Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Remnant From Spy Sheriff Infection ( Hjt Log )


  • This topic is locked This topic is locked
17 replies to this topic

#1 kaiser_guy

kaiser_guy

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:57 AM

Posted 01 January 2006 - 09:14 PM

Hi,
I will start by giving you every detail which I think might help you help me. Last Saturday I was infected with Spy Sheriff. By following the instructions on www.delphifaq.com/faq/windows_user/f850.shtml I was able to ( I believe ) destroy the virus. I can now adjsut my desktop background, but I can't change my internet homepage. It also automatically directs me to about:blank. How can I solve this?
I'm beginning to become concerned about spyware and viruses. I've noticed that the number of pop-ups on my computer has incresed recently. Indeed, I get many warnings from 'Windows' that suggest that my computer is in danger of spyware infection. Many of these warnings direct to websites where I can buy anti-spyware software (including Spy Sheriff). Are these warnings genuinely from Windows? But most worryingly, sometimes if I don't move the mouse for a while the computer independently begins to run a program e.g. internet explorer and calculator. Why is this happening?
I have Ad-Aware, Spybot, Norton ( expired subscription however )and the Microsoft Anti Spyware program installed on my computer. What other programs would you recommend? Any help would we very much appreciated.Anyway, here is the logfile:



Logfile of HijackThis v1.99.1
Scan saved at 02:00:13, on 02/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\atljr.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Jbqkn\Wgpibi.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\SurfAccuracy\SAcc.exe
C:\DOCUME~1\David\LOCALS~1\Temp\31.tmp.exe
C:\DOCUME~1\David\LOCALS~1\Temp\34.tmp.exe
C:\WINDOWS\system32\ntap.exe
C:\WINDOWS\system32\lexpps.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\David\Desktop\Downloads\hijackthis_sfx.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\zsazu.dll/sp.html#28129%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\zsazu.dll/sp.html#28129%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\zsazu.dll/sp.html#28129%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\zsazu.dll/sp.html#28129%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\zsazu.dll/sp.html#28129%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\zsazu.dll/sp.html#28129%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\zsazu.dll/sp.html#28129%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {0C37E430-2B32-4A8C-DE18-93646A0B249A} - C:\WINDOWS\system32\mfcjc32.dll
O2 - BHO: Class - {2A992854-C120-2344-3A53-938F60435FED} - C:\WINDOWS\d3vi.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: Class - {789B3E43-9906-36FD-7592-A738BC588C2E} - C:\WINDOWS\system32\mfcqd.dll
O2 - BHO: Class - {9A81ADE0-5E7F-0E4E-78B9-FD1D291D1B99} - C:\WINDOWS\atlto32.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - (no file)
O2 - BHO: Class - {D3901E91-227B-F33E-989A-CE4FC9371006} - C:\WINDOWS\system32\netvr32.dll
O2 - BHO: Scriptlet.Tools - {EEBA788A-C268-492A-B7FE-42C2B6C553D4} - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Bin\bin.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Byxjxte] C:\Program Files\Jbqkn\Wgpibi.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [apifk.exe] C:\WINDOWS\apifk.exe
O4 - HKLM\..\Run: [31.tmp] C:\DOCUME~1\David\LOCALS~1\Temp\31.tmp.exe
O4 - HKLM\..\Run: [34.tmp] C:\DOCUME~1\David\LOCALS~1\Temp\34.tmp.exe
O4 - HKLM\..\Run: [addcv32.exe] C:\WINDOWS\addcv32.exe
O4 - HKLM\..\Run: [31.tmp.exe] C:\DOCUME~1\David\LOCALS~1\Temp\31.tmp.exe
O4 - HKLM\..\Run: [34.tmp.exe] C:\DOCUME~1\David\LOCALS~1\Temp\34.tmp.exe
O4 - HKLM\..\Run: [winvj32.exe] C:\WINDOWS\winvj32.exe
O4 - HKLM\..\Run: [ntap.exe] C:\WINDOWS\system32\ntap.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-gb\bin\WindowsSearch.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll/search.htm
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html...IE_ZNxdm41487IE
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-gb\msntabres.dll/229?df72d655183c42ba9df8616c2b45b19
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-gb\msntabres.dll/230?df72d655183c42ba9df8616c2b45b19
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Translate Page - res://c:\program files\google\GoogleToolbar_en_2.0.95-deleon.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.eircom.net
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {2C0F2AEA-3A9B-46DB-A7BE-80FF329E415D} - http://213.201.69.103/data/dialercab/premi...ternacional.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/common/Member/ClientIn...3/OCI/setup.exe
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/127bd2e1baa54d4bf922/...ip/RdxIE601.cab
O16 - DPF: {5D1E3FA5-64FF-4387-9418-F1D67AFB2247} (MaxisSuperstarTeleX Control) - http://thesims.ea.com/teleport/superstar/M...erstarTeleX.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) - http://mirror.worldwinner.com/games/shared/dephlp.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1123789118890
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab
O16 - DPF: {963BE66B-121D-4E6C-BF9F-1A774D9A2E41} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupdate.exe
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) - http://mirror.worldwinner.com/games/v55/cubis/cubis.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zone.msn.com/binary/ZAxRcMgr.cab
O16 - DPF: {AD08A333-609E-11D3-950C-008098601567} - http://wordreference.com/Install/English%20to%20German.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {C56CE781-A6FC-4706-8B32-6EB4622155DF} (MediaConnect Control) - http://plugin.euro-infomedia.com/mpv0.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.companion....bio5_3_16_0.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O19 - User stylesheet: (file missing)
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·şÄÖ`I) - Unknown owner - C:\WINDOWS\atljr.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


Thanks,
David.

Postscript: Two new problems have developed today. Firstly, I can't enable Auto Protect on my Norton Antivirus. Secondly, sometimes if I type something into google and do a search, the page will just close.

Edited by kaiser_guy, 02 January 2006 - 10:58 AM.


BC AdBot (Login to Remove)

 


m

#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:03:57 PM

Posted 06 January 2006 - 03:40 PM

Hi,

The forums are really busy, that explains why logs get behind. We start with the oldest logs first. If you still need some help, please start with posting a new hijackthislog in this thread. Don't start with a new thread.
Then I'll take a look. :thumbsup:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 kaiser_guy

kaiser_guy
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:57 AM

Posted 06 January 2006 - 10:05 PM

Yes, my problems persist. Here's a new HJT log to help you along:

Logfile of HijackThis v1.99.1
Scan saved at 03:00:23, on 07/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Jbqkn\Wgpibi.exe
C:\WINDOWS\system32\d3ue32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\javaue.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Toolbar Suite\SL\02.05.0001.1119\en-gb\msn_sl.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\rjnpi.dll/sp.html#28129%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\rjnpi.dll/sp.html#28129%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\rjnpi.dll/sp.html#28129%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\rjnpi.dll/sp.html#28129%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\rjnpi.dll/sp.html#28129%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\rjnpi.dll/sp.html#28129%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\rjnpi.dll/sp.html#28129%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: Class - {8BE20712-E146-A52D-B257-1F182569207D} - C:\WINDOWS\system32\sysqo.dll
O2 - BHO: Class - {A541894B-C86A-8962-F3E2-97BAA47E704A} - C:\WINDOWS\syshb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Byxjxte] C:\Program Files\Jbqkn\Wgpibi.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [addcv32.exe] C:\WINDOWS\addcv32.exe
O4 - HKLM\..\Run: [ntap.exe] C:\WINDOWS\system32\ntap.exe
O4 - HKLM\..\Run: [d3ue32.exe] C:\WINDOWS\system32\d3ue32.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-gb\bin\WindowsSearch.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll/search.htm
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-gb\msntabres.dll/229?df72d655183c42ba9df8616c2b45b19
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-gb\msntabres.dll/230?df72d655183c42ba9df8616c2b45b19
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Translate Page - res://c:\program files\google\GoogleToolbar_en_2.0.95-deleon.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.eircom.net
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {2C0F2AEA-3A9B-46DB-A7BE-80FF329E415D} - http://213.201.69.103/data/dialercab/premi...ternacional.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/common/Member/ClientIn...3/OCI/setup.exe
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/127bd2e1baa54d4bf922/...ip/RdxIE601.cab
O16 - DPF: {5D1E3FA5-64FF-4387-9418-F1D67AFB2247} (MaxisSuperstarTeleX Control) - http://thesims.ea.com/teleport/superstar/M...erstarTeleX.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) - http://mirror.worldwinner.com/games/shared/dephlp.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1123789118890
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab
O16 - DPF: {963BE66B-121D-4E6C-BF9F-1A774D9A2E41} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupdate.exe
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) - http://mirror.worldwinner.com/games/v55/cubis/cubis.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zone.msn.com/binary/ZAxRcMgr.cab
O16 - DPF: {AD08A333-609E-11D3-950C-008098601567} - http://wordreference.com/Install/English%20to%20German.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {C56CE781-A6FC-4706-8B32-6EB4622155DF} (MediaConnect Control) - http://plugin.euro-infomedia.com/mpv0.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.companion....bio5_3_16_0.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O19 - User stylesheet: (file missing)
O23 - Service: Network Security Service (NSS) ( 11Fßä#·şÄÖ`I) - Unknown owner - C:\WINDOWS\system32\javaue.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Again, any reply would be well appreciated, especially now as this problem has now been going for one week straight.

