Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Yazzle Cowabanga By Oin


  • This topic is locked This topic is locked
14 replies to this topic

#1 boogerjedi

boogerjedi

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:04:32 AM

Posted 02 August 2006 - 01:01 PM

Hello, I have read the prepartory hijackthis introductory post and I am posting this log. I have a xp sp2 pc with Norton antivirus and microsoft antispyware. Before the discovery of malware I had on it with scans performed weekly but without realtime protection(which i regret). Then a couple weeks ago I had alot obvious spyware-originating popups. Within the last week, there were several trojan and downloader virus notifications found by norton, then I noticed in add/remove programs the "Cowabanga by OIN" program. I installed other antivirus and antispyware and boot-scanned with them. I did permanently delete most of those viruses found by them(which i hope wasnt a mistake to do :thumbsup:) After all the scans, i booted up in safe mode with sytem restore turned off, then ran the hijackthis scan-and-log.

I would greatly appreciate a review of this hijackthis log. I am already grateful so far for all of the people who invest in this board, your work help a lot of us!
so, without further ado, if i have given enough background info, I will post the hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 1:03:09 PM, on 8/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us8.hpwis.com/
R3 - Default URLSearchHook is missing
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [KYE_UDSI] "C:\Program Files\USB Storage RW\udsi.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [\\KATE\EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P37 "\\KATE\EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R200 Series on KENSEI-AO6I2GRX] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P54 "Auto EPSON Stylus Photo R200 Series on KENSEI-AO6I2GRX" /O25 "\\KENSEI-AO6I2GRX\Printer" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R200 Series on KATE-AO6I2GRX] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P52 "Auto EPSON Stylus Photo R200 Series on KATE-AO6I2GRX" /O23 "\\KATE-AO6I2GRX\Printer" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunOnce: [AAW] "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1"
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [DVDXGhost] C:\Program Files\DVD Ghost\DVDGhost.EXE
O4 - HKCU\..\Run: [Notn] "C:\DOCUME~1\Owner\APPLIC~1\WNSXS~1\wuauclt.exe" -vt yazr
O4 - HKCU\..\Run: [Nxo] C:\PROGRA~1\ICROSO~1.NET\arpa.exe
O4 - HKCU\..\Run: [42ece176.exe] C:\Documents and Settings\Owner\Local Settings\Application Data\42ece176.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\HP\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: officejet 6100.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\clbcatix.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\clbcatix.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {384AFD6B-5800-45E8-B3E4-2AA91E33DB38} (IBViewerUtil Control) - http://www.ipeacetv.com/IBViewerUtil/IBViewerUtil.CAB
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} - http://85.255.114.166/1/rdgUS2404.exe
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O20 - AppInit_DLLs: scanregw.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\System32\CTsvcCDA.exe (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

BC AdBot (Login to Remove)

 


#2 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:04:32 AM

Posted 02 August 2006 - 01:31 PM

Welcome to the Bleeping Computer forum. We are currently studying your log and will have instructions for you shortly. Thank you for your patience.

Please post a new HijackThis log done in normal mode not safe mode. In safe mode, some services/files are not loaded so viruses could be hiding in them. Always do the HijackThis log in normal mode.

Based on a quick look at your log, you have two antivirus programs. Please read information below.
Avast as indicated in log
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
Norton Antivirus as indicated by you and in the log
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe


There are basically two types of antivirus programs:
On-Access and On-Demand

On-Access Scanners
As the name implies, it runs in the background all the time the PC is turned on and running. The main function of an on-access scanner is to monitor activity on your machine.

On-Demand Scanners
As the name implies, are scanners that only run when you ask them to.
Such as:
Online Scans and scanners that run on your machine but are not actively scanning your machine

Antivirus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two antivirus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash. I notice that you are using more than one antivirus program. This is very dangerous, as multiple antivirus programs can interfere with one another and actually allow MORE viruses to get through. Running two antivirus programs at the same time could lead to both of them trying to scan the same file at the same time, scan the same email at the same time and so on which could lead to conflicts. I strongly suggest you either (1) configure only one antivirus program to enable automatic realtime scanning, and leave the rest disabled most of the time, or (2) go to Start -> Control Panel -> Add/Remove Programs and uninstall all but one antivirus program.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#3 boogerjedi

boogerjedi
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:04:32 AM

Posted 02 August 2006 - 10:59 PM

Thanks for such a fast reply! ok I am sorry I didnt log in normal mode, I actually was half/half on that decision, i had mixed messages. thanks for clearing that up. Also, I will work on using 1 realtime/on access antivirus, I just had recently installed avast so i haven't gotten too familiar with it. but i wanted to post this first here is a log i have just completed.


iLogfile of HijackThis v1.99.1
Scan saved at 11:42:23 PM, on 8/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\NavNT\rtvscan.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\USB Storage RW\udsi.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\NavNT\vptray.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\DOCUME~1\Owner\APPLIC~1\WNSXS~1\wuauclt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\HP\Digital Imaging\bin\hposol08.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Creative Professional\E-MU PatchMix DSP\EmuPatchMixDSP.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us8.hpwis.com/
R3 - Default URLSearchHook is missing
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [KYE_UDSI] "C:\Program Files\USB Storage RW\udsi.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [\\KATE\EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P37 "\\KATE\EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R200 Series on KENSEI-AO6I2GRX] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P54 "Auto EPSON Stylus Photo R200 Series on KENSEI-AO6I2GRX" /O25 "\\KENSEI-AO6I2GRX\Printer" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R200 Series on KATE-AO6I2GRX] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P52 "Auto EPSON Stylus Photo R200 Series on KATE-AO6I2GRX" /O23 "\\KATE-AO6I2GRX\Printer" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [DVDXGhost] C:\Program Files\DVD Ghost\DVDGhost.EXE
O4 - HKCU\..\Run: [Notn] "C:\DOCUME~1\Owner\APPLIC~1\WNSXS~1\wuauclt.exe" -vt yazr
O4 - HKCU\..\Run: [Nxo] C:\PROGRA~1\ICROSO~1.NET\arpa.exe
O4 - HKCU\..\Run: [42ece176.exe] C:\Documents and Settings\Owner\Local Settings\Application Data\42ece176.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\HP\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: officejet 6100.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\clbcatix.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\clbcatix.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {384AFD6B-5800-45E8-B3E4-2AA91E33DB38} (IBViewerUtil Control) - http://www.ipeacetv.com/IBViewerUtil/IBViewerUtil.CAB
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} - http://85.255.114.166/1/rdgUS2404.exe
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O20 - AppInit_DLLs: scanregw.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\System32\CTsvcCDA.exe (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

