Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Background-system Infected


  • This topic is locked This topic is locked
10 replies to this topic

#1 Corby

Corby

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:54 PM

Posted 05 November 2005 - 08:35 PM

Okay I a few problems that I believe are probably all related somehow. First, there is spy sheriff which likes to install itself on my computer and I can't get rid of it. Second, it seems like there is a background image infront of my background image. The imposter says, "YOUR SYSTEM IS INFECTED! System has been stopped due to a serious malfunction. Spyware activity has been detected. It is recommended that you use a spyware removal tool to prevent data loss. Do not use computer befor all spyware removed." Right clicking and selecting properties does not allow me to change it. Third, I have 2 little red circle icons next to the time in the start bar. They say "Your system is infected" and I can't close them or get rid of them.

I did a HijackThis scan and here it is...

Logfile of HijackThis v1.99.1
Scan saved at 8:24:21 PM, on 11/5/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Alias\Maya7.0\docs\wrapper.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alias\Maya7.0\docs\jre\bin\java.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\lsas.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\WINDOWS\System32\sessmgr.exe
C:\WINDOWS\System32\symcsvc.exe
C:\winstall.exe
C:\winstall.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/nwshp?hl=en&tab=wn&q=
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,C:\WINDOWS\System32\svcpack.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Shellspl] lsas.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\RunServices: [RDLL] RunDll16.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [wupd] C:\WINDOWS\System32\symcsvc.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [SpySheriff] C:\Program Files\SpySheriff\SpySheriff.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [aupd] C:\WINDOWS\System32\sysvcs.exe
O4 - HKCU\..\Run: [SNInstall] C:\winstall.exe
O8 - Extra context menu item: Coupons - file://C:\Program Files\couponsandoffers\System\Temp\couponsandoffers_script0.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Microsoft AntiSpyware helper - {1D2D5021-0423-49B2-96A4-40092AA2B72A} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {1D2D5021-0423-49B2-96A4-40092AA2B72A} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {22F6B28F-320D-4A77-9A6F-3A42652BE90E} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {22F6B28F-320D-4A77-9A6F-3A42652BE90E} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {2C6A676D-18BC-4602-8F50-38DA26391E43} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {2C6A676D-18BC-4602-8F50-38DA26391E43} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {3FB06B02-02A9-4A10-AED2-0054E9AFCE6D} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {3FB06B02-02A9-4A10-AED2-0054E9AFCE6D} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {696F8C5A-8B72-4699-B101-0C934344CA2A} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {696F8C5A-8B72-4699-B101-0C934344CA2A} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {8691FC89-6EB7-4465-8133-01D56FD8ED08} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {8691FC89-6EB7-4465-8133-01D56FD8ED08} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {BD88FBA2-9B92-472E-A3ED-3DCC7E13AA8C} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {BD88FBA2-9B92-472E-A3ED-3DCC7E13AA8C} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {D3E09B37-53F1-491A-A545-8DBBA6801215} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {D3E09B37-53F1-491A-A545-8DBBA6801215} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {EC5A0740-C8E1-48F4-8494-CBA486A87C93} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {EC5A0740-C8E1-48F4-8494-CBA486A87C93} - (no file) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O13 - WWW. Prefix: http://
O15 - Trusted IP range: 206.161.125.149
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1102665119093
O18 - Protocol hijack: mhtml -
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O21 - SSODL: System - {4CE03453-1C47-4349-AAFC-6F8F19F641E2} - vr_sys.dll (file missing)
O23 - Service: Alias Wavefront Help Server (AWHelpServer) - Unknown owner - C:\Program Files\AliasWavefront\Maya5.0\docs\Wrapper.exe" -s "C:\Program Files\AliasWavefront\Maya5.0\docs/Wrapper.conf (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Maya 7.0 Documentation Server (maya70docserver) - Unknown owner - C:\Program Files\Alias\Maya7.0\docs\wrapper.exe" -s "C:\Program Files\Alias\Maya7.0\docs\Wrapper.conf (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe



Anything you can do to help will be appreciated. I've been living with this for too long.

BC AdBot (Login to Remove)

 


#2 Joshuacat

Joshuacat

    01001010 01000011


  • Members
  • 1,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ontario, Canada
  • Local time:08:54 PM

Posted 05 November 2005 - 10:01 PM

:thumbsup: Welcome to Bleeping Computer, Corby:

After reviewing your log I see a few items that require our attention. Please print out the instructions here (or save it in Notepad) so that you can follow along more easily.

1. Download smitRem.exe and save the file to your desktop.
Double click on the file to extract it to it's own folder on the desktop.

2. Place a shortcut to Panda ActiveScan on your desktop.

3. Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/

Please read Ewido Setup Instructions
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

4. If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:
Ad-Aware SE Setup
Don't run it yet!

5. Next, please reboot your computer in SafeMode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
6. Now scan with HJT and place a checkmark next to each of the following items and click FIX CHECKED:

R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [Shellspl] lsas.exe
O4 - HKLM\..\RunServices: [RDLL] RunDll16.exe
O4 - HKCU\..\Run: [wupd] C:\WINDOWS\System32\symcsvc.exe
O4 - HKCU\..\Run: [aupd] C:\WINDOWS\System32\sysvcs.exe
O8 - Extra context menu item: Coupons - file://C:\Program Files\couponsandoffers\System\Temp\couponsandoffers_script0.htm
O13 - WWW. Prefix: http://
O15 - Trusted IP range: 206.161.125.149
O18 - Protocol hijack: mhtml -
O21 - SSODL: System - {4CE03453-1C47-4349-AAFC-6F8F19F641E2} - vr_sys.dll (file missing)


Close HiJackThis.

7. Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.


8. Open Ad-aware and do a full scan. Remove all it finds.


9. Run Ewido:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • NOTE: During some scans with ewido it is finding cases of false positives.
  • You will need to step through the process of cleaning files one-by-one.
  • If ewido detects a file you KNOW to be legitimate, select none as the action.
  • DO NOT select "Perform action on all infections"
  • If you are unsure of any entry found select none for now.
  • When the scan is finished, click the Save report button at the bottom of the screen.
  • Save the report to your desktop
Close Ewido

10. Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present.

11. Reboot back into Windows and click the Panda ActiveScan shortcut.
- Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

Post the contents of the Panda scan report, along with a new HijackThis Log, the contents of smitfiles.txt and the Ewido Log by using Add Reply.
Let us know if any problems persist.

Thanks,
JC

#3 Corby

Corby
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:54 PM

Posted 06 November 2005 - 03:13 AM

EDIT

Edited by Corby, 06 November 2005 - 03:15 AM.


