Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Problem With About:blank, 123search, Coolwebsearch And Searchclick,


  • This topic is locked This topic is locked
5 replies to this topic

#1 jennyh

jennyh

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:05 AM

Posted 05 January 2006 - 11:06 PM

I have already downloaded and used Ad-Aware SE, Spybot, Ewido, a2 and Stinger.
I have been running MS Anti Spware, SpySubtract and NAV. However I still can't seem to get a clean scan, even after I scanned in safe mode. Any help with the next step would be appreciated.
THANKS!



Logfile of HijackThis v1.99.1
Scan saved at 11:00:49 PM, on 05/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\QuickTime\qttask.exe
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\A.tmp.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\ieyw32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\d3zc.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\tmmca.dll/sp.html#28129%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\tmmca.dll/sp.html#28129%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\tmmca.dll/sp.html#28129%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\tmmca.dll/sp.html#28129%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\tmmca.dll/sp.html#28129%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\tmmca.dll/sp.html#28129%resultposition.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\tmmca.dll/sp.html#28129%resultposition.net
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {13BD8F78-7E21-B649-0FD6-1E7E44CDB342} - C:\WINDOWS\system32\crzo32.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Class - {5C234103-94D8-FE86-BF5F-D52FD6347B89} - C:\WINDOWS\system32\addop32.dll (file missing)
O2 - BHO: Class - {70DE2EDA-D64D-1A21-3F0F-2B70E7430DA1} - C:\WINDOWS\system32\sysgo.dll (file missing)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Class - {B94286B3-9087-D351-F81A-C5079026EC35} - C:\WINDOWS\ipkz.dll (file missing)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-ca\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {DE169790-8483-BF6B-344F-D83EAEB513E2} - C:\WINDOWS\sdkfd32.dll (file missing)
O2 - BHO: (no name) - {E15C1770-8B06-C7F0-92C3-8514CE8ED8C1} - (no file)
O2 - BHO: Class - {F8008B13-FD1D-9DAB-25AF-95EAB9FA0AC5} - C:\WINDOWS\javabp.dll (file missing)
O2 - BHO: Class - {FF50A5D1-627C-F3FD-84A6-9BF65E699D6C} - C:\WINDOWS\system32\winyv32.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-ca\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [A.tmp] C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\A.tmp.exe
O4 - HKLM\..\Run: [E.tmp] C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\E.tmp.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [A.tmp.exe] C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\A.tmp.exe
O4 - HKLM\..\Run: [E.tmp.exe] C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\E.tmp.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [ipuy32.exe] C:\WINDOWS\system32\ipuy32.exe
O4 - HKLM\..\Run: [sdkiy.exe] C:\WINDOWS\system32\sdkiy.exe
O4 - HKLM\..\Run: [sdkbg.exe] C:\WINDOWS\sdkbg.exe
O4 - HKLM\..\Run: [mfcfx.exe] C:\WINDOWS\system32\mfcfx.exe
O4 - HKLM\..\Run: [iexr32.exe] C:\WINDOWS\iexr32.exe
O4 - HKLM\..\Run: [netyt32.exe] C:\WINDOWS\netyt32.exe
O4 - HKLM\..\Run: [ieyw32.exe] C:\WINDOWS\system32\ieyw32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Compaq Organize.lnk = ?
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://sympatico.zone.msn.com/binFramework...ro.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Remote Procedure Call (RPC) Helper ( 11F#`I) - Unknown owner - C:\WINDOWS\d3zc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - c:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:04:05 PM

Posted 06 January 2006 - 10:01 AM

Hello,

It's better to print out the next instructions or save it in notepad, because you also have to work in safe mode without networking support, so this page wouldn't be available then.
It is also important you don't miss a step and perform everything in the right order!!

Download AboutBuster.
Unzip AboutBuster.
Read here how to unzip/extract properly:
http://metallica.geekstogo.com/xpcompressedexplanation.html
You may not run it aboutbuster yet, that's for later.

* Download and install CCleaner
Do not use it yet.

* Download this regfix: HSfix
Unzip it and place it on your desktop, don't use it yet!

I see you already have Ewido installed. Please update it, but do not run the scan yet.

We also need to disable your Microsoft AntiSpyware Real-time Protection as it may interfere with the fixes.

Open Microsoft AntiSpyware.
Click on Tools, Settings.
In the left pane, click on Real-time Protection.
Under Startup Options uncheck: Enable the Microsoft AntiSpyware Security Agents on startup (recommended).
Under Real-time spyware threat protection uncheck: Enable real-time spyware threat protection (recommended).
After you uncheck these, click on the Save button and close Microsoft AntiSpyware.
Right click on the Microsoft AntiSpyware icon on the taskbar and select Shutdown Microsoft AntiSpyware.

* Please reboot your system into SAFE MODE.
To get into the Windows XP Safe mode as the computer is booting press and hold your "F8 Key" which should bring up the "Windows Advanced Options Menu". Use your arrow keys to move to "Safe Mode" and press your Enter key.