#4 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:04:32 AM

Posted 03 August 2006 - 02:52 PM

Step 1
You may want to print out this page. Make sure to work through the fixes in the order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Please disable SpybotSD TeaTimer, as it may hinder the removal of the infection. You can enable it after you're clean.
To disable SpybotSD TeaTimer:Open Spybot and click on Mode and check Advanced Mode
Check yes to next window.
Click on Tools in bottom left hand corner.
Click on System Startup icon.
Uncheck Teatimer box.
Click Allow Change box
.You can follow this link if you need help: http://russelltexas.com/malware/teatimer.htm

Step 2

Download and Install Ewido
Please print out the following instructions as this page will be unavailable to you while you are working in Safe Mode.
Please download ewido anti-spyware
  • Install ewido anti-spyware.
  • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu."
  • Launch ewido.
  • The program will prompt you to update; click the "OK" button
  • The program will now go to the main screen
  • On the left hand side of the main screen click update
  • Click on Start
    The update will start and a progress bar will show the updates being installed. After the updates are installed, exit ewido.
    Note: Ewido is a free trial product for 30 days. Since Ewido is a trial version, the realtime guard and automatic update will stop functioning after 30 days (which is the reason we uncheck them during installation). You can use Ewido as an on demand scanner (recommended) but you will have to manually update the definition file each time you scan by clicking on “Update” and “Start Update”.
    If you decide to purchase Ewido, you can enable the 'Realtime Protect' and 'Automatic Update' functions by clicking on the 'Status' bar (Top left) and clicking on both items under "Your Security Status".

    IMPORTANT!:

    Once the updates are installed do the following:
  • If you have an "always on" connection to the Internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode.
  • Reboot into Safe Mode, you can do this by restarting your computer, then repeatedly tap F8 until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter. Then, run ewido.
  • Close all open windows/programs/folders. Have nothing else open while ewido performs its scan!
    Scan with ewido:
  • Click on scanner
  • Click on Settings
    • Under "How to scan" all boxes should be selected
    • Under "Possibly unwanted software" all boxes should be selected
    • Under "What to scan" select scan every file
    • Click OK
  • Click on Complete system scan
  • Let the program scan the machine
  • If ewido finds anything, it will pop up a notification. NOTE: We have been finding some cases of false positives with the new version of Ewido, so you need to step through the fixes one-by-one. If Ewido finds something that you KNOW is legitimate (for example, parts of AVG Antivirus, AOL, pcAnywhere and the game "Risk" have been flagged. In particular, watch for alerts that have the word "Heuristic" in them - if you recognize the file name as "friendly," these may actually be false positives) select "none" as the action. DO NOT check "Perform action with all infections." If you are unsure of an entry, select "none" for the time being.
    Save and Post Your Report:
    Once the scan has completed, there will be a button located on the bottom of the screen named Save report.
  • Click Save report
  • Save the report to your desktop
  • Exit ewido
Reboot back into normal mode
When you are ready to post your next reply, double click on the saved report to open it, then use Ctrl + A to select all text, then Ctrl + C to copy the selected text to your clipboard. Next, open a new reply to your active topic in the forum, and use Ctrl + V to paste the copied text of the ewido log from your clipboard into your reply.

Step 3

You may want to print out this page. Make sure to work through the fixes in the order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) Do not worry if they are not there:
PuritySCAN By OIN, OIN, OuterInfo or similar , click on it and click remove.

Use 'ctrl' + 'alt' + 'del' (Three keys together) to get task manager. Find these processes and 'end task' them.
OR]
Use the process viewer in HijackThis, Open the Misc Tools Section then Open Process Manager, find these programs and “kill process” the following running processes (Do not worry if they are not there.)
ALCXMNTR.EXE
arpa.exe
42ece176.exe

Now we will address the HijackThis fixes.

Please run HijackThis and click "Scan." Place checks next to the following entries (make sure not to miss any):
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://us8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL = http://srch-us8.hpwis.com/
R1 -
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://srch-us8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Search Page = http://srch-us8.hpwis.com/
R1 -
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://us8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
= http://srch-us8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Search Bar = http://srch-us8.hpwis.com/
R1 -
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://srch-us8.hpwis.com/
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKCU\..\Run: [Notn]
"C:\DOCUME~1\Owner\APPLIC~1\WNSXS~1\wuauclt.exe" -vt yazr
O4 - HKCU\..\Run: [Nxo] C:\PROGRA~1\ICROSO~1.NET\arpa.exe
O4 - HKCU\..\Run: [42ece176.exe] C:\Documents and Settings\Owner\Local
Settings\Application Data\42ece176.exe
O16 - DPF: {384AFD6B-5800-45E8-B3E4-2AA91E33DB38} (IBViewerUtil Control)
http://www.ipeacetv.com/IBViewerUtil/IBViewerUtil.CAB
O16 - DPF:
{97B79133-88F0-45F0-8D57-0F2EF27D9C66} - http://85.255.114.166/1/rdgUS2404.exe
O16 - DPF:
{A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) -
http://www.ravantivirus.com/scan/ravonline.cab
O20 - AppInit_DLLs:
scanregw.dll


Close all browsers and other windows except for HijackThis, and click "Fix Checked" to have HijackThis fix the entries you checked.

Reboot to safe mode. If you don’t know how to boot in safe mode, there is a tutorial How To Start Windows in Safe Mode .
NOTE: To avoid the risk of any of the files or folders not being found due to their having the 'Hidden' attribute, first make sure that in Folder Options > View hidden and operating system files are set to show:
http://www.xtra.co.nz/help/0,,4155-1916458,00.html
Or items 8 & 9 from this link :
http://www.russelltexas.com/malware/faqHijackThis.htm

Using Windows Explorer, locate the following files/folders, and DELETE them (Do not worry if they are not there):

Search for and delete these folders. Do not worry if they are not there:
C:\Program Files\PurityScan
C:\PROGRA~1\ICROSO~1.NET\ which contains arpa.exe
C:\DOCUME~1\Owner\APPLIC~1\WNSXS~1\wuauclt.exe" -vt yazr
Important: DO NOT delete the wuauclt.exe file located in the C:\Windows\System32 folder. When it is located elsewhere, then wuauclt.exe is a virus, spyware, trojan or worm!