#4 Corby

Corby
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:54 PM

Posted 06 November 2005 - 03:19 AM

Incident Status Location

Adware:Adware/PurityScan No disinfected C:\install-tag001.exe
Virus:W32/Sddrop.X.worm Disinfected C:\My Shared Folder\K-Lite Codec_Pack 5.0.exe
Virus:Bck/SmallHTTP.C Disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\2B0FBC6F-A44D-4041-858D-9039B3\F8534CC0-0B3D-48B8-A85A-D9C96D
Virus:Bck/Xundoor.B Disinfected C:\WINDOWS\aig.exe
Possible Virus. No disinfected C:\WINDOWS\aokhxrx.exe
Possible Virus. No disinfected C:\WINDOWS\auqwain.exe
Possible Virus. No disinfected C:\WINDOWS\cknukhe.exe
Possible Virus. No disinfected C:\WINDOWS\cugmsol.exe
Possible Virus. No disinfected C:\WINDOWS\culwfts.exe
Possible Virus. No disinfected C:\WINDOWS\cwqmrur.exe
Possible Virus. No disinfected C:\WINDOWS\dlpppsr.exe
Possible Virus. No disinfected C:\WINDOWS\dnnfryc.exe
Possible Virus. No disinfected C:\WINDOWS\dvppvuu.exe
Possible Virus. No disinfected C:\WINDOWS\dvxtdec.exe
Possible Virus. No disinfected C:\WINDOWS\dwaxfkf.exe
Possible Virus. No disinfected C:\WINDOWS\dxkrivf.exe
Possible Virus. No disinfected C:\WINDOWS\egkanba.exe
Possible Virus. No disinfected C:\WINDOWS\eieagou.exe
Possible Virus. No disinfected C:\WINDOWS\eymedid.exe
Possible Virus. No disinfected C:\WINDOWS\faddvaj.exe
Possible Virus. No disinfected C:\WINDOWS\fwilhgr.exe
Possible Virus. No disinfected C:\WINDOWS\gbwiqbm.exe
Possible Virus. No disinfected C:\WINDOWS\ghbckqd.exe
Possible Virus. No disinfected C:\WINDOWS\gofkepe.exe
Possible Virus. No disinfected C:\WINDOWS\hamajci.exe
Possible Virus. No disinfected C:\WINDOWS\hfrimkk.exe
Possible Virus. No disinfected C:\WINDOWS\ihdmgas.exe
Possible Virus. No disinfected C:\WINDOWS\iiimvhx.exe
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\inf\biini.inf
Possible Virus. No disinfected C:\WINDOWS\iudnhqq.exe
Possible Virus. No disinfected C:\WINDOWS\ixlixae.exe
Possible Virus. No disinfected C:\WINDOWS\jjqwugw.exe
Possible Virus. No disinfected C:\WINDOWS\jkxcxnu.exe
Possible Virus. No disinfected C:\WINDOWS\jtcmtre.exe
Possible Virus. No disinfected C:\WINDOWS\jwslgma.exe
Possible Virus. No disinfected C:\WINDOWS\kdvjdde.exe
Possible Virus. No disinfected C:\WINDOWS\keauavh.exe
Possible Virus. No disinfected C:\WINDOWS\kgwqcnx.exe
Possible Virus. No disinfected C:\WINDOWS\kmcsito.exe
Possible Virus. No disinfected C:\WINDOWS\lbwteeo.exe
Possible Virus. No disinfected C:\WINDOWS\ljwvwbl.exe
Possible Virus. No disinfected C:\WINDOWS\lppxlpk.exe
Possible Virus. No disinfected C:\WINDOWS\mhcobte.exe
Possible Virus. No disinfected C:\WINDOWS\miqgvkb.exe
Possible Virus. No disinfected C:\WINDOWS\mmibroq.exe
Possible Virus. No disinfected C:\WINDOWS\mmtstio.exe
Possible Virus. No disinfected C:\WINDOWS\mohlwlo.exe
Possible Virus. No disinfected C:\WINDOWS\mosmohf.exe
Possible Virus. No disinfected C:\WINDOWS\mpvmxdq.exe
Possible Virus. No disinfected C:\WINDOWS\mxmwlfo.exe
Possible Virus. No disinfected C:\WINDOWS\nascxyj.exe
Possible Virus. No disinfected C:\WINDOWS\nrjecjc.exe
Possible Virus. No disinfected C:\WINDOWS\obsosht.exe
Possible Virus. No disinfected C:\WINDOWS\ojooecp.exe
Possible Virus. No disinfected C:\WINDOWS\omnxmcp.exe
No disinfected C:\WINDOWS\onmmuww.exe
No disinfected C:\WINDOWS\opahskb.exe
No disinfected C:\WINDOWS\orjcefr.exe
No disinfected C:\WINDOWS\ptduuub.exe
No disinfected C:\WINDOWS\pxsjouj.exe
No disinfected C:\WINDOWS\qdomyyv.exe
No disinfected C:\WINDOWS\qifmhjd.exe
No disinfected C:\WINDOWS\quulnnj.exe
No disinfected C:\WINDOWS\qyyhios.exe
No disinfected C:\WINDOWS\rnjhhqb.exe
No disinfected C:\WINDOWS\rrvkeou.exe
No disinfected C:\WINDOWS\rsdlaou.exe
No disinfected C:\WINDOWS\rugfpxc.exe
No disinfected C:\WINDOWS\ryaibor.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\svnvp.dll
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys021.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys053.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys1128.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys1159.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys1216.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys1230.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys1231.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys1247.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys130.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys1319.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys1331.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys1345.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys141.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys142.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys143.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys1537.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys1557.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys1558.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys158.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys1628.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys1629.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys1636.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys1639.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys165.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys1658.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys1659.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys168.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys174.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys175.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys176.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys177.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys178.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys179.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys2026.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys2057.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys2128.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys229.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys2312.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys2347.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys2419.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys2615.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys2616.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys2646.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys2647.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys2717.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys2718.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys2945.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys3016.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys3048.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys3138.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys3240.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys329.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys3333.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys347.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys3619.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys3638.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys3639.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys3641.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys3642.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys3650.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys3652.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys3653.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys3654.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys4034.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys4127.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys4137.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys415.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys4158.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys418.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys4229.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys4435.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys444.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys4459.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys449.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys4515.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys4527.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys4528.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys4529.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys4530.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys456.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys461.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys5127.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys5158.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys520.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys521.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys5231.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys5240.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys529.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys530.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys5311.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys532.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys5329.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys5330.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys5332.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys5333.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys5450.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys551.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys5511.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys5535.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys554.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys557.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys558.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys559.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys5640.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys566.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys569.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys5711.exe
Virus:Trj/Downloader.CGL Disinfected C:\WINDOWS\sys5725.exe
Virus:Trj/Downloader.CGL Disinfected C:\WINDOWS\sys5726.exe
Virus:Trj/Downloader.CGL Disinfected C:\WINDOWS\sys5728.exe
Virus:Trj/Downloader.CGL Disinfected C:\WINDOWS\sys5732.exe
Virus:Trj/Downloader.CGL Disinfected C:\WINDOWS\sys5733.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys5950.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys828.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys855.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys928.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys930.exe
Virus:Trj/Ppdoor.K Disinfected C:\WINDOWS\sys959.exe
Adware:Adware/Findspy No disinfected C:\WINDOWS\system32\aatkkaaa.exe
Adware:Adware/Findspy No disinfected C:\WINDOWS\system32\aiapghuk.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\bveyk.dll
Virus:Trj/Downloader.DYU Disinfected C:\WINDOWS\system32\csrss.dll
Adware:Adware/Findspy No disinfected C:\WINDOWS\system32\dngaaaaa.exe
Adware:Adware/Findspy No disinfected C:\WINDOWS\system32\drwwwynl.exe
Adware:Adware/Findspy No disinfected C:\WINDOWS\system32\gpengtdk.exe
Adware:Adware/Findspy No disinfected C:\WINDOWS\system32\gpgpmndg.exe
Adware:Adware/Findspy No disinfected C:\WINDOWS\

#5 Corby

Corby
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:54 PM

Posted 06 November 2005 - 03:22 AM

Logfile of HijackThis v1.99.1
Scan saved at 3:06:18 AM, on 11/6/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Alias\Maya7.0\docs\wrapper.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Alias\Maya7.0\docs\jre\bin\java.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/nwshp?hl=en&tab=wn&q=
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,C:\WINDOWS\System32\svcpack.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Microsoft AntiSpyware helper - {1D2D5021-0423-49B2-96A4-40092AA2B72A} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {1D2D5021-0423-49B2-96A4-40092AA2B72A} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {22F6B28F-320D-4A77-9A6F-3A42652BE90E} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {22F6B28F-320D-4A77-9A6F-3A42652BE90E} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {2C6A676D-18BC-4602-8F50-38DA26391E43} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {2C6A676D-18BC-4602-8F50-38DA26391E43} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {3FB06B02-02A9-4A10-AED2-0054E9AFCE6D} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {3FB06B02-02A9-4A10-AED2-0054E9AFCE6D} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {696F8C5A-8B72-4699-B101-0C934344CA2A} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {696F8C5A-8B72-4699-B101-0C934344CA2A} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {8691FC89-6EB7-4465-8133-01D56FD8ED08} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {8691FC89-6EB7-4465-8133-01D56FD8ED08} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {BD88FBA2-9B92-472E-A3ED-3DCC7E13AA8C} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {BD88FBA2-9B92-472E-A3ED-3DCC7E13AA8C} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {D3E09B37-53F1-491A-A545-8DBBA6801215} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {D3E09B37-53F1-491A-A545-8DBBA6801215} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {EC5A0740-C8E1-48F4-8494-CBA486A87C93} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {EC5A0740-C8E1-48F4-8494-CBA486A87C93} - (no file) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted IP range: 206.161.125.149
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1102665119093
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O23 - Service: Alias Wavefront Help Server (AWHelpServer) - Unknown owner - C:\Program Files\AliasWavefront\Maya5.0\docs\Wrapper.exe" -s "C:\Program Files\AliasWavefront\Maya5.0\docs/Wrapper.conf (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Maya 7.0 Documentation Server (maya70docserver) - Unknown owner - C:\Program Files\Alias\Maya7.0\docs\wrapper.exe" -s "C:\Program Files\Alias\Maya7.0\docs\Wrapper.conf (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe



smitRem log file
version 2.7

by noahdfear


Microsoft Windows XP [Version 5.1.2600]
The current date is: Sat 11/05/2005
The current time is: 23:27:24.78

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key


PSGuard.com key not present!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files


~~~ Program Files ~~~

SpySheriff


