sessmgr.setup.log:aonzl
Removed Stream! C:\WINDOWS\setupact.log:xftck
Removed Stream! C:\WINDOWS\setupapi.log:pleww
Removed Stream! C:\WINDOWS\setupapi.log:xmbjd
Removed Stream! C:\WINDOWS\setuperr.log:qhikp
Removed Stream! C:\WINDOWS\sknla.dat:kmeioq
Removed Stream! C:\WINDOWS\slzuy.log:uvylr
Removed Stream! C:\WINDOWS\spupdsvc.log:icmzfm
Removed Stream! C:\WINDOWS\svcpack.log:bnfpt
Removed Stream! C:\WINDOWS\swwie.txt:uqizt
Removed Stream! C:\WINDOWS\SYMEVENT.LOG:qzeeav
Removed Stream! C:\WINDOWS\system.ini:qjnmb
Removed Stream! C:\WINDOWS\TLCAPPS.INI:vdeso
Removed Stream! C:\WINDOWS\tnqdn.txt:scdnk
Removed Stream! C:\WINDOWS\tsoc.log:ozcvo
Removed Stream! C:\WINDOWS\tsoc.log:tdpkcz
Removed Stream! C:\WINDOWS\umbvf.log:eygvf
Removed Stream! C:\WINDOWS\updspapi.log:wqwkl
Removed Stream! C:\WINDOWS\vb.ini:mehpwj
Removed Stream! C:\WINDOWS\vb.ini:ttppwq
Removed Stream! C:\WINDOWS\vbaddin.ini:yctev
Removed Stream! C:\WINDOWS\Win.Dmi:mryst
Removed Stream! C:\WINDOWS\win.ini:tumki
Removed Stream! C:\WINDOWS\Windows Update.log:eushsd
Removed Stream! C:\WINDOWS\WindowsUpdate.log:mlekj
Removed Stream! C:\WINDOWS\wmsetup.log:tlqti
Removed Stream! C:\WINDOWS\WMSysPr9.prx:knnfn
Removed Stream! C:\WINDOWS\WMSysPrx.prx:kzfkb
Removed Stream! C:\WINDOWS\xgipt.log:qtncu
Removed Stream! C:\WINDOWS\xgipt.log:xgmtr
Removed Stream! C:\WINDOWS\xmbjd.log:wkotuu
Removed Stream! C:\WINDOWS\xpsp1hfm.log:bwblt
Removed Stream! C:\WINDOWS\zgffs.txt:qzefn
Removed Stream! C:\WINDOWS\zgffs.txt:thbvg
Removed Stream! C:\WINDOWS\zgffs.txt:ypifu
Removed Stream! C:\WINDOWS\zyhjd.dat:vpgpx
Removed Stream! C:\WINDOWS\_default.pif:aboqj
Removed Stream! C:\WINDOWS\_default.pif:adxax
Removed Stream! C:\WINDOWS\_default.pif:aekbz
Removed Stream! C:\WINDOWS\_default.pif:agtof
Removed Stream! C:\WINDOWS\_default.pif:ahgtj
Removed Stream! C:\WINDOWS\_default.pif:aogmi
Removed Stream! C:\WINDOWS\_default.pif:axylyv
Removed Stream! C:\WINDOWS\_default.pif:aypdd
Removed Stream! C:\WINDOWS\_default.pif:ayxiq
Removed Stream! C:\WINDOWS\_default.pif:baxie
Removed Stream! C:\WINDOWS\_default.pif:bcpkf
Removed Stream! C:\WINDOWS\_default.pif:bdhrv
Removed Stream! C:\WINDOWS\_default.pif:bdycb
Removed Stream! C:\WINDOWS\_default.pif:brdco
Removed Stream! C:\WINDOWS\_default.pif:bswkc
Removed Stream! C:\WINDOWS\_default.pif:bzvxg
------------------------------------------------
Removed File! : C:\Windows\addnv.dll
Removed File! : C:\Windows\addpp.dll
Removed File! : C:\Windows\addqk32.dll
Removed File! : C:\Windows\addsi32.dll
Removed File! : C:\Windows\addsj32.dll
Removed File! : C:\Windows\addvh.dll
Removed File! : C:\Windows\addys32.dll
Removed File! : C:\Windows\apikw.dll
Removed File! : C:\Windows\apilw32.dll
Removed File! : C:\Windows\apiqn.dll
Removed File! : C:\Windows\appdo32.dll
Removed File! : C:\Windows\apped32.dll
Removed File! : C:\Windows\appjk.dll
Removed File! : C:\Windows\appoi.dll
Removed File! : C:\Windows\appsa.dll
Removed File! : C:\Windows\appzx32.dll
Removed File! : C:\Windows\aptzc.dat
Removed File! : C:\Windows\asaxz.dat
Removed File! : C:\Windows\atlek.dll
Removed File! : C:\Windows\atlev32.dll
Removed File! : C:\Windows\atlit.dll
Removed File! : C:\Windows\atlnf.dll
Removed File! : C:\Windows\atlpd32.dll
Removed File! : C:\Windows\atlqz32.dll
Removed File! : C:\Windows\atlsz.dll
Removed File! : C:\Windows\atlxw.dll
Removed File! : C:\Windows\bhkvw.dat
Removed File! : C:\Windows\brrci.dat
Removed File! : C:\Windows\cmlwm.dat
Removed File! : C:\Windows\crcw.dll
Removed File! : C:\Windows\crdn.dll
Removed File! : C:\Windows\crks.dll
Removed File! : C:\Windows\crsi32.dll
Removed File! : C:\Windows\crur32.dll
Removed File! : C:\Windows\d3lg.dll
Removed File! : C:\Windows\djlqn.dat
Removed File! : C:\Windows\ecnwm.dat
Removed File! : C:\Windows\eyzzj.dat
Removed File! : C:\Windows\iefb.dll
Removed File! : C:\Windows\iemq32.dll
Removed File! : C:\Windows\ihyni.dat
Removed File! : C:\Windows\ipav.dll
Removed File! : C:\Windows\ipia.dll
Removed File! : C:\Windows\ipkc32.dll
Removed File! : C:\Windows\ipno.dll
Removed File! : C:\Windows\ipow32.dll
Removed File! : C:\Windows\ipso32.dll
Removed File! : C:\Windows\ipzd.dll
Removed File! : C:\Windows\javabv32.dll
Removed File! : C:\Windows\javacs.dll
Removed File! : C:\Windows\javaeb.dll
Removed File! : C:\Windows\javalw32.dll
Removed File! : C:\Windows\javasz.dll
Removed File! : C:\Windows\javawu32.dll
Removed File! : C:\Windows\javaya32.dll
Removed File! : C:\Windows\mfcav32.dll
Removed File! : C:\Windows\mfcop.dll
Removed File! : C:\Windows\mfcox.dll
Removed File! : C:\Windows\mfcsk32.dll
Removed File! : C:\Windows\mfcue32.dll
Removed File! : C:\Windows\mfcyh.dll
Removed File! : C:\Windows\mfczp.dll
Removed File! : C:\Windows\msju.dll
Removed File! : C:\Windows\msjx32.dll
Removed File! : C:\Windows\msxg32.dll
Removed File! : C:\Windows\netha.dll
Removed File! : C:\Windows\netle32.dll
Removed File! : C:\Windows\netsq.dll
Removed File! : C:\Windows\nettz.dll
Removed File! : C:\Windows\netxk.dll
Removed File! : C:\Windows\nteq32.dll
Removed File! : C:\Windows\ntjp.dll
Removed File! : C:\Windows\ntoz32.dll
Removed File! : C:\Windows\ojyjr.dat
Removed File! : C:\Windows\oweqg.dat
Removed File! : C:\Windows\owgpd.dat
Removed File! : C:\Windows\qjnmb.dat
Removed File! : C:\Windows\qsfxg.dat
Removed File! : C:\Windows\sdkhv.dll
Removed File! : C:\Windows\sdkos.dll
Removed File! : C:\Windows\sdkvo32.dll
Removed File! : C:\Windows\sdkxk.dll