Search for and delete these files. Do not worry if they are not there.
C:\Documents and Settings\Owner\Local
Settings\Application Data\42ece176.exe
Step 4
Please post a new HijackThis log and the log from Ewido.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#5 boogerjedi

boogerjedi
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:04:32 AM

Posted 03 August 2006 - 08:48 PM

Alright I have hopefully correctly completed the 4 steps. There was a concern i had. After clicking the checkboxes of files to fix in HiJackThis, I clicked "fix checked", then a error showed up about something involving the scanregw.dll file. Here is the error notice:

---------------------------------------------------------------------------
An unexpected error has occurred at procedure: modBackup_MakeBackup(sItem=O20 - AppInit_DLLs: scanregw.dll)
Error #5 - Invalid procedure call or argument

Please email me at merijn@spywareinfo.com, reporting the following:
* What you were trying to fix when the error occurred, if applicable
* How you can reproduce the error
* A complete HijackThis scan log, if possible

Windows version: Windows NT 5.01.2600
MSIE version: 6.0.2900.2180
HijackThis version: 1.99.1

This message has been copied to your clipboard.
Click OK to continue the rest of the scan.
------------------------------------------










Here is the hijackthis-log scanned in normal mode that i did for step 4:

---------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 9:06:07 PM, on 8/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\NavNT\rtvscan.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\USB Storage RW\udsi.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\NavNT\vptray.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\HP\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\HP\Digital Imaging\bin\hposol08.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Creative Professional\E-MU PatchMix DSP\EmuPatchMixDSP.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [KYE_UDSI] "C:\Program Files\USB Storage RW\udsi.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [\\KATE\EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P37 "\\KATE\EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R200 Series on KENSEI-AO6I2GRX] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P54 "Auto EPSON Stylus Photo R200 Series on KENSEI-AO6I2GRX" /O25 "\\KENSEI-AO6I2GRX\Printer" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R200 Series on KATE-AO6I2GRX] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P52 "Auto EPSON Stylus Photo R200 Series on KATE-AO6I2GRX" /O23 "\\KATE-AO6I2GRX\Printer" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [DVDXGhost] C:\Program Files\DVD Ghost\DVDGhost.EXE
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\HP\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: officejet 6100.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\clbcatix.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\clbcatix.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\System32\CTsvcCDA.exe (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

------------------------------------------



Here is the Ewido log, I didnt delete/quarantine any of the items yet. Am I supposed to?:
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 6:48:41 PM 8/3/2006

+ Scan result:



C:\WINDOWS\__delete_on_reboot__g_8_4_1_9_0_4_8_4_._d_l_l_ -> Downloader.Delf.aeo : No action taken.
C:\WINDOWS\g11703250.dll -> Downloader.Delf.aeo : No action taken.
C:\WINDOWS\g12528000.dll -> Downloader.Delf.aeo : No action taken.
C:\WINDOWS\g13853703.dll -> Downloader.Delf.aeo : No action taken.
C:\WINDOWS\g15172984.dll -> Downloader.Delf.aeo : No action taken.
C:\WINDOWS\g18533859.dll -> Downloader.Delf.aeo : No action taken.
C:\WINDOWS\g23346609.dll -> Downloader.Delf.aeo : No action taken.
C:\WINDOWS\g31918812.dll -> Downloader.Delf.aeo : No action taken.
C:\WINDOWS\g34866984.dll -> Downloader.Delf.aeo : No action taken.
C:\WINDOWS\g38403796.dll -> Downloader.Delf.aeo : No action taken.
C:\WINDOWS\g41347093.dll -> Downloader.Delf.aeo : No action taken.
C:\WINDOWS\g44884187.dll -> Downloader.Delf.aeo : No action taken.
C:\WINDOWS\g47707406.dll -> Downloader.Delf.aeo : No action taken.
C:\WINDOWS\g5223343.dll -> Downloader.Delf.aeo : No action taken.
C:\WINDOWS\g64629656.dll -> Downloader.Delf.aeo : No action taken.
C:\WINDOWS\g71109296.dll -> Downloader.Delf.aeo : No action taken.
C:\WINDOWS\g77589906.dll -> Downloader.Delf.aeo : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{D4DFC1D8-2D2E-4962-B0D0-389FBA0F76B5} -> Hijacker.Generic : No action taken.
HKU\S-1-5-21-570597544-3657464576-2832881084-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4DFC1D8-2D2E-4962-B0D0-389FBA0F76B5} -> Hijacker.Generic : No action taken.
:mozilla.6:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.7:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@heavycom.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@microsoftwga.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
:mozilla.592:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Aavalue : No action taken.
:mozilla.593:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Aavalue : No action taken.
:mozilla.594:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Aavalue : No action taken.
:mozilla.39:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Addynamix : No action taken.
:mozilla.481:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.553:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Adserver : No action taken.
:mozilla.554:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Adserver : No action taken.
:mozilla.555:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Adserver : No action taken.
:mozilla.556:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Adserver : No action taken.
:mozilla.45:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Adtech : No action taken.
:mozilla.46:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Adtech : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@burstnet[2].txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.571:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Clickhype : No action taken.
:mozilla.125:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Com : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@com[2].txt -> TrackingCookie.Com : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@c.enhance[2].txt -> TrackingCookie.Enhance : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@www.epilot[1].txt -> TrackingCookie.Epilot : No action taken.
:mozilla.36:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.739:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.740:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.660:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.661:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.368:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.369:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.379:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@data4.perf.overture[1].txt -> TrackingCookie.Overture : No action taken.
:mozilla.40:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.41:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.42:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.43:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.44:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.401:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.402:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.403:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.168:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.439:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.440:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.441:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.442:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.37:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.38:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.472:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.473:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@anad.tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@anat.tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.482:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
:mozilla.483:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.484:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.485:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.486:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.487:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.488:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.489:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.490:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.492:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.493:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.521:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Web-stat : No action taken.
:mozilla.522:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Web-stat : No action taken.
:mozilla.567:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.568:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.569:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.570:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.559:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.560:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.561:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
C:\WINDOWS\system32\drivers\DP.sys -> Trojan.Agent.ny : No action taken.
C:\WINDOWS\system32\ipobcxpr.exe -> Trojan.Agent.ny : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\9D2X1URJ\srviao[1].exe -> Trojan.Dialer.qs : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\WJWW01AJ\srvxsz[1].exe -> Trojan.Dialer.qs : No action taken.
C:\WINDOWS\system32\cool.exe -> Trojan.Dialer.qs : No action taken.
C:\WINDOWS\Temp\win369F.tmp.exe -> Trojan.Pakes : No action taken.
C:\WINDOWS\system32\1024 -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld10F2.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld1108.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld1147.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld11BB.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld11F.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld129E.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld130E.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld13F3.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld140.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld155F.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld1568.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld15BC.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld1609.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld161.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld17E0.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld17E8.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld1A7C.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld1A9E.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld1ADA.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld1AE1.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld1B2.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld1B36.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld1BEE.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld1C2D.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld1C5C.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld1CB4.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld1DC2.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld1DD8.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld1F22.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld1F96.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld1FDB.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld1FF8.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld206B.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld207A.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld20E3.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld2163.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld21A.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld2242.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld22BE.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld2309.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld231F.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld2347.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld2359.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld236C.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld23E4.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld260B.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld261C.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld2650.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld26DA.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld26DB.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld270B.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld2712.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld28B5.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld29CB.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld2A27.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld2B17.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld2B19.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld2B49.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld2B97.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld2C04.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld2C13.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld2C4F.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld2CFA.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld2DF9.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld2E26.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld2EA8.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld2EB8.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld2EE7.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld2F45.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld2F9B.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld2FAE.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld2FB8.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld2FD0.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld3006.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld3147.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld31A9.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld31E6.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld32AC.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld32C2.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld33A4.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld33DC.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld3408.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld3465.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld34A6.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld34C8.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld35BD.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld36A8.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld3722.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld3728.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld3776.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld3928.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld3997.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld399A.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld39B1.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld3BC4.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld3BD6.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld3C68.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld3C84.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld3D0D.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld3D1F.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld3DF7.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld3E44.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld3E65.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld3E6E.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld3EC1.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld3F23.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld3F43.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld3F6.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld3F8C.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld3FA1.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld402B.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld40FB.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld41B2.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld41D3.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld4234.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld424.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld4244.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld429D.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld441.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld444A.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld4488.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld44D3.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld4508.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld4536.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld4552.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld45AB.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld45B2.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld47C5.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld480A.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld486.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld4894.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld4895.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld48DB.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld48FF.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld49E1.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld4A6F.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld4A9D.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld4B6F.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld4BE1.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld4CD1.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld4D51.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld4D70.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld4DBE.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld4DDD.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld4E48.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld4EB4.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld4FF0.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld5081.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld5172.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld5174.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld518A.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld519B.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld520.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld523D.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld5320.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld5340.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld5363.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld539.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld53A0.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld542.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld5475.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld547C.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld558D.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld55B5.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld55E1.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld564E.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld566F.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld5692.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld5796.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld581C.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld5862.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld5901.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld591B.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld5940.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld5B01.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld5B60.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld5B6B.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld5B73.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld5BF0.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld5C70.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld5CBF.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld5D8D.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld5E41.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld5FA4.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld5FFE.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld6028.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld605D.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld60FD.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld610C.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld6165.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld61F4.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld62C5.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld639B.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld63B1.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld63C9.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld63CC.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld63FE.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld641D.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld6476.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld64C6.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld669C.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld66C1.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld66D2.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld66F0.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld6769.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld676C.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld676D.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld6794.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld69.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld698E.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld69C4.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld6A4E.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld6AB9.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld6AE4.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld6B.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld6B30.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld6BA9.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld6BAB.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld6C29.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld6C66.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld6D8C.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld6E8B.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld6F2A.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld6F3A.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld6F78.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld6FB.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld6FD7.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld7031.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld7049.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld7062.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld71B9.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld723B.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld7269.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld732C.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld733D.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld7354.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld7426.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld745E.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld748A.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld74D8.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld750A.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld7518.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld755A.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld763F.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld776F.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld77B4.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld77BA.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld77F9.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld7858.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld785C.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld796F.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld79AA.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld79D6.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld7A19.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld7A2C.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld7A3.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld7AE4.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld7B0A.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld7C46.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld7C68.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld7CEA.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld7D1A.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld7D9F.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld7E2A.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld7E89.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld7EA7.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld7F66.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld7FB5.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld800B.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld802.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld803.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld817D.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld8256.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld82C6.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld82D6.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld832F.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld834E.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld843D.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld84BD.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld8565.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld858B.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld85C8.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld85D4.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld85D7.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld862D.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld8680.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld86D.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld8856.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld886B.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld888C.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld88AA.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld8917.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld8926.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld895E.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld8962.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld8AC1.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld8B58.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld8B7E.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld8C73.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld8CBD.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld8D28.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld8D54.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld8E50.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld8E5F.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld8F46.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld9113.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld91EE.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld9203.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld921C.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld93A2.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld93D2.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld93E6.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld9423.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld94E6.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld94F.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld9507.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld950E.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld95FF.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld9638.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld9663.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld96D0.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld96D4.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld9701.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld9724.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld9808.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld989F.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld98F.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld9987.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld998D.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld9993.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld99D2.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld9A31.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld9B68.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld9B84.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld9BA0.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld9BE.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld9BE3.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld9C05.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld9C08.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld9C82.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld9CAE.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld9CD3.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld9E1F.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld9EC3.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld9ED.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld9EE4.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldA090.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldA17F.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldA1AA.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldA1B.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldA347.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldA42C.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldA43E.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldA47.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldA490.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldA4AF.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldA4F8.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldA548.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldA607.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldA612.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldA71F.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\

Edited by boogerjedi, 03 August 2006 - 08:49 PM.


#6 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:04:32 AM

Posted 04 August 2006 - 08:36 AM

Yes. Delete or quarantine everything ewida finds. You will probably have to run the scan again. Do that and then post a new HijackThis log and ewido log. Let me know if you still have problems.

Edited by suebaby41, 04 August 2006 - 08:37 AM.

You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#7 boogerjedi

boogerjedi
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:04:32 AM

Posted 07 August 2006 - 08:27 AM

Here are the scans. there seems to be still a trace that ewido still finds, the ewido notification pops up every second saying it found virtumonde with the filename C:/WINDOWS/system32/sstqr.dll, even when i quarantine/delete it another pop up comes as if it found a different adware but its the exact same filename. Should I boot in safe mode and manually delete it?