~~~ Shortcuts ~~~

SpySheriff
Install.dat
SpySheriff.lnk


~~~ Favorites ~~~



~~~ system32 folder ~~~

zlbw.dll


~~~ Icons in System32 ~~~



~~~ Windows directory ~~~

desktop.html


~~~ Drive root ~~~

winstall.exe

~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#6 Corby

Corby
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:54 PM

Posted 06 November 2005 - 03:23 AM

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 1:31:53 AM, 11/6/2005
+ Report-Checksum: 637B0223

+ Scan result:

C:\My Shared Folder\K-Lite Codec_Pack 5.0.exe -> Worm.Sddrop.B : Ignored
HKLM\SOFTWARE\Classes\CLSID\{280CA95C-CBA3-486E-5BCD-B3B542DA458A} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{817972EC-CAD1-C47C-A430-508B1E97DE0D} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B5423394-16FB-1F60-5AF9-6CAF30B35009} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\IETLBAss.DOMP -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\IETLBAss.DOMP\CLSID -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\IETLBAss.DOMP\CLSID\\ -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\IETLBAss.DOMP\CurVer -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\MediaAccX.Installer -> Spyware.WinAd : Cleaned with backup
HKLM\SOFTWARE\Classes\MediaAccX.Installer\CLSID -> Spyware.WinAd : Cleaned with backup
HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX\CLSID\\ -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX.1\CLSID\\ -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchAssistantUtility -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Winds_24 -> Spyware.CoolWebSearch : Cleaned with backup
[1616] C:\WINDOWS\System32\hun32.dll -> TrojanProxy.Small.bk : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@112.2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@adorigin[2].txt -> Spyware.Cookie.Adorigin : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ads.com[1].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@cz3.clickzs[2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@cz4.clickzs[2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@cz7.clickzs[2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@cz8.clickzs[2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfkighcpwfq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfkiqjajobp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfkoqlc5keo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfkycidpoco.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfkycmczadp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfkywpdjwcp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfl4smajohq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wflialczkgq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wgk4egazgfo.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wgkicodpigo.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wgkiehcpkdo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjk4slcpceq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjkyehd5ofp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjl4endzaeq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjlookdpceo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjlyumajikq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjmiuod5abp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjmygkdjmkq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjnyamajwfo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@hekate.porntrack[1].txt -> Spyware.Cookie.Porntrack : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@image.masterstats[1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@paypopup[1].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@stats3.porntrack[2].txt -> Spyware.Cookie.Porntrack : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@vip.clickzs[2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@www.burstbeacon[1].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@www.burstnet[1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@www.myaffiliateprogram[1].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0F.dat/files\wtvh.dll -> Spyware.WildTangent : Error during cleaning
C:\Documents and Settings\Owner\~update.exe -> Trojan.Crypt.i : Cleaned with backup
C:\n.exe -> TrojanDropper.Agent.ii : Cleaned with backup
C:\ntdetect.hta -> TrojanDropper.Inor.cj : Cleaned with backup
C:\Program Files\Internet Explorer\shttps\start.exe -> TrojanProxy.Delf.t : Cleaned with backup
C:\Program Files\Internet Explorer\shttps\svchost.exe -> TrojanProxy.Delf.t : Cleaned with backup
C:\Program Files\Internet Explorer\shttps\www\tools\backup.exe -> Trojan.Delf.dt : Cleaned with backup
C:\Program Files\Internet Explorer\shttps\www\tools\cls.exe -> Trojan.Delf.dt : Cleaned with backup
C:\Program Files\Internet Explorer\shttps\www\tools\reboot.exe -> Trojan.Delf.dt : Cleaned with backup
C:\Program Files\Internet Explorer\shttps\www\tools\restore.exe -> Trojan.Delf.dt : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\00BC56F8-CF79-40C6-886D-384379\BCF1434F-39A1-48BD-8560-296378 -> Spyware.FindSpy : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\02B6879D-5493-4610-ACD7-513A93\C1DD5E3C-2E0B-49B9-ADD2-D74B85 -> Spyware.FindSpy : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\031507CC-8DC5-460E-8FF8-BF4588\C691D168-D2D3-4D8F-B209-E52DB7 -> TrojanDownloader.Adload.c : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\0398E960-457D-4E18-861C-C0F81B\5D6D18BE-F1A1-4627-A10F-2047A2 -> TrojanDownloader.Adload.c : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\1415829C-9A69-4BDF-9F0E-2DDBE8\606391A7-381D-409E-946C-6FAC40 -> Trojan.TopAntiSpyware.j : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\1C5075CB-98BE-4E7E-8CFF-076E5C\71ADA09C-C1EB-42B8-BE93-CE3C50 -> Trojan.Small.bk : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\2001C9A6-AB1D-4CBA-8607-0049F0\C18E48D8-0FAF-45CA-AFD0-D87AD1 -> Spyware.FindSpy : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\21D6BF8F-A190-437E-B811-D48B24\0805C868-D7E4-41D1-B6C0-DE475E -> TrojanDownloader.Adload.c : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\2ABF8EC7-7B0A-480A-9923-200ECA\23501912-0041-4518-8B5A-9E7721 -> TrojanDownloader.Adload.c : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\2C2BE943-6A91-4082-B258-118D3E\629C5921-500F-4C21-9683-90AAA7 -> Trojan.TopAntiSpyware : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\2DFCDAA4-10EF-4E6A-8186-5DEACE\94C210B3-0453-4F0D-8F76-2E777C -> Trojan.Small.bk : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\35F6D339-1FC0-40CB-909A-17F699\41A67880-BFD3-4306-B3EE-7F3EE3 -> Trojan.TopAntiSpyware.j : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\38AD1C98-81DC-41CF-90F6-4BD019\19423C7B-42CE-4D95-80B9-291B4E -> Trojan.Small.bk : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\5340742B-6263-4865-A863-CE7E8D\4E5FEFC4-7A18-4375-A95C-1C6299 -> TrojanDownloader.Agent.kf : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\58DB9CB4-8B04-43F7-8574-FDEC6C\1AE605B4-E60F-4AA8-B8EA-26FF05 -> Trojan.TopAntiSpyware.i : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\59B4DCD1-809A-4B6A-B1E7-CF17D4\B118D11D-DAA0-4332-A2A7-98BA59 -> Trojan.TopAntiSpyware.j : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\626D0236-F43B-4FDF-9DD6-FB1EC2\4FCD16E2-CFCE-46F0-9147-2181CB -> Trojan.TopAntiSpyware.h : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\626D0236-F43B-4FDF-9DD6-FB1EC2\A259D5E4-E015-4A10-949D-24C730 -> Trojan.TopAntiSpyware.j : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\75CBA2AE-F074-4CAB-AC72-311097\FAF4EC59-4C19-49BE-8F30-1AD58D -> Spyware.FindSpy : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\77083B3B-8D27-4E25-AD8D-00CED9\418B65D7-847E-40B5-A2E2-BA7CD2 -> Trojan.TopAntiSpyware : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\7841230F-8906-4156-B26B-CC8C87\29AF6298-F865-46C8-A6AB-CB631A -> Trojan.TopAntiSpyware.j : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\84B68734-101C-4383-B9C7-FB5804\58EBC9B0-6D77-4765-A903-D6D403 -> Spyware.FindSpy : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\92D3D0CA-FD6A-416C-8B2A-AB0638\580522F2-4E57-4AB6-8CE0-B072E2 -> Trojan.Small.bk : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\96D74A54-FE3D-4351-A510-F0A29A\159DB82D-9EE7-4998-8126-EA098F -> Trojan.Small.bk : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\9E607088-5EFD-4971-A6D5-1098FC\F76C853C-511C-4DEC-B9B3-509F8A -> Spyware.FindSpy : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\9EA39C7C-E77F-468B-BDAD-C28547\25B62111-1328-4D8C-AABC-22656D -> Trojan.TopAntiSpyware.i : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\A16819CA-A163-4794-948E-45F6D2\59FA81FF-FBC6-4F7D-B59A-F25B18 -> Trojan.Small.bk : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\AF300FCE-6BCC-49B7-BCC0-1624AB\4693E5EE-1B0F-4F97-B7B0-8D3B72 -> TrojanDownloader.Adload.c : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\B98E70D3-5D51-4A0E-BC2C-868E34\BB28728B-ADDF-44FB-B8D4-81F0FA -> Spyware.FindSpy : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\C524B6A8-5C41-42A0-960C-7AC618\4A3EB26F-85DA-437F-A455-77BC18 -> Spyware.FindSpy : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\CC064720-5D19-4F0E-A9D4-EEEC84\7A29F7E1-92FD-4F69-B70F-417F94 -> Trojan.TopAntiSpyware.i : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\CD4E450E-50D5-42F9-B112-3CC7A2\3656EB82-D7A4-47E3-9ED1-CF4D0E -> Spyware.FindSpy : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\D9D402E2-7315-478E-B713-7C4040\D878C7E5-EF09-464B-B6E8-86E568 -> Trojan.TopAntiSpyware.i : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\DA9472B4-5971-4F18-88CE-82CA07\B3D678F5-A814-425D-810E-3ADFB5 -> Spyware.FindSpy : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\EA04A12A-26C0-43CF-9F1F-AFBF9F\10BEBA0D-D5E7-415F-9E38-211DFD -> Trojan.TopAntiSpyware.i : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\EB1995FE-8E3D-41C3-A2A3-CF9B93\05588E6B-D669-41A9-82E7-EE8677 -> Spyware.FindSpy : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\F744A174-FAE6-429A-AC4D-5EE129\7F79535E-F6F3-4E0A-9D9D-F12E4D -> Trojan.TopAntiSpyware.i : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\FA9F7A46-1BF8-4151-A38B-92D1D5\51D908CA-3E25-4176-9A93-9431B0 -> TrojanDownloader.Adload.c : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\FD7848C0-AF40-4ECB-B47E-3C104D\5341622C-39C7-4A18-A33B-D6259D -> Trojan.TopAntiSpyware : Cleaned with backup
