Logfile check please

pelling · 01-24-2007, 01:42 PM

Hi, my girlfriends computer is really really slow and i'm pretty sure it's got viruses of some sort. Could you check this hijackthis logfile please? Thanks:

` Logfile of HijackThis v1.99.1
Scan saved at 20:39:16, on 24/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE
C:\WINDOWS\zHotkey.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\WINDOWS\system32\USBPlug.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.live.com/login.srf?id=2...=1033&_lang=EN
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BT Yahoo! Broadband
O2 - BHO: (no name) - {2DC65906-D457-B6FE-6F9B-0A2682594BE0} - C:\WINDOWS\system32\agoydjg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: (no name) - {5345A7A9-805A-4923-B505-86B2FEBA3FE0} - (no file)
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [McAfee Guardian] C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe /SU
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [dscService] C:\WINDOWS\system32\USBPlug.exe
O4 - HKLM\..\Run: [hpakmfl.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\hpakmfl.dll,aqoriid
O4 - HKLM\..\Run: [dmfrx.exe] C:\WINDOWS\system32\dmfrx.exe
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\McRegWiz.exe /autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\Poker\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\Poker\PartyPoker\RunApp.exe
O9 - Extra button: Privacy Bar - {cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - C:\Program Files\McAfee\McAfee Privacy Service\GDIEHELP.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Homepage - {6DA6C6C1-F4E8-469F-A46A-F1989006B06E} - http://bt.yahoo.com (file missing) (HKCU)
O9 - Extra button: BT - {ACB19E59-FFAE-441D-A681-DAFDE732B1DE} - http://www.bt.com (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/game...ts/y/ct4_x.cab
O16 - DPF: {0D62A517-E7C6-4E1F-A577-07D4AC549A48} (Progetto1.int_ver32) - http://advnt01.com/dialer/int_ver32b.CAB
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://courses.learndirect.co.uk/pro...er/awswaxf.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...3/mcinsctl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...20/mcgdmgr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://utu.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - http://register.btinternet.com/templ...control023.cab
O16 - DPF: {F57D17AE-CE37-4BC8-B232-EA57747BE5E7} - http://66.230.146.53/EPlugin_GB.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{81028C57-504A-40FC-A140-C8D5ED0F3C2E}: NameServer = 85.255.115.238,85.255.112.198
O17 - HKLM\System\CCS\Services\Tcpip\..\{89AC1B1A-0296-45E7-9481-3843C293F5E4}: NameServer = 85.255.115.238,85.255.112.198
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: McAfee Privacy Service (GuardDogEXE) - Unknown owner - C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE" /SERVICE (file missing)
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: McAfee SpamKiller Server (MskService) - Networks Associates Technology. Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

tetonbob · 01-27-2007, 08:39 PM

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

This is but Round 1 of what could be several posts to complete the cleaning of this system. Stick with me until you receive the "All Clear".

---------------------------------------------------------------------------------------------

Download combofix.exe to your desktop.

* IMPORTANT !!! Place it on your Desktop.

We'll use this shortly.

---------------------------------------------------------------------------------------------

Please download FixWareout from one of these sites:

http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/file...Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

Once the desktop loads a text file will open (report.txt), you can close it - the file has already been saved.

Run HijackThis. Click "Do a System Scan Only", and place a check next to the following items (if found):

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
O3 - Toolbar: (no name) - {5345A7A9-805A-4923-B505-86B2FEBA3FE0} - (no file)
O4 - HKLM\..\Run: [hpakmfl.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\hpakmfl.dll,aqoriid
O4 - HKLM\..\Run: [dmfrx.exe] C:\WINDOWS\system32\dmfrx.exe
O16 - DPF: {0D62A517-E7C6-4E1F-A577-07D4AC549A48} (Progetto1.int_ver32) - http://advnt01.com/dialer/int_ver32b.CAB
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://utu.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {F57D17AE-CE37-4BC8-B232-EA57747BE5E7} - http://66.230.146.53/EPlugin_GB.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{81028C57-504A-40FC-A140-C8D5ED0F3C2E}: NameServer = 85.255.115.238,85.255.112.198
O17 - HKLM\System\CCS\Services\Tcpip\..\{89AC1B1A-0296-45E7-9481-3843C293F5E4}: NameServer = 85.255.115.238,85.255.112.198

Click FIX CHECKED. Close HijackThis.

Finally, please post the contents of the text file that opened earlier (you can find it at C:\fixwareout\report.txt ), at the end of this fix.

**If you receive an error message while trying to run FixWareout, copy autoexec.nt from the C:\WINDOWS\repair folder to C:\WINDOWS\system32 folder, and run FixWareout again.