(in the following scan log I found files, quarantined and deleted them all, then i noticed that I had an exception in the search, which was virtumonde, because i selected "ignore and add to exceptions" from the constant notices from ewido(which by the way, only happened in normal mode). So I removed it from the exceptions list, performed another scan, found it, quarantined it and deleted it. (and of course it still pops up the notice in normal mode)So thats posted after this logfile:)
EWIDO LOG
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 4:32:10 PM 8/4/2006

+ Scan result:



C:\WINDOWS\__delete_on_reboot__g_8_4_1_9_0_4_8_4_._d_l_l_ -> Downloader.Delf.aeo : No action taken.
C:\WINDOWS\g11703250.dll -> Downloader.Delf.aeo : No action taken.
C:\WINDOWS\g12528000.dll -> Downloader.Delf.aeo : No action taken.
C:\WINDOWS\g13853703.dll -> Downloader.Delf.aeo : No action taken.
C:\WINDOWS\g15172984.dll -> Downloader.Delf.aeo : No action taken.
C:\WINDOWS\g18533859.dll -> Downloader.Delf.aeo : No action taken.
C:\WINDOWS\g23346609.dll -> Downloader.Delf.aeo : No action taken.
C:\WINDOWS\g31918812.dll -> Downloader.Delf.aeo : No action taken.
C:\WINDOWS\g34866984.dll -> Downloader.Delf.aeo : No action taken.
C:\WINDOWS\g38403796.dll -> Downloader.Delf.aeo : No action taken.
C:\WINDOWS\g41347093.dll -> Downloader.Delf.aeo : No action taken.
C:\WINDOWS\g44884187.dll -> Downloader.Delf.aeo : No action taken.
C:\WINDOWS\g47707406.dll -> Downloader.Delf.aeo : No action taken.
C:\WINDOWS\g5223343.dll -> Downloader.Delf.aeo : No action taken.
C:\WINDOWS\g64629656.dll -> Downloader.Delf.aeo : No action taken.
C:\WINDOWS\g71109296.dll -> Downloader.Delf.aeo : No action taken.
C:\WINDOWS\g77589906.dll -> Downloader.Delf.aeo : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{D4DFC1D8-2D2E-4962-B0D0-389FBA0F76B5} -> Hijacker.Generic : No action taken.
HKU\S-1-5-21-570597544-3657464576-2832881084-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4DFC1D8-2D2E-4962-B0D0-389FBA0F76B5} -> Hijacker.Generic : No action taken.
:mozilla.6:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.7:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@heavycom.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@microsoftwga.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
:mozilla.592:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Aavalue : No action taken.
:mozilla.593:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Aavalue : No action taken.
:mozilla.594:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Aavalue : No action taken.
:mozilla.39:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Addynamix : No action taken.
:mozilla.481:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.553:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Adserver : No action taken.
:mozilla.554:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Adserver : No action taken.
:mozilla.555:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Adserver : No action taken.
:mozilla.556:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Adserver : No action taken.
:mozilla.45:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Adtech : No action taken.
:mozilla.46:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Adtech : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@burstnet[2].txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.571:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Clickhype : No action taken.
:mozilla.125:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Com : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@com[2].txt -> TrackingCookie.Com : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@c.enhance[2].txt -> TrackingCookie.Enhance : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@www.epilot[1].txt -> TrackingCookie.Epilot : No action taken.
:mozilla.36:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.739:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.740:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.660:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.661:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.368:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.369:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.379:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@data4.perf.overture[1].txt -> TrackingCookie.Overture : No action taken.
:mozilla.40:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.41:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.42:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.43:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.44:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.401:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.402:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.403:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.168:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.439:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.440:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.441:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.442:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.37:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.38:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.472:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.473:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@anad.tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@anat.tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.482:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
:mozilla.483:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.484:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.485:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.486:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.487:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.488:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.489:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.490:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.492:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.493:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.521:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Web-stat : No action taken.
:mozilla.522:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Web-stat : No action taken.
:mozilla.567:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.568:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.569:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.570:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.559:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.560:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.561:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lrdoxo2j.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
C:\WINDOWS\system32\drivers\DP.sys -> Trojan.Agent.ny : No action taken.
C:\WINDOWS\system32\ipobcxpr.exe -> Trojan.Agent.ny : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\9D2X1URJ\srviao[1].exe -> Trojan.Dialer.qs : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\WJWW01AJ\srvxsz[1].exe -> Trojan.Dialer.qs : No action taken.
C:\WINDOWS\system32\cool.exe -> Trojan.Dialer.qs : No action taken.
C:\WINDOWS\Temp\win369F.tmp.exe -> Trojan.Pakes : No action taken.
C:\WINDOWS\system32\1024 -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld10F2.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld1108.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld1147.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld11BB.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld11F.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld129E.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld130E.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld13F3.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld140.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld155F.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld1568.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld15BC.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld1609.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld161.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld17E0.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld17E8.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld1A7C.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld1A9E.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld1ADA.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld1AE1.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld1B2.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld1B36.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld1BEE.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld1C2D.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld1C5C.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld1CB4.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld1DC2.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld1DD8.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld1F22.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld1F96.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld1FDB.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld1FF8.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld206B.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld207A.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld20E3.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld2163.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld21A.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld2242.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld22BE.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld2309.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld231F.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld2347.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld2359.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld236C.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld23E4.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld260B.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld261C.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld2650.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld26DA.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld26DB.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld270B.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld2712.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld28B5.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld29CB.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld2A27.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld2B17.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld2B19.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld2B49.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld2B97.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld2C04.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld2C13.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld2C4F.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld2CFA.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld2DF9.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld2E26.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld2EA8.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld2EB8.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld2EE7.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld2F45.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld2F9B.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld2FAE.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld2FB8.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld2FD0.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld3006.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld3147.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld31A9.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld31E6.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld32AC.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld32C2.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld33A4.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld33DC.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld3408.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld3465.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld34A6.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld34C8.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld35BD.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld36A8.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld3722.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld3728.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld3776.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld3928.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld3997.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld399A.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld39B1.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld3BC4.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld3BD6.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld3C68.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld3C84.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld3D0D.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld3D1F.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld3DF7.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld3E44.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld3E65.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld3E6E.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld3EC1.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld3F23.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld3F43.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld3F6.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld3F8C.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld3FA1.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld402B.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld40FB.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld41B2.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld41D3.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld4234.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld424.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld4244.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld429D.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld441.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld444A.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld4488.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld44D3.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld4508.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld4536.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld4552.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld45AB.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld45B2.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld47C5.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld480A.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld486.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld4894.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld4895.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld48DB.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld48FF.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld49E1.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld4A6F.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld4A9D.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld4B6F.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld4BE1.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld4CD1.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld4D51.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld4D70.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld4DBE.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld4DDD.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld4E48.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld4EB4.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld4FF0.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld5081.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld5172.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld5174.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld518A.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld519B.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld520.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld523D.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld5320.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld5340.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld5363.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld539.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld53A0.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld542.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld5475.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld547C.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld558D.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld55B5.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld55E1.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld564E.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld566F.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld5692.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld5796.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld581C.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld5862.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld5901.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld591B.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld5940.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld5B01.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld5B60.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld5B6B.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld5B73.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld5BF0.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld5C70.