C:\Program Files\Outlook Express\outl32c.exe -> Backdoor.Jeemp.c : Cleaned with backup
C:\Program Files\Outlook Express\outlkl.exe -> TrojanDropper.Small.cn : Cleaned with backup
C:\WINDOWS\Blue Lace 16.bmp:wjjao -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\bootstat.dat:cuvdc -> TrojanDownloader.Agent.ap : Cleaned with backup
C:\WINDOWS\clock.avi:gktni -> TrojanDownloader.Agent.ap : Cleaned with backup
C:\WINDOWS\Coffee Bean.bmp:hzoxg -> TrojanDownloader.Agent.kd : Cleaned with backup
C:\WINDOWS\control.ini:zazci -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\control.ini:zyzewb -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\cree32.dll -> TrojanDownloader.Agent.kd : Cleaned with backup
C:\WINDOWS\cwejc.dll -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\dasetup.log:higrnp -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\dasetup.log:oqvzct -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\DHCPUPG.LOG:qccwov -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\DIIUnin.exe:idnbjf -> TrojanDownloader.Agent.ap : Cleaned with backup
C:\WINDOWS\DIIUnin.pif:shidao -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\DIIUnin.pif:wcysxb -> TrojanDownloader.Agent.ap : Cleaned with backup
C:\WINDOWS\DirectX.log:ngxwt -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\dlvtm.ini:bookdb -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\dlvtm.ini:kkkdtm -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\DtcInstall.log:huptmf -> Spyware.OneMoreSearch : Cleaned with backup
C:\WINDOWS\DtcInstall.log:prlxd -> TrojanDownloader.Agent.kd : Cleaned with backup
C:\WINDOWS\DtcInstall.log:qvbspn -> Spyware.OneMoreSearch : Cleaned with backup
C:\WINDOWS\eqgbd.dll -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\eqlsUIConfig.ini:kfmzel -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\explorer.scf:ibxlvh -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\explorer.scf:tyfxfs -> Spyware.OneMoreSearch : Cleaned with backup
C:\WINDOWS\FeatherTexture.bmp:sqzocz -> TrojanDownloader.Agent.ap : Cleaned with backup
C:\WINDOWS\gdvvm.dll -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\hpdj3600.his:wxfhk -> TrojanDownloader.Agent.ap : Cleaned with backup
C:\WINDOWS\hpdj3600.ini:jualyu -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ieoi.dll -> TrojanDownloader.Agent.kd : Cleaned with backup
C:\WINDOWS\iis6.log:gheabz -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\iis6.log:ofozlb -> Spyware.OneMoreSearch : Cleaned with backup
C:\WINDOWS\iis6.log:tjqtme -> TrojanDownloader.Agent.ap : Cleaned with backup
C:\WINDOWS\IPROF32.DLL:ionliz -> TrojanDownloader.Agent.ap : Cleaned with backup
C:\WINDOWS\launcher.INI:fuohi -> TrojanDownloader.Agent.kd : Cleaned with backup
C:\WINDOWS\launcher.INI:jesejl -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\launcher.INI:wsessu -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\lexstat.ini:tgqocb -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\mserv.exe -> Trojan.KillAV.be : Cleaned with backup
C:\WINDOWS\msgsocm.log:mpwoow -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msgsocm.log:zopfgo -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msti.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\netxd32.exe.bak -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ntdj32.dll -> TrojanDownloader.Agent.kd : Cleaned with backup
C:\WINDOWS\n_bpscli.dat -> TrojanDownloader.Agent.kd : Cleaned with backup
C:\WINDOWS\n_cpvtaz.dat -> TrojanDownloader.Agent.kd : Cleaned with backup
C:\WINDOWS\n_cxqpia.log -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\n_ddinmi.log:fhhhct -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\n_ddinmi.log -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\n_eroakf.txt -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\n_fkbnnz.log -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\n_fqylwm.txt -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\n_grgwkg.dat -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\n_hckmya.txt -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\n_hfdldf.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\n_hmcsoh.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\n_igjywg.dat:ojozor -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\n_igjywg.dat -> TrojanDownloader.Agent.an : Cleaned with backup
C:\WINDOWS\n_iknjrw.log -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\n_iopnhx.log -> TrojanDownloader.Agent.kd : Cleaned with backup
C:\WINDOWS\n_jtbuae.txt -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\n_kncynp.log -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\n_krjxsn.dat -> TrojanDownloader.Agent.kd : Cleaned with backup
C:\WINDOWS\n_lvthgs.txt:xoppcy -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\n_lvthgs.txt -> TrojanDownloader.Agent.kd : Cleaned with backup
C:\WINDOWS\n_mnfclj.dat -> TrojanDownloader.Agent.an : Cleaned with backup
C:\WINDOWS\n_mrysve.dat:vzxxzj -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\n_mrysve.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\n_nyubva.log -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\n_ogqyop.log -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\n_omtuca.log -> TrojanDownloader.Agent.kd : Cleaned with backup
C:\WINDOWS\n_oshnrf.log -> TrojanDownloader.Agent.an : Cleaned with backup
C:\WINDOWS\n_rmovix.txt -> TrojanDownloader.Agent.an : Cleaned with backup
C:\WINDOWS\n_rpdufg.log -> TrojanDownloader.Agent.kd : Cleaned with backup
C:\WINDOWS\n_savjll.log -> TrojanDownloader.Agent.kd : Cleaned with backup
C:\WINDOWS\n_sopstx.log -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\n_szdeaw.log -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\n_tdkvwi.txt -> TrojanDownloader.Agent.kd : Cleaned with backup
C:\WINDOWS\n_tokgkd.txt:upgpg -> TrojanDownloader.Agent.kd : Cleaned with backup
C:\WINDOWS\n_tokgkd.txt -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\n_ucbmky.dat -> TrojanDownloader.Agent.an : Cleaned with backup
C:\WINDOWS\n_uncfwv.dat:tpxwgx -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\n_uncfwv.dat -> TrojanDownloader.Agent.kd : Cleaned with backup
C:\WINDOWS\n_vtmioa.txt:mqrua -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\n_vtmioa.txt -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\n_vxwrdn.log -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\n_wlzzsv.log:rkaher -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\n_wlzzsv.log:uohqqo -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\n_wlzzsv.log:yoadwu -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\n_wlzzsv.log -> TrojanDownloader.Agent.kd : Cleaned with backup
C:\WINDOWS\n_xpydms.dat:dkglja -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\n_xpydms.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\n_xropox.dat -> TrojanDownloader.Agent.an : Cleaned with backup
C:\WINDOWS\n_xtfuxp.dat:qosiqx -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\n_xtfuxp.dat:uwolge -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\n_xtfuxp.dat -> TrojanDownloader.Agent.an : Cleaned with backup
C:\WINDOWS\n_zecsyd.dat:jlkmgu -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\n_zecsyd.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ocgen.log:gambua -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ocgen.log:huuoir -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ocmsn.log:lahda -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ODBCINST.INI:jsqhw -> TrojanDownloader.Agent.ap : Cleaned with backup
C:\WINDOWS\OEWABLog.txt:aumucb -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\OEWABLog.txt:ezoltq -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\OEWABLog.txt:ktaeb -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\OEWABLog.txt:wrend -> TrojanDownloader.Agent.kd : Cleaned with backup
C:\WINDOWS\orun32.ini:etziu -> TrojanDownloader.Agent.ap : Cleaned with backup
C:\WINDOWS\orun32.isu:knxhfl -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\Prairie Wind.bmp:mlemhj -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\Prairie Wind.bmp:psxsf -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\pss\868864.exeCommon Startup -> TrojanDownloader.Agent.fs : Cleaned with backup
C:\WINDOWS\pss\Microsoft Windows.htaCommon Startup -> TrojanDropper.Inor.cj : Cleaned with backup
C:\WINDOWS\pss\win.ini.backup:gznis -> TrojanDownloader.Agent.ap : Cleaned with backup
C:\WINDOWS\pss\win.ini.backup:mbwqvz -> TrojanDownloader.Agent.ap : Cleaned with backup
C:\WINDOWS\pss\win.ini.backup:qexojz -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\pss\win.ini.backup:ujrbni -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\Q327979.log:qdfto -> TrojanDownloader.Agent.kd : Cleaned with backup