Removed File! : C:\Windows\sknla.dat
Removed File! : C:\Windows\sysdb.dll
Removed File! : C:\Windows\sysej32.dll
Removed File! : C:\Windows\sysfw.dll
Removed File! : C:\Windows\sysrh32.dll
Removed File! : C:\Windows\systr32.dll
Removed File! : C:\Windows\sysvh.dll
Removed File! : C:\Windows\windu.dll
Removed File! : C:\Windows\winfq.dll
Removed File! : C:\Windows\winjd.dll
Removed File! : C:\Windows\winle.dll
Removed File! : C:\Windows\winlw.dll
Removed File! : C:\Windows\winrh.dll
Removed File! : C:\Windows\winrv.dll
Removed File! : C:\Windows\wintf.dll
Removed File! : C:\Windows\winyf.dll
Removed File! : C:\Windows\System32\addau32.dll
Removed File! : C:\Windows\System32\addno.dll
Removed File! : C:\Windows\System32\addpe.dll
Removed File! : C:\Windows\System32\addpo.dll
Removed File! : C:\Windows\System32\ahtip.dat
Removed File! : C:\Windows\System32\apilb.dll
Removed File! : C:\Windows\System32\apiqd.dll
Removed File! : C:\Windows\System32\apirx.dll
Removed File! : C:\Windows\System32\apizp32.dll
Removed File! : C:\Windows\System32\appfz.dll
Removed File! : C:\Windows\System32\appha.dll
Removed File! : C:\Windows\System32\appwy.dll
Removed File! : C:\Windows\System32\atlfb32.dll
Removed File! : C:\Windows\System32\atlhd.dll
Removed File! : C:\Windows\System32\atlrd.dll
Removed File! : C:\Windows\System32\atltq32.dll
Removed File! : C:\Windows\System32\atlvm32.dll
Removed File! : C:\Windows\System32\avixf.dat
Removed File! : C:\Windows\System32\bsrxz.dat
Removed File! : C:\Windows\System32\bweqq.dat
Removed File! : C:\Windows\System32\cojbz.dat
Removed File! : C:\Windows\System32\craa.dll
Removed File! : C:\Windows\System32\creh32.dll
Removed File! : C:\Windows\System32\crii32.dll
Removed File! : C:\Windows\System32\crmt.dll
Removed File! : C:\Windows\System32\crnz.dll
Removed File! : C:\Windows\System32\cxzje.dat
Removed File! : C:\Windows\System32\d3fk32.dll
Removed File! : C:\Windows\System32\d3fl.dll
Removed File! : C:\Windows\System32\d3hm32.dll
Removed File! : C:\Windows\System32\d3je.dll
Removed File! : C:\Windows\System32\d3lt32.dll
Removed File! : C:\Windows\System32\d3nw.dll
Removed File! : C:\Windows\System32\d3op32.dll
Removed File! : C:\Windows\System32\d3uy32.dll
Removed File! : C:\Windows\System32\d3xd32.dll
Removed File! : C:\Windows\System32\d3xt.dll
Removed File! : C:\Windows\System32\eimvk.dat
Removed File! : C:\Windows\System32\fvrpw.dat
Removed File! : C:\Windows\System32\hmqrq.dat
Removed File! : C:\Windows\System32\htifp.dat
Removed File! : C:\Windows\System32\iebf32.dll
Removed File! : C:\Windows\System32\iecq32.dll
Removed File! : C:\Windows\System32\ieib.dll
Removed File! : C:\Windows\System32\iepg32.dll
Removed File! : C:\Windows\System32\ievh.dll
Removed File! : C:\Windows\System32\ipbd32.dll
Removed File! : C:\Windows\System32\ipmd32.dll
Removed File! : C:\Windows\System32\iptf32.dll
Removed File! : C:\Windows\System32\ipwc32.dll
Removed File! : C:\Windows\System32\javadk32.dll
Removed File! : C:\Windows\System32\javaft.dll
Removed File! : C:\Windows\System32\javagz32.dll
Removed File! : C:\Windows\System32\javamr32.dll
Removed File! : C:\Windows\System32\kfkoy.dat
Removed File! : C:\Windows\System32\mfccy.dll
Removed File! : C:\Windows\System32\mfcen.dll
Removed File! : C:\Windows\System32\mfcez32.dll
Removed File! : C:\Windows\System32\mfcrt32.dll
Removed File! : C:\Windows\System32\mfcww.dll
Removed File! : C:\Windows\System32\mfcym.dll
Removed File! : C:\Windows\System32\msck32.dll
Removed File! : C:\Windows\System32\mssz32.dll
Removed File! : C:\Windows\System32\msvr32.dll
Removed File! : C:\Windows\System32\msxu32.dll
Removed File! : C:\Windows\System32\msyk.dll
Removed File! : C:\Windows\System32\netam32.dll
Removed File! : C:\Windows\System32\netav32.dll
Removed File! : C:\Windows\System32\netcn32.dll
Removed File! : C:\Windows\System32\nethl32.dll
Removed File! : C:\Windows\System32\netkq.dll
Removed File! : C:\Windows\System32\netlf.dll
Removed File! : C:\Windows\System32\netqm32.dll
Removed File! : C:\Windows\System32\netqp32.dll
Removed File! : C:\Windows\System32\netuj.dll
Removed File! : C:\Windows\System32\ntlo32.dll
Removed File! : C:\Windows\System32\ntpk.dll
Removed File! : C:\Windows\System32\ntqa.dll
Removed File! : C:\Windows\System32\ntws32.dll
Removed File! : C:\Windows\System32\ntyb.dll
Removed File! : C:\Windows\System32\nvycg.dat
Removed File! : C:\Windows\System32\okhcv.dat
Removed File! : C:\Windows\System32\rychp.dat
Removed File! : C:\Windows\System32\sdkcn.dll
Removed File! : C:\Windows\System32\sdkkx.dll
Removed File! : C:\Windows\System32\sdkqu.dll
Removed File! : C:\Windows\System32\sdksv32.dll
Removed File! : C:\Windows\System32\sdkxl.dll
Removed File! : C:\Windows\System32\sdkzl.dll
Removed File! : C:\Windows\System32\sntvm.dat
Removed File! : C:\Windows\System32\sysbi32.dll
Removed File! : C:\Windows\System32\sysje32.dll
Removed File! : C:\Windows\System32\sysqq32.dll
Removed File! : C:\Windows\System32\tkbta.dat
Removed File! : C:\Windows\System32\windg.dll
Removed File! : C:\Windows\System32\winmf.dll
Removed File! : C:\Windows\System32\winsv32.dll
Removed File! : C:\Windows\System32\winsx.dll
Removed File! : C:\Windows\System32\wintk32.dll
Removed File! : C:\Windows\System32\winvj32.dll
Removed File! : C:\Windows\System32\wrgdt.dat
Removed File! : C:\Windows\System32\znbkv.dat
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 1:46:40 PM