* Start hijackthis and click scan and put a checkmark next to the following items:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\tmmca.dll/sp.html#28129%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\tmmca.dll/sp.html#28129%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\tmmca.dll/sp.html#28129%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\tmmca.dll/sp.html#28129%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\tmmca.dll/sp.html#28129%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\tmmca.dll/sp.html#28129%resultposition.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\tmmca.dll/sp.html#28129%resultposition.net
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {13BD8F78-7E21-B649-0FD6-1E7E44CDB342} - C:\WINDOWS\system32\crzo32.dll (file missing)
O2 - BHO: Class - {5C234103-94D8-FE86-BF5F-D52FD6347B89} - C:\WINDOWS\system32\addop32.dll (file missing)
O2 - BHO: Class - {70DE2EDA-D64D-1A21-3F0F-2B70E7430DA1} - C:\WINDOWS\system32\sysgo.dll (file missing)
O2 - BHO: Class - {B94286B3-9087-D351-F81A-C5079026EC35} - C:\WINDOWS\ipkz.dll (file missing)
O2 - BHO: Class - {DE169790-8483-BF6B-344F-D83EAEB513E2} - C:\WINDOWS\sdkfd32.dll (file missing)
O2 - BHO: (no name) - {E15C1770-8B06-C7F0-92C3-8514CE8ED8C1} - (no file)
O2 - BHO: Class - {F8008B13-FD1D-9DAB-25AF-95EAB9FA0AC5} - C:\WINDOWS\javabp.dll (file missing)
O2 - BHO: Class - {FF50A5D1-627C-F3FD-84A6-9BF65E699D6C} - C:\WINDOWS\system32\winyv32.dll (file missing)
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [A.tmp] C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\A.tmp.exe
O4 - HKLM\..\Run: [E.tmp] C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\E.tmp.exe
O4 - HKLM\..\Run: [A.tmp.exe] C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\A.tmp.exe
O4 - HKLM\..\Run: [E.tmp.exe] C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\E.tmp.exe
O4 - HKLM\..\Run: [ipuy32.exe] C:\WINDOWS\system32\ipuy32.exe
O4 - HKLM\..\Run: [sdkiy.exe] C:\WINDOWS\system32\sdkiy.exe
O4 - HKLM\..\Run: [sdkbg.exe] C:\WINDOWS\sdkbg.exe
O4 - HKLM\..\Run: [mfcfx.exe] C:\WINDOWS\system32\mfcfx.exe
O4 - HKLM\..\Run: [iexr32.exe] C:\WINDOWS\iexr32.exe
O4 - HKLM\..\Run: [netyt32.exe] C:\WINDOWS\netyt32.exe
O4 - HKLM\..\Run: [ieyw32.exe] C:\WINDOWS\system32\ieyw32.exe
O23 - Service: Remote Procedure Call (RPC) Helper ( 11F#`I) - Unknown owner - C:\WINDOWS\d3zc.exe


* Close all open windows except hijackthis and click 'Fix Checked'.

* Navigate to and delete the following files if still present:

C:\WINDOWS\system32\ieyw32.exe
C:\WINDOWS\d3zc.exe
C:\WINDOWS\system32\ipuy32.exe
C:\WINDOWS\system32\sdkiy.exe
C:\WINDOWS\sdkbg.exe
C:\WINDOWS\system32\mfcfx.exe
C:\WINDOWS\iexr32.exe
C:\WINDOWS\netyt32.exe

* Start Aboutbuster and let it scan.
The log will be saved in the aboutbuster-folder
If you get any error using aboutbuster, it's important you let me know afterwards in your next reply.
So skip this step in case of error and proceed with the next step of this fix.

* Doubleclick on HSfix you downloaded earlier before which is present on your desktop and when it asks you if you want to add the contents to the registry, click yes/ok

* Still in safe mode start Ccleaner.
click "Options", click the "Advanced" tab
Uncheck: "Only delete files older than 48 hrs.", click Ok
Click "Cleaner" and click Run Cleaner (bottom right)

* Now open Ewido anti-malware
Click on scanner

* Click Complete System Scan and the scan will begin.
* During the scan it will prompt you to clean files, click OK
* When the scan is finished, look at the bottom of the screen and click the Save report button.
* Save the report to your desktop

* Close Ewido

* Go to start>Control Panel>Internet Options>tab programs> and click restore websettings.

* Reboot your PC back to normal.

Please perform this online scan: Kaspersky Webscan
1. Read the Requirements and Privacy statement, then select "Accept"
2. A dialogue box will appearing asking "Do you want to install this software?" Name: kavwebscan_unicode.cab
3. Select "Install" to download the ActiveX controls that allows ActiveScan to run.
4. If running MSAS beta you may receive an alert that an IE ActiveX program requires your approval. Click "Allow"
5. When the download is complete it will say ready, click "Next"
6. Click "Scan Settings" and check the option to use the EXTENDED DATABASE, then click "OK"
7. Select a target to scan: Click on "My Computer"
8. When the scan is complete choose to save the results as "Save as Text"
9. Post the Kaspersky scan results in your next reply together with a new hijackthis-log + log from ewido and the aboutbuster-log which will be present in the aboutbuster-folder.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 jennyh

jennyh
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:05 AM

Posted 07 January 2006 - 10:02 PM

I followed all the instructions and I've gotten these results:

AboutBuster 6.0
Scan started on [07/01/2006] at [8:15:33 PM]
-------------------------------------------------------------
Internet Explorer Instances Terminated!
HomeSearch Service stopped if present
-------------------------------------------------------------
Removed Stream! C:\WINDOWS\bdoscandellang.ini:qvrblo
Removed Stream! C:\WINDOWS\clock.avi:iwjpfz
Removed Stream! C:\WINDOWS\control.ini:xohal
Removed Stream! C:\WINDOWS\control.ini:ypsvxd
Removed Stream! C:\WINDOWS\FaxSetup.log:wbhywf
Removed Stream! C:\WINDOWS\hvzns.dat:dvkzxr
Removed Stream! C:\WINDOWS\IE4 Error Log.txt:hdlrss
Removed Stream! C:\WINDOWS\iygwd.txt:gwosud
Removed Stream! C:\WINDOWS\KB835221.log:aakmsr
Removed Stream! C:\WINDOWS\KB886185.log:lbnwom
Removed Stream! C:\WINDOWS\KB888113.log:ecgcip
Removed Stream! C:\WINDOWS\KB890859.log:crcvml
Removed Stream! C:\WINDOWS\KB893756.log:usuapo
Removed Stream! C:\WINDOWS\msgsocm.log:qckpws
Removed Stream! C:\WINDOWS\nhsna.dat:xpzvoa
Removed Stream! C:\WINDOWS\ntbtlog.txt:rfggy
Removed Stream! C:\WINDOWS\nyurf.log:qqraid
Removed Stream! C:\WINDOWS\ODBC.INI:irkgkn
Removed Stream! C:\WINDOWS\ODBCINST.INI:nuccrg
Removed Stream! C:\WINDOWS\orun32.isu:arutfx
Removed Stream! C:\WINDOWS\REGLOCS.OLD:zynlft
Removed Stream! C:\WINDOWS\regopt.log:kpuru
Removed Stream! C:\WINDOWS\River Sumida.bmp:mdahae
Removed Stream! C:\WINDOWS\Santa Fe Stucco.bmp:dqfwo
Removed Stream! C:\WINDOWS\sessmgr.setup.log:icqhhm
Removed Stream! C:\WINDOWS\setupapi.log.0.old:bdbnbx
Removed Stream! C:\WINDOWS\setuperr.log:vpnchl
Removed Stream! C:\WINDOWS\smscfg.ini:tetadz
Removed Stream! C:\WINDOWS\Sti_Trace.log:eedpja
Removed Stream! C:\WINDOWS\swijz.txt:iuxoyb
Removed Stream! C:\WINDOWS\swijz.txt:mfmfxj
Removed Stream! C:\WINDOWS\system.ini:zfgevd
Removed Stream! C:\WINDOWS\Thumbs.db:avqcsl
Removed Stream! C:\WINDOWS\Thumbs.db:encryptable
Removed Stream! C:\WINDOWS\updspapi.log:sfzjpn
Removed Stream! C:\WINDOWS\viassary-hp.reg:pggzgn
Removed Stream! C:\WINDOWS\viassary-hp.reg:xkxszq
Removed Stream! C:\WINDOWS\wiadebug.log:amhqlu
Removed Stream! C:\WINDOWS\win.ini:dmhyat
Removed Stream! C:\WINDOWS\win.ini:qlhxtb
Removed Stream! C:\WINDOWS\WINNT32.LOG:xuvij
Removed Stream! C:\WINDOWS\wmsetup.log:oypkfd
Removed Stream! C:\WINDOWS\wmsetup10.log:onkiwg
Removed Stream! C:\WINDOWS\WMSysPr9.prx:tpexbd
Removed Stream! C:\WINDOWS\Zapotec.bmp:slpcmj
Removed Stream! C:\WINDOWS\_default.pif:bfmcza
Removed Stream! C:\WINDOWS\_default.pif:dmaujw
Removed Stream! C:\WINDOWS\_default.pif:flhfxb
Removed Stream! C:\WINDOWS\_default.pif:koxsde
Removed Stream! C:\WINDOWS\_default.pif:lzhxry
Removed Stream! C:\WINDOWS\_default.pif:mlobgs
Removed Stream! C:\WINDOWS\_default.pif:rkisz
Removed Stream! C:\WINDOWS\_default.pif:tzxsxw
Removed Stream! C:\WINDOWS\_default.pif:znmfjt
-------------------------------------------------------------
Removed File! : C:\WINDOWS\eyfme.dat
Removed File! : C:\WINDOWS\gaexn.txt
Removed File! : C:\WINDOWS\hvzns.dat
Removed File! : C:\WINDOWS\iwjpf.txt
Removed File! : C:\WINDOWS\iygwd.txt
Removed File! : C:\WINDOWS\kwztg.dat
Removed File! : C:\WINDOWS\maorf.log
Removed File! : C:\WINDOWS\mbcmt.dat
Removed File! : C:\WINDOWS\nhsna.dat
Removed File! : C:\WINDOWS\ntfgj.txt
Removed File! : C:\WINDOWS\oshxo.txt
Removed File! : C:\WINDOWS\oudvq.txt
Removed File! : C:\WINDOWS\rbhib.txt
Removed File! : C:\WINDOWS\sdkvp.dll
Removed File! : C:\WINDOWS\swijz.txt
Removed File! : C:\WINDOWS\twncy.txt
Removed File! : C:\WINDOWS\wrjao.dat
Removed File! : C:\WINDOWS\yuqyf.txt
Removed File! : C:\WINDOWS\system32\crcvm.txt
Removed File! : C:\WINDOWS\system32\cvtbx.dat
Removed File! : C:\WINDOWS\system32\cxbpb.dat
Removed File! : C:\WINDOWS\system32\d3lb32.exe
Removed File! : C:\WINDOWS\system32\d3on32.exe
Removed File! : C:\WINDOWS\system32\dgtgj.dat
Removed File! : C:\WINDOWS\system32\fpejq.log
Removed File! : C:\WINDOWS\system32\gelvf.dat
Removed File! : C:\WINDOWS\system32\giuxm.log
Removed File! : C:\WINDOWS\system32\gwhud.log
Removed File! : C:\WINDOWS\system32\javaqq32.dll
Removed File! : C:\WINDOWS\system32\javauw32.exe
Removed File! : C:\WINDOWS\system32\ntsp32.exe
Removed File! : C:\WINDOWS\system32\nvwoj.log
Removed File! : C:\WINDOWS\system32\qvrbl.txt
Removed File! : C:\WINDOWS\system32\scgzq.dll
Removed File! : C:\WINDOWS\system32\steyf.log
Removed File! : C:\WINDOWS\system32\tmmca.dll
Removed File! : C:\WINDOWS\system32\uxehc.dll
Removed File! : C:\WINDOWS\system32\wkqtf.txt
Removed File! : C:\WINDOWS\system32\wtjbg.dll
Removed File! : C:\WINDOWS\system32\zpsyy.dll
-------------------------------------------------------------
Removed Temp Files
Internet Explorer Settings Reset!
-------------------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 8:17:51 PM