Thanks,
David

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:03:57 PM

Posted 07 January 2006 - 01:28 AM

Hello,

It's better to print out the next instructions or save it in notepad, because you also have to work in safe mode without networking support, so this page wouldn't be available then.
It is also important you don't miss a step and perform everything in the right order!!

° Download AboutBuster.
Unzip AboutBuster.
Read here how to unzip/extract properly:
http://metallica.geekstogo.com/xpcompressedexplanation.html
You may not run it aboutbuster yet, that's for later.

* Download and install CCleaner
Do not use it yet.

* Download this regfix: HSfix
Unzip it and place it on your desktop, don't use it yet!

* Please download Ewido anti-malware ; it is a free version of the program.
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu
  • Launch ewido by double-clicking on the icon on your desktop.
  • The program will now open to the main screen.
  • When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display ("Update successful")
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates
Don't run it yet.

* Download smitRem and save the file to your desktop.
Doubleclick it and choose install. This will create a new folder on your desktop with the name smitrem.

* Please reboot your system into SAFE MODE.
°To get into the Windows XP Safe mode as the computer is booting press and hold your "F8 Key" which should bring up the "Windows Advanced Options Menu". Use your arrow keys to move to "Safe Mode" and press your Enter key.

* Start hijackthis and click scan and put a checkmark next to the following items:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\rjnpi.dll/sp.html#28129%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\rjnpi.dll/sp.html#28129%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\rjnpi.dll/sp.html#28129%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\rjnpi.dll/sp.html#28129%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\rjnpi.dll/sp.html#28129%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\rjnpi.dll/sp.html#28129%resultposition.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\rjnpi.dll/sp.html#28129%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {8BE20712-E146-A52D-B257-1F182569207D} - C:\WINDOWS\system32\sysqo.dll
O2 - BHO: Class - {A541894B-C86A-8962-F3E2-97BAA47E704A} - C:\WINDOWS\syshb.dll
O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - (no file)
O4 - HKLM\..\Run: [Byxjxte] C:\Program Files\Jbqkn\Wgpibi.exe
O4 - HKLM\..\Run: [addcv32.exe] C:\WINDOWS\addcv32.exe
O4 - HKLM\..\Run: [ntap.exe] C:\WINDOWS\system32\ntap.exe
O4 - HKLM\..\Run: [d3ue32.exe] C:\WINDOWS\system32\d3ue32.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O16 - DPF: {2C0F2AEA-3A9B-46DB-A7BE-80FF329E415D} - http://213.201.69.103/data/dialercab/premi...ternacional.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/127bd2e1baa54d4bf922/...ip/RdxIE601.cab
O16 - DPF: {C56CE781-A6FC-4706-8B32-6EB4622155DF} (MediaConnect Control) - http://plugin.euro-infomedia.com/mpv0.cab
O19 - User stylesheet: (file missing)
O23 - Service: Network Security Service (NSS) ( 11Fßä#·şÄÖ`I) - Unknown owner - C:\WINDOWS\system32\javaue.exe


* Close all open windows except hijackthis and click 'Fix Checked'.

* Navigate to and delete the following files if present:

C:\Program Files\Jbqkn <== folder
C:\WINDOWS\system32\d3ue32.exe
C:\WINDOWS\system32\javaue.exe
C:\WINDOWS\addcv32.exe
C:\WINDOWS\system32\ntap.exe
C:\winstall.exe

* Start Aboutbuster and let it scan.
The log will be saved in the aboutbuster-folder
If you get any error using aboutbuster, it's important you let me know afterwards in your next reply.
So skip this step in case of error and proceed with the next step of this fix.

* Doubleclick on HSfix you downloaded earlier before which is present on your desktop and when it asks you if you want to add the contents to the registry, click yes/ok

* Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

* Still in safe mode start Ccleaner.
click "Options", click the "Advanced" tab
Uncheck: "Only delete files older than 48 hrs.", click Ok
Click "Cleaner" and click Run Cleaner (bottom right)

* Now open Ewido anti-malware
Click on scanner

* Click Complete System Scan and the scan will begin.
* During the scan it will prompt you to clean files, click OK
* When the scan is finished, look at the bottom of the screen and click the Save report button.
* Save the report to your desktop

* Close Ewido

* Go to start > control panel > Display properties > Desktop > Customize Desktop... > Web tab > uncheck and delete everything you find in there. (except for "My current home page")

* Reboot back into Normal Mode.

Please perform this online scan: Kaspersky Webscan
1. Read the Requirements and Privacy statement, then select "Accept"
2. A dialogue box will appearing asking "Do you want to install this software?" Name: kavwebscan_unicode.cab
3. Select "Install" to download the ActiveX controls that allows ActiveScan to run.
4. If running MSAS beta you may receive an alert that an IE ActiveX program requires your approval. Click "Allow"
5. When the download is complete it will say ready, click "Next"
6. Click "Scan Settings" and check the option to use the EXTENDED DATABASE, then click "OK"
7. Select a target to scan: Click on "My Computer"
8. When the scan is complete choose to save the results as "Save as Text"
9. Post the Kaspersky scan results in your next reply along with a new HijackThis Log, the contents of smitfiles.txt which is present on your Homedrive (C:\ in most cases) + the aboutbuster-log which will be present in the aboutbuster-folder. and the Ewido Log by using Add Reply.
So I need 5 logs in your next reply. If you can't post them in one post, use two posts instead.

It could be possible, after reboot that your system is using the windows classic theme again.
To restore this and set it back to XP-theme, rightclick on your desktop > properties > tab Appearances and choose Windows XP style again under windows and buttons.
Click apply and OK.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 kaiser_guy

kaiser_guy
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:57 AM

Posted 07 January 2006 - 01:38 PM

Thanks for the reply. I haven't completed your instructions yet. I am actually having troubles with HSfix and Ewido. Firstly, after I download HSfix, and unzip HSfix.reg, it says that it has been successfully entered into the registry. But I don't where to find it, and it seems that I can't save it onto my desktop. Secondly, when I run the ewido icon on my desktop, it enters the program. However, the five boxes on the left hand side of the screen stay blank. I can still click on them, I just don't know what each one is.

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:03:57 PM

Posted 07 January 2006 - 03:04 PM

Hello,

yes, that's all you had to do, only doubleclick the HSfix. This enters it in the registry. You won't really find it. :thumbsup: This message is normal. You may delete that HSfix again.

Strange the 5 boxes on the left are blank. You have to click the middle box (the third one) for the scan.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 kaiser_guy

kaiser_guy
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:57 AM

Posted 08 January 2006 - 08:11 AM

Thanks again for the quick reply. Another problem. This time it concerns HijackThis. Here is an example of an entry you told me to remove: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\rjnpi.dll/sp.html#28129%resultposition.net
However, instead of rjnpi.dll all the related entries have evton.dll. I might be a bit overly cautious, but I know that HijackThis is a powerful program and I don't want to make any mistakes.

Thanks for your patience,
David.

#8 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:03:57 PM

Posted 08 January 2006 - 08:21 AM

Yes, those entries change all the time especially for the R1-entries. So yes, check and fix them, because it also has the %resultposition.net in it.

Uuum, are you stopping the fix everytime to ask these questions? I assume you do this in safe mode without internet connection as I asked you.
If you're not sure about a step, just skip the step and perform the next instruction instead of stopping the fix everytime, otherwise this won't make sense and you'll have to startover everytime again.

Edit.. are you also following my steps in the right order? Because I see you're jumping from HSfix to hijackthis to Ewido.....

Edited by miekiemoes, 08 January 2006 - 08:23 AM.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 kaiser_guy

kaiser_guy
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:57 AM

Posted 08 January 2006 - 03:31 PM

Well, I did what you said ( and in the right order ). My homepage is back, my google never crashes and those blasted pop-ups appear to have been eradicated. It's not all good, I still can't turn on the auto detection on my Norton anti-virus.
A few problems with your instructions. When I rebooted into safe mode, I noticed that I couldn't use my keyboard. However, smitRem asked me to press any key to continue. I couldn't. I skipped that step and did the rest of them.
Also, even though About Buster told me a log had been created, I can't find anywhere.

Edited by kaiser_guy, 08 January 2006 - 03:34 PM.