AboutBuster 5.0 reference file 31
Scan started on [7/30/2005] at [1:48:25 PM]
------------------------------------------------
Removed Stream! C:\WINDOWS\_default.pif:cbflt
Removed Stream! C:\WINDOWS\_default.pif:cdwtu
Removed Stream! C:\WINDOWS\_default.pif:chpdr
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 1:48:51 PM


Ewido:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 2:54:03 PM, 7/30/2005
+ Report-Checksum: B83EAFED

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{04D2569C-ED83-79FB-0E43-F43DFA258774} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{151272FB-2CD4-E387-93B1-F52B2911D0EE} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{19ADC647-766D-0AC1-0176-44846D7DA203} -> Spyware.HomeSearchAssistant : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1BD83F34-5674-FA0D-E5B2-7D7655F0D46F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{26F5CDB0-3ADD-70F3-F30F-8DD2B92D52FF} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{30E36B0A-CA1D-18E7-7FD2-9BA91D4D1710} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{316D6034-8672-118C-728F-D9D78EFEA265} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{32FB9A97-C47A-795A-3B47-9A97C1448DFC} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{36846EB6-C1B1-A145-B3CE-F5740FA22FF8} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3684B1D1-C737-AA3A-00B8-83FE7FF3C058} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3F15B481-32E2-FE85-96FA-A8976289B4FD} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{43F226F3-3EDD-1F6E-B1F9-426F80DAB07E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{452C15DF-936D-C8CB-B825-97DD4A210ABD} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{62B52B4D-547B-BFC7-9850-79709FDECF27} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{64AB146B-0C39-DEC3-5AED-E2DA773C655F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{67D02480-710B-80D7-0624-27BB57B32CDE} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{735DDAC7-F8F1-47DD-D87A-6AF0100B6A48} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8735EBDB-E5CE-D8EC-D853-7210E5BC2584} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{877DBFE0-6233-B1C4-8252-A4475BCF6DD2} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8DF52E69-BA52-5F6E-2A2A-0CD81E0F3492} -> Spyware.BetterInternet : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{97AE0F1E-7B7E-36A8-38C3-AF261C74234A} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{AF6BCC5C-38B1-5871-226C-AC6482380057} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B59A1E0B-4C94-AA3A-C37F-94C8BFC643E7} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B91259B9-BE3B-D475-8861-62B879410E5E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BA8C901D-7125-D60E-C709-3E7F4A433A01} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BE5DCDBC-54D3-95EA-B258-2D53BD817431} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BF680029-9EFC-9F01-F3C3-ECC0A8DF53A1} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C66A3BCE-13D0-313C-897A-B77CA925363F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C6986041-AF54-9AEF-5EA0-8C5C69D8DEB3} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D25A4A72-58EB-1395-AF54-321D1954EE5B} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D27DD7B4-A72B-4B66-2BD3-262B793A3C2C} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D377FF80-B093-7377-D7F1-2D8792CCF322} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{DD25AEF3-3DC7-625D-F3C6-DE10B7C6BF82} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{DF7066E9-8EE8-8682-F43E-2BF8E7E7D760} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E647591B-D33E-72B8-A7F0-9D55C2A7369D} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E86BE419-1604-4EE0-BE0A-2F9928513BDC} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E8A06DEA-6626-407D-5720-FE211C989AC1} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FA112FA2-B6C7-CE6A-DE50-FEAF22C15154} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FDEDD1BB-EE5D-1AF2-C50B-11681C5E2A93} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-1292428093-602609370-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{19ADC647-766D-0AC1-0176-44846D7DA203} -> Spyware.HomeSearchAssistant : Cleaned with backup
HKU\S-1-5-21-1292428093-602609370-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{316D6034-8672-118C-728F-D9D78EFEA265} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-1292428093-602609370-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{97AE0F1E-7B7E-36A8-38C3-AF261C74234A} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-1292428093-602609370-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B59A1E0B-4C94-AA3A-C37F-94C8BFC643E7} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-1292428093-602609370-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C66A3BCE-13D0-313C-897A-B77CA925363F} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-1292428093-602609370-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D25A4A72-58EB-1395-AF54-321D1954EE5B} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-1292428093-602609370-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E86BE419-1604-4EE0-BE0A-2F9928513BDC} -> Spyware.CoolWebSearch : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.143:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Realtracker : Cleaned with backup
:mozilla.153:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.178:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.180:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.214:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.215:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.216:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.224:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.225:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.226:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.227:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.230:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.251:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.259:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.268:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.280:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.281:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.294:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.295:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.301:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
:mozilla.308:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.309:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.311:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.314:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.346:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.351:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.366:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.373:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.374:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.375:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.376:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.377:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.381:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
C:\WINDOWS\addaf32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addct.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\adddy.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\addem.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addfj.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addgl.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addig32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addip.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\addjp32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addky.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addmg32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addos.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\addqc32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addqi32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addsr32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addvo32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addxo.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addxs32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addye32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addzg32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apiad.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apiak.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apicq32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apidz32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apiee32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apiii32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apilb.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apiom32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apioo.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apitp.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apiuv32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apiyh.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appcb.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appdc32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appgi32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appip.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appkp32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appmy.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appop.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appqk.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appqt32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appsz.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appwt32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atldi32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atljp.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlnx.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlpp.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlsd.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlsk32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlst32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atltj.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atluw32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlvs.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlxc.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crbz.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crgo32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crka.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crkp.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crmn.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crmt.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crph.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\crpi32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crso32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\cruj.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crww32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crxb32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\cryt.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\cryt32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3az32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3bu32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3ed32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3eu32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3ex.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3fd.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3gb32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3io.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3ir32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3iv.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3iy32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3kc.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3kf32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3lg32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3ou32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3ow32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3so.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3uq.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3vm32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3xq.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3zk.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\DMI.ini:ypezr -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\fufxu.txt:mrmhyj -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iecs.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ieds.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ieee.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\iefo.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iejx32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iekf.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ielpx.txt:tijyeh -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ielpx.txt:zswel -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\iemd.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ieoc32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iesq32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ieyd.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ieyr.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iezx.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iezy.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipdn.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipkb.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iple32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipoh32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipsl32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iptj.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipuk32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipvo.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipxz32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javadw32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javaep32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javafl.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javalt.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javalt32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javamk32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javane32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javaqd32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javasz.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javata32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javatg32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javauf32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javayi.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javazv.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ktyiw.txt:yqzcgj -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\kzfkb.txt:pxnhp -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\mfcct.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcmk32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcmv32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcmy.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcne.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcpg.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcpg32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcqj32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcrm32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcvt.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcyh.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcyk32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfczc32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfczn.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msah.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mscb.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msfj32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msgl32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msgn.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msif32.exe ->