AboutBuster 6.0
Scan started on [07/01/2006] at [8:18:37 PM]
-------------------------------------------------------------
Internet Explorer Instances Terminated!
HomeSearch Service stopped if present
-------------------------------------------------------------
No Ads Found!
-------------------------------------------------------------
No Files Found!
-------------------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 8:18:40 PM




---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 9:00:17 PM, 07/01/2006
+ Report-Checksum: 9B92335F

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{676575DD-4D46-911D-8037-9B10D6EE8BB5} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E15C1770-8B06-C7F0-92C3-8514CE8ED8C1} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15C1770-8B06-C7F0-92C3-8514CE8ED8C1} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-3599374904-2610254440-829964298-1009\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1EDD4ABB-7FFA-7AE7-2EE1-CAFAB2F1005B} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-3599374904-2610254440-829964298-1009\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E15C1770-8B06-C7F0-92C3-8514CE8ED8C1} -> Spyware.CoolWebSearch : Cleaned with backup


::Report End




------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Saturday, January 07, 2006 21:57:37
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 8/01/2006
Kaspersky Anti-Virus database records: 169785
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan Statistics:
Total number of scanned objects: 54290
Number of viruses found: 10
Number of infected objects: 836
Number of suspicious objects: 0
Duration of the scan process: 2468 sec