C:\WINDOWS\q329256.log:curfqu -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\q329256.log:ytecfq -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\Q329909.log:nbtkuu -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\Q331958.log:ieygi -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\qebms.dll -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\REGLOCS.OLD:qozmo -> TrojanDownloader.Agent.kd : Cleaned with backup
C:\WINDOWS\Rhododendron.bmp:ncjyo -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\River Sumida.bmp:jpszi -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\River Sumida.bmp:mdwwn -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\rleyf.log:cjqki -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\Santa Fe Stucco.bmp:aipugf -> Spyware.OneMoreSearch : Cleaned with backup
C:\WINDOWS\Santa Fe Stucco.bmp:fmjuus -> Spyware.OneMoreSearch : Cleaned with backup
C:\WINDOWS\Santa Fe Stucco.bmp:qkhgai -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sb_affiliate.ini:fepbh -> TrojanDownloader.Agent.ap : Cleaned with backup
C:\WINDOWS\sCache32\2 Find MP3 8.2.0.exe -> Worm.SdDrop.c : Cleaned with backup
C:\WINDOWS\sCache32\AC3-MP3 converter.exe -> Worm.SdDrop.c : Cleaned with backup
C:\WINDOWS\sCache32\ACDSee 5.5b.exe -> Worm.SdDrop.c : Cleaned with backup
C:\WINDOWS\sCache32\ACDSee Classic 2.79.exe -> Worm.SdDrop.c : Cleaned with backup
C:\WINDOWS\sCache32\Ad-aware 6.5 (new).exe -> Worm.SdDrop.c : Cleaned with backup
C:\WINDOWS\sCache32\Adobe Acrobat Reader 5.6.exe -> Worm.SdDrop.c : Cleaned with backup
C:\WINDOWS\sCache32\Adobe PhotoShop 7.1 crack.exe -> Worm.SdDrop.c : Cleaned with backup
C:\WINDOWS\sCache32\All Editor 3.0b.exe -> Worm.SdDrop.c : Cleaned with backup
C:\WINDOWS\sCache32\AOL Instant Messenger 6.1.exe -> Worm.SdDrop.c : Cleaned with backup
C:\WINDOWS\sCache32\Auction Sentry (new).exe -> Worm.SdDrop.c : Cleaned with backup
C:\WINDOWS\sCache32\AudioLabel CD Labeler 3.0 (+crack).exe -> Worm.SdDrop.c : Cleaned with backup
C:\WINDOWS\sCache32\Battlefied1942 Pack4 (crack+bloodpatch).exe -> Worm.SdDrop.c : Cleaned with backup
C:\WINDOWS\sCache32\BearShare 5.1.1.exe -> Worm.SdDrop.c : Cleaned with backup
C:\WINDOWS\sCache32\C&C Generals Pack2 (new patch).exe -> Worm.SdDrop.c : Cleaned with backup
C:\WINDOWS\sCache32\Complete UK Music Database 4.2.exe -> Worm.SdDrop.c : Cleaned with backup
C:\WINDOWS\sCache32\DirectDVD 4.9.exe -> Worm.SdDrop.c : Cleaned with backup
C:\WINDOWS\sCache32\DivX Bundle 6.2.exe -> Worm.SdDrop.c : Cleaned with backup
C:\WINDOWS\sCache32\DivX edit (new).exe -> Worm.SdDrop.c : Cleaned with backup
C:\WINDOWS\sCache32\DivX Video Bundle 5.5.1.exe -> Worm.SdDrop.c : Cleaned with backup
C:\WINDOWS\sCache32\Download Accelerator Plus 6.3.exe -> Worm.SdDrop.c : Cleaned with backup
C:\WINDOWS\sCache32\DvD Rip guide (+tools) st0rm.exe -> Worm.SdDrop.c : Cleaned with backup
C:\WINDOWS\sCache32\Dynamite Downloads.exe -> Worm.SdDrop.c : Cleaned with backup
C:\WINDOWS\sCache32\Easy CD Creator Software Update.exe -> Worm.SdDrop.c : Cleaned with backup
C:\WINDOWS\sCache32\Find 1.0.exe -> Worm.SdDrop.c : Cleaned with backup
C:\WINDOWS\sCache32\FlashFXP (keygen).exe -> Worm.SdDrop.c : Cleaned with backup
C:\WINDOWS\sCache32\FreeRip 4.30.exe -> Worm.SdDrop.c : Cleaned with backup
C:\WINDOWS\sCache32\Genie Stream 3.2.4.exe -> Worm.SdDrop.c : Cleaned with backup
C:\WINDOWS\sCache32\GetRight 5.5 + crack.exe -> Worm.SdDrop.c : Cleaned with backup
C:\WINDOWS\sCache32\Global DiVX Player 2.0.1.exe -> Worm.SdDrop.c : Cleaned with backup
C:\WINDOWS\sCache32\Gothic 2 (m-patch).exe -> Worm.SdDrop.c : Cleaned with backup
C:\WINDOWS\sCache32\Grokster 2.0.exe -> Worm.SdDrop.c : Cleaned with backup
C:\WINDOWS\sCache32\Hacker Tutorial (by ph3Akz).exe -> Worm.SdDrop.c : Cleaned with backup
C:\WINDOWS\sCache32\Half-Life keygen (+ogc hack).exe -> Worm.SdDrop.c : Cleaned with backup
C:\WINDOWS\sCache32\HL keys (working).exe -> Worm.SdDrop.c : Cleaned with backup
C:\WINDOWS\sCache32\I.G.I. 2 (new crack).exe -> Worm.SdDrop.c : Cleaned with backup
C:\WINDOWS\sCache32\ICQ Lite beta (b2253).exe -> Worm.SdDrop.c : Cleaned with backup
C:\WINDOWS\sCache32\ICQ Pro 2003a beta (b4600).exe -> Worm.SdDrop.c : Cleaned with backup
C:\WINDOWS\sCache32\iMesh 4.1 beta.exe -> Worm.SdDrop.c : Cleaned with backup
C:\WINDOWS\sCache32\iSnipeIt 5.0c.exe -> Worm.SdDrop.c : Cleaned with backup
C:\WINDOWS\sCache32\James Bond 007 Nightfire crack.exe -> Worm.SdDrop.c : Cleaned with backup
C:\WINDOWS\sCache32\Kazaa Media Desktop 2.5.exe -> Worm.SdDrop.c : Cleaned with backup
C:\WINDOWS\sCache32\Kazaa Skins 1.8.exe -> Worm.SdDrop.c : Cleaned with backup
C:\WINDOWS\sCache32\KaZooM MP3 Kazaa Accelerator 2.5.exe -> Worm.SdDrop.c : Cleaned with backup
C:\WINDOWS\sCache32\Medal Of Honor (Allied Assault) crack.exe -> Worm.SdDrop.c : Cleaned with backup
C:\WINDOWS\sCache32\Microangelo 6.0b.exe -> Worm.SdDrop.c : Cleaned with backup
C:\WINDOWS\sCache32\mIRC 6.x addon patch.exe -> Worm.SdDrop.c : Cleaned with backup
C:\WINDOWS\sCache32\mIRC s3th war-script.exe -> Worm.SdDrop.c : Cleaned with backup
C:\WINDOWS\sCache32\Morpheus 2.6.exe -> Worm.SdDrop.c : Cleaned with backup
C:\WINDOWS\sCache32\MP3 cut pro 3.0.exe -> Worm.SdDrop.c : Cleaned with backup
C:\WINDOWS\sCache32\MSN Messenger 5.5.10.exe -> Worm.SdDrop.c : Cleaned with backup
C:\WINDOWS\sCache32\Need for Speed 6 (new cars + crack).exe -> Worm.SdDrop.c : Cleaned with backup
C:\WINDOWS\sCache32\NeoNapster 3.92.exe -> Worm.SdDrop.c : Cleaned with backup
C:\WINDOWS\sCache32\Nero Burning ROM 5.8.2.4.exe -> Worm.SdDrop.c : Cleaned with backup
C:\WINDOWS\sCache32\Network Cable + ADSL Speed 2.0 (beta).exe -> Worm.SdDrop.c : Cleaned with backup
C:\WINDOWS\sCache32\New Nvidia (geForce) drivers (beta).exe -> Worm.SdDrop.c : Cleaned with backup
C:\WINDOWS\sCache32\Nimo Codec Pack 9.0 (stable).exe -> Worm.SdDrop.c : Cleaned with backup
C:\WINDOWS\sCache32\Operation Flashpoint (bloopatch).exe -> Worm.SdDrop.c : Cleaned with backup
C:\WINDOWS\sCache32\Patch Creator 3.5a.exe -> Worm.SdDrop.c : Cleaned with backup
C:\WINDOWS\sCache32\PhotoShow 3.1.exe -> Worm.SdDrop.c : Cleaned with backup
C:\WINDOWS\sCache32\Pop-Up Stopper 4.0 (beta).exe -> Worm.SdDrop.c : Cleaned with backup
C:\WINDOWS\sCache32\Ps2 to Pc tutorial (+tool).exe -> Worm.SdDrop.c : Cleaned with backup
C:\WINDOWS\sCache32\QuickTime 7.2 (new).exe -> Worm.SdDrop.c : Cleaned with backup
C:\WINDOWS\sCache32\Raven Shield 5.32 crack.exe -> Worm.SdDrop.c : Cleaned with backup
C:\WINDOWS\sCache32\RealJukebox Basic 2.8.exe -> Worm.SdDrop.c : Cleaned with backup
C:\WINDOWS\sCache32\RealOne Free Player 2.8.exe -> Worm.SdDrop.c : Cleaned with backup
C:\WINDOWS\sCache32\RemoteSpy 1.5.exe -> Worm.SdDrop.c : Cleaned with backup
C:\WINDOWS\sCache32\Sim City 4 crack.exe -> Worm.SdDrop.c : Cleaned with backup
C:\WINDOWS\sCache32\Splinter Cell crack.exe -> Worm.SdDrop.c : Cleaned with backup
C:\WINDOWS\sCache32\TitJiggle (flash game).exe -> Worm.SdDrop.c : Cleaned with backup
C:\WINDOWS\sCache32\Trillian 0.8 + plugins.exe -> Worm.SdDrop.c : Cleaned with backup
C:\WINDOWS\sCache32\UniversalFlood (4.8b).exe -> Worm.SdDrop.c : Cleaned with backup
C:\WINDOWS\sCache32\Unreal2 (2.8) crack.exe -> Worm.SdDrop.c : Cleaned with backup
C:\WINDOWS\sCache32\UT2003 multi-crack (new).exe -> Worm.SdDrop.c : Cleaned with backup
C:\WINDOWS\sCache32\Warcraft3 battle.net(2.5) crack.exe -> Worm.SdDrop.c : Cleaned with backup
C:\WINDOWS\sCache32\Window Washer 4.8.exe -> Worm.SdDrop.c : Cleaned with backup
C:\WINDOWS\sCache32\WinMX 3.5.1.exe -> Worm.SdDrop.c : Cleaned with backup
C:\WINDOWS\sCache32\WinRAR 3.8.exe -> Worm.SdDrop.c : Cleaned with backup
C:\WINDOWS\sCache32\WinZip 8.3b (crack).exe -> Worm.SdDrop.c : Cleaned with backup
C:\WINDOWS\sCache32\WinZip 9.0 SR-1.exe -> Worm.SdDrop.c : Cleaned with backup
C:\WINDOWS\sCache32\Wippit 2.1 (beta).exe -> Worm.SdDrop.c : Cleaned with backup
C:\WINDOWS\sCache32\WS_FTP LE 6.0.exe -> Worm.SdDrop.c : Cleaned with backup
C:\WINDOWS\sCache32\XViD bundle (codec+tutorial).exe -> Worm.SdDrop.c : Cleaned with backup
C:\WINDOWS\SchedLgU.Txt:akalus -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\SchedLgU.Txt:mruxzw -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\SchedLgU.Txt:ximeqi -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\SchedLgU.Txt:xuumut -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkkw.dll -> TrojanDownloader.Agent.kd : Cleaned with backup
C:\WINDOWS\setupact.log:ejjrjv -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\setupact.log:foadan -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\setupact.log:ngwuwb -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\shdocbl.dll:gyoaqm -> TrojanDownloader.Agent.ap : Cleaned with backup
C:\WINDOWS\shdocbl.dll -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\smscfg.ini:aarlc -> TrojanDownloader.Agent.ap : Cleaned with backup
C:\WINDOWS\smscfg.ini:xjeweh -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\Soap Bubbles.bmp:vttuzy -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\srgtyp.exe.tmp:bmkckx -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\srgtyp.exe.tmp:cphpfi -> Spyware.OneMoreSearch : Cleaned with backup
C:\WINDOWS\srgtyp.exe.tmp:ibiml -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ssmc.dll -> TrojanDropper.Small.aev : Cleaned with backup
C:\WINDOWS\Sti_Trace.log:nuezta -> TrojanDownloader.Agent.ap : Cleaned with backup
C:\WINDOWS\stubu.dll -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\sys036.exe -> TrojanProxy.Lager.c : Cleaned with backup
C:\WINDOWS\sys037.exe -> TrojanProxy.Lager.c : Cleaned with backup
C:\WINDOWS\sys038.exe -> TrojanProxy.Lager.c : Cleaned with backup
C:\WINDOWS\sys042.exe -> TrojanProxy.Lager.c : Cleaned with backup