#8 John_McKenna

John_McKenna

    World Class Hairy Chest


  • Members
  • 497 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Liverpool
  • Local time:08:01 PM

Posted 30 July 2005 - 03:42 PM

You fixed it my friend. I just told you how. :thumbsup:

Your HJT log is clean but I'd like to see the complete ewido log if you can post it again please. The scan log looks incomplete.

What did CWShredder find?
Want to fight back? Click HERE and learn how to remove spyware.

If I've helped you, please consider donating to the Multiple Sclerosis Society (UK)

#9 johncini

johncini
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:01 PM

Posted 30 July 2005 - 11:27 PM

Here is the entire ewido log. I must have truncated it when I copied it in. One odd side-effect I'm having; My Norton Firewall and the Auto-Scan and Email Scanning options on Norton Anti-virus have been disabled and I can't enable them. I get an error message saying that I don't have rights to make changes to the program.

Probably a related issue: When I try to download music from Itunes or buy a book from Amazon, I get a message saying that THE CONNECTION WAS REFUSED.

What's going on? Could the virus have somehow corrupted my firewall, blocking all secure connectins?

Anyway, here's the log. You've been a great help. Thanks again.

ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 2:54:03 PM, 7/30/2005
+ Report-Checksum: B83EAFED

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{04D2569C-ED83-79FB-0E43-F43DFA258774} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{151272FB-2CD4-E387-93B1-F52B2911D0EE} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{19ADC647-766D-0AC1-0176-44846D7DA203} -> Spyware.HomeSearchAssistant : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1BD83F34-5674-FA0D-E5B2-7D7655F0D46F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{26F5CDB0-3ADD-70F3-F30F-8DD2B92D52FF} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{30E36B0A-CA1D-18E7-7FD2-9BA91D4D1710} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{316D6034-8672-118C-728F-D9D78EFEA265} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{32FB9A97-C47A-795A-3B47-9A97C1448DFC} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{36846EB6-C1B1-A145-B3CE-F5740FA22FF8} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3684B1D1-C737-AA3A-00B8-83FE7FF3C058} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3F15B481-32E2-FE85-96FA-A8976289B4FD} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{43F226F3-3EDD-1F6E-B1F9-426F80DAB07E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{452C15DF-936D-C8CB-B825-97DD4A210ABD} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{62B52B4D-547B-BFC7-9850-79709FDECF27} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{64AB146B-0C39-DEC3-5AED-E2DA773C655F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{67D02480-710B-80D7-0624-27BB57B32CDE} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{735DDAC7-F8F1-47DD-D87A-6AF0100B6A48} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8735EBDB-E5CE-D8EC-D853-7210E5BC2584} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{877DBFE0-6233-B1C4-8252-A4475BCF6DD2} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8DF52E69-BA52-5F6E-2A2A-0CD81E0F3492} -> Spyware.BetterInternet : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{97AE0F1E-7B7E-36A8-38C3-AF261C74234A} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{AF6BCC5C-38B1-5871-226C-AC6482380057} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B59A1E0B-4C94-AA3A-C37F-94C8BFC643E7} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B91259B9-BE3B-D475-8861-62B879410E5E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BA8C901D-7125-D60E-C709-3E7F4A433A01} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BE5DCDBC-54D3-95EA-B258-2D53BD817431} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BF680029-9EFC-9F01-F3C3-ECC0A8DF53A1} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C66A3BCE-13D0-313C-897A-B77CA925363F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C6986041-AF54-9AEF-5EA0-8C5C69D8DEB3} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D25A4A72-58EB-1395-AF54-321D1954EE5B} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D27DD7B4-A72B-4B66-2BD3-262B793A3C2C} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D377FF80-B093-7377-D7F1-2D8792CCF322} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{DD25AEF3-3DC7-625D-F3C6-DE10B7C6BF82} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{DF7066E9-8EE8-8682-F43E-2BF8E7E7D760} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E647591B-D33E-72B8-A7F0-9D55C2A7369D} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E86BE419-1604-4EE0-BE0A-2F9928513BDC} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E8A06DEA-6626-407D-5720-FE211C989AC1} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FA112FA2-B6C7-CE6A-DE50-FEAF22C15154} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FDEDD1BB-EE5D-1AF2-C50B-11681C5E2A93} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-1292428093-602609370-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{19ADC647-766D-0AC1-0176-44846D7DA203} -> Spyware.HomeSearchAssistant : Cleaned with backup
HKU\S-1-5-21-1292428093-602609370-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{316D6034-8672-118C-728F-D9D78EFEA265} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-1292428093-602609370-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{97AE0F1E-7B7E-36A8-38C3-AF261C74234A} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-1292428093-602609370-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B59A1E0B-4C94-AA3A-C37F-94C8BFC643E7} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-1292428093-602609370-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C66A3BCE-13D0-313C-897A-B77CA925363F} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-1292428093-602609370-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D25A4A72-58EB-1395-AF54-321D1954EE5B} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-1292428093-602609370-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E86BE419-1604-4EE0-BE0A-2F9928513BDC} -> Spyware.CoolWebSearch : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.143:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Realtracker : Cleaned with backup
:mozilla.153:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.178:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.180:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.214:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.215:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.216:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.224:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.225:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.226:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.227:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.230:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.251:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.259:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.268:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.280:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.281:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.294:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.295:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.301:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
:mozilla.308:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.309:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.311:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.314:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.346:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.351:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.366:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.373:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.374:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.375:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.376:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.377:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.381:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
C:\WINDOWS\addaf32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addct.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\adddy.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\addem.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addfj.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addgl.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addig32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addip.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\addjp32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addky.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addmg32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addos.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\addqc32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addqi32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addsr32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addvo32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addxo.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addxs32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addye32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addzg32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apiad.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apiak.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apicq32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apidz32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apiee32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apiii32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apilb.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apiom32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apioo.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apitp.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apiuv32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apiyh.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appcb.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appdc32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appgi32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appip.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appkp32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appmy.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appop.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appqk.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appqt32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appsz.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appwt32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atldi32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atljp.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlnx.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlpp.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlsd.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlsk32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlst32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atltj.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atluw32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlvs.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlxc.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crbz.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crgo32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crka.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crkp.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crmn.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crmt.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crph.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\crpi32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crso32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\cruj.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crww32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crxb32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\cryt.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\cryt32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3az32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3bu32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3ed32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3eu32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3ex.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3fd.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3gb32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3io.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3ir32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3iv.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3iy32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3kc.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3kf32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3lg32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3ou32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3ow32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3so.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3uq.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3vm32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3xq.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3zk.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\DMI.ini:ypezr -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\fufxu.txt:mrmhyj -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iecs.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ieds.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ieee.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\iefo.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iejx32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iekf.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ielpx.txt:tijyeh -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ielpx.txt:zswel -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\iemd.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ieoc32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iesq32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ieyd.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ieyr.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iezx.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iezy.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipdn.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipkb.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iple32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipoh32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipsl32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iptj.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipuk32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipvo.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipxz32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javadw32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javaep32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javafl.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javalt.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javalt32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javamk32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javane32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javaqd32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javasz.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javata32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javatg32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javauf32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javayi.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javazv.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ktyiw.txt:yqzcgj -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\kzfkb.txt:pxnhp -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\mfcct.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcmk32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcmv32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcmy.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcne.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcpg.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcpg32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcqj32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcrm32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcvt.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcyh.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcyk32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfczc32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfczn.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msah.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mscb.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msfj32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msgl32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msgn.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msif32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msiq.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msja32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msnr32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\msoe32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msqc32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msst.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msut32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msyn32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netct32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netdy32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netfi32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netfo.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netkl.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netlj32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netma32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netoh32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netqi.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netqz.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netsd.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\nettf32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\nettn32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netty.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netvj.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\netxq.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\netyq.