Infected Object Name - Virus Name
C:\Program Files\Norton AntiVirus\Quarantine\00220D81.tmp Infected: Trojan.Win32.Small.ga
C:\Program Files\Norton AntiVirus\Quarantine\018777F4.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\01B46BB9.tmp Infected: Trojan.Win32.Small.ga
C:\Program Files\Norton AntiVirus\Quarantine\03567979.tmp Infected: Trojan.Win32.Small.ga
C:\Program Files\Norton AntiVirus\Quarantine\060429F6.tmp Infected: Trojan.Win32.Small.ga
C:\Program Files\Norton AntiVirus\Quarantine\064B3206.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\065533A8.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\06977AE1.tmp Infected: Trojan.Win32.Small.ga
C:\Program Files\Norton AntiVirus\Quarantine\06B56B5F.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\0735593C.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\073A07E9.tmp Infected: Trojan.Win32.Small.ga
C:\Program Files\Norton AntiVirus\Quarantine\079B4F44.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\07A36626.tmp Infected: Trojan.Win32.Small.ga
C:\Program Files\Norton AntiVirus\Quarantine\07B43B57.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\07D02425.tmp Infected: Trojan.Win32.Small.ga
C:\Program Files\Norton AntiVirus\Quarantine\07F26A4D.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\08B30B4E.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\08D0741C.tmp Infected: Trojan.Win32.Small.ga
C:\Program Files\Norton AntiVirus\Quarantine\09A33556.tmp Infected: Trojan.Win32.Small.ga
C:\Program Files\Norton AntiVirus\Quarantine\09B35B46.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\09C5758F.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\0A0900CC.tmp Infected: Trojan.Win32.Small.ga
C:\Program Files\Norton AntiVirus\Quarantine\0A0C2AC9.tmp Infected: Trojan.Win32.Small.ga
C:\Program Files\Norton AntiVirus\Quarantine\0A1B467A.tmp Infected: Trojan.Win32.Small.ga
C:\Program Files\Norton AntiVirus\Quarantine\0AB22B3E.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\0BB17B36.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\0C0A4098.tmp Infected: Trojan.Win32.Small.ga
C:\Program Files\Norton AntiVirus\Quarantine\0C6963FD.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\0C6C0DF9.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\0C7037F5.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\0C7361F2.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\0C760BEE.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\0C7935EB.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\0C7D5FE7.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\0C8009E3.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\0C8333E0.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\0C865DDC.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\0C8A07D9.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\0C8D31D5.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\0C905BD2.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\0C9305CE.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\0C972FCA.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\0C9A59C7.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\0C9D03C3.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\0CA12DC0.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\0CA457BC.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\0CA701B8.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\0CAA2BB5.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\0CAE55B1.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\0CB04B2E.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\0D363776.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\0D590455.tmp Infected: Trojan.Win32.Small.ga
C:\Program Files\Norton AntiVirus\Quarantine\0D6B0402.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\0DAF1B26.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\0DAF6C85.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\0E5C69AD.tmp Infected: Trojan.Win32.Small.ga
C:\Program Files\Norton AntiVirus\Quarantine\0EAF6B1E.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\0F5505B4.exe Infected: Trojan-Downloader.Win32.Agent.td
C:\Program Files\Norton AntiVirus\Quarantine\0FAE3B15.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\0FC3635A.tmp Infected: Trojan.Win32.Small.ga
C:\Program Files\Norton AntiVirus\Quarantine\0FC60D56.tmp Infected: Trojan.Win32.Small.ga
C:\Program Files\Norton AntiVirus\Quarantine\10150821.tmp Infected: Trojan.Win32.Small.ga
C:\Program Files\Norton AntiVirus\Quarantine\10A7795D.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\1214796D.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\122C1E87.tmp Infected: Trojan.Win32.Small.ga
C:\Program Files\Norton AntiVirus\Quarantine\12C5153B.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\132C0B43.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\13563888.tmp Infected: Trojan.Win32.Small.ga
C:\Program Files\Norton AntiVirus\Quarantine\141B5EDE.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\148B55FD.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\1511374A.tmp Infected: Trojan.Win32.Small.ga
C:\Program Files\Norton AntiVirus\Quarantine\15391CBC.tmp Infected: Trojan.Win32.Small.ga
C:\Program Files\Norton AntiVirus\Quarantine\155A7A59.tmp Infected: Trojan.Win32.Small.ga
C:\Program Files\Norton AntiVirus\Quarantine\168C2B41.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\16D73120.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\173C6406.tmp Infected: Trojan.Win32.Small.ga
C:\Program Files\Norton AntiVirus\Quarantine\176B30F4.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\17FF30C8.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\18751789.tmp Infected: Trojan.Win32.Small.ga
C:\Program Files\Norton AntiVirus\Quarantine\1893309C.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\19273070.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\19354B69.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\19A7126C.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\19BB3044.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\19D86116.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\19DA5729.tmp Infected: Trojan.Win32.Small.ga
C:\Program Files\Norton AntiVirus\Quarantine\1A4F3018.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\1A7C278C.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\1AE22FEC.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\1B762FC0.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\1B7B7784.exe Infected: Trojan-Downloader.Win32.Agent.td
C:\Program Files\Norton AntiVirus\Quarantine\1C0A2F94.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\1C64644F.tmp Infected: Trojan.Win32.Small.ga
C:\Program Files\Norton AntiVirus\Quarantine\1C9E2F68.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\1C9E463D.tmp Infected: Trojan.Win32.Small.ga
C:\Program Files\Norton AntiVirus\Quarantine\1D1238A9.tmp Infected: Trojan.Win32.Small.ga
C:\Program Files\Norton AntiVirus\Quarantine\1D322F3C.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\1D9C009A.tmp Infected: Trojan.Win32.Small.ga
C:\Program Files\Norton AntiVirus\Quarantine\1DB85D9A.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\1DC62F10.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\1E56513A.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\1E5A2EE4.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\1E740687.tmp Infected: Trojan.Win32.Small.ga
C:\Program Files\Norton AntiVirus\Quarantine\1EBC4741.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\1EEE2EB8.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\1F822E8B.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\20162E5F.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\2043536E.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\20440BC2.tmp Infected: Trojan.Win32.Small.ga
C:\Program Files\Norton AntiVirus\Quarantine\20551D65.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\20A92E33.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\213D2E07.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\22204185.tmp Infected: Trojan.Win32.Small.ga
C:\Program Files\Norton AntiVirus\Quarantine\24A31DDA.tmp Infected: Trojan.Win32.Small.ga
C:\Program Files\Norton AntiVirus\Quarantine\260055A6.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\274E0155.tmp Infected: Trojan.Win32.Small.ga
C:\Program Files\Norton AntiVirus\Quarantine\27756F61.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\27F85B21.tmp Infected: Trojan.Win32.Small.ga
C:\Program Files\Norton AntiVirus\Quarantine\27FE062D.tmp Infected: Trojan.Win32.Small.ga
C:\Program Files\Norton AntiVirus\Quarantine\285718CE.tmp Infected: Trojan.Win32.Small.ga
C:\Program Files\Norton AntiVirus\Quarantine\286012E3.tmp Infected: Trojan.Win32.Small.ga
C:\Program Files\Norton AntiVirus\Quarantine\29435885.tmp Infected: Trojan.Win32.Small.ga
C:\Program Files\Norton AntiVirus\Quarantine\29E60D38.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\2A4C0340.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\2B9010DC.dll Infected: Trojan-Downloader.Win32.Agent.bc
C:\Program Files\Norton AntiVirus\Quarantine\2C69311F.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\2C6C47FF.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\2DFA0A53.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\2E95415D.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\2FDA7306.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\2FE63727.tmp Infected: Trojan.Win32.Small.ga
C:\Program Files\Norton AntiVirus\Quarantine\31D33E6B.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\31E03945.tmp Infected: Trojan.Java.ClassLoader.ak
C:\Program Files\Norton AntiVirus\Quarantine\31FD3325.tmp Infected: Trojan-Downloader.Win32.Small.bat
C:\Program Files\Norton AntiVirus\Quarantine\32294A37.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\338C7C77.exe Infected: Trojan-Downloader.Win32.Agent.td