----------------------------------------------------------------------------------------------------------

Run ComboFix

Click the Windows 'Start' button > Select 'Run' - then copy/paste this into the run box & click OK

"%userprofile%\desktop\combofix.exe" /v hpakmfl agoydjg

When finished, it shall produce a log for you. Post that log in your next reply. It's located at C:\ComboFix.txt

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

---------------------------------------------------------------------------------------------

Download SpywareBlaster 3.5.1
Install & update SpywareBlaster with the latest definitions.
After you have updated, click the button - enable protection for all unprotected items

---------------------------------------------------------------------------------------------

Please go to: VirusTotal

At the top of the page you'll find a "Browse" button. Click the "Browse" button and browse to this file in BOLD:

C:\WINDOWS\system32\USBPlug.exe
Click "Open".
Then click the "Send" button at the top of the VirusTotal page.
This will scan the file. Please be patient.
Once scanned, copy and paste the results in your next reply..

---------------------------------------------------------------------------------------------

Open Hijack This and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

---------------------------------------------------------------------------------------------

Please return with results from:

FixWareout (C:\fixwareout\report.txt)
ComboFix (C:\ComboFix.txt)
VirusTotal
HijackThis

Has Party Poker been intentionally installed on this machine?

pelling · 01-28-2007, 02:47 PM

Hi. Thanks so much for the reply. I can only use her computer on wednesdays and some weekends so this could be quite a slow process, but i'll stick with it whenever i can. I'll post back wednesday when i've done the above steps :)

also yes, party poker was installed on purpose...

tetonbob · 01-28-2007, 06:10 PM

Advised to keep that machine disconnected from the internet until such time as the fix can be performed. While it's infected, it can get worse if left unattended and with internet access.

pelling · 01-28-2007, 06:30 PM

noted, thanks

pelling · 01-31-2007, 11:32 AM

Everything ran smoothly, here are the requested logs:

FixWareout:

Fixwareout
Last edited 1/27/2007
Post this report in the forums please
...
Prerun check
»»»»» HKLM run and Winlogon System values
C:\WINDOWS\system32\dmajw.exe will be moved to C:\WINDOWS\temp\dmajw.ren at reboot.
C:\WINDOWS\system32\cstoo.exe will be moved to C:\WINDOWS\temp\cstoo.ren at reboot.
»»»»» System restarted
...
Reg Entries that were deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "wjamd"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "xedocne"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "gib_ogol"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "repiwoh"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "llun"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "golmedi"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "23plhps"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "mgcppp"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "tesvaf"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "32refaselif"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "putesprpgd"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion "pid"
...
Random Runs removed from HKLM
"dmajw.exe"=-
...

PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

»»»»» Searching by size/names...
C:\WINDOWS\SYSTEM32\DMBVN.EXE
C:\WINDOWS\SYSTEM32\DMGHK.EXE
C:\WINDOWS\SYSTEM32\DMLLC.EXE
C:\WINDOWS\SYSTEM32\DMLPR.EXE
C:\WINDOWS\SYSTEM32\DMRLB.EXE
C:\WINDOWS\SYSTEM32\DMWEK.EXE
C:\WINDOWS\SYSTEM32\DMWMU.EXE

»»»»»
Search five digit cs, dm kd and jb files.
This WILL/CAN also list Legit Files, Submit them at Virustotal
C:\WINDOWS\SYSTEM32\CSKFR.EXE 51,200 2005-12-29
C:\WINDOWS\SYSTEM32\DMBVN.EXE 44,032 2004-08-04
C:\WINDOWS\SYSTEM32\DMGHK.EXE 44,032 2004-08-04
C:\WINDOWS\SYSTEM32\DMLLC.EXE 44,032 2004-08-04
C:\WINDOWS\SYSTEM32\DMLPR.EXE 44,032 2004-08-04
C:\WINDOWS\SYSTEM32\DMRLB.EXE 44,032 2004-08-04
C:\WINDOWS\SYSTEM32\DMWEK.EXE 44,032 2004-08-04
C:\WINDOWS\SYSTEM32\DMWMU.EXE 44,032 2004-08-04

Other suspects.

»»»»» Misc files.

»»»»» Checking for older varients covered by the Rem3 tool.