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntbg32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntbl.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntbt.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntee32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntgh.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntgy.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntht.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntiq32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntit.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntlq.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntlt32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntlz.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntnm.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntof32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntpw32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ntql32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntrc32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntrj32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntte.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntwu32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntxq.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntxy.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ODBC.INI:jzmurk -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ODBCINST.INI:wjydp -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\OEWABLog.txt:qkozum -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\OpPrintServer.INI:czfaln -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\OpPrintServer.INI:ekmqa -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\putxh.txt:tlxem -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\sdkdq32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkfg32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkfn.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkhy.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkic32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkkj.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkkj32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\sdknc32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\sdknw32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkoy.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\sdkpd.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkpl32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkqw32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdksx.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkyr.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sqixq.txt:olqszy -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\sysaw32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sysdg32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sysdt32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sysgi32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sysgq.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sysha32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sysig32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sysjg.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sysjr32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\syskq32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sysmd.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sysms32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sysnv.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\syspv32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\syssy.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system.ini:lzgnoi -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32:tfaa.dll -> TrojanDownloader.Small.azk : Cleaned with backup
C:\WINDOWS\system32\addbb32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\addbj32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\addbl32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\adddn32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\adddt32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\adddv32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\addee32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\addhc32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\addhi.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\addkh.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\addll.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\addnq.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\addor32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\addow.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\addrs32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\addvk32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\addwp32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\addxa.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\addyk32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\addzo.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\addzs.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apifl32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apijs.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apilr32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\apimd32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apims.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apiof32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apiot32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apisb32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apisn32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apitf32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apivp32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apivv32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apivz.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apiyf32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apiyh32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apizm.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apizt32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\appcq32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\appcv32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\appdl32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\appef32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\appfx32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apphz.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apppz.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apprv32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\appsc.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\appuj32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\appum.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\appvh32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\appwm32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\appyi.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\appzl.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\atlcf32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\atlfu32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\atlhs.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\atlif32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\atlil32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\atlkg.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\atlkj.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\atlld32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\atlmh.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\atlpy32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\atlrd.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\atlsh32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\atlud32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\atlyh.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\atlyq.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\crbg32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\crhp.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\crjo.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\crkz32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\crmd32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\crnm32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\crrv32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\crsw32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\crtw32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\crub32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\crue.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\crxs32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\crxt32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\cryr.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\d3co32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\d3dj.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\d3ex.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\d3gk.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\d3ha32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\d3he.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\d3ia32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\d3if32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\d3jh.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\d3kh32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\d3md32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\d3mm32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\d3mw.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\d3ns32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\d3op32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\d3pm32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\d3ss.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\d3uc.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\d3ug32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\d3vy32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\d3wy32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\d3yc32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\iebf32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\iecj32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ieea32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\iegx.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\iekd32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ielc32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ieos32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ieov32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\iepf.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ievf.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ievn32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\iewy32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ieye.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\iezm32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ipax32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ipdf.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ipfn32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ipgx.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\iphs32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ipie.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ipix32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ipjl.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\iplj32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ipll32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\iplm32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ippa.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ipqq32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\iptu.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ipue32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ipwm32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ipyu32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\javaam.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\javaej32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\javafn32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\javagc.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\javahc32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\javahy.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\javaie32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\javajr32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\javalf.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\javaru.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\javaul32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\javazp.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mfccz.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mfcea32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mfcep32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mfcfv32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mfcjk.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mfcma.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mfcmd32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\mfcog.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mfcpm.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mfcrh32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mfcwf32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\msai.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\msaz32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mseb32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\msfb.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\msgp32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mshn32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\msjy32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mskn32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\msmt.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\msnf32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\msnw.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\msop.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\msqj32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mstj.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\msyt32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\netag.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\netaj32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\netbd32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\netdd.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\netdu.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\netgy32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\netlb.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\netmk.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\netmn32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\netmo32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\netnq.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\netse.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\netts32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\netuc32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\netuf32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\netul32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\netwk.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\netyb.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\netzu32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ntbp.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ntck32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ntei32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ntjh32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ntjv.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ntmn.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ntmz32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ntov32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ntpd.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ntrb32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ntxz32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ntzj32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sdkco32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sdkdy32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sdkem.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sdkfw.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\sdkgu32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sdkih.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sdkkq.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sdkkz32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sdklj.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sdklw32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sdkmb32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sdkoy.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sdkti32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sdkzp.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\syscu.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\syshm.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\syshw32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sysne32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sysoe32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sysqj32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sysqr.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\syswg.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sysxq32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sysyb32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\syszt32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\winbz.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\wincj32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\winge32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\winno.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\winoj32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\winrp.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\wintg.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\winti.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\winud.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\winvz32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\winxk32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\winze.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\winzl32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sysvv32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\syswo.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sysxx32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sysya32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sysyg32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sysyw32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\syszt3

