Thread: ads in web pages with popups and redirect
View Single Post
Old 01-06-2006, 02:02 PM   #3 (permalink)
rdwtc
Registered User
 
Join Date: Dec 2005
Posts: 5
OS: xp


pop ups and redirects are back. i did have a few problems with the instructions. hijackthis did not start automatically when running fixwareout. i ran it. ewido would not open a window in safe mode. i had to run it after i rebooted in normal mode. here are the logs. i am feeling pretty vulnerable right now.
Logfile of HijackThis v1.99.1
Scan saved at 2:49:34 PM, on 1/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\system32\BacsTray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe
C:\windows\banmanpro.exe
C:\Program Files\Dell AIO Printer A960\dlbfbmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Dell\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\GPS Pathfinder Office 2.80\conmgr.exe
C:\Program Files\GPS Pathfinder Office 2.80\PfPjChgr.exe
C:\PROGRA~1\Dell\BLUETO~1\BTSTAC~1.EXE
C:\PROGRA~1\COMMON~1\Trimble\REMOTE~1\TRDMU.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\ROYDAL~1\LOCALS~1\Temp\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Program Files\SideFind\sfbho.dll (file missing)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - c:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [bascstray] BascsTray.exe
O4 - HKLM\..\Run: [bacstray] BacsTray.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [Dell AIO Printer A960] "C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe"
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [banmanpro] C:\windows\banmanpro.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\RunOnce: [DeleteYourSiteBar] rundll32.exe advpack.dll,DelNodeRunDLL32 "C:\Program Files\YourSiteBar\ysb.dll"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: GPS Pathfinder Office Connection Manager.lnk = C:\Program Files\GPS Pathfinder Office 2.80\conmgr.exe
O4 - Global Startup: GPS Pathfinder Office Project Changer.lnk = C:\Program Files\GPS Pathfinder Office 2.80\PfPjChgr.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Dell\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/...sb_regular.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {76D90D08-EAB7-46D8-BF99-87445BF59E72} (SystemInfo Class) - http://getdway.com/dwayready/dpcsysinfo.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?322
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://www.atlas.lsu.edu/acgm/acgm.cab
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\System32\btxppanel.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe


Fixwareout ver 1.003
Last edited 12/5/2005
Post this report in the forums please

Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\rucmd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\xedocne
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\gib_ogol
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\repiwoh
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\llun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\golmedi
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\23plhps
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\mgcppp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\tesvaf
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\32refaselif
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\putesprpgd

PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

»»»»» Search by size and names...
C:\WINDOWS\SYSTEM32\CSCSZ.EXE
C:\WINDOWS\SYSTEM32\DMFZX.EXE
C:\WINDOWS\SYSTEM32\IPSEC6.EXE

»»»»» Misc files

»»»»» Checking for older varients covered by the Rem3 tool
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 1:46:14 PM, 1/6/2006
+ Report-Checksum: 7FDA4B5B

+ Scan result:

HKLM\SOFTWARE\ISTsvc -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ISTsvc -> Spyware.ISTBar : Cleaned with backup
HKU\S-1-5-21-1169249444-3610765167-2489016363-1008\Software\IST -> Spyware.ISTBar : Cleaned with backup
[2708] C:\WINDOWS\uqvoe.exe -> Downloader.IstBar.ij : Error during cleaning
[2368] C:\Program Files\ISTsvc\istsvc.exe -> Downloader.IstBar : Cleaned with backup
C:\Program Files\Internet Optimizer -> Spyware.InternetOptimizer : Cleaned with backup
C:\Program Files\Internet Optimizer\__delete_on_reboot__optimize.exe -> Spyware.InternetOptimizer : Cleaned with backup
C:\Program Files\ISTsvc -> Spyware.ISTBar : Cleaned with backup
C:\Program Files\ISTsvc\istsvc.exe -> Spyware.ISTBar : Cleaned with backup
C:\Program Files\Power Scan -> Spyware.PowerScan : Cleaned with backup
C:\Program Files\Power Scan\powerscan.exe -> Spyware.PowerScan : Cleaned with backup
C:\Program Files\Power Scan\uninstall.exe -> Spyware.PowerScan : Cleaned with backup
C:\Program Files\SideFind\sfbho.dll -> Spyware.SideFind : Cleaned with backup
C:\Program Files\SideFind\sidefind.dll -> Spyware.SideFind : Cleaned with backup
C:\Program Files\SideFind\update\sidefind.exe -> Downloader.IstBar.jm : Cleaned with backup
C:\Program Files\SurfAccuracy -> Adware.SurfAccuracy : Cleaned with backup
C:\Program Files\SurfAccuracy\License.lnk -> Adware.SurfAccuracy : Cleaned with backup
C:\Program Files\SurfAccuracy\SAcc.cfg -> Adware.SurfAccuracy : Cleaned with backup
C:\Program Files\SurfAccuracy\SAccU.exe -> Adware.SurfAccuracy : Cleaned with backup
C:\Program Files\YourSiteBar\ysb.dll -> Downloader.IstBar.lv : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP201\A0014451.exe -> Downloader.Agent.uj : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP201\A0014454.sys -> Not-A-Virus.SpamTool.Win32.Mailbot.b : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP201\A0014461.dll -> Backdoor.Delf.ald : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP201\A0014469.dll -> Adware.SpySheriff : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP201\A0014471.dll -> Spyware.SpywareNo : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP201\A0014472.dll -> Adware.SpySheriff : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP203\A0014497.exe -> Trojan.Small : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP203\A0014498.exe -> Adware.SpySheriff : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP203\A0014499.exe -> Trojan.Small : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP203\A0014504.exe -> Downloader.Agent.uj : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP203\A0014505.sys -> Not-A-Virus.SpamTool.Win32.Mailbot.b : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP203\A0014513.exe -> Hijacker.StartPage.agt : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP203\A0014516.exe -> Downloader.Adload.j : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP203\A0014546.exe -> Downloader.Agent.uj : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP203\A0014549.sys -> Not-A-Virus.SpamTool.Win32.Mailbot.b : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP203\A0014559.exe -> Downloader.Agent.uj : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP203\A0014562.sys -> Not-A-Virus.SpamTool.Win32.Mailbot.b : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP203\A0014601.exe -> Downloader.Agent.uj : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP203\A0014604.sys -> Not-A-Virus.SpamTool.Win32.Mailbot.b : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP203\A0014616.exe -> Downloader.Agent.uj : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP203\A0014619.sys -> Not-A-Virus.SpamTool.Win32.Mailbot.b : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP203\A0014629.dll -> Hijacker.Small.jf : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP203\A0014630.exe -> Downloader.Agent.uj : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP203\A0014632.sys -> Not-A-Virus.SpamTool.Win32.Mailbot.b : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP203\A0014637.exe -> Downloader.Agent.uj : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP203\A0014640.sys -> Not-A-Virus.SpamTool.Win32.Mailbot.b : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP203\A0014654.exe -> Downloader.Agent.uj : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP203\A0014657.sys -> Not-A-Virus.SpamTool.Win32.Mailbot.b : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP203\A0014875.exe -> Adware.VB : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP203\A0014876.