#10 kaiser_guy

kaiser_guy
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:57 AM

Posted 08 January 2006 - 03:35 PM

Here's the Ewido report:
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 16:05:52, 08/01/2006
+ Report-Checksum: 1F0AF63

+ Scan result:

HKLM\SOFTWARE\Classes\BrowserHelperObject.BAHelper -> Spyware.SideFind : Error during cleaning
HKLM\SOFTWARE\Classes\BrowserHelperObject.BAHelper.1 -> Spyware.SideFind : Error during cleaning
HKLM\SOFTWARE\Classes\CLSID\{2FB10B1F-E342-08A1-CBAA-D4A2CD2ABAC6} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{30C5202D-2CDD-8C6D-6CD3-86CBAC73988B} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{50B9D537-5DB0-52B1-FF6F-ED6C70DA477E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{676575DD-4D46-911D-8037-9B10D6EE8BB5} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A9629E20-9B59-1F5F-58AE-E699D9122E1F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj -> Spyware.MoneyTree : Error during cleaning
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj.1 -> Spyware.MoneyTree : Error during cleaning
HKLM\SOFTWARE\Classes\DyFuCA_BH.SinkObj -> Spyware.MoneyTree : Error during cleaning
HKLM\SOFTWARE\Classes\DyFuCA_BH.SinkObj.1 -> Spyware.MoneyTree : Error during cleaning
HKLM\SOFTWARE\Classes\IeBHOs.Control -> Spyware.E2G : Error during cleaning
HKLM\SOFTWARE\Classes\IeBHOs.Control.1 -> Spyware.E2G : Error during cleaning
HKLM\SOFTWARE\Classes\Interface\{4A0F42B7-A61B-4131-BF41-BF05A2635BFD} -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{9DBDD71C-0A7F-48AC-9FFA-E102B3750B9D} -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C2E56E18-2F04-4AB9-9333-B2DB3C350956} -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{E9CBBEED-20B6-456C-8589-CF364D9D2370} -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{F8C5EA77-7D72-405C-B90A-093655B0F544} -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\MediaAccess.Installer -> Spyware.WinAd : Error during cleaning
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\SideFind.Finder -> Spyware.SideFind : Error during cleaning
HKLM\SOFTWARE\Classes\SideFind.Finder.1 -> Spyware.SideFind : Error during cleaning
HKLM\SOFTWARE\Classes\TBPS.PluginDown -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\TBPS.PluginDown\Clsid -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\TBPS.PluginInst -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\TBPS.PluginInst\Clsid -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\TypeLib\{841A9195-5690-11D4-A258-0040954A01BE} -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\Ysb.YsbObj -> Spyware.YourSiteBar : Error during cleaning
HKLM\SOFTWARE\Classes\Ysb.YsbObj.1 -> Spyware.YourSiteBar : Error during cleaning
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\AUI -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Rotue -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\YourSiteBar -> Spyware.ISTBar : Error during cleaning
HKLM\SOFTWARE\YourSiteBar\Historyfiles -> Spyware.ISTBar : Error during cleaning
HKLM\SOFTWARE\YourSiteBar\Historystring -> Spyware.ISTBar : Error during cleaning
HKU\S-1-5-21-4129630122-700676351-2873503686-1008\Software\Kazaa\Promotions\Cydoor -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-4129630122-700676351-2873503686-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-4129630122-700676351-2873503686-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-4129630122-700676351-2873503686-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_1 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-4129630122-700676351-2873503686-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_5253 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-4129630122-700676351-2873503686-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_5333 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-4129630122-700676351-2873503686-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_5410 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-4129630122-700676351-2873503686-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_5472 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-4129630122-700676351-2873503686-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_5473 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-4129630122-700676351-2873503686-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_5561 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-4129630122-700676351-2873503686-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_5611 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-4129630122-700676351-2873503686-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_6768 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-4129630122-700676351-2873503686-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_2 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-4129630122-700676351-2873503686-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_2\Seqn_5143 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-4129630122-700676351-2873503686-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_2\Seqn_5199 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-4129630122-700676351-2873503686-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_2\Seqn_5261 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-4129630122-700676351-2873503686-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_2\Seqn_5280 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-4129630122-700676351-2873503686-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_2\Seqn_5292 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-4129630122-700676351-2873503686-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_2\Seqn_6322 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-4129630122-700676351-2873503686-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-4129630122-700676351-2873503686-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_1 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-4129630122-700676351-2873503686-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_1\Seqn_5044 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-4129630122-700676351-2873503686-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_1\Seqn_5220 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-4129630122-700676351-2873503686-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_1\Seqn_5526 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-4129630122-700676351-2873503686-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_1\Seqn_5565 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-4129630122-700676351-2873503686-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-4129630122-700676351-2873503686-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-4129630122-700676351-2873503686-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_5611 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-4129630122-700676351-2873503686-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_6768 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-4129630122-700676351-2873503686-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_2 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-4129630122-700676351-2873503686-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_2\Seqn_5082 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-4129630122-700676351-2873503686-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_2\Seqn_5143 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-4129630122-700676351-2873503686-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_2\Seqn_5199 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-4129630122-700676351-2873503686-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_2\Seqn_5261 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-4129630122-700676351-2873503686-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_2\Seqn_5280 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-4129630122-700676351-2873503686-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_2\Seqn_5292 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-4129630122-700676351-2873503686-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_2\Seqn_6111 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-4129630122-700676351-2873503686-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_2\Seqn_6125 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-4129630122-700676351-2873503686-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_2\Seqn_6140 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-4129630122-700676351-2873503686-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_2\Seqn_6322 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-4129630122-700676351-2873503686-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_2\Seqn_6538 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-4129630122-700676351-2873503686-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_2\Seqn_6623 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-4129630122-700676351-2873503686-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_2\Seqn_6630 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-4129630122-700676351-2873503686-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_3 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-4129630122-700676351-2873503686-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_3\Seqn_5093 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-4129630122-700676351-2873503686-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-4129630122-700676351-2873503686-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_1 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-4129630122-700676351-2873503686-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_1\Seqn_5253 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-4129630122-700676351-2873503686-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_1\Seqn_5333 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-4129630122-700676351-2873503686-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_1\Seqn_5410 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-4129630122-700676351-2873503686-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_1\Seqn_5472 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-4129630122-700676351-2873503686-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_1\Seqn_5473 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-4129630122-700676351-2873503686-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_1\Seqn_5561 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-4129630122-700676351-2873503686-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_1\Seqn_5611 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-4129630122-700676351-2873503686-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_1\Seqn_6768 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-4129630122-700676351-2873503686-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_2 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-4129630122-700676351-2873503686-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_2\Seqn_5143 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-4129630122-700676351-2873503686-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_2\Seqn_5199 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-4129630122-700676351-2873503686-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_2\Seqn_5261 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-4129630122-700676351-2873503686-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_2\Seqn_5280 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-4129630122-700676351-2873503686-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_2\Seqn_5292 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-4129630122-700676351-2873503686-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_2\Seqn_6322 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-4129630122-700676351-2873503686-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-4129630122-700676351-2873503686-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_1 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-4129630122-700676351-2873503686-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_1\Seqn_5000 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-4129630122-700676351-2873503686-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_1\Seqn_5008 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-4129630122-700676351-2873503686-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_1\Seqn_5356 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-4129630122-700676351-2873503686-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_1\Seqn_5444 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-4129630122-700676351-2873503686-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_1\Seqn_5664 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-4129630122-700676351-2873503686-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_1\Seqn_6378 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-4129630122-700676351-2873503686-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_1\Seqn_6569 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-4129630122-700676351-2873503686-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_1\Seqn_6735 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-4129630122-700676351-2873503686-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_1\Seqn_7292 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-4129630122-700676351-2873503686-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_2 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-4129630122-700676351-2873503686-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_2\Seqn_5224 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-4129630122-700676351-2873503686-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_2\Seqn_5226 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-4129630122-700676351-2873503686-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_2\Seqn_6512 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-4129630122-700676351-2873503686-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-4129630122-700676351-2873503686-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_5144 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-4129630122-700676351-2873503686-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Services -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-4129630122-700676351-2873503686-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Services\Queue -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-4129630122-700676351-2873503686-1008\Software\Kazaa\Promotions\Cydoor\Adwr_329\Services\Status -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-4129630122-700676351-2873503686-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000010-6F7D-442C-93E3-4A4827C2E4C8} -> Spyware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-21-4129630122-700676351-2873503686-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10E42047-DEB9-4535-A118-B3F6EC39B807} -> Spyware.SideFind : Cleaned with backup
HKU\S-1-5-21-4129630122-700676351-2873503686-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7C559105-9ECF-42B8-B3F7-832E75EDD959} -> Spyware.ISTBar : Cleaned with backup
HKU\S-1-5-21-4129630122-700676351-2873503686-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{86227D9C-0EFE-4F8A-AA55-30386A3F5686} -> Spyware.YourSiteBar : Cleaned with backup
HKU\S-1-5-21-4129630122-700676351-2873503686-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} -> Spyware.MoneyTree : Cleaned with backup
HKU\S-1-5-21-4129630122-700676351-2873503686-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3FDD654-A057-4971-9844-4ED8E67DBBB8} -> Spyware.ISTBar : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Tools\tools.dll -> Spyware.X : Cleaned with backup
C:\Documents and Settings\Barry\Cookies\barry@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Barry\Cookies\barry@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Barry\Cookies\barry@adopt.euroclick[2].txt -> Spyware.Cookie.Euroclick : Cleaned with backup
C:\Documents and Settings\Barry\Cookies\barry@ads1.revenue[1].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Documents and Settings\Barry\Cookies\barry@aerlingus.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Barry\Cookies\barry@atdmt[1].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Barry\Cookies\barry@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Barry\Cookies\barry@com[1].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Barry\Cookies\barry@digitalhomediscountptyltd.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Barry\Cookies\barry@free.wegcash[2].txt -> Spyware.Cookie.Wegcash : Cleaned with backup
C:\Documents and Settings\Barry\Cookies\barry@image.masterstats[1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Barry\Cookies\barry@microsofteup.112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Barry\Cookies\barry@microsoftuk.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Barry\Cookies\barry@msnportal.112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Barry\Cookies\barry@news.com[1].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Barry\Cookies\barry@overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Barry\Cookies\barry@rotator.adjuggler[1].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Barry\Cookies\barry@serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Barry\Cookies\barry@www.burstbeacon[1].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Barry\Cookies\barry@www.myaffiliateprogram[2].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Barry\Cookies\barry@www.sidefind[2].txt -> Spyware.Cookie.Sidefind : Cleaned with backup
C:\Documents and Settings\Barry\Cookies\barry@yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Barry\Desktop\mircro soft word.rar/setup.exe -> Downloader.IstBar.nj : Cleaned with backup
C:\Documents and Settings\Barry\Local Settings\Temp\18.tmp -> Trojan.Small.ga : Cleaned with backup
C:\Documents and Settings\Barry\Local Settings\Temp\19.tmp -> Trojan.Small.ga : Cleaned with backup
C:\Documents and Settings\Barry\Local Settings\Temp\~107448.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Barry\Local Settings\Temp\~121113.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Barry\Local Settings\Temp\~135463.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Barry\Local Settings\Temp\~143577.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Barry\Local Settings\Temp\~37161.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Barry\Local Settings\Temp\~43905.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Barry\Local Settings\Temp\~451012.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Barry\Local Settings\Temp\~645405.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Barry\Local Settings\Temp\~662750.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Barry\Local Settings\Temp\~793059.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Barry\Local Settings\Temp\~854522.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Barry\Local Settings\Temp\~93488.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Barry\Local Settings\Temp\~970134.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Barry\Local Settings\Temp\~980319.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Barry\Local Settings\Temporary Internet Files\Content.IE5\896BCDEF\mm[1].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\Barry\Local Settings\Temporary Internet Files\Content.IE5\QXKBWNAB\SAcc.prod.v1132.19dec2005.exe[1].c70aa90a8674413dce2a8a475e83aa9c -> Adware.SurfAccuracy : Cleaned with backup