C:\Program Files\Norton AntiVirus\Quarantine\34FD3DD9.anr Infected: Trojan-Downloader.Win32.Ani.c
C:\Program Files\Norton AntiVirus\Quarantine\357C1CFC.tmp Infected: Trojan.Win32.Small.ga
C:\Program Files\Norton AntiVirus\Quarantine\35B61358.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\35DD3F3E.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\36433546.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\36BB76D4.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\379F150B.exe Infected: Trojan-Downloader.Win32.Agent.td
C:\Program Files\Norton AntiVirus\Quarantine\38943C90.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\390D16A9.tmp Infected: Trojan.Win32.Small.ga
C:\Program Files\Norton AntiVirus\Quarantine\3A2C38BB.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\3CD66554.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\3E513EC8.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\40A35B45.tmp Infected: Trojan.Win32.Small.ga
C:\Program Files\Norton AntiVirus\Quarantine\40A70541.tmp Infected: Trojan.Win32.Small.ga
C:\Program Files\Norton AntiVirus\Quarantine\416D7B3D.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\417F5AC0.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\41D37145.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\41DB0827.tmp Infected: Trojan.Win32.Small.ga
C:\Program Files\Norton AntiVirus\Quarantine\42A74179.tmp Infected: Trojan.Java.ClassLoader.ak
C:\Program Files\Norton AntiVirus\Quarantine\42B960A9.tmp Infected: Trojan.Win32.Small.ga
C:\Program Files\Norton AntiVirus\Quarantine\43ED4762.tmp Infected: Trojan.Win32.Small.ga
C:\Program Files\Norton AntiVirus\Quarantine\44BD3121.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\470C776D.tmp Infected: Trojan-Downloader.Java.OpenConnection.ah
C:\Program Files\Norton AntiVirus\Quarantine\4735535B.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\48342352.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\48500C20.tmp Infected: Trojan.Win32.Small.ga
C:\Program Files\Norton AntiVirus\Quarantine\489F2CBC.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\490B1974.tmp Infected: Trojan.Win32.Small.ga
C:\Program Files\Norton AntiVirus\Quarantine\4933734A.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\4A324342.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\4B0B4300.tmp Infected: Trojan.Win32.Small.ga
C:\Program Files\Norton AntiVirus\Quarantine\4B31133A.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\4BDD6599.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\4C316332.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\4CFD373C.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\4D30332A.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\4D632D43.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\4D6B4426.tmp Infected: Trojan.Win32.Small.ga
C:\Program Files\Norton AntiVirus\Quarantine\4E2F0322.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\4F0755CE.tmp Infected: Trojan.Win32.Small.ga
C:\Program Files\Norton AntiVirus\Quarantine\4F2E531A.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\4FC07EB7.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\502D2311.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\50E525B1.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\51E55241.tmp Infected: Trojan.Win32.Small.ga
C:\Program Files\Norton AntiVirus\Quarantine\527977BF.tmp Infected: Trojan.Win32.Small.ga
C:\Program Files\Norton AntiVirus\Quarantine\527E2E96.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\53764F8C.tmp Infected: Trojan.Win32.Small.ga
C:\Program Files\Norton AntiVirus\Quarantine\539E6480.tmp Infected: Trojan.Win32.Small.ga
C:\Program Files\Norton AntiVirus\Quarantine\541240FA.tmp Infected: Trojan.Win32.Small.ga
C:\Program Files\Norton AntiVirus\Quarantine\5481728F.tmp Infected: Trojan.Win32.Small.ga
C:\Program Files\Norton AntiVirus\Quarantine\55EE707D.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\56E050B3.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\5751180A.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\588E733A.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\58F46942.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\593754D4.tmp Infected: Trojan.Win32.Small.ga
C:\Program Files\Norton AntiVirus\Quarantine\5B001F74.tmp Infected: Trojan.Win32.Small.ga
C:\Program Files\Norton AntiVirus\Quarantine\5B450E35.tmp Infected: not-virus:Hoax.Win32.Renos.w
C:\Program Files\Norton AntiVirus\Quarantine\5B483832.exe Infected: not-virus:Hoax.Win32.Renos.w
C:\Program Files\Norton AntiVirus\Quarantine\5C90491F.exe Infected: Trojan-Downloader.Win32.Agent.td
C:\Program Files\Norton AntiVirus\Quarantine\5C93731C.exe Infected: Trojan-Downloader.Win32.Agent.td
C:\Program Files\Norton AntiVirus\Quarantine\5C971D18.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\5C9A4714.exe Infected: Trojan-Downloader.Win32.Agent.td
C:\Program Files\Norton AntiVirus\Quarantine\5CD0744B.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\5D0E1A42.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\5E0022AF.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\5E950AB2.tmp Infected: Trojan.Win32.Small.ga
C:\Program Files\Norton AntiVirus\Quarantine\615825FF.tmp Infected: Trojan.Win32.Small.ga
C:\Program Files\Norton AntiVirus\Quarantine\63790C9B.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\63B17819.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\641E2F39.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\645451B8.tmp Infected: Trojan.Win32.Small.ga
C:\Program Files\Norton AntiVirus\Quarantine\64577BB5.tmp Infected: Trojan.Win32.Small.ga
C:\Program Files\Norton AntiVirus\Quarantine\64842541.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\652074AB.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\66F36F00.tmp Infected: Trojan.Win32.Small.ga
C:\Program Files\Norton AntiVirus\Quarantine\670A765D.exe Infected: Trojan-Downloader.Win32.Agent.td
C:\Program Files\Norton AntiVirus\Quarantine\69360ED3.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\69CA6A17.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\6AB40793.tmp Infected: Trojan.Win32.Small.ga
C:\Program Files\Norton AntiVirus\Quarantine\6B3174B4.tmp Infected: Trojan.Win32.Small.ga
C:\Program Files\Norton AntiVirus\Quarantine\6B9872A8.tmp Infected: Trojan.Win32.Small.ga
C:\Program Files\Norton AntiVirus\Quarantine\6BB135FE.tmp Infected: Trojan.Win32.Small.ga
C:\Program Files\Norton AntiVirus\Quarantine\6BB45FFB.tmp Infected: Trojan.Win32.Small.ga
C:\Program Files\Norton AntiVirus\Quarantine\6BB709F7.tmp Infected: Trojan.Win32.Small.ga
C:\Program Files\Norton AntiVirus\Quarantine\6BBB33F3.tmp Infected: Trojan.Win32.Small.ga
C:\Program Files\Norton AntiVirus\Quarantine\6BC57488.tmp Infected: Trojan.Win32.Small.ga
C:\Program Files\Norton AntiVirus\Quarantine\6C0B606C.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\6C4146A7.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\6C59745C.tmp Infected: Trojan.Win32.Small.ga
C:\Program Files\Norton AntiVirus\Quarantine\6CA204DA.tmp Infected: Trojan.Win32.Small.ga
C:\Program Files\Norton AntiVirus\Quarantine\6FA2012B.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\7014613F.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\707A5747.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\70EA3C12.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\71DA191D.tmp Infected: Trojan.Win32.Small.ga
C:\Program Files\Norton AntiVirus\Quarantine\73CD2C49.tmp Infected: Trojan.Win32.Small.ga
C:\Program Files\Norton AntiVirus\Quarantine\74682154.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\755F0363.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\768B663F.tmp Infected: Trojan.Win32.Small.ga
C:\Program Files\Norton AntiVirus\Quarantine\768E103C.tmp Infected: Trojan.Win32.Small.ga
C:\Program Files\Norton AntiVirus\Quarantine\7700223E.tmp Infected: Trojan.Win32.Small.ga
C:\Program Files\Norton AntiVirus\Quarantine\779C1C6B.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\780A0E0E.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\79244520.tmp Infected: Trojan.Win32.Small.ga
C:\Program Files\Norton AntiVirus\Quarantine\79AD3648.tmp Infected: Trojan.Win32.Small.ga
C:\Program Files\Norton AntiVirus\Quarantine\79DB3565.tmp Infected: Trojan.Win32.Small.ga
C:\Program Files\Norton AntiVirus\Quarantine\7BA51D3E.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\7BCA75BC.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\7C036DF4.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\7C0B1345.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\7EDB5385.tmp Infected: Trojan.Win32.Small.ga
C:\Program Files\Norton AntiVirus\Quarantine\7F2A600A.exe Infected: Trojan.Win32.Agent.bi
C:\Program Files\Norton AntiVirus\Quarantine\7F742FDB.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP26\A0002227.prx:dciuy:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP27\A0002234.prx:dciuy:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP27\A0002237.dll Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP27\A0002259.prx:dciuy:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP27\A0002282.prx:dciuy:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP27\A0002309.exe Infected: not-virus:Hoax.Win32.Renos.w
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP27\A0002335.prx:dciuy:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP28\A0002364.prx:dciuy:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP28\A0002403.prx:dciuy:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP29\A0002426.prx:dciuy:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP29\A0002669.prx:dciuy:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP29\A0002784.dll Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP29\A0002785.prx:dciuy:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP30\A0002791.prx:dciuy:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP31\A0002794.prx:dciuy:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP32\A0002800.prx:dciuy:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP33\A0002803.prx:dciuy:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP34\A0002806.prx:dciuy:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP34\A0002809.exe Infected: not-virus:Hoax.Win32.Renos.w