C:\WINDOWS\sys043.exe -> TrojanProxy.Lager.c : Cleaned with backup
C:\WINDOWS\sys044.exe -> TrojanProxy.Lager.c : Cleaned with backup
C:\WINDOWS\sys1041.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys1042.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys1043.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys1045.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys1046.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys1052.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys1111.exe -> TrojanProxy.Lager.b : Cleaned with backup
C:\WINDOWS\sys1116.exe -> TrojanProxy.Lager.b : Cleaned with backup
C:\WINDOWS\sys1118.exe -> TrojanProxy.Lager.b : Cleaned with backup
C:\WINDOWS\sys1119.exe -> TrojanProxy.Lager.b : Cleaned with backup
C:\WINDOWS\sys115.exe -> TrojanProxy.Lager.b : Cleaned with backup
C:\WINDOWS\sys117.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys118.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys119.exe -> TrojanProxy.Lager.b : Cleaned with backup
C:\WINDOWS\sys1215.exe -> TrojanProxy.Lager.b : Cleaned with backup
C:\WINDOWS\sys1218.exe -> TrojanProxy.Lager.b : Cleaned with backup
C:\WINDOWS\sys1219.exe -> TrojanProxy.Lager.b : Cleaned with backup
C:\WINDOWS\sys1256.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys1257.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys126.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys127.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys1322.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys1323.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys1329.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys1330.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys1338.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys1339.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys1359.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys140.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys1443.exe -> TrojanProxy.Lager.b : Cleaned with backup
C:\WINDOWS\sys1445.exe -> TrojanProxy.Lager.b : Cleaned with backup
C:\WINDOWS\sys1446.exe -> TrojanProxy.Lager.b : Cleaned with backup
C:\WINDOWS\sys1453.exe -> TrojanProxy.Lager.b : Cleaned with backup
C:\WINDOWS\sys1454.exe -> TrojanProxy.Lager.b : Cleaned with backup
C:\WINDOWS\sys1455.exe -> TrojanProxy.Lager.b : Cleaned with backup
C:\WINDOWS\sys1526.exe -> TrojanProxy.Lager.b : Cleaned with backup
C:\WINDOWS\sys1528.exe -> TrojanProxy.Lager.b : Cleaned with backup
C:\WINDOWS\sys1529.exe -> TrojanProxy.Lager.b : Cleaned with backup
C:\WINDOWS\sys1559.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys160.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys1619.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys1620.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys1647.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys1732.exe -> TrojanProxy.Lager.b : Cleaned with backup
C:\WINDOWS\sys1734.exe -> TrojanProxy.Lager.b : Cleaned with backup
C:\WINDOWS\sys1812.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys1813.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys1836.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys1919.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys1922.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys194.exe -> TrojanProxy.Lager.a : Cleaned with backup
C:\WINDOWS\sys196.exe -> TrojanProxy.Lager.a : Cleaned with backup
C:\WINDOWS\sys197.exe -> TrojanProxy.Lager.a : Cleaned with backup
C:\WINDOWS\sys2013.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys2014.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys205.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys206.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys21.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys2123.exe -> TrojanProxy.Lager.b : Cleaned with backup
C:\WINDOWS\sys2125.exe -> TrojanProxy.Lager.b : Cleaned with backup
C:\WINDOWS\sys2126.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys2127.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys2131.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys2132.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys219.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys220.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys225.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys234.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys235.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys236.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys237.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys24.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys242.exe -> TrojanProxy.Lager.c : Cleaned with backup
C:\WINDOWS\sys244.exe -> TrojanProxy.Lager.c : Cleaned with backup
C:\WINDOWS\sys245.exe -> TrojanProxy.Lager.c : Cleaned with backup
C:\WINDOWS\sys248.exe -> TrojanProxy.Lager.c : Cleaned with backup
C:\WINDOWS\sys249.exe -> TrojanProxy.Lager.c : Cleaned with backup
C:\WINDOWS\sys250.exe -> TrojanProxy.Lager.c : Cleaned with backup
C:\WINDOWS\sys2517.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys2542.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys2640.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys2641.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys2712.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys2824.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys2825.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys2833.exe -> TrojanProxy.Lager.a : Cleaned with backup
C:\WINDOWS\sys2835.exe -> TrojanProxy.Lager.a : Cleaned with backup
C:\WINDOWS\sys2836.exe -> TrojanProxy.Lager.a : Cleaned with backup
C:\WINDOWS\sys2850.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys2851.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys286.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys287.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys295.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys296.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys3128.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys3129.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys3234.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys3235.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys3332.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys3334.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys3335.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys3336.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys3337.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys3351.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys3353.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys34.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys343.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys3432.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys3434.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys3435.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys3437.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys3438.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys344.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys3443.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys345.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys346.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys35.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys3541.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys3542.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys3633.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys3634.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys3656.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys3657.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys3658.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys3659.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys392.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys393.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys3947.exe -> TrojanProxy.Lager.b : Cleaned with backup
C:\WINDOWS\sys3952.exe -> TrojanProxy.Lager.b : Cleaned with backup
C:\WINDOWS\sys3956.exe -> TrojanProxy.Lager.b : Cleaned with backup
C:\WINDOWS\sys3958.exe -> TrojanProxy.Lager.b : Cleaned with backup
C:\WINDOWS\sys401.exe -> TrojanProxy.Lager.b : Cleaned with backup
C:\WINDOWS\sys4051.exe -> TrojanProxy.Lager.b : Cleaned with backup
C:\WINDOWS\sys4053.exe -> TrojanProxy.Lager.b : Cleaned with backup
C:\WINDOWS\sys4054.exe -> TrojanProxy.Lager.b : Cleaned with backup
C:\WINDOWS\sys406.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys407.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys4215.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys4216.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys4256.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys4257.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys4457.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys4522.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys4523.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys4534.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys4613.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys4614.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys4615.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys522.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys5224.exe -> TrojanProxy.Lager.c : Cleaned with backup
C:\WINDOWS\sys5226.exe -> TrojanProxy.Lager.c : Cleaned with backup
C:\WINDOWS\sys523.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys5230.exe -> TrojanProxy.Lager.c : Cleaned with backup