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP203\A0014880.exe -> Downloader.Small.buy : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP203\A0014884.dll -> Spyware.SBSoft : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP203\A0014887.exe -> Downloader.Agent.uj : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP203\A0014889.sys -> Not-A-Virus.SpamTool.Win32.Mailbot.b : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP204\A0014907.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP204\A0014915.sys -> Not-A-Virus.SpamTool.Win32.Mailbot.b : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP204\A0014936.dll -> Hijacker.Small.jf : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP204\A0014941.exe -> Downloader.Agent.uj : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP204\A0014943.sys -> Not-A-Virus.SpamTool.Win32.Mailbot.b : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP205\A0014951.sys -> Not-A-Virus.SpamTool.Win32.Mailbot.b : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP205\A0014959.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP205\A0014983.dll -> Hijacker.Small.jf : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP205\A0014988.exe -> Downloader.Agent.uj : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP205\A0014991.sys -> Not-A-Virus.SpamTool.Win32.Mailbot.b : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP205\A0014998.exe -> Downloader.Agent.uj : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP205\A0015001.sys -> Not-A-Virus.SpamTool.Win32.Mailbot.b : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP206\A0015010.exe -> Downloader.Agent.uj : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP206\A0015013.sys -> Not-A-Virus.SpamTool.Win32.Mailbot.b : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP207\A0015024.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP207\A0015044.dll -> Trojan.Agent.bu : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP207\A0015045.exe -> Trojan.Zapchast.ad : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP207\A0015051.exe -> Downloader.Agent.uj : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP207\A0015054.sys -> Not-A-Virus.SpamTool.Win32.Mailbot.b : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP207\A0015061.dll -> Downloader.Agent.mk : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP207\A0015063.dll -> Hijacker.Small.jf : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP207\A0015073.exe -> Downloader.Agent.uj : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP207\A0015076.sys -> Not-A-Virus.SpamTool.Win32.Mailbot.b : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP209\A0015096.exe -> Downloader.Agent.uj : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP209\A0015099.sys -> Not-A-Virus.SpamTool.Win32.Mailbot.b : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP209\A0015118.sys -> Not-A-Virus.SpamTool.Win32.Mailbot.b : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP209\A0015131.exe -> Downloader.Adload.l : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP209\A0015133.sys -> Not-A-Virus.SpamTool.Win32.Mailbot.b : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP209\A0015142.exe -> Hijacker.Small : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP209\A0015143.exe -> Spyware.Msnagent : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP209\A0015144.exe -> Spyware.FindSpy : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP209\A0015149.exe -> Hijacker.StartPage.aha : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP209\A0015153.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP209\A0015159.sys -> Not-A-Virus.SpamTool.Win32.Mailbot.b : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP209\A0015168.sys -> Not-A-Virus.SpamTool.Win32.Mailbot.b : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP209\A0015173.sys -> Not-A-Virus.SpamTool.Win32.Mailbot.b : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP209\A0015180.exe -> Adware.SurfAccuracy : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP209\A0015182.exe -> Downloader.Adload.l : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP209\A0015183.exe -> Downloader.Qoologic.at : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP209\A0015184.dll -> Logger.Small.dg : Cleaned with backup
C:\WINDOWS\enewsletterpro.exe -> Hijacker.StartPage.aha : Cleaned with backup
C:\WINDOWS\kl.exe -> Trojan.Agent.bu : Cleaned with backup
C:\WINDOWS\nem220.dll -> Downloader.Dyfuca : Cleaned with backup
C:\WINDOWS\SYSTEM\Loader.dll -> Downloader.Agent.li : Cleaned with backup
C:\WINDOWS\SYSTEM32\cscsz.exe -> Downloader.Agent.uj : Cleaned with backup
C:\WINDOWS\tool1.exe -> Dropper.Agent.abu : Cleaned with backup
C:\WINDOWS\tool4.exe -> Not-A-Virus.SpamTool.Win32.Mailbot.q : Cleaned with backup
C:\WINDOWS\tool5.exe -> Trojan.Small : Cleaned with backup