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP34\A0002817.prx:dciuy:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP35\A0002823.prx:dciuy:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP35\A0002832.prx:dciuy:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP35\A0002845.prx:dciuy:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP36\A0002851.prx:dciuy:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP37\A0002860.prx:dciuy:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP37\A0002870.prx:dciuy:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP37\A0002884.prx:dciuy:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP37\A0002898.prx:dciuy:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP38\A0002909.prx:dciuy:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP39\A0002914.prx:dciuy:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP39\A0002926.prx:dciuy:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP41\A0002953.prx:dciuy:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP41\A0002961.prx:dciuy:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP41\A0002975.prx:dciuy:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP41\A0002989.prx:dciuy:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP42\A0002999.prx:dciuy:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP42\A0003010.prx:dciuy:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP42\A0003023.prx:dciuy:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP42\A0003038.prx:dciuy:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP42\A0003058.prx:dciuy:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP42\A0003067.dll Infected: Trojan-Downloader.Win32.WinShow.bg
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP43\A0003071.prx:dciuy:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP43\A0003082.prx:dciuy:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP44\A0003192.prx:dciuy:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP44\A0003193.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP44\A0003209.prx:dciuy:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP44\A0003215.pif:whdag:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP44\A0003223.prx:dciuy:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP45\A0003270.pif:drprmy:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP45\A0003270.pif:oshxoa:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP45\A0003270.pif:whdag:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP45\A0003280.pif:drprmy:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP45\A0003280.pif:oshxoa:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP45\A0003280.pif:whdag:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP45\A0003290.ini:vxtuwa:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP45\A0003291.prx:dciuy:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003292.pif:drprmy:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003292.pif:oshxoa:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003292.pif:whdag:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003296.ini:vxtuwa:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003297.prx:dciuy:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003306.pif:drprmy:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003306.pif:oshxoa:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003306.pif:whdag:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003314.ini:vxtuwa:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003315.prx:dciuy:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003322.pif:drprmy:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003322.pif:oshxoa:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003322.pif:whdag:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003331.ini:vxtuwa:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003332.prx:dciuy:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003339.pif:drprmy:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003339.pif:oshxoa:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003339.pif:whdag:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003347.ini:vxtuwa:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003348.prx:dciuy:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003355.pif:drprmy:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003355.pif:oshxoa:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003355.pif:whdag:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003363.ini:vxtuwa:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003364.prx:dciuy:$DATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003367.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003368.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003369.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003370.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003371.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003372.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003373.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003374.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003375.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003376.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003377.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003378.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003379.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003380.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003381.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003382.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003383.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003384.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003385.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003386.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003387.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003388.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003389.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003390.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003391.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003393.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003394.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003395.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003396.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003397.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003398.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003399.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003400.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003401.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003402.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003403.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003404.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003405.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003406.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003408.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003409.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003410.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003411.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003412.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003413.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003414.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003415.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003416.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003417.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003418.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003419.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003420.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003421.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003422.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003423.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003424.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003425.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003426.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003427.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003428.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003429.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003430.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003431.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003432.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003434.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003435.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003436.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003437.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003438.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003439.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003440.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003441.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003442.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003443.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003444.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003445.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003446.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003447.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003448.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003449.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003450.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F8018F35}\RP46\A0003451.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{71CD564C-DFCF-4E26-881D-D113F