C:\Documents and Settings\Barry\Shared\### mircro soft word\setup.exe -> Downloader.IstBar.nj : Cleaned with backup
C:\Documents and Settings\Barry\Shared\mircro soft word.rar/setup.exe -> Downloader.IstBar.nj : Cleaned with backup
C:\Documents and Settings\Jim\Cookies\jim@112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Jim\Cookies\jim@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Jim\Cookies\jim@adtrak[1].txt -> Spyware.Cookie.Adtrak : Cleaned with backup
C:\Documents and Settings\Jim\Cookies\jim@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Jim\Cookies\jim@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Jim\Cookies\jim@ivwbox[1].txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
C:\Documents and Settings\Jim\Cookies\jim@microsofteup.112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Jim\Cookies\jim@microsoftuk.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Jim\Cookies\jim@serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Jim\Local Settings\Temp\25.tmp -> Trojan.Small.ga : Cleaned with backup
C:\Documents and Settings\Jim\Local Settings\Temp\26.tmp -> Trojan.Small.ga : Cleaned with backup
C:\Documents and Settings\Jim\Local Settings\Temp\3.tmp -> Trojan.Small.ga : Cleaned with backup
C:\Documents and Settings\Jim\Local Settings\Temp\4.tmp -> Trojan.Small.ga : Cleaned with backup
C:\Documents and Settings\Jim\Local Settings\Temp\44.tmp -> Trojan.Small.ga : Cleaned with backup
C:\Documents and Settings\Jim\Local Settings\Temp\45.tmp -> Trojan.Small.ga : Cleaned with backup
C:\Documents and Settings\Jim\Local Settings\Temp\5.tmp -> Trojan.Small.ga : Cleaned with backup
C:\Documents and Settings\Jim\Local Settings\Temp\6.tmp -> Trojan.Small.ga : Cleaned with backup
C:\Documents and Settings\Jim\Local Settings\Temp\7.tmp -> Trojan.Small.ga : Cleaned with backup
C:\Documents and Settings\Jim\Local Settings\Temp\8.tmp -> Trojan.Small.ga : Cleaned with backup
C:\Documents and Settings\Jim\Local Settings\Temp\9.tmp -> Trojan.Small.ga : Cleaned with backup
C:\Documents and Settings\Jim\Local Settings\Temp\A.tmp -> Trojan.Small.ga : Cleaned with backup
C:\Documents and Settings\Jim\Local Settings\Temp\E3.tmp -> Trojan.Small.ga : Cleaned with backup
C:\Documents and Settings\Jim\Local Settings\Temp\E5.tmp -> Trojan.Small.ga : Cleaned with backup
C:\Documents and Settings\Jim\Local Settings\Temp\~110934.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Jim\Local Settings\Temp\~773681.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Jim\Local Settings\Temp\~820536.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Lára\Cookies\lára@-1shz2prbmdj6wvny-1sez2pra2dj6wjny-1sdzsdpw6dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Lára\Cookies\lára@112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Lára\Cookies\lára@a.tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Lára\Cookies\lára@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Lára\Cookies\lára@ad1.clickhype[1].txt -> Spyware.Cookie.Clickhype : Cleaned with backup
C:\Documents and Settings\Lára\Cookies\lára@adopt.euroclick[2].txt -> Spyware.Cookie.Euroclick : Cleaned with backup
C:\Documents and Settings\Lára\Cookies\lára@adorigin[1].txt -> Spyware.Cookie.Adorigin : Cleaned with backup
C:\Documents and Settings\Lára\Cookies\lára@ads.trafficvenue[1].txt -> Spyware.Cookie.Trafficvenue : Cleaned with backup
C:\Documents and Settings\Lára\Cookies\lára@ads15.bpath[1].txt -> Spyware.Cookie.Bpath : Cleaned with backup
C:\Documents and Settings\Lára\Cookies\lára@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Lára\Cookies\lára@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Lára\Cookies\lára@burstnet[1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Lára\Cookies\lára@casalemedia[2].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Lára\Cookies\lára@cneteurope.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Lára\Cookies\lára@cnn.122.2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Lára\Cookies\lára@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Lára\Cookies\lára@doubleclick[2].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Lára\Cookies\lára@e-2dj6wjkoalczelq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Lára\Cookies\lára@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Lára\Cookies\lára@free.wegcash[2].txt -> Spyware.Cookie.Wegcash : Cleaned with backup
C:\Documents and Settings\Lára\Cookies\lára@hypertracker[2].txt -> Spyware.Cookie.Hypertracker : Cleaned with backup
C:\Documents and Settings\Lára\Cookies\lára@ilead.itrack[1].txt -> Spyware.Cookie.Itrack : Cleaned with backup
C:\Documents and Settings\Lára\Cookies\lára@ivwbox[1].txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
C:\Documents and Settings\Lára\Cookies\lára@linkbuddies[1].txt -> Spyware.Cookie.Linkbuddies : Cleaned with backup
C:\Documents and Settings\Lára\Cookies\lára@msnportal.112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Lára\Cookies\lára@overture[2].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Lára\Cookies\lára@perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Lára\Cookies\lára@ppms.popularix[1].txt -> Spyware.Cookie.Popularix : Cleaned with backup
C:\Documents and Settings\Lára\Cookies\lára@questionmarket[2].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Lára\Cookies\lára@revenue[1].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Documents and Settings\Lára\Cookies\lára@rotator.adjuggler[1].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Lára\Cookies\lára@server.iad.liveperson[1].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Lára\Cookies\lára@serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Lára\Cookies\lára@statcounter[2].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Lára\Cookies\lára@statse.webtrendslive[1].txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Lára\Cookies\lára@targetnet[1].txt -> Spyware.Cookie.Targetnet : Cleaned with backup
C:\Documents and Settings\Lára\Cookies\lára@tfag[2].txt -> Spyware.Cookie.Tfag : Cleaned with backup
C:\Documents and Settings\Lára\Cookies\lára@trafficmp[2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Lára\Cookies\lára@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Lára\Cookies\lára@valueclick[2].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Lára\Cookies\lára@www.burstbeacon[1].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Lára\Cookies\lára@www.myaffiliateprogram[1].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Lára\Cookies\lára@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkysjczakpg2dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Lára\Cookies\lára@y-1shz2prbmdj6wvny-1sez2pra2dj6wjliwod5kdoaqdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Lára\Cookies\lára@yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Lára\Cookies\lára@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Application Data\Microsoft\Internet Explorer\V0.30.dat -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\12.tmp -> Trojan.Small.ga : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\13.tmp -> Trojan.Small.ga : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\76.tmp -> Trojan.Small.ga : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\77.tmp -> Trojan.Small.ga : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\Cookies\lára@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\__unin__.exe -> Spyware.Altnet : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\~115635.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\~2049.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\~324444.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\~339033.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\~477357.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\~479988.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\~486491.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\~493896.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\~495429.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\~499071.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\~504307.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\~523373.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\~530123.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\~530334.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\~547140.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\~552284.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\~568275.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\~571029.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\~575990.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\~583801.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\~592479.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\~602262.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\~605251.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\~609570.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\~615339.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\~616852.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\~623824.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\~628108.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\~628704.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\~632107.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\~634496.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\~640004.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\~647113.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\~659866.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\~668676.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\~670170.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\~673430.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\~675025.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\~680727.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\~681655.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\~688870.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\~689656.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\~689773.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\~697905.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\~702130.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\~712418.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\~716561.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\~717294.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\~719701.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\~720306.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\~720775.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\~722804.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\~724881.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\~733343.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\~736993.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\~737992.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\~739118.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\~748029.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\~774203.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\~774372.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\~780955.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\~782349.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\~785310.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\~787406.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\~789676.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\~791631.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\~796114.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\~807411.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\~821336.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\~828544.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\~832424.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\~833138.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\~835560.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\~836160.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\~836965.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\~841335.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\~841918.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\~844548.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\~851634.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\~852638.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\~854020.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\~854794.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\~857621.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\~858897.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\~860159.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\~866766.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\~872877.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\~903236.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\~908870.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\~912906.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\~915485.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\~916818.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\~917141.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\~928109.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\~934581.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\~957456.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\~959443.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\~960730.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\~968193.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temp\~972010.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Lára\Local Settings\Temporary Internet Files\Content.IE5\WDEZS9IZ\mm[2].js -> Spyware.Chitika : Cleaned with backup
C:\Program Files\Common Files\qzrf\qzrfp.exe -> Spyware.Xupiter : Cleaned with backup
C:\Program Files\HijackThis\backups\backup-20060108-133647-204.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Program Files\HijackThis\backups\backup-20060108-133647-347.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Program Files\Trustix\Trustix Personal Firewall\KP\barry@doubleclick[1].txte -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Program Files\Trustix\Trustix Personal Firewall\KP\david@counter1.sextracker[1].txte -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Program Files\Trustix\Trustix Personal Firewall\KP\david@counter10.sextracker[2].txte -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Program Files\Trustix\Trustix Personal Firewall\KP\david@counter11.sextracker[2].txte -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Program Files\Trustix\Trustix Personal Firewall\KP\david@counter12.sextracker[2].txte -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Program Files\Trustix\Trustix Personal Firewall\KP\david@counter13.sextracker[1].txte -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Program Files\Trustix\Trustix Personal Firewall\KP\david@counter14.sextracker[2].txte -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Program Files\Trustix\Trustix Personal Firewall\KP\david@counter15.sextracker[2].txte -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Program Files\Trustix\Trustix Personal Firewall\KP\david@counter16.sextracker[1].txte -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Program Files\Trustix\Trustix Personal Firewall\KP\david@counter2.sextracker[2].txte -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Program Files\Trustix\Trustix Personal Firewall\KP\david@counter3.sextracker[2].txte -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Program Files\Trustix\Trustix Personal Firewall\KP\david@counter4.sextracker[2].txte -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Program Files\Trustix\Trustix Personal Firewall\KP\david@counter5.sextracker[1].txte -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Program Files\Trustix\Trustix Personal Firewall\KP\david@counter6.sextracker[2].txte -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Program Files\Trustix\Trustix Personal Firewall\KP\david@counter7.sextracker[1].txte -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Program Files\Trustix\Trustix Personal Firewall\KP\david@counter8.sextracker[2].txte -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Program Files\Trustix\Trustix Personal Firewall\KP\david@counter9.sextracker[1].txte -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Program Files\Trustix\Trustix Personal Firewall\KP\david@doubleclick[1].txte -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Program Files\Trustix\Trustix Personal Firewall\KP\david@sexlist[1].txte -> Spyware.Cookie.Sexlist : Cleaned with backup
C:\Program Files\Trustix\Trustix Personal Firewall\KP\david@sextracker[1].txte -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Program Files\Trustix\Trustix Personal Firewall\KP\david@sextracker[2].txte -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Program Files\Trustix\Trustix Personal Firewall\KP\david@valueclick[1].txte -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Program Files\Trustix\Trustix Personal Firewall\KP\lára@counter12.sextracker[1].txte -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Program Files\Trustix\Trustix Personal Firewall\KP\lára@counter13.sextracker[1].txte -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Program Files\Trustix\Trustix Personal Firewall\KP\lára@counter8.sextracker[1].txte -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Program Files\Trustix\Trustix Personal Firewall\KP\lára@counter9.sextracker[1].txte -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Program Files\Trustix\Trustix Personal Firewall\KP\lára@doubleclick[1].txte -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Program Files\Trustix\Trustix Personal Firewall\KP\lára@doubleclick[1].txtee -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Program Files\Trustix\Trustix Personal Firewall\KP\lára@sexlist[2].txte -> Spyware.Cookie.Sexlist : Cleaned with backup
C:\Program Files\Trustix\Trustix Personal Firewall\KP\lára@sextracker[1].txte -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Program Files\Trustix\Trustix Personal Firewall\KP\lára@valueclick[2].txte -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Program Files\Yahoo!\Messenger\ycomp.dll -> Spyware.Yahoo : Cleaned with backup
C:\RECYCLER\S-1-5-21-4129630122-700676351-2873503686-1007\Dc7.exe -> Downloader.IstBar.nj : Cleaned with backup