C:\WINDOWS\sys5232.exe -> TrojanProxy.Lager.c : Cleaned with backup
C:\WINDOWS\sys5233.exe -> TrojanProxy.Lager.c : Cleaned with backup
C:\WINDOWS\sys5238.exe -> TrojanProxy.Lager.c : Cleaned with backup
C:\WINDOWS\sys5256.exe -> TrojanProxy.Lager.c : Cleaned with backup
C:\WINDOWS\sys5322.exe -> TrojanProxy.Lager.c : Cleaned with backup
C:\WINDOWS\sys5415.exe -> TrojanProxy.Lager.c : Cleaned with backup
C:\WINDOWS\sys5416.exe -> TrojanProxy.Lager.c : Cleaned with backup
C:\WINDOWS\sys5417.exe -> TrojanProxy.Lager.c : Cleaned with backup
C:\WINDOWS\sys5420.exe -> TrojanProxy.Lager.c : Cleaned with backup
C:\WINDOWS\sys5421.exe -> TrojanProxy.Lager.c : Cleaned with backup
C:\WINDOWS\sys5422.exe -> TrojanProxy.Lager.c : Cleaned with backup
C:\WINDOWS\sys5447.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys5448.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys552.exe -> TrojanProxy.Lager.c : Cleaned with backup
C:\WINDOWS\sys555.exe -> TrojanProxy.Lager.c : Cleaned with backup
C:\WINDOWS\sys5724.exe -> TrojanProxy.Lager.c : Cleaned with backup
C:\WINDOWS\sys5729.exe -> TrojanProxy.Lager.c : Cleaned with backup
C:\WINDOWS\sys5731.exe -> TrojanProxy.Lager.c : Cleaned with backup
C:\WINDOWS\sys5942.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys60.exe -> TrojanProxy.Lager.c : Cleaned with backup
C:\WINDOWS\sys61.exe -> TrojanProxy.Lager.c : Cleaned with backup
C:\WINDOWS\sys632.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys633.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys643.exe -> TrojanProxy.Lager.b : Cleaned with backup
C:\WINDOWS\sys645.exe -> TrojanProxy.Lager.b : Cleaned with backup
C:\WINDOWS\sys646.exe -> TrojanProxy.Lager.b : Cleaned with backup
C:\WINDOWS\sys654.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys655.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys720.exe -> TrojanProxy.Lager.b : Cleaned with backup
C:\WINDOWS\sys721.exe -> TrojanProxy.Lager.b : Cleaned with backup
C:\WINDOWS\sys722.exe -> TrojanProxy.Lager.b : Cleaned with backup
C:\WINDOWS\sys77.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys78.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys848.exe -> TrojanProxy.Lager.b : Cleaned with backup
C:\WINDOWS\sys850.exe -> TrojanProxy.Lager.b : Cleaned with backup
C:\WINDOWS\sys851.exe -> TrojanProxy.Lager.b : Cleaned with backup
C:\WINDOWS\sys859.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys90.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys91.exe -> TrojanProxy.Lager.c : Cleaned with backup
C:\WINDOWS\sys910.exe -> TrojanProxy.Lager.c : Cleaned with backup
C:\WINDOWS\sys911.exe -> TrojanProxy.Lager.c : Cleaned with backup
C:\WINDOWS\sys92.exe -> TrojanProxy.Lager.c : Cleaned with backup
C:\WINDOWS\sys922.exe -> TrojanProxy.Lager.b : Cleaned with backup
C:\WINDOWS\sys924.exe -> TrojanProxy.Lager.b : Cleaned with backup
C:\WINDOWS\sys926.exe -> TrojanProxy.Lager.b : Cleaned with backup
C:\WINDOWS\sys93.exe -> TrojanProxy.Lager.c : Cleaned with backup
C:\WINDOWS\sys945.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\sys98.exe -> TrojanProxy.Lager.c : Cleaned with backup
C:\WINDOWS\sys99.exe -> TrojanProxy.Lager.b : Cleaned with backup
C:\WINDOWS\system.reg:ajznli -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system.reg:lklxec -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\abc.exe -> TrojanSpy.LDPinch : Cleaned with backup
C:\WINDOWS\system32\apirk32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\appid.dll -> TrojanDownloader.Agent.kd : Cleaned with backup
C:\WINDOWS\system32\apprw.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apptu32.ex_ -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\bybol.dll -> Spyware.OneMoreSearch : Cleaned with backup
C:\WINDOWS\system32\cmdteld.exe -> Worm.Bagz.i : Cleaned with backup
C:\WINDOWS\system32\combo.exe -> Worm.Bagz.j : Cleaned with backup
C:\WINDOWS\system32\combop.exe -> Trojan.Small.ej : Cleaned with backup
C:\WINDOWS\system32\crpz.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\crwc32.dll -> TrojanDownloader.Agent.kd : Cleaned with backup
C:\WINDOWS\system32\cssrs.exe -> TrojanSpy.PdPinch : Cleaned with backup
C:\WINDOWS\system32\ftjcd.dll -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\system32\guninst.exe -> TrojanDropper.Agent.hy : Cleaned with backup
C:\WINDOWS\system32\hun32.dll -> TrojanProxy.Small.bk : Cleaned with backup
C:\WINDOWS\system32\init32m.exe -> TrojanDownloader.Agent.ho : Cleaned with backup
C:\WINDOWS\system32\javagn32.dll -> TrojanDownloader.Agent.kd : Cleaned with backup
C:\WINDOWS\system32\javahy.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\latest.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\system32\load.exe -> TrojanDownloader.Small.ayi : Cleaned with backup
C:\WINDOWS\system32\mocihd.exe -> Worm.Bagz.h : Cleaned with backup
C:\WINDOWS\system32\ms_32.exe -> Worm.Sddrop.B : Cleaned with backup
C:\WINDOWS\system32\ms_bak.tmp.exe -> Backdoor.SdBot : Cleaned with backup
C:\WINDOWS\system32\mujzt.dll -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\system32\QlsPBA55.exe -> Backdoor.VB.nb : Cleaned with backup
C:\WINDOWS\system32\rkkff.dll -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\system32\rtvel.dll -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\system32\scombo.exe -> Worm.Bagz.j : Cleaned with backup
C:\WINDOWS\system32\scombop.exe -> Trojan.Small.ej : Cleaned with backup
C:\WINDOWS\system32\symcsvc.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\system32\sysjw32.dll -> TrojanDownloader.Agent.kd : Cleaned with backup
C:\WINDOWS\system32\sysvcs.exe -> Trojan.Crypt.l : Cleaned with backup
C:\WINDOWS\system32\tavco.dll -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\system32\vnnki.dll -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\system32\win32.exe -> Trojan.Lopata : Cleaned with backup
C:\WINDOWS\system32\wingua.exe -> TrojanDropper.Small.ck : Cleaned with backup
C:\WINDOWS\system32\wisvccz.exe -> TrojanDownloader.Cntr.a : Cleaned with backup
C:\WINDOWS\system32\xbxyi.dll -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\system32\xms32.exe -> Worm.SdDrop.c : Cleaned with backup
C:\WINDOWS\system32\YtawJ.exe -> Backdoor.VB.nb : Cleaned with backup
C:\WINDOWS\system32\z.exe -> Trojan.WebSearch.j : Cleaned with backup
C:\WINDOWS\system32\~update.exe -> Trojan.Crypt.l : Cleaned with backup
C:\WINDOWS\TLBAssUI.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\twunk_16.exe:imcts -> TrojanDownloader.Agent.ap : Cleaned with backup
C:\WINDOWS\vb.ini:qlfhn -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\vmmreg32.dll:nflwm -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\vr_sys.dll -> TrojanSpy.LdPinch.os : Cleaned with backup
C:\WINDOWS\wcysx.log:biynlx -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\wcysx.log:qervdz -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\wcysx.log:uallbo -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\wcysx.log:ydmjhp -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\wiaservc.log:fjvotf -> Spyware.OneMoreSearch : Cleaned with backup
C:\WINDOWS\wiaservc.log:jlynh -> TrojanDownloader.Agent.ap : Cleaned with backup
C:\WINDOWS\Windows Update.log:fwsiii -> Spyware.OneMoreSearch : Cleaned with backup
C:\WINDOWS\WindowsUpdate.log:plrhjg -> Spyware.OneMoreSearch : Cleaned with backup
C:\WINDOWS\winhlp32.exe:gpjnid -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\winuk32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\WMSysPrx.prx:tjwho -> Spyware.OneMoreSearch : Cleaned with backup
C:\WINDOWS\WORDPAD.INI:sjcomq -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\wrend.log:rqcgcl -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\wsme.ini:kkmtga -> TrojanDownloader.Agent.ap : Cleaned with backup
C:\WINDOWS\wTemp32\Ad-aware 6.exe -> Worm.Sddrop.B : Cleaned with backup
C:\WINDOWS\wTemp32\American Flag Screensaver.exe -> Worm.Sddrop.B : Cleaned with backup
C:\WINDOWS\wTemp32\Anno 1503_crack.exe -> Worm.Sddrop.B : Cleaned with backup
C:\WINDOWS\wTemp32\AOL_Instant_Messenger.exe -> Worm.Sddrop.B : Cleaned with backup
C:\WINDOWS\wTemp32\AVIPreview.exe -> Worm.Sddrop.B : Cleaned with backup
C:\WINDOWS\wTemp32\Battlefield1942_keygen.exe -> Worm.Sddrop.B : Cleaned with backup
C:\WINDOWS\wTemp32\bf1942 crack (new).exe -> Worm.Sddrop.B : Cleaned with backup
C:\WINDOWS\wTemp32\Boost XP.exe -> Worm.Sddrop.B : Cleaned with backup
C:\WINDOWS\wTemp32\C&C G patch (new).exe -> Worm.Sddrop.B : Cleaned with backup
C:\WINDOWS\wTemp32\C&C Generals Crack 3.0.exe -> Worm.Sddrop.B : Cleaned with backup
C:\WINDOWS\wTemp32\C&C Renegade_crack.exe -> Worm.Sddrop.B : Cleaned with backup
C:\WINDOWS\wTemp32\Cursor XP.exe -> Worm.Sddrop.B : Cleaned with backup
C:\WINDOWS\wTemp32\Daemon Tools.exe -> Worm.Sddrop.B : Cleaned with backup
C:\WINDOWS\wTemp32\Diablo 2 Crack.exe -> Worm.Sddrop.B : Cleaned with backup
C:\WINDOWS\wTemp32\Diet KaZaA.exe -> Worm.Sddrop.B : Cleaned with backup
C:\WINDOWS\wTemp32\DirectX_9.ex

#7 Corby

Corby
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:54 PM

Posted 06 November 2005 - 03:26 AM

Thanks for your help! I haven't played around too much yet because I just finished all the scanning but so far it seems like all the problems I was having have been fixed. Have a look at my logs and tell me what you think/if you see anythign else.

Thanks again!

#8 Joshuacat

Joshuacat

    01001010 01000011


  • Members
  • 1,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ontario, Canada
  • Local time:08:54 PM

Posted 06 November 2005 - 01:57 PM

Corby:
The scans picked up a lot of items and removed them, but it left some items that we will have to remove manually.