#10 johncini

johncini
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:01 PM

Posted 30 July 2005 - 11:31 PM

I noticed the log got cut off again. Let's try that again from a Word file:

ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 2:54:03 PM, 7/30/2005
+ Report-Checksum: B83EAFED

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{04D2569C-ED83-79FB-0E43-F43DFA258774} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{151272FB-2CD4-E387-93B1-F52B2911D0EE} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{19ADC647-766D-0AC1-0176-44846D7DA203} -> Spyware.HomeSearchAssistant : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1BD83F34-5674-FA0D-E5B2-7D7655F0D46F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{26F5CDB0-3ADD-70F3-F30F-8DD2B92D52FF} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{30E36B0A-CA1D-18E7-7FD2-9BA91D4D1710} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{316D6034-8672-118C-728F-D9D78EFEA265} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{32FB9A97-C47A-795A-3B47-9A97C1448DFC} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{36846EB6-C1B1-A145-B3CE-F5740FA22FF8} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3684B1D1-C737-AA3A-00B8-83FE7FF3C058} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3F15B481-32E2-FE85-96FA-A8976289B4FD} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{43F226F3-3EDD-1F6E-B1F9-426F80DAB07E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{452C15DF-936D-C8CB-B825-97DD4A210ABD} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{62B52B4D-547B-BFC7-9850-79709FDECF27} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{64AB146B-0C39-DEC3-5AED-E2DA773C655F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{67D02480-710B-80D7-0624-27BB57B32CDE} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{735DDAC7-F8F1-47DD-D87A-6AF0100B6A48} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8735EBDB-E5CE-D8EC-D853-7210E5BC2584} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{877DBFE0-6233-B1C4-8252-A4475BCF6DD2} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8DF52E69-BA52-5F6E-2A2A-0CD81E0F3492} -> Spyware.BetterInternet : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{97AE0F1E-7B7E-36A8-38C3-AF261C74234A} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{AF6BCC5C-38B1-5871-226C-AC6482380057} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B59A1E0B-4C94-AA3A-C37F-94C8BFC643E7} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B91259B9-BE3B-D475-8861-62B879410E5E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BA8C901D-7125-D60E-C709-3E7F4A433A01} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BE5DCDBC-54D3-95EA-B258-2D53BD817431} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BF680029-9EFC-9F01-F3C3-ECC0A8DF53A1} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C66A3BCE-13D0-313C-897A-B77CA925363F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C6986041-AF54-9AEF-5EA0-8C5C69D8DEB3} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D25A4A72-58EB-1395-AF54-321D1954EE5B} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D27DD7B4-A72B-4B66-2BD3-262B793A3C2C} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D377FF80-B093-7377-D7F1-2D8792CCF322} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{DD25AEF3-3DC7-625D-F3C6-DE10B7C6BF82} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{DF7066E9-8EE8-8682-F43E-2BF8E7E7D760} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E647591B-D33E-72B8-A7F0-9D55C2A7369D} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E86BE419-1604-4EE0-BE0A-2F9928513BDC} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E8A06DEA-6626-407D-5720-FE211C989AC1} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FA112FA2-B6C7-CE6A-DE50-FEAF22C15154} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FDEDD1BB-EE5D-1AF2-C50B-11681C5E2A93} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-1292428093-602609370-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{19ADC647-766D-0AC1-0176-44846D7DA203} -> Spyware.HomeSearchAssistant : Cleaned with backup
HKU\S-1-5-21-1292428093-602609370-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{316D6034-8672-118C-728F-D9D78EFEA265} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-1292428093-602609370-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{97AE0F1E-7B7E-36A8-38C3-AF261C74234A} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-1292428093-602609370-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B59A1E0B-4C94-AA3A-C37F-94C8BFC643E7} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-1292428093-602609370-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C66A3BCE-13D0-313C-897A-B77CA925363F} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-1292428093-602609370-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D25A4A72-58EB-1395-AF54-321D1954EE5B} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-1292428093-602609370-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E86BE419-1604-4EE0-BE0A-2F9928513BDC} -> Spyware.CoolWebSearch : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.143:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Realtracker : Cleaned with backup
:mozilla.153:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.178:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.180:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.214:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.215:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.216:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.224:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.225:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.226:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.227:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.230:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.251:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.259:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.268:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.280:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.281:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.294:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.295:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.301:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
:mozilla.308:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.309:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.311:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.314:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.346:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.351:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.366:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.373:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.374:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.375:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.376:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.377:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.381:C:\Documents and Settings\Gerard\Application Data\Mozilla\Firefox\Profiles\8k7qpmt7.Default User\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
C:\WINDOWS\addaf32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addct.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\adddy.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\addem.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addfj.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addgl.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addig32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addip.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\addjp32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addky.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addmg32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addos.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\addqc32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addqi32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addsr32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addvo32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addxo.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addxs32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addye32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addzg32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apiad.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apiak.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apicq32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apidz32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apiee32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apiii32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apilb.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apiom32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apioo.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apitp.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apiuv32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apiyh.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appcb.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appdc32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appgi32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appip.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appkp32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appmy.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appop.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appqk.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appqt32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appsz.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appwt32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atldi32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atljp.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlnx.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlpp.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlsd.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlsk32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlst32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atltj.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atluw32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlvs.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlxc.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crbz.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crgo32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crka.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crkp.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crmn.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crmt.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crph.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\crpi32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crso32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\cruj.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crww32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crxb32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\cryt.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\cryt32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3az32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3bu32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3ed32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3eu32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3ex.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3fd.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3gb32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3io.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3ir32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3iv.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3iy32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3kc.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3kf32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3lg32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3ou32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3ow32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3so.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3uq.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3vm32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3xq.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3zk.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\DMI.ini:ypezr -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\fufxu.txt:mrmhyj -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iecs.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ieds.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ieee.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\iefo.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iejx32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iekf.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ielpx.txt:tijyeh -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ielpx.txt:zswel -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\iemd.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ieoc32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iesq32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ieyd.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ieyr.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iezx.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iezy.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipdn.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipkb.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iple32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipoh32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipsl32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iptj.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipuk32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipvo.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipxz32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javadw32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javaep32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javafl.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javalt.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javalt32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javamk32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javane32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javaqd32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javasz.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javata32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javatg32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javauf32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javayi.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javazv.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ktyiw.txt:yqzcgj -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\kzfkb.txt:pxnhp -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\mfcct.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcmk32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcmv32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcmy.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcne.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcpg.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcpg32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcqj32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcrm32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcvt.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcyh.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcyk32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfczc32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfczn.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msah.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mscb.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msfj32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msgl32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msgn.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msif32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msiq.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msja32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msnr32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\msoe32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msqc32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msst.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msut32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msyn32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netct32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netdy32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netfi32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netfo.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netkl.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netlj32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netma32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netoh32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netqi.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netqz.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netsd.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\nettf32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\nettn32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netty.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netvj.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\netxq.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\netyq.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntbg32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntbl.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntbt.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntee32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntgh.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntgy.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntht.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntiq32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntit.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntlq.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntlt32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntlz.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntnm.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntof32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntpw32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ntql32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntrc32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntrj32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntte.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntwu32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntxq.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntxy.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ODBC.INI:jzmurk -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ODBCINST.INI:wjydp -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\OEWABLog.txt:qkozum -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\OpPrintServer.INI:czfaln -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\OpPrintServer.INI:ekmqa -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\putxh.txt:tlxem -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\sdkdq32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkfg32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkfn.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkhy.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkic32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkkj.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkkj32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\sdknc32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\sdknw32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkoy.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\sdkpd.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkpl32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkqw32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdksx.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkyr.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sqixq.txt:olqszy -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\sysaw32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sysdg32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sysdt32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sysgi32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sysgq.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sysha32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sysig32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sysjg.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sysjr32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\syskq32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sysmd.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sysms32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sysnv.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\syspv32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\syssy.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system.ini:lzgnoi -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32:tfaa.dll -> TrojanDownloader.Small.azk : Cleaned with backup
C:\WINDOWS\system32\addbb32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\addbj32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\addbl32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\adddn32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\adddt32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\adddv32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\addee32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\addhc32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\addhi.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\addkh.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\addll.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\addnq.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\addor32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\addow.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\addrs32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\addvk32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\addwp32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\addxa.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\addyk32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\addzo.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\addzs.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apifl32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apijs.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apilr32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\apimd32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apims.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apiof32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apiot32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apisb32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apisn32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apitf32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apivp32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apivv32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apivz.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apiyf32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apiyh32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apizm.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apizt32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\appcq32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\appcv32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\appdl32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\appef32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\appfx32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apphz.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apppz.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apprv32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\appsc.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\appuj32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\appum.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\appvh32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\appwm32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\appyi.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\appzl.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\atlcf32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\atlfu32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\atlhs.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\atlif32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\atlil32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\atlkg.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\atlkj.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\atlld32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\atlmh.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\atlpy32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\atlrd.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\atlsh32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\atlud32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\atlyh.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\atlyq.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\crbg32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\crhp.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\crjo.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\crkz32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\crmd32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\crnm32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\crrv32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\crsw32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\crtw32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\crub32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\crue.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\crxs32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\crxt32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\cryr.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\d3co32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\d3dj.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\d3ex.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\d3gk.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\d3ha32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\d3he.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\d3ia32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\d3if32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\d3jh.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\d3kh32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\d3md32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\d3mm32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\d3mw.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\d3ns32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\d3op32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\d3pm32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\d3ss.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\d3uc.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\d3ug32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\d3vy32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\d3wy32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\d3yc32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\iebf32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\iecj32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ieea32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\iegx.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\iekd32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ielc32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ieos32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ieov32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\iepf.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ievf.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ievn32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\iewy32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ieye.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\iezm32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ipax32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ipdf.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ipfn32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ipgx.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\iphs32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ipie.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ipix32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ipjl.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\iplj32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ipll32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\iplm32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ippa.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ipqq32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\iptu.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ipue32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ipwm32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ipyu32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\javaam.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\javaej32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\javafn32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\javagc.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\javahc32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\javahy.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\javaie32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\javajr32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\javalf.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\javaru.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\javaul32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\javazp.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mfccz.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mfcea32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mfcep32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mfcfv32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mfcjk.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mfcma.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mfcmd32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\mfcog.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mfcpm.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mfcrh32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mfcwf32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\msai.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\msaz32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mseb32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\msfb.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\msgp32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mshn32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\msjy32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mskn32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\msmt.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\msnf32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\msnw.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\msop.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\msqj32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mstj.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\msyt32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\netag.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\netaj32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\netbd32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\netdd.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\netdu.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\netgy32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\netlb.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\netmk.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\netmn32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\netmo32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\netnq.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\netse.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\netts32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\netuc32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\netuf32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\netul32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\netwk.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\netyb.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\netzu32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ntbp.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ntck32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ntei32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ntjh32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ntjv.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ntmn.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ntmz32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ntov32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ntpd.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ntrb32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ntxz32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ntzj32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sdkco32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sdkdy32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sdkem.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sdkfw.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\sdkgu32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sdkih.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sdkkq.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sdkkz32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sdklj.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sdklw32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sdkmb32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sdkoy.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sdkti32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sdkzp.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\syscu.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\syshm.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\syshw32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sysne32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sysoe32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sysqj32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sysqr.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\syswg.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sysxq32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sysyb32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\syszt32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\winbz.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\wincj32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\winge32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\winno.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\winoj32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\winrp.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\wintg.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\winti.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\winud.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\winvz32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\winxk32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\winze.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\winzl32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sysvv32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\syswo.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sysxx32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sysya32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sysyg32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sysyw32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\syszt32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\syszu32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\vb.ini:dvggg -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\vbaddin.ini:glmhfs -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\win.ini:zyhjdj -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\wincd32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\winco32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\