Continued on next post

Edited by kaiser_guy, 08 January 2006 - 03:37 PM.


#11 kaiser_guy

kaiser_guy
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:57 AM

Posted 08 January 2006 - 03:39 PM

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000006.dll -> Spyware.SpywareNo : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000032.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000040.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000053.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000081.dll -> Downloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3\A0000206.exe -> Spyware.FastFind : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3\A0000209.dll -> Trojan.Small.ev : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3\A0000363.exe -> Adware.SurfAccuracy : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3\A0000364.exe -> Adware.SurfAccuracy : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3\A0000575.dll -> Downloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3\A0000576.dll -> Downloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3\A0000577.dll -> Downloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3\A0000578.dll -> Downloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3\A0000634.exe -> Downloader.Agent.td : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0000640.ini:layic -> Downloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0000641.ini:ocuya -> Downloader.Agent.td : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0000649.ini:layic -> Downloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0000652.ini:ocuya -> Downloader.Agent.td : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0001648.ini:layic -> Downloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0001650.ini:ocuya -> Downloader.Agent.td : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0001735.ini:layic -> Downloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0001737.ini:ocuya -> Downloader.Agent.td : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0001758.ini:layic -> Downloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0001759.ini:ocuya -> Downloader.Agent.td : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0001863.ini:layic -> Downloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0001866.ini:ocuya -> Downloader.Agent.td : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0001898.ini:layic -> Downloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0001899.ini:ocuya -> Downloader.Agent.td : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0001937.ini:layic -> Downloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0001938.ini:ocuya -> Downloader.Agent.td : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0001954.ini:layic -> Downloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0001955.ini:ocuya -> Downloader.Agent.td : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0001987.ini:layic -> Downloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0001989.ini:ocuya -> Downloader.Agent.td : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0002014.ini:layic -> Downloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0002015.ini:ocuya -> Downloader.Agent.td : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0002047.ini:layic -> Downloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0002048.ini:ocuya -> Downloader.Agent.td : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0002075.ini:layic -> Downloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0002076.ini:ocuya -> Downloader.Agent.td : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0002094.ini:layic -> Downloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0002095.ini:ocuya -> Downloader.Agent.td : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0002118.ini:layic -> Downloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0002119.ini:ocuya -> Downloader.Agent.td : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0002150.ini:layic -> Downloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0002151.ini:ocuya -> Downloader.Agent.td : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0002182.ini:layic -> Downloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0002183.ini:ocuya -> Downloader.Agent.td : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP5\A0002216.ini:layic -> Downloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP5\A0002217.ini:ocuya -> Downloader.Agent.td : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP5\A0002223.ini:layic -> Downloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP5\A0002225.ini:ocuya -> Downloader.Agent.td : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0002237.ini:layic -> Downloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0002238.ini:ocuya -> Downloader.Agent.td : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0002243.ini:layic -> Downloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0002244.ini:ocuya -> Downloader.Agent.td : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0002313.ini:layic -> Downloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0002316.ini:ocuya -> Downloader.Agent.td : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0002330.ini:ocuya -> Downloader.Agent.td : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0002458.ini:layic -> Downloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0002631.ini:layic -> Downloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0002654.ini:layic -> Downloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0002655.ini:ocuya -> Downloader.Agent.td : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0002684.ini:layic -> Downloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0002685.ini:ocuya -> Downloader.Agent.td : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0002756.ini:ocuya -> Downloader.Agent.td : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0002761.ini:ocuya -> Downloader.Agent.td : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0002809.ini:ocuya -> Downloader.Agent.td : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0002829.ini:ocuya -> Downloader.Agent.td : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0002845.ini:ocuya -> Downloader.Agent.td : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0002861.ini:ocuya -> Downloader.Agent.td : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0002888.ini:ocuya -> Downloader.Agent.td : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0002912.ini:ocuya -> Downloader.Agent.td : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0002932.dll -> Downloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0002933.dll -> Downloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0002935.exe -> Downloader.Agent.td : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0003933.ini:ocuya -> Downloader.Agent.td : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0003939.exe -> Downloader.Agent.td : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0003941.exe -> Trojan.Small.cy : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0003950.ini:ocuya -> Downloader.Agent.td : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0003958.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0003959.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0003960.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0003961.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0003962.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0003963.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0003964.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0003965.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0003966.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0003967.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0003968.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0003970.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0003971.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0003972.dll -> Downloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0003974.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0003975.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0003976.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0003977.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0003979.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0003981.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0003982.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0003984.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0003985.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0003987.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0003988.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0003989.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0003990.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0003991.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0003994.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0003995.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0003996.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0003998.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0004000.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0004001.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0004002.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0004003.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\popcaploader.dll -> Not-A-Virus.RiskWare.Downloader.PopCap.a : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.RiskWare.Downloader.PopCap.a : Cleaned with backup
C:\WINDOWS\Lycos\ss_IGN1_setup.exe -> Spyware.Sidesearch.d : Cleaned with backup
C:\WINDOWS\SYSTEM\N0.exe -> Downloader.Small.rg : Cleaned with backup
C:\WINDOWS\SYSTEM32\intell32.exe -> Spyware.PSGuard : Cleaned with backup


::Report End

#12 kaiser_guy

kaiser_guy
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:57 AM

Posted 08 January 2006 - 03:40 PM

Here's the Kaspersky Log:

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Sunday, January 08, 2006 19:52:22
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 8/01/2006
Kaspersky Anti-Virus database records: 169937
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 134485
Number of viruses found: 24
Number of infected objects: 222
Number of suspicious objects: 2
Duration of the scan process: 6717 sec