We still have a lot of work to do...

After reviewing your log I see a few items that require our attention. Please print out the instructions here (or save it in Notepad) so that you can follow along more easily.

1. Please download the free Ad-Aware SE) and install it. If you already have Ad-Aware SE, please configure it as indicated below. If you have a previous version of Ad-Aware, please uninstall your current version and install the newest version SE 1.06.

a.) Run Ad-Aware, and click Check for updates now.

b.) Select Configurations (click the Gear wheel at the top) as follows:
  • General Button > Safety & Settings: Check (Green) all three.
  • Tweak Button > Cleaning Engine > UNcheck "Always try to unload modules before deletion".
Click Proceed.
c.) To start the scan, Click > "Scan Now" at left
  • Deselect "Search for negligible risk entries" as negligible risk entries (MRU's) are not considered to be a threat.
  • Select "Search for low-risk threats"
  • Select "Perform full system scan"
  • Click Next
d.) When the scan has completed, select Next.
  • In the Scanning Results window, select the "Critical Objects" tab.
  • Right-click on the screen and choose "Select all objects"
  • Click Next to remove the infections found, and click OK to the prompt.
  • Restart the computer.
2. Spybot Full Scan
Please download Spybot-S&D from here:
http://www.majorgeeks.com/download.php?det=2471
Install Spybot-S&D and run it. Select "Search for updates" and then select all available updates. Click on the drop-down box in the top center to choose a download location nearest to you. Then click "Download updates". When all updates have downloaded, close Spybot-S&D, and then run it again. Click on "Check for problems". When the scan has finished, select any entries listed in red and click "Fix selected problems". Then please restart your computer again.


3. Download the following file to your desktop: http://www.mvps.org/winhelp2002/DelDomains.inf
Please do not use program yet


4. Please download Killbox.
Unzip it to the desktop and do not run it.


5. Start HijackThis and click the Scan button to perform a scan. Look for the following items and click in the checkbox in front of each item to select it:

F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,C:\WINDOWS\System32\svcpack.exe
O9 - Extra button: Microsoft AntiSpyware helper - {1D2D5021-0423-49B2-96A4-40092AA2B72A} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {1D2D5021-0423-49B2-96A4-40092AA2B72A} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {22F6B28F-320D-4A77-9A6F-3A42652BE90E} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {22F6B28F-320D-4A77-9A6F-3A42652BE90E} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {2C6A676D-18BC-4602-8F50-38DA26391E43} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {2C6A676D-18BC-4602-8F50-38DA26391E43} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {3FB06B02-02A9-4A10-AED2-0054E9AFCE6D} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {3FB06B02-02A9-4A10-AED2-0054E9AFCE6D} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {696F8C5A-8B72-4699-B101-0C934344CA2A} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {696F8C5A-8B72-4699-B101-0C934344CA2A} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {8691FC89-6EB7-4465-8133-01D56FD8ED08} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {8691FC89-6EB7-4465-8133-01D56FD8ED08} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {BD88FBA2-9B92-472E-A3ED-3DCC7E13AA8C} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {BD88FBA2-9B92-472E-A3ED-3DCC7E13AA8C} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {D3E09B37-53F1-491A-A545-8DBBA6801215} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {D3E09B37-53F1-491A-A545-8DBBA6801215} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {EC5A0740-C8E1-48F4-8494-CBA486A87C93} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {EC5A0740-C8E1-48F4-8494-CBA486A87C93} - (no file) (HKCU)
O15 - Trusted IP range: 206.161.125.149


Now close ALL open windows except HijackThis and click the Fix Checked button to finish the repair.


6. Please enable the viewing of Hidden files follow these steps:
  • Close all programs so that you are at your desktop.
  • Double-click on the My Computer icon.
  • Select the Tools menu and click Folder Options.
  • After the new window appears select the View tab.
  • Put a checkmark in the checkbox labeled Display the contents of system folders.
  • Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
  • Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
  • Remove the checkmark from the checkbox labeled Hide protected operating system files.
  • Press the Apply button and then the OK button and shutdown My Computer.
  • Now your computer is configured to show all hidden files.
7. Start in Safe Mode Using the F8 method:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
  • Use the arrow keys to select the Safe Mode menu item.
  • Press the Enter key.
If you are having problems, additional instructions on how to do this can be found here: How to start Windows in Safe mode.


8. Run DelDomains.inf: Right-click and select: Install(no need to restart)

Note: This will remove all entries in the "Trusted Zone" and "Ranges" also.


9. Open KillBox.

a.) Select "Delete on Reboot".

b.) Copy the file names below to the clipboard by highlighting them and pressing Control-C:

c:\Documents and Settings\Owner\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0F.dat
C:\install-tag001.exe
C:\WINDOWS\aokhxrx.exe
C:\WINDOWS\auqwain.exe
C:\WINDOWS\cknukhe.exe
C:\WINDOWS\cugmsol.exe
C:\WINDOWS\culwfts.exe
C:\WINDOWS\cwqmrur.exe
C:\WINDOWS\dlpppsr.exe
C:\WINDOWS\dnnfryc.exe
C:\WINDOWS\dvppvuu.exe
C:\WINDOWS\dvxtdec.exe
C:\WINDOWS\dwaxfkf.exe
C:\WINDOWS\dxkrivf.exe
C:\WINDOWS\egkanba.exe
C:\WINDOWS\eieagou.exe
C:\WINDOWS\eymedid.exe
C:\WINDOWS\faddvaj.exe
C:\WINDOWS\fwilhgr.exe
C:\WINDOWS\gbwiqbm.exe
C:\WINDOWS\ghbckqd.exe
C:\WINDOWS\gofkepe.exe
C:\WINDOWS\hamajci.exe
C:\WINDOWS\hfrimkk.exe
C:\WINDOWS\ihdmgas.exe
C:\WINDOWS\iiimvhx.exe
C:\WINDOWS\inf\biini.inf
C:\WINDOWS\iudnhqq.exe
C:\WINDOWS\ixlixae.exe
C:\WINDOWS\jjqwugw.exe
C:\WINDOWS\jkxcxnu.exe
C:\WINDOWS\jtcmtre.exe
C:\WINDOWS\jwslgma.exe
C:\WINDOWS\kdvjdde.exe
C:\WINDOWS\keauavh.exe
C:\WINDOWS\kgwqcnx.exe
C:\WINDOWS\kmcsito.exe
C:\WINDOWS\lbwteeo.exe
C:\WINDOWS\ljwvwbl.exe
C:\WINDOWS\lppxlpk.exe
C:\WINDOWS\mhcobte.exe
C:\WINDOWS\miqgvkb.exe
C:\WINDOWS\mmibroq.exe
C:\WINDOWS\mmtstio.exe
C:\WINDOWS\mohlwlo.exe
C:\WINDOWS\mosmohf.exe
C:\WINDOWS\mpvmxdq.exe
C:\WINDOWS\mxmwlfo.exe
C:\WINDOWS\nascxyj.exe
C:\WINDOWS\nrjecjc.exe
C:\WINDOWS\obsosht.exe
C:\WINDOWS\ojooecp.exe
C:\WINDOWS\omnxmcp.exe
C:\WINDOWS\onmmuww.exe
C:\WINDOWS\opahskb.exe
C:\WINDOWS\orjcefr.exe
C:\WINDOWS\ptduuub.exe
C:\WINDOWS\pxsjouj.exe
C:\WINDOWS\qdomyyv.exe
C:\WINDOWS\qifmhjd.exe
C:\WINDOWS\quulnnj.exe
C:\WINDOWS\qyyhios.exe
C:\WINDOWS\rnjhhqb.exe
C:\WINDOWS\rrvkeou.exe
C:\WINDOWS\rsdlaou.exe
C:\WINDOWS\rugfpxc.exe
C:\WINDOWS\ryaibor.exe
C:\WINDOWS\svnvp.dll
C:\WINDOWS\system32\aatkkaaa.exe
C:\WINDOWS\system32\aiapghuk.exe
C:\WINDOWS\system32\bveyk.dll
C:\WINDOWS\system32\csrss.dll
C:\WINDOWS\system32\dngaaaaa.exe
C:\WINDOWS\system32\drwwwynl.exe
C:\WINDOWS\system32\gpengtdk.exe
C:\WINDOWS\system32\gpgpmndg.exe


c.) Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

d.) Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

Restart your computer.


10. Please run these two online scans. Make sure they are set to clean automatically:

TrendMicro's HouseCall
ActiveScan <====save the scan log and add it to your reply


Please reply to this post with a new HiJackThis log and the scan log from the Panda Active Scan.

Thanks,

Edited by Joshuacat, 06 November 2005 - 01:58 PM.

JC

#9 Corby

Corby
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:54 PM

Posted 06 November 2005 - 11:30 PM

Killbox doesn't seem to be working right, I run it in safe mode, copy/paste, change the setting to delete on reboot. When I hit delete files button, I don't get prompted twice. It just says that it's going to delete them on reboot, reboot now? yes or no. I hit yes and when I ran active scan later on the files it was supposed to have deleted still showed up. In the windows folder I have a bunch of folders that are named things like "$MSI31Uninstall_KB893803$" and the names are all in blue instead of black. Is something done wrong?

#10 Joshuacat

Joshuacat

    01001010 01000011


  • Members
  • 1,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ontario, Canada
  • Local time:08:54 PM

Posted 07 November 2005 - 07:08 AM

Corby:

KillBox puts the files in another location ( C:\!KillBox\). They will show up in the Active scan from that directory.

In the windows folder I have a bunch of folders that are named things like "$MSI31Uninstall_KB893803$" and the names are all in blue instead of black. Is something done wrong?


I have the same folders...It is perfectly normal to see the folders like this since we did the steps to show hidden files and folders. This folder holds a copy of the files that were changed before MS patch -893803 - was installed on your computer. Nothing to worry about...I can explain this more later if you like.

Please reply back with the logs requested, :thumbsup:

Thanks.
JC

#11 Joshuacat

Joshuacat

    01001010 01000011


  • Members
  • 1,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ontario, Canada
  • Local time:08:54 PM

Posted 17 November 2005 - 01:11 PM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
JC




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users