::Report End
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Friday, January 06, 2006 14:36:56
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 6/01/2006
Kaspersky Anti-Virus database records: 169495
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 47236
Number of viruses found: 36
Number of infected objects: 108
Number of suspicious objects: 0
Duration of the scan process: 2217 sec

Infected Object Name - Virus Name
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03280000.VBN Infected: Packed.Win32.Klone.b
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03280001.VBN Infected: Packed.Win32.Klone.b
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03280002.VBN Infected: not-virus:Hoax.Win32.Renos.aj
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03280003.VBN Infected: not-virus:Hoax.Win32.Renos.aj
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03280004.VBN Infected: Backdoor.Win32.Agent.rw
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03280005.VBN Infected: Backdoor.Win32.Agent.rw
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03280006.VBN Infected: Trojan-Clicker.Win32.VB.kc
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03280009.VBN Infected: Packed.Win32.Klone.b
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0328000A.VBN Infected: Packed.Win32.Klone.b
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0328000B.VBN Infected: not-virus:Hoax.Win32.Renos.aj
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0328000C.VBN Infected: not-virus:Hoax.Win32.Renos.aj
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0328000D.VBN Infected: Packed.Win32.Klone.b
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0328000E.VBN Infected: Packed.Win32.Klone.b
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05680002.VBN Infected: not-virus:Hoax.Win32.Renos.aj
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05680003.VBN Infected: not-virus:Hoax.Win32.Renos.aj
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05680004.VBN Infected: Packed.Win32.Klone.b
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05680005.VBN Infected: Packed.Win32.Klone.b
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05680006.VBN Infected: Trojan-Clicker.Win32.VB.kc
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05680007.VBN Infected: Trojan-Clicker.Win32.VB.kc
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07280000.VBN/BlackBox.class Infected: Exploit.Java.ByteVerify
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07280000.VBN/VerifierBug.class Infected: Exploit.Java.ByteVerify
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07280000.VBN/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07280000.VBN Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07280001.VBN Infected: Trojan.Java.ClassLoader.Dummy.d
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07280002.VBN Infected: Trojan.Win32.Inject.i
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07280003.VBN Infected: Trojan-Downloader.Win32.Agent.sy
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08440000.VBN Infected: Trojan.Java.ClassLoader.c
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08440001.VBN Infected: Exploit.Java.ByteVerify
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\086C0000.VBN Infected: Exploit.Java.ByteVerify
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08700000.VBN Infected: Exploit.VBS.Phel.a
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08700001.VBN/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08700001.VBN/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08700001.VBN/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08700001.VBN/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08700001.VBN Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08700002.VBN Infected: Trojan.Java.ClassLoader.c
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08700003.VBN Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AE40002.VBN Infected: Trojan-Downloader.JS.Psyme.ap
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AE40003.VBN/Beyond.class Infected: Trojan.Java.Needy.c
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AE40003.VBN/BlackBox.class Infected: Trojan.Java.Bytverify
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AE40003.VBN/VerifierBug.class Infected: Exploit.Java.ByteVerify
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0AE40003.VBN Infected: Exploit.Java.ByteVerify
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0B280000.VBN Infected: Trojan-Clicker.Win32.VB.kc
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BC00000.VBN/BlackBox.class Infected: Trojan.Java.ClassLoader.z
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BC00000.VBN/VB.class Infected: Trojan.Java.ClassLoader.ak
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BC00000.VBN/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BC00000.VBN Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BC00001.VBN/BlackBox.class Infected: Trojan.Java.ClassLoader.z
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BC00001.VBN/VB.class Infected: Trojan.Java.ClassLoader.ak
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BC00001.VBN/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BC00001.VBN Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BC00002.VBN/BlackBox.class Infected: Trojan.Java.ClassLoader.ak
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BC00002.VBN/VB.class Infected: Trojan.Java.ClassLoader.ak
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BC00002.VBN/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.ah
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BC00002.VBN Infected: Trojan-Downloader.Java.OpenConnection.ah
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BC00003.VBN/BlackBox.class Infected: Trojan.Java.ClassLoader.ak