Infected Object Name - Virus Name
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISTbarSlotch2.zip/istsvc.exe Suspicious: Password-protected-EXE
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISTbarSlotch2.zip Suspicious: Password-protected-EXE
C:\Documents and Settings\Barry\Shared\### mircro soft word.ace/setup.exe Infected: Trojan-Downloader.Win32.IstBar.nj
C:\Documents and Settings\Barry\Shared\### mircro soft word.ace Infected: Trojan-Downloader.Win32.IstBar.nj
C:\Documents and Settings\Barry\Shared\[release] mircro soft word\setup.exe/stream Infected: Trojan-Downloader.Win32.IstBar.no
C:\Documents and Settings\Barry\Shared\[release] mircro soft word\setup.exe Infected: Trojan-Downloader.Win32.IstBar.no
C:\Documents and Settings\Barry\Shared\[release] mircro soft word.zip/setup.exe/stream Infected: Trojan-Downloader.Win32.IstBar.no
C:\Documents and Settings\Barry\Shared\[release] mircro soft word.zip/setup.exe Infected: Trojan-Downloader.Win32.IstBar.no
C:\Documents and Settings\Barry\Shared\[release] mircro soft word.zip Infected: Trojan-Downloader.Win32.IstBar.no
C:\Documents and Settings\Lára\Desktop\Dogs\santafree.exe/WISE0036.BIN/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.c
C:\Documents and Settings\Lára\Desktop\Dogs\santafree.exe/WISE0036.BIN/data0001.cab/SaveUninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.af
C:\Documents and Settings\Lára\Desktop\Dogs\santafree.exe/WISE0036.BIN/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.af
C:\Documents and Settings\Lára\Desktop\Dogs\santafree.exe/WISE0036.BIN/data0002.cab/Sync.exe Infected: not-a-virus:AdWare.Win32.SaveNow.v
C:\Documents and Settings\Lára\Desktop\Dogs\santafree.exe/WISE0036.BIN/data0002.cab/Uninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.v
C:\Documents and Settings\Lára\Desktop\Dogs\santafree.exe/WISE0036.BIN/data0002.cab Infected: not-a-virus:AdWare.Win32.SaveNow.v
C:\Documents and Settings\Lára\Desktop\Dogs\santafree.exe/WISE0036.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.v
C:\Documents and Settings\Lára\Desktop\Dogs\santafree.exe/WISE0037.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet
C:\Documents and Settings\Lára\Desktop\Dogs\santafree.exe/WISE0038.BIN/Webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.320
C:\Documents and Settings\Lára\Desktop\Dogs\santafree.exe/WISE0038.BIN/WhAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.320
C:\Documents and Settings\Lára\Desktop\Dogs\santafree.exe/WISE0038.BIN/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer.320
C:\Documents and Settings\Lára\Desktop\Dogs\santafree.exe/WISE0038.BIN/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer.320
C:\Documents and Settings\Lára\Desktop\Dogs\santafree.exe/WISE0038.BIN/WhSurvey.exe Infected: not-a-virus:AdWare.Win32.WebHancer.320
C:\Documents and Settings\Lára\Desktop\Dogs\santafree.exe/WISE0038.BIN Infected: not-a-virus:AdWare.Win32.WebHancer.320
C:\Documents and Settings\Lára\Desktop\Dogs\santafree.exe Infected: not-a-virus:AdWare.Win32.WebHancer.320
C:\Documents and Settings\Lára\Local Settings\Temp\NE4.exe/NHInstall.exe Infected: not-a-virus:AdWare.Win32.NavExcel.d
C:\Documents and Settings\Lára\Local Settings\Temp\NE4.exe/v2.0.4.cab/NHUninstaller.exe Infected: not-a-virus:AdWare.Win32.NavExcel
C:\Documents and Settings\Lára\Local Settings\Temp\NE4.exe/v2.0.4.cab/NHelper.dll Infected: not-a-virus:AdWare.Win32.NavExcel
C:\Documents and Settings\Lára\Local Settings\Temp\NE4.exe/v2.0.4.cab/NHUpdater.exe Infected: not-a-virus:AdWare.Win32.NavExcel
C:\Documents and Settings\Lára\Local Settings\Temp\NE4.exe/v2.0.4.cab Infected: not-a-virus:AdWare.Win32.NavExcel
C:\Documents and Settings\Lára\Local Settings\Temp\NE4.exe Infected: not-a-virus:AdWare.Win32.NavExcel
C:\Documents and Settings\Lára\My Documents\My Received Files\AresFileshare1.1-Setup.zip/AresFileshare1.1-Setup.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.Webdir.b
C:\Documents and Settings\Lára\My Documents\My Received Files\AresFileshare1.1-Setup.zip/AresFileshare1.1-Setup.exe/stream Infected: not-a-virus:AdWare.Win32.Webdir.b
C:\Documents and Settings\Lára\My Documents\My Received Files\AresFileshare1.1-Setup.zip/AresFileshare1.1-Setup.exe Infected: not-a-virus:AdWare.Win32.Webdir.b
C:\Documents and Settings\Lára\My Documents\My Received Files\AresFileshare1.1-Setup.zip Infected: not-a-virus:AdWare.Win32.Webdir.b
C:\Program Files\Microsoft AntiSpyware\Quarantine\081F9CAB-0FC5-48D5-86DC-B59861\52C556F3-6183-465E-9D22-511C06/NHInstall.exe Infected: not-a-virus:AdWare.Win32.NavExcel.d
C:\Program Files\Microsoft AntiSpyware\Quarantine\081F9CAB-0FC5-48D5-86DC-B59861\52C556F3-6183-465E-9D22-511C06/v2.0.4.cab/NHUninstaller.exe Infected: not-a-virus:AdWare.Win32.NavExcel
C:\Program Files\Microsoft AntiSpyware\Quarantine\081F9CAB-0FC5-48D5-86DC-B59861\52C556F3-6183-465E-9D22-511C06/v2.0.4.cab/NHelper.dll Infected: not-a-virus:AdWare.Win32.NavExcel
C:\Program Files\Microsoft AntiSpyware\Quarantine\081F9CAB-0FC5-48D5-86DC-B59861\52C556F3-6183-465E-9D22-511C06/v2.0.4.cab/NHUpdater.exe Infected: not-a-virus:AdWare.Win32.NavExcel
C:\Program Files\Microsoft AntiSpyware\Quarantine\081F9CAB-0FC5-48D5-86DC-B59861\52C556F3-6183-465E-9D22-511C06/v2.0.4.cab Infected: not-a-virus:AdWare.Win32.NavExcel
C:\Program Files\Microsoft AntiSpyware\Quarantine\081F9CAB-0FC5-48D5-86DC-B59861\52C556F3-6183-465E-9D22-511C06 Infected: not-a-virus:AdWare.Win32.NavExcel
C:\Program Files\Microsoft AntiSpyware\Quarantine\081F9CAB-0FC5-48D5-86DC-B59861\9B88F7AF-1035-41DE-9189-2F0CBD Infected: not-a-virus:AdWare.Win32.NavExcel.k
C:\Program Files\Norton AntiVirus\Quarantine\0AD82275.doc/ThisDocument Infected: Virus.MSWord.Marker.hj
C:\Program Files\Norton AntiVirus\Quarantine\0AD82275.doc Infected: Virus.MSWord.Marker.hj
C:\Program Files\Norton AntiVirus\Quarantine\35BC2794.doc/ThisDocument Infected: Virus.MSWord.Marker.hj
C:\Program Files\Norton AntiVirus\Quarantine\35BC2794.doc Infected: Virus.MSWord.Marker.hj
C:\Program Files\Norton AntiVirus\Quarantine\3D022394.doc/ThisDocument Infected: Virus.MSWord.Marker.hj
C:\Program Files\Norton AntiVirus\Quarantine\3D022394.doc Infected: Virus.MSWord.Marker.hj
C:\Program Files\Norton AntiVirus\Quarantine\54B65977.doc/ThisDocument Infected: Virus.MSWord.Marker.hj
C:\Program Files\Norton AntiVirus\Quarantine\54B65977.doc Infected: Virus.MSWord.Marker.hj
C:\Program Files\Trustix\Trustix Personal Firewall\KP\GMT.exee Infected: not-a-virus:AdWare.Win32.Gator.5112
C:\RECYCLER\S-1-5-21-4129630122-700676351-2873503686-1007\Dc3\setup.exe/stream Infected: Trojan-Downloader.Win32.IstBar.no
C:\RECYCLER\S-1-5-21-4129630122-700676351-2873503686-1007\Dc3\setup.exe Infected: Trojan-Downloader.Win32.IstBar.no
C:\RECYCLER\S-1-5-21-4129630122-700676351-2873503686-1007\Dc4.zip/setup.exe/stream Infected: Trojan-Downloader.Win32.IstBar.no
C:\RECYCLER\S-1-5-21-4129630122-700676351-2873503686-1007\Dc4.zip/setup.exe Infected: Trojan-Downloader.Win32.IstBar.no
C:\RECYCLER\S-1-5-21-4129630122-700676351-2873503686-1007\Dc4.zip Infected: Trojan-Downloader.Win32.IstBar.no
C:\RECYCLER\S-1-5-21-4129630122-700676351-2873503686-1007\Dc5.ace/setup.exe Infected: Trojan-Downloader.Win32.IstBar.nj
C:\RECYCLER\S-1-5-21-4129630122-700676351-2873503686-1007\Dc5.ace Infected: Trojan-Downloader.Win32.IstBar.nj
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000001.ini:paifom:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000019.ini:paifom:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000037.ini:paifom:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000059.ini:paifom:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000071.ini:paifom:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000086.ini:paifom:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000110.ini:paifom:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0000144.ini:xctizt:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0000164.ini:xctizt:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0000173.ini:xctizt:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0000182.ini:xctizt:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3\A0000199.ini:xctizt:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3\A0000232.ini:patapv:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3\A0000236.INI:abwtlq:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3\A0000237.ini:xctizt:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3\A0000238.ini:hwxbvg:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3\A0000251.ini:patapv:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3\A0000253.INI:abwtlq:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3\A0000255.ini:xctizt:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3\A0000256.ini:hwxbvg:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3\A0000375.ini:patapv:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3\A0000376.INI:abwtlq:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3\A0000382.ini:xctizt:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3\A0000383.ini:hwxbvg:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3\A0000384.INI:ijsief:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3\A0000427.ini:patapv:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3\A0000428.INI:abwtlq:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3\A0000439.ini:xctizt:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3\A0000440.ini:hwxbvg:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3\A0000441.INI:ijsief:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3\A0000455.ini:patapv:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3\A0000457.INI:abwtlq:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3\A0000462.ini:xctizt:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3\A0000463.ini:hwxbvg:