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld5CBF.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld5D8D.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld5E41.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld5FA4.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld5FFE.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld6028.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld605D.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld60FD.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld610C.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld6165.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld61F4.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld62C5.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld639B.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld63B1.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld63C9.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld63CC.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld63FE.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld641D.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld6476.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld64C6.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld669C.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld66C1.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld66D2.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld66F0.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld6769.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld676C.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld676D.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld6794.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld69.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld698E.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld69C4.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld6A4E.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld6AB9.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld6AE4.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld6B.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld6B30.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld6BA9.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld6BAB.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld6C29.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld6C66.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld6D8C.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld6E8B.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld6F2A.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld6F3A.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld6F78.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld6FB.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld6FD7.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld7031.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld7049.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld7062.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld71B9.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld723B.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld7269.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld732C.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld733D.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld7354.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld7426.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld745E.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld748A.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld74D8.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld750A.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld7518.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld755A.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld763F.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld776F.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld77B4.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld77BA.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld77F9.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld7858.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld785C.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld796F.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld79AA.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld79D6.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld7A19.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld7A2C.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld7A3.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld7AE4.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld7B0A.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld7C46.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld7C68.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld7CEA.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld7D1A.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld7D9F.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld7E2A.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld7E89.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld7EA7.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld7F66.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld7FB5.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld800B.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld802.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld803.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld817D.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld8256.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld82C6.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld82D6.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld832F.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld834E.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld843D.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld84BD.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld8565.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld858B.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld85C8.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld85D4.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld85D7.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld862D.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld8680.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld86D.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld8856.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld886B.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld888C.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld88AA.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld8917.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld8926.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld895E.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld8962.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld8AC1.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld8B58.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld8B7E.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld8C73.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld8CBD.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld8D28.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld8D54.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld8E50.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld8E5F.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld8F46.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld9113.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld91EE.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld9203.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld921C.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld93A2.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld93D2.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld93E6.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld9423.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld94E6.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld94F.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld9507.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld950E.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld95FF.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld9638.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld9663.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld96D0.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld96D4.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld9701.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld9724.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld9808.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld989F.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld98F.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld9987.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld998D.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld9993.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld99D2.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld9A31.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld9B68.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld9B84.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld9BA0.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld9BE.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld9BE3.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld9C05.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld9C08.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld9C82.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld9CAE.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld9CD3.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld9E1F.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld9EC3.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld9ED.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ld9EE4.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldA090.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldA17F.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldA1AA.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldA1B.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldA347.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldA42C.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldA43E.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldA47.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldA490.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldA4AF.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldA4F8.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldA548.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldA607.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldA612.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldA71F.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldA753.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldA754.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldA772.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldA7A1.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldA7CC.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldA826.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldAA20.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldAA46.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldAA83.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldAAA2.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldAAE0.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldAB56.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldAB5A.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldABA3.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldACF8.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldAD12.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldAE1D.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldAE96.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldAEF2.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldAF1D.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldAFC.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldB00A.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldB0DB.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldB2BE.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldB3BD.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldB3D6.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldB4D1.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldB4F.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldB57B.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldB58C.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldB594.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldB5DD.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldB6D1.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldB7F2.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldB83C.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldB846.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldB88A.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldB88E.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldB8DA.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldB8EE.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldB9F1.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldBA68.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldBA8C.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldBB67.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldBB8C.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldBB8F.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldBCC6.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldBCC8.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldBCEA.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldBD4A.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldBD70.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldBD7C.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldBDAC.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldBE21.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldBE2F.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldBE7E.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldBE87.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldBEBC.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldBF17.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldBFE9.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldC08D.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldC0AE.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldC348.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldC364.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldC392.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldC3F.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldC49D.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldC4BF.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldC520.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldC5C.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldC647.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldC64A.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldC669.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldC712.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldC7DB.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldC8D9.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldC8DD.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldC8FD.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldC91E.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldC92.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldC93C.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldC95B.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldC9D5.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldC9F0.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldCA6A.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldCBDA.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldCC10.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldCC3D.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldCC5C.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldCCF.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldCD3F.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldCD43.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldCDAB.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldCEDB.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldCEE.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldCEF1.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldCFD7.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldD060.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldD139.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldD286.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldD3C.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldD3C8.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldD478.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldD577.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldD5A0.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldD6C9.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldD74E.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldD756.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldD774.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldD7A6.tmp -> Trojan.Small : No action taken.
C:\WINDOWS\system32\1024\ldD89A.tmp -> Trojan.Small : No actio

Edited by boogerjedi, 07 August 2006 - 08:29 AM.


#8 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:04:32 AM

Posted 08 August 2006 - 12:14 PM

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Put a check next to Run VundoFix as a task.
  • You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
  • When VundoFix re-opens, click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.
Credit for the fix goes to the combined efforts of Atribune, NonSuch and LDTate

Edited by suebaby41, 08 August 2006 - 12:22 PM.