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BC00003.VBN/VB.class Infected: Trojan.Java.ClassLoader.ak
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BC00003.VBN/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.ah
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BC00003.VBN Infected: Trojan-Downloader.Java.OpenConnection.ah
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0F500000.VBN Infected: Trojan.Win32.Inject.i
C:\Documents and Settings\Roy Dale\Local Settings\Temp\optimize.exe Infected: Trojan-Downloader.Win32.Dyfuca.ei
C:\Documents and Settings\Roy Dale\Local Settings\Temp\sidefind.exe Infected: Trojan-Downloader.Win32.IstBar.jm
C:\Documents and Settings\Roy Dale\Local Settings\Temporary Internet Files\Content.IE5\2XYX0P0T\ysb_prompt[1].htm Infected: Exploit.HTML.CodeBaseExec
C:\Documents and Settings\Roy Dale\Local Settings\Temporary Internet Files\Content.IE5\IRIFMJM1\optimize[1].exe Infected: Trojan-Downloader.Win32.Dyfuca.ei
C:\Documents and Settings\Roy Dale\Local Settings\Temporary Internet Files\Content.IE5\IRIFMJM1\powerscan[1].exe Infected: not-a-virus:AdWare.Win32.PowerScan.d
C:\Documents and Settings\Roy Dale\Local Settings\Temporary Internet Files\Content.IE5\IRIFMJM1\sidefind13[1].dll Infected: not-a-virus:AdWare.Win32.SideFind
C:\Documents and Settings\Roy Dale\Local Settings\Temporary Internet Files\Content.IE5\OPQRSTUV\istrecover[1].exe Infected: Trojan-Downloader.Win32.IstBar.ij
C:\Documents and Settings\Roy Dale\Local Settings\Temporary Internet Files\Content.IE5\OPQRSTUV\sidefind[1].exe Infected: Trojan-Downloader.Win32.IstBar.jm
C:\Documents and Settings\Roy Dale\Local Settings\Temporary Internet Files\Content.IE5\YPQD250H\istsvc[1].exe Infected: Trojan-Downloader.Win32.IstBar.gen
C:\Documents and Settings\Roy Dale\Local Settings\Temporary Internet Files\Content.IE5\YPQD250H\nem220[1].dll Infected: Trojan-Downloader.Win32.Dyfuca.gen
C:\Documents and Settings\Roy Dale\Local Settings\Temporary Internet Files\Content.IE5\YPQD250H\sfbho13[1].dll Infected: not-a-virus:AdWare.Win32.SideFind
C:\Documents and Settings\Roy Dale\Local Settings\Temporary Internet Files\Content.IE5\YPQD250H\ysb[1].dll Infected: Trojan-Downloader.Win32.IstBar.ms
C:\Program Files\Internet Optimizer\optimize.exe Infected: Trojan-Downloader.Win32.Dyfuca.ei
C:\Program Files\ISTsvc\istsvc.exe Infected: Trojan-Downloader.Win32.IstBar.gen
C:\Program Files\Power Scan\powerscan.exe Infected: not-a-virus:AdWare.Win32.PowerScan.d
C:\Program Files\SideFind\sfbho.dll Infected: not-a-virus:AdWare.Win32.SideFind
C:\Program Files\SideFind\sidefind.dll Infected: not-a-virus:AdWare.Win32.SideFind
C:\Program Files\SideFind\update\sidefind.exe Infected: Trojan-Downloader.Win32.IstBar.jm
C:\Program Files\YourSiteBar\ysb.dll Infected: Trojan-Downloader.Win32.IstBar.ms
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP204\A0014938.exe/data0002 Infected: Trojan-Clicker.Win32.Small.jf
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP204\A0014938.exe Infected: Trojan-Clicker.Win32.Small.jf
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP205\A0014985.exe/data0002 Infected: Trojan-Clicker.Win32.Small.jf
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP205\A0014985.exe Infected: Trojan-Clicker.Win32.Small.jf
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP209\A0015147.exe Infected: Trojan-Clicker.Win32.VB.kc
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP209\A0015185.exe Infected: Trojan-Downloader.Win32.Dyfuca.ei
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP210\A0015227.exe Infected: Trojan-Downloader.Win32.IstBar.ij
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP210\A0015228.exe Infected: Trojan-Downloader.Win32.IstBar.gen
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP210\A0015229.exe Infected: not-a-virus:AdWare.Win32.PowerScan.d
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP210\A0015231.dll Infected: not-a-virus:AdWare.Win32.SideFind
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP210\A0015232.dll Infected: not-a-virus:AdWare.Win32.SideFind
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP210\A0015233.exe Infected: Trojan-Downloader.Win32.IstBar.jm
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP210\A0015236.exe Infected: not-a-virus:AdWare.Win32.SurfAccuracy.d
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP210\A0015237.dll Infected: Trojan-Downloader.Win32.IstBar.ms
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP210\A0015238.exe Infected: Trojan.Win32.StartPage.aha
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP210\A0015239.exe Infected: Trojan-PSW.Win32.Agent.bu
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP210\A0015240.dll Infected: Trojan-Downloader.Win32.Dyfuca.gen
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP210\A0015241.dll Infected: Trojan-Downloader.Win32.Agent.li
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP210\A0015243.exe Infected: Trojan-Dropper.Win32.Agent.abu
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP210\A0015244.exe Infected: SpamTool.Win32.Mailbot.q
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP210\A0015245.exe Infected: Trojan.Win32.KillAV.gn
C:\WINDOWS\banmanpro.exe Infected: Trojan-Clicker.Win32.VB.kc
C:\WINDOWS\Downloaded Program Files\ysbactivex.dll Infected: Trojan-Downloader.Win32.IstBar.gen
C:\WINDOWS\nem220.dll Infected: Trojan-Downloader.Win32.Dyfuca.gen
C:\WINDOWS\SYSTEM32\DH9013.exe/data0002 Infected: Trojan-Clicker.Win32.Small.jf
C:\WINDOWS\SYSTEM32\DH9013.exe Infected: Trojan-Clicker.Win32.Small.jf
C:\WINDOWS\uhncdsdp.exe Infected: Trojan-Downloader.Win32.IstBar.ij
C:\WINDOWS\WinDy.exe/data0002 Infected: Trojan-Clicker.Win32.Small.jf
C:\WINDOWS\WinDy.exe Infected: Trojan-Clicker.Win32.Small.jf

Scan process completed.
rdwtc is offline