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3\A0000464.INI:ijsief:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3\A0000556.ini:patapv:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3\A0000558.ini:xctizt:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3\A0000559.ini:hwxbvg:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3\A0000560.INI:ijsief:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3\A0000563.INI:abwtlq:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3\A0000586.ini:patapv:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3\A0000587.INI:abwtlq:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3\A0000629.ini:patapv:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3\A0000630.INI:abwtlq:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3\A0000632.INI:ijsief:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0000639.ini:ftwsvb:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0000656.INI:ijsief:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0000659.ini:ftwsvb:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0001649.ini:ftwsvb:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0001672.INI:ijsief:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0001750.INI:ijsief:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0001754.ini:ftwsvb:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0001762.ini:ftwsvb:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0001766.INI:ijsief:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0001864.ini:ftwsvb:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0001870.INI:ijsief:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0001902.ini:ftwsvb:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0001905.INI:ijsief:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0001941.INI:ijsief:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0001950.ini:ftwsvb:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0001958.ini:ftwsvb:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0001968.INI:ijsief:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0001988.ini:ftwsvb:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0001993.INI:ijsief:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0002018.INI:ijsief:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0002022.ini:ftwsvb:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0002051.ini:ftwsvb:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0002061.INI:ijsief:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0002079.ini:ftwsvb:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0002081.INI:ijsief:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0002098.ini:ftwsvb:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0002105.INI:ijsief:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0002123.ini:ftwsvb:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0002130.INI:ijsief:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0002155.ini:ftwsvb:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0002156.INI:ijsief:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0002185.INI:ijsief:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0002188.ini:ftwsvb:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP5\A0002222.ini:ftwsvb:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP5\A0002229.INI:ijsief:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0002239.ini:ftwsvb:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0002247.ini:ftwsvb:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0002254.INI:ijsief:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0002314.ini:ftwsvb:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0002318.QTW:cflhol:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0002319.INI:ijsief:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0002329.ini:ftwsvb:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0002621.QTW:cflhol:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0002622.INI:ijsief:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0002639.ini:aakjix:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0002640.ini:lbvces:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0002641.QTW:cflhol:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0002642.INI:ijsief:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0002646.ini:ftwsvb:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0002658.ini:ftwsvb:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0002664.ini:aakjix:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0002665.ini:lbvces:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0002666.QTW:cflhol:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0002667.INI:ijsief:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0002688.ini:ftwsvb:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0002690.ini:aakjix:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0002691.ini:lbvces:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0002692.QTW:cflhol:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0002693.INI:ijsief:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0002755.ini:layic:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0002760.ini:layic:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0002776.ini:aakjix:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0002777.ini:lbvces:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0002778.ini:ftwsvb:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0002779.QTW:cflhol:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0002780.INI:ijsief:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0002808.ini:layic:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0002816.ini:aakjix:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0002817.ini:lbvces:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0002818.QTW:cflhol:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0002819.INI:ijsief:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0002821.ini:ftwsvb:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0002828.ini:layic:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0002830.ini:ftwsvb:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0002842.ini:layic:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0002843.ini:ftwsvb:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0002860.ini:layic:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0002876.ini:ftwsvb:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0002887.ini:layic:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0002890.ini:aakjix:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0002891.ini:lbvces:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0002892.QTW:cflhol:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0002893.INI:ijsief:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0002897.ini:ftwsvb:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0002911.ini:layic:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0002915.ini:ftwsvb:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0002922.ini:aakjix:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0002923.ini:lbvces:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0002924.QTW:cflhol:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0002925.INI:ijsief:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0003932.ini:layic:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0003942.ini:paifom:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0003943.ini:patapv:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0003944.INI:abwtlq:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0003945.INI:ijsief:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0003947.ini:xctizt:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0003948.ini:layic:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0003949.ini:hwxbvg:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0003951.ini:qrjdet:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0003952.ini:aakjix:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0003953.ini:lbvces:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0003954.scr:tlfbvq:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0003955.ini:ftwsvb:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0003956.QTW:cflhol:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0003957.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0003969.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0003973.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0003980.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0003993.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0003999.dll Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0004373.dll Infected: not-a-virus:AdWare.Win32.BHO.x
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0004374.exe Infected: Trojan-Downloader.Win32.IstBar.nj
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0004375.exe Infected: not-a-virus:AdWare.Win32.Xupiter.m
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0004376.dll Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0004377.dll Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0004379.exe Infected: Trojan-Downloader.Win32.IstBar.nj
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0004380.exe/data0002 Infected: not-a-virus:AdWare.Win32.Sidesearch.d
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0004380.exe Infected: not-a-virus:AdWare.Win32.Sidesearch.d
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0004381.exe Infected: Trojan-Downloader.Win32.Small.rg
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP7\A0004382.exe Infected: Trojan-Downloader.Win32.Small.vu
C:\WINDOWS\1on1.exe Infected: not-a-virus:Porn-Dialer.Win32.AsianRaw.l
C:\WINDOWS\SYSTEM32\1jbfc7hi.ini Infected: not-a-virus:AdWare.Win32.Sahat.ao