You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#9 boogerjedi

boogerjedi
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:04:32 AM

Posted 08 August 2006 - 02:54 PM

ok cool, I scanned and rebooted, but before it rebooted it said it was not able to delete the sstqr.dll, and that it would try deleteing when it rebooted. After the reboot i scanned again, and vundo found it again and finally deleted it. i dont have the logfille of the second vundo scan, but i scanned a 3rd time and it found no threats.






VundoFix V5.1.7

Running as SYSTEM
from c:\windows\system32\VundoFix.exe

Checking Java version...

Java version is 1.5.0.5

Java version is 1.5.0.6

Scan started at 2:31:08 PM 8/8/2006

Listing files found while scanning....

C:\windows\system32\sstqr.dll
C:\windows\system32\rqtss.ini
C:\windows\system32\rqtss.bak1

Beginning removal...

The process smss.exe was successfully stopped

The process winlogon.exe was successfully stopped

The process explorer.exe was successfully stopped

The process iexplore.exe was successfully stopped

The process rundll32.exe was successfully stopped

Attempting to delete C:\windows\system32\sstqr.dll
C:\windows\system32\sstqr.dll Could not be deleted.

Attempting to delete C:\windows\system32\rqtss.ini
C:\windows\system32\rqtss.ini Has been deleted!

Attempting to delete C:\windows\system32\rqtss.bak1
C:\windows\system32\rqtss.bak1 Has been deleted!

Performing Repairs to the registry.
Done!
-----------------------------------------------------
here is that 3rd scan logfile:


VundoFix V5.1.7

Running as SYSTEM
from c:\windows\system32\VundoFix.exe

Checking Java version...

Java version is 1.5.0.5

Java version is 1.5.0.6

Scan started at 3:32:15 PM 8/8/2006

Listing files found while scanning....

No infected files were found.

-----------------------------------------------
Here is the HJT log after all these scans:

Logfile of HijackThis v1.99.1
Scan saved at 3:45:20 PM, on 8/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\NavNT\rtvscan.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\USB Storage RW\udsi.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\NavNT\vptray.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Creative Professional\E-MU PatchMix DSP\EmuPatchMixDSP.exe
C:\Program Files\HP\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\HP\Digital Imaging\bin\hposol08.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {9F46D12B-953B-461E-A780-84AF989C6BA9} - C:\WINDOWS\system32\sstqr.dll (file missing)
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00309} - C:\WINDOWS\g84190484.dll (file missing)
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00310} - C:\WINDOWS\system32\compstuid.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [KYE_UDSI] "C:\Program Files\USB Storage RW\udsi.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [\\KATE\EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P37 "\\KATE\EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R200 Series on KENSEI-AO6I2GRX] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P54 "Auto EPSON Stylus Photo R200 Series on KENSEI-AO6I2GRX" /O25 "\\KENSEI-AO6I2GRX\Printer" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R200 Series on KATE-AO6I2GRX] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P52 "Auto EPSON Stylus Photo R200 Series on KATE-AO6I2GRX" /O23 "\\KATE-AO6I2GRX\Printer" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [DVDXGhost] C:\Program Files\DVD Ghost\DVDGhost.EXE
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\HP\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: officejet 6100.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\clbcatix.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\clbcatix.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
O20 - Winlogon Notify: cfgmngr32 - C:\WINDOWS\g95130296.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winonn32 - winonn32.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\System32\CTsvcCDA.exe (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe





THANKYOU! :thumbsup: I will be patiently awaiting your reply.

#10 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:04:32 AM

Posted 09 August 2006 - 02:29 PM

We need a few tools.
Step 1
First, download HSFix from HSFix.
After it is downloaded, create a new folder on your desktop called "HSFix" and extract all the files into the newly created folder.
Step 2
Please download the ATF-Cleaner ATF-Cleaner features include:
  • Cleaning of all user temp folders, administrator only can use this feature.
  • Cleaning of the Java cache, which seems to be harboring more and more malware.
  • Cleaning for the Opera browser, including Operas cache, cookies, history, download history, saved passwords and visited links. Do not run it yet.
Step 3
Boot into safe mode: Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.
Locate the HSFix folder on your desktop, open it, and double-click "hsfix.bat"
A log will be produced which you can close out of.
Step 4
Then run HijackThis again, close any open windows and browsers and fix these:
O2 - BHO: (no name) - {9F46D12B-953B-461E-A780-84AF989C6BA9} - C:\WINDOWS\system32\sstqr.dll (file missing)
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00309} - C:\WINDOWS\g84190484.dll (file missing)
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00310} - C:\WINDOWS\system32\compstuid.dll
O20 - Winlogon Notify: cfgmngr32 - C:\WINDOWS\g95130296.dll (file missing)
O20 - Winlogon Notify: winonn32 - winonn32.dll (file missing)

Step 5
Restart your computer into normal mode.
Step 6
Run the ATF-Cleaner
Step 7
Restart your computer into normal mode Run an online antivirus check from at least two and preferably three of the following sites
BitDefender
Computer Associates Online Virus Scan
Panda's ActiveScan
Symantec's Security Check?
Trend Micro Housecall
Windows Live Safety Center Free Online Scan
This scanner from Trend does not require an activeX to run
  • Detects and removes malware ( viruses, worms, trojans, etc. )
  • Detects and removes grayware and spyware
  • Restores damage caused by malware to your system.
  • Notifies about vulnerabilities in installed programs and connected network services.
  • Multi-platform support for: Windows, Linux, Solaris.
  • Easy-to-use with the following browsers: Microsoft Internet Explorer, Mozilla Firefox,
Step 8
When you have completed the scans, if you get a report of files that can’t be cleaned / deleted, please write down the filenames and locations and post that in your reply.
Step 9
Please post a new HijackThis log and the log from HSFix. Let me know if you are still having problems.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#11 boogerjedi

boogerjedi
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:04:32 AM

Posted 10 August 2006 - 04:21 PM

Ok all looks well. I scanned with Bitdefender, Trend Micro Housecall, and C.A. virus scan, they deleted all they found successfully.
--------------------------

Here Is the HSfix log:


Horseserver Removal Tool v1.05
by Atri
-
-
1. Registry Fix Started
-
Registry fix complete
-
2. Deleted Services
-
-
3. Finding files Located on system
-
tmp*.tmp
w32tm.exe
-
4. Deleting files that were found.
-
-
5. Checking for and Removing Winupdate
-
-
-






------------------------------------------
Here is the HJT log after all the scans:

Logfile of HijackThis v1.99.1
Scan saved at 4:03:39 PM, on 8/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\NavNT\rtvscan.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\USB Storage RW\udsi.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\NavNT\vptray.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Creative Professional\E-MU PatchMix DSP\EmuPatchMixDSP.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\HP\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\HP\Digital Imaging\bin\hposol08.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [KYE_UDSI] "C:\Program Files\USB Storage RW\udsi.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [\\KATE\EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P37 "\\KATE\EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R200 Series on KENSEI-AO6I2GRX] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P54 "Auto EPSON Stylus Photo R200 Series on KENSEI-AO6I2GRX" /O25 "\\KENSEI-AO6I2GRX\Printer" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R200 Series on KATE-AO6I2GRX] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P52 "Auto EPSON Stylus Photo R200 Series on KATE-AO6I2GRX" /O23 "\\KATE-AO6I2GRX\Printer" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [DVDXGhost] C:\Program Files\DVD Ghost\DVDGhost.EXE
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\HP\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: officejet 6100.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\clbcatix.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\clbcatix.dll (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\System32\CTsvcCDA.exe (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

------------------------------------------------------------------------------------

I'll let you know if i notice anything.

Ms. suebaby41, Your hard work is inspiring, I didnt know people could be so kind and helpful online! I hope I can pass on this charity and kindness. I am so thankful. You are awesome!

Edited by boogerjedi, 10 August 2006 - 04:23 PM.


#12 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:04:32 AM

Posted 11 August 2006 - 02:57 PM

We are getting close to having your computer clean.

Please run HijackThis and click "Scan." Place checks next to the following entries (make sure not to miss any and do not worry if they are not there):
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\clbcatix.dll (file missing)Identified as Trojan-Clicker.Win32.Agent.ct.

Search for and delete these files. Do not worry if they are not there.

C:\WINDOWS\system32\clbcatix.dll

Please post a new HijackThis log. Let me know if you are still having problems.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#13 boogerjedi

boogerjedi
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:04:32 AM

Posted 12 August 2006 - 10:52 PM

cool, ok here is the log:


Logfile of HijackThis v1.99.1
Scan saved at 11:50:02 PM, on 8/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\NavNT\rtvscan.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\USB Storage RW\udsi.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Creative Professional\E-MU PatchMix DSP\EmuPatchMixDSP.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\ps2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\HP\Digital Imaging\bin\hposol08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0

\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [KYE_UDSI] "C:\Program Files\USB Storage RW\udsi.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [\\KATE\EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P37

"\\KATE\EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R200 Series on KENSEI-AO6I2GRX] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3

\E_S4I2H1.EXE /P54 "Auto EPSON Stylus Photo R200 Series on KENSEI-AO6I2GRX" /O25 "\\KENSEI-AO6I2GRX\Printer" /M "Stylus

Photo R200"
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R200 Series on KATE-AO6I2GRX] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3

\E_S4I2H1.EXE /P52 "Auto EPSON Stylus Photo R200 Series on KATE-AO6I2GRX" /O23 "\\KATE-AO6I2GRX\Printer" /M "Stylus Photo

R200"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R200 Series on KATE] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P43

"Auto EPSON Stylus Photo R200 Series on KATE" /O14 "\\KATE\Printer" /M "Stylus Photo R200"
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [DVDXGhost] C:\Program Files\DVD Ghost\DVDGhost.EXE
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\HP\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: officejet 6100.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%

\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file

missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -

http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -

http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) -

http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) -

http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -

http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file

missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file

missing)
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\System32\CTsvcCDA.exe (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0

\guard.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia

Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security

Center\SymWSC.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead

Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

#14 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:04:32 AM

Posted 17 August 2006 - 11:12 AM

Your log appears to be clean. Please advise me of any problems you still have.

Please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. If you are using Windows XP then you should disable and enable system restore to make sure there are no infected files found in a restore point.
    You can find instructions on how to disable and enable system restore here:
    Windows XP System Restore Guide
  • Make your Internet Explorer more secure This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub frames across different domains to Prompt
    • When all these settings have been made, click on the OK button.
    • If it asks you if you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use IE-SPYAD Install IE SPYAD. Add another level of protection to your Internet Explorer browser by blocking certain sites that are known to contain malware. IE SPYAD puts several thousand sites in your restricted zone so you'll be protected when you visit innocent looking sites that aren't actually innocent at all. If you happen on a site within its list, they can't hijack you or install anything. Program is free and is updated about once a month. Please follow readme instructions for install; it is a little different. Single user PC use IE Spyad1. Multi user XP PC use IE Spyad2.
    Computer Safety On line Anti Virus
  • Update your Anti Virus Software It is imperative that you update your Anti virus software at least once a week (Even more if you wish). If you do not update your anti virus software, then it will not be able to catch any of the new variants that may come out.
  • Visit Microsoft's Windows Update Site Frequently It is important that you visit Microsoft Windows Update regularly. This will ensure your computer has the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  • You should scan your computer with Spybot S&D on a regular basis just as you would an anti- virus software. A tutorial on installing & using this product can be found here:
    Using Spybot - Search & Destroy to remove Spyware from Your Computer
  • You should scan your computer with Ad-Aware as well as Spybot S&D and your anti-virus program on a regular basis. A tutorial on installing & using this product can be found here:
    Using Ad-Aware SE to remove Spyware & Hijackers from Your Computer
  • Install SpywareBlaster SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. An article on anti malware products with links for this program and others can be found here:
    Computer Safety on line Anti Malware
  • Use the hosts file: Every version of windows has a hosts file as part of them. In a very basic sense, they are used to locate web pages. We can customize a hosts file so that it blocks certain web pages. However, it can slow down certain computers. This is why using a hosts file is optional. Download mvps hosts file Make sure you read the instructions on how to install the hosts file. There is a good tutorial HERE If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
    • Click the start button on the task bar at the bottom of your screen
    • Click run
    • In the dialog box, type services.msc
    • hit enter, then locate dns client
    • Highlight it, then doubleclick it.
    • On the dropdown box, change the setting from automatic to manual.
    • Click ok..
  • Use an alternative instant messenger program.Trillian and Miranda IM These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
  • Please read Tony Klein's excellent article: How I got Infected in the First Place
  • Please read Understanding Spyware, Browser Hijackers, and Dialers
  • Update all these programs regularly Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
  • If your computer was infected by a website, a program, IM, MSN, or p2p, check this site because it is Time To Fight Back.
Follow these steps and your potential for being infected again will reduce dramatically.
Good luck!
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#15 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:04:32 AM

Posted 01 September 2006 - 11:42 AM

Since your problem appears to be resolved, this thread will now be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users