#4 jennyh

jennyh
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:05 AM

Posted 07 January 2006 - 10:03 PM

Logfile of HijackThis v1.99.1
Scan saved at 9:59:38 PM, on 07/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-ca\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-ca\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Compaq Organize.lnk = ?
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kav...can_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://sympatico.zone.msn.com/binFramework...ro.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - c:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

#5 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:04:05 PM

Posted 08 January 2006 - 03:47 AM

Hello, your hijackthislog looks clean.
Almost finished here. :thumbsup:

Open your Norton Antivirus, select the option Quarantaine and delete everything present in there.

* Download: Hoster
Unzip hoster to an own folder.
Start Hoster.exe.
It could be possible that hoster will tell you that your Hosts file doesn't exist and if you want to create one. Click yes/ok.
If you don't get that prompt/question, click 'Restore Original Hosts' and click OK.

This hijacker is also responsible for changing the ActiveX security settings to allow all.
To fix this...Open Internet Explorer > internet options > security > internet.
Press default level > OK.
Press custom level
In the ActiveX part:
Set "Download signed and unsigned ActiveX controls" to prompt.
Set 'Initialize and Script ActiveX controls not marked as safe" to 'disable'.

Perform a full scan with an updated adaware Se and/or spybot S&d to get rid of the leftovers.

An important thing to do is please disable your systemrestore.(note: this will delete all your system restore points and malware that were present in it).
How to disable system restore in XP
Reboot.. and after rebooting, enable it again, so a new systemrestorepoint will be made. A clean one now! :flowers:

Let me know in your next reply how things are running now. :huh:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:04:05 PM

Posted 12 January 2006 - 11:39 AM

Since there is no feedback anymore, I assume this issue is resolved ... so, this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users