Scan process completed.


Here's what HijackThis had to say:

Logfile of HijackThis v1.99.1
Scan saved at 20:04:10, on 08/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-gb\bin\WindowsSearch.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-gb\bin\WindowsSearchIndexer.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.microsoft.com/search/search.asp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsoft.com/search/search.asp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.microsoft.com/search/search.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.worldsnooker.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/search/search.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://home.microsoft.com/search/search.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.microsoft.com/search/search.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://home.microsoft.com/search/search.asp
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://home.microsoft.com/search/search.asp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://home.microsoft.com/search/search.asp
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {3C429116-BB93-5F0C-88F2-42257E2E113A} - C:\WINDOWS\neths.dll (file missing)
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {F3DF3C5A-2566-083E-2CA1-07FE7B5682F8} - C:\WINDOWS\system32\sdkga32.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-gb\bin\WindowsSearch.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll/search.htm
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-gb\msntabres.dll/229?df72d655183c42ba9df8616c2b45b19
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-gb\msntabres.dll/230?df72d655183c42ba9df8616c2b45b19
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Translate Page - res://c:\program files\google\GoogleToolbar_en_2.0.95-deleon.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.eircom.net
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kav...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/common/Member/ClientIn...3/OCI/setup.exe
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
O16 - DPF: {5D1E3FA5-64FF-4387-9418-F1D67AFB2247} (MaxisSuperstarTeleX Control) - http://thesims.ea.com/teleport/superstar/M...erstarTeleX.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) - http://mirror.worldwinner.com/games/shared/dephlp.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1123789118890
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab
O16 - DPF: {963BE66B-121D-4E6C-BF9F-1A774D9A2E41} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupdate.exe
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) - http://mirror.worldwinner.com/games/v55/cubis/cubis.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zone.msn.com/binary/ZAxRcMgr.cab
O16 - DPF: {AD08A333-609E-11D3-950C-008098601567} - http://wordreference.com/Install/English%20to%20German.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.companion....bio5_3_16_0.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

End of reports.

Edited by kaiser_guy, 08 January 2006 - 03:41 PM.


#13 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:03:57 PM

Posted 08 January 2006 - 03:56 PM

Hi,

You really have to be careful with P2Pprograms, because it looks like you downloaded and even installed infected files which caused all these problems.

Concerning smitrem, well, I suggest you run it in normal mode then, because some leftovers will still be present.

After running smitrem, reboot! Important!

The reason why you couldn't find the aboutbuster-log is because most probably you got the message that comctl32.ocx was missing or corrupted.
To fix this, perform next:

Download comctl32.ocx
Place this in your C:\Windows\System32-folder

Go to start > run and type: regsvr32 COMCTL32.OCX
You should see a message saying "DllRegisterServer ... succeeded" afterwards



* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

O2 - BHO: Class - {3C429116-BB93-5F0C-88F2-42257E2E113A} - C:\WINDOWS\neths.dll (file missing)
O2 - BHO: Class - {F3DF3C5A-2566-083E-2CA1-07FE7B5682F8} - C:\WINDOWS\system32\sdkga32.dll (file missing)


* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

Delete next files:

C:\Documents and Settings\Lára\Desktop\Dogs\santafree.exe
C:\Documents and Settings\Barry\Shared\### mircro soft word.ace
C:\Documents and Settings\Barry\Shared\[release] mircro soft word.zip
C:\Documents and Settings\Lára\My Documents\My Received Files\AresFileshare1.1-Setup.zip
C:\WINDOWS\1on1.exe
C:\WINDOWS\SYSTEM32\1jbfc7hi.ini

Reboot and post a new hijackthislog together with the smitrem log which you will find on your C:\ with the name smitfiles.txt

Concerning your Norton, if it's a legal version, I suggest you uninstall it and reinstall it, because malware probably corrupted it. Keep in mind, if you use an illegal/c.racked version from Norton, then this is normal and happens it's getting disabled and doesn't work properly anymore.

There are also great free antivirus and firewalls though..

AVG, AntiVir® OR Avast are good FREE antivirus.
Never install more than one antivirusscanner or firewall on your system! Several together can give problems and decrease the reliability of it seriously!
Zonealarm, Agnitum Outpost Free OR Kerio are FREE firewalls.

Understanding and using firewalls

So in case you decide to install another one, please uninstall Norton before and reboot.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#14 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:03:57 PM

Posted 08 January 2006 - 04:02 PM

By the way.. did you run Ccleaner as I asked you? I suggest you run it again as well. :thumbsup:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#15 kaiser_guy

kaiser_guy
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:57 AM

Posted 08 January 2006 - 08:25 PM

Yes, I did run Ccleaner, and yes, I ran it again. Well, I followed your instructions and have the following for you to inspect:

Firstly, HijackThis:

Logfile of HijackThis v1.99.1
Scan saved at 01:16:34, on 09/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.microsoft.com/search/search.asp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.worldsnooker.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://home.microsoft.com/search/search.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://home.microsoft.com/search/search.asp
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://home.microsoft.com/search/search.asp
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-gb\bin\WindowsSearch.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll/search.htm
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-gb\msntabres.dll/229?df72d655183c42ba9df8616c2b45b19
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-gb\msntabres.dll/230?df72d655183c42ba9df8616c2b45b19
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Translate Page - res://c:\program files\google\GoogleToolbar_en_2.0.95-deleon.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.eircom.net
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kav...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/common/Member/ClientIn...3/OCI/setup.exe
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
O16 - DPF: {5D1E3FA5-64FF-4387-9418-F1D67AFB2247} (MaxisSuperstarTeleX Control) - http://thesims.ea.com/teleport/superstar/M...erstarTeleX.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) - http://mirror.worldwinner.com/games/shared/dephlp.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1123789118890
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab
O16 - DPF: {963BE66B-121D-4E6C-BF9F-1A774D9A2E41} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupdate.exe
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) - http://mirror.worldwinner.com/games/v55/cubis/cubis.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zone.msn.com/binary/ZAxRcMgr.cab
O16 - DPF: {AD08A333-609E-11D3-950C-008098601567} - http://wordreference.com/Install/English%20to%20German.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.companion....bio5_3_16_0.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe



And here's the smitrem log:

smitRem © log file
version 2.8

by noahdfear


Microsoft Windows XP [Version 5.1.2600]
The current date is: 09/01/2006
The current time is: 0:02:11.78

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key


PSGuard.com key not present!


checking for WinHound.com key


WinHound.com key not present!

spyaxe uninstaller NOT present
Winhound uninstaller NOT present
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~

Install.dat


~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 248 'explorer.exe'

Starting registry repairs

Deleting files


Remaining Post-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~ Miscellaneous Files/folders ~~~




~~~ Wininet.dll ~~~

CLEAN! :thumbsup:


I await your instructions, O wise one.

David




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users