#11 John_McKenna

John_McKenna

    World Class Hairy Chest


  • Members
  • 497 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Liverpool
  • Local time:08:01 PM

Posted 31 July 2005 - 05:28 AM

Is this the entire scan log now?

If not, upload the txt file as an attachment in your next post (look for the option beneath the data entry box when making a reply).

You may find Windows Update is also out of action like your firewall and AV.

Try this SP2 specific regedit:

Open Notepad, (Start | Run, type in Notepad)
Copy ALL the bold text below to notepad.
Click File | Save As
Change the Save as type to *All Files*
Save it to your desktop as AUenabled.reg


Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
"NoAutoUpdate"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001


Double-click AUenabled.reg and confirm you wish to merge it with the registry.

Reboot and post a fesh HJT log and let me know if the firewall and AV issues are sorted please.

Can you tell me what CWShredder found please? Do you remember?
Want to fight back? Click HERE and learn how to remove spyware.

If I've helped you, please consider donating to the Multiple Sclerosis Society (UK)

#12 johncini

johncini
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:01 PM

Posted 31 July 2005 - 08:11 AM

java script:emoticon(':wacko:')
smilie
smilieWhen I ran CWShreder, the only thing shown as DETECTED was CWS.SysTime. I ran it again today and there were no DETECTED files.

Sorry to be so inept. I can't seem to figure out how to send the log as an attachment. I'll keep trying but in the meanwhile, here is the missing text from the last post.

C:\WINDOWS\_default.pif:afvqh -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:ajnqj -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:arobp -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:asayf -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:atjlm -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:avljb -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:azchy -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:bardd -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:bcgpu -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:bgnby -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:bjpay -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:bliidn -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:bozef -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:bxuha -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:cfjia -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:cihal -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:ciwqj -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default.pif:cjcrf -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default.pif:cklmx -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:clrqz -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default.pif:cmjdi -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:cmopv -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default.pif:cmsqw -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default.pif:cpmun -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:cszfk -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default.pif:ctlkyl -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:daasm -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:dalbx -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default.pif:ddpzc -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default.pif:dfmwp -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default.pif:dgwcr -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:didloo -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:dndmd -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default.pif:dowqp -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:dozbo -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default.pif:dqnmv -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default.pif:dtctft -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default.pif:dudaj -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:dvnpa -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:dwiko -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:ebatb -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:edscb -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:efusa -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:eimvk -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default.pif:ejcra -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:ejefc -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:ejvpr -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default.pif:ekkyn -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default.pif:elfex -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:emnvpi -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:emtlu -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default.pif:enciv -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:eprjz -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:etnbu -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default.pif:euqee -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:evwly -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:eygomz -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\_default.pif:eyowf -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:eyubh -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default.pif:ezjlz -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:fbtll -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:fclxk -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default.pif:fhsgi -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default.pif:fhtgn -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:fjkwv -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:fkwct -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default.pif:fllyk -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default.pif:flnkc -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:fnxwi -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:fodjs -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:ftcqh -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:fttgd -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default.pif:gabdnj -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default.pif:gilvk -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:giral -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:gkmcx -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:gljrn -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:gpdzqr -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\_default.pif:gqkmk -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:gqzxq -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default.pif:gropc -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:gwrhjo -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:gxnhe -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default.pif:gybmdi -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:gyfrx -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:hkqmw -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default.pif:hmcjd -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:hrrco -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default.pif:htifpg -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:htkbm -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:httea -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:hundiv -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\_default.pif:huybj -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default.pif:hvfmy -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default.pif:hvjwk -> TrojanDownloader.Agent.bc : Cleaned with backup


::Report End



And here is the new hijackthis log:


Logfile of HijackThis v1.99.1
Scan saved at 8:49:54 AM, on 7/31/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Shutterfly Express\SflyMon.exe
C:\Program Files\EPSON\ESM2\eEBSVC.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Documents and Settings\Gerard\Desktop\HijackThis.exe
C:\WINDOWS\System32\imapi.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: SflyMon.lnk = C:\Program Files\Shutterfly Express\SflyMon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe
O4 - Global Startup: EPSON Background Monitor.lnk = C:\Program Files\EPSON\ESM2\STMS.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Search &Dictionary - C:\Program files\Lexico\Toolbar\dictionary.htm
O8 - Extra context menu item: Search &Thesaurus - C:\Program files\Lexico\Toolbar\thesaurus.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - https://webmail1-ssl.hmco.com/iNotes.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1094237621250
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} - http://dictionary.reference.com/tools/toolbar/lexico.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\EPSON\ESM2\eEBSVC.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe





Thanks again.

#13 John_McKenna

John_McKenna

    World Class Hairy Chest


  • Members
  • 497 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Liverpool
  • Local time:08:01 PM

Posted 31 July 2005 - 08:28 AM

No need to upload that file, I think I've seen everything now. :thumbsup:

Are your AV and Firewall behaving themselves now?


Since your problem appears to be resolved, this thread will now be closed. If you need this topic reopened, please contact a member of the HJT Staff and we'll reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.

Edited by John_McKenna, 19 August 2005 - 06:47 PM.

Want to fight back? Click HERE and learn how to remove spyware.

If I've helped you, please consider donating to the Multiple Sclerosis Society (UK)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users