»»»»» Postrun check
»»»»» HKLM run
»»»»» Winlogon System value
"system"=""
»»»»»

»»»»» Current runs

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CHotkey"="zHotkey.exe"
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"MCUpdateExe"="C:\\PROGRA~1\\mcafee.com\\agent\\McUpdate.exe"
"VSOCheckTask"="\"c:\\PROGRA~1\\mcafee.com\\vso\\mcmnhdlr.exe\" /checktask"
"McAfee Guardian"="C:\\Program Files\\McAfee\\McAfee Shared Components\\Guardian\\CMGrdian.exe /SU"
"VirusScan Online"="\"c:\\PROGRA~1\\mcafee.com\\vso\\mcvsshld.exe\""
"MSKDetectorExe"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MSKDetct.exe /startup"
"MPFTray"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe"
"MMTray"="\"C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mm_tray.exe\""
"YBrowser"="C:\\PROGRA~1\\Yahoo!\\browser\\ybrwicon.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"YOP"="C:\\PROGRA~1\\Yahoo!\\YOP\\yop.exe /autostart"
"mmtask"="\"C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mmtask.exe\""
"dscService"="C:\\WINDOWS\\system32\\USBPlug.exe"
"hpakmfl.dll"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\hpakmfl.dll,aqoriid"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

ComboFix:

"EMZ" - 07-01-31 18:07:36 Service Pack 2
ComboFix 07.01.31 - Running from: "C:\Documents and Settings\EMZ\Desktop"
Command switches used :: /v hpakmlf agoydjg

(((((((((((((((((((((((((((((((((((((((((((((((( Vundo Log )))))))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\agoydjg.dll

* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\drsmartloadb1.dat
C:\WINDOWS\timessquare1.dat
C:\WINDOWS\system32\mscornet.exe
C:\WINDOWS\system32\svcp.csv
C:\INSTALL.LOG
C:\secure32.html
C:\WINDOWS\secure32.html
C:\Documents and Settings\All Users\Documents\Settings
C:\Program Files\Common Files\VCClient

((((((((((((((((((((((((((((((( Files Created from 2006-12-31 to 2007-01-31 ))))))))))))))))))))))))))))))))))

2007-01-31 18:10 <DIR> d-------- C:\WINDOWS\ERDNT
2007-01-31 17:51 <DIR> d-------- C:\fixwareout
2007-01-30 23:27 <DIR> d-------- C:\92237345ca2f02005178e2
2007-01-30 08:46 <DIR> d-------- C:\b3b0f612d0e445f8a2e933cd
2007-01-29 08:46 <DIR> d-------- C:\32aae832b0c65165c4d370
2007-01-28 16:24 <DIR> d-------- C:\32efc6d5b88cd34eda4e19
2007-01-27 11:12 <DIR> d-------- C:\43253f140173e4c601913f89
2007-01-26 00:36 <DIR> d-------- C:\52ac0ef254efe18be809d2
2007-01-25 18:59 <DIR> d-------- C:\ffe335ed309dcee0380d32c106a945e7
2007-01-25 10:25 <DIR> d-------- C:\e02e2a45419049704e
2007-01-25 00:08 <DIR> d-------- C:\91e6229cd4cb851e7b4c
2007-01-24 20:54 <DIR> d-------- C:\1358b72fedd7877c4a314e36
2007-01-24 20:31 <DIR> d-------- C:\Program Files\Hijackthis
2007-01-24 20:29 <DIR> d-------- C:\49384f5e93a3e5d5d108
2007-01-24 19:48 <DIR> d-------- C:\33a9ea7687af757c08baf211
2007-01-24 00:09 <DIR> d-------- C:\382c2610f097205310
2007-01-23 08:44 <DIR> d-------- C:\af1cf483854ad62b1e619df801ee22e7
2007-01-21 21:11 <DIR> d-------- C:\38e49cff12d6260e2c
2007-01-21 19:17 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-01-21 19:12 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-01-21 10:36 <DIR> d-------- C:\4fd88367bf678ad62ccc11ce148278b4
2007-01-20 10:54 <DIR> d-------- C:\5d23b678fdbdf4d4587d332eb974
2007-01-18 23:46 <DIR> d-------- C:\0f747ba67620e188307d680d0af9c086
2007-01-18 09:02 <DIR> d-------- C:\7231b0cd008cfea9630cfa
2007-01-17 10:22 <DIR> d-------- C:\60f6d3e31b041399d0
2007-01-15 22:59 <DIR> d-------- C:\657a456ad146dce69d295fcf07aa
2007-01-15 08:45 <DIR> d-------- C:\09fc93a27128eb3dcbb5
2007-01-13 10:37 <DIR> d-------- C:\2d4ec15585eccc0ea841046f57dc
2007-01-12 08:53 <DIR> d-------- C:\9c38b067b0e9ad041657cb6d26
2007-01-11 08:42 <DIR> d-------- C:\8c38d3d438b0bf76be168b8d80
2007-01-11 08:41 <DIR> d-------- C:\WINDOWS\ie7updates
2007-01-09 22:04 <DIR> d-------- C:\e779c7727ff792be8edc41424a4f3eb8
2007-01-09 09:04 <DIR> d-------- C:\c9077b7034d182fc8a05
2007-01-08 08:50 <DIR> d-------- C:\240293992911928713a030217f
2007-01-07 13:28 <DIR> d-------- C:\4716d06dc44513cd364a13d09f1b96a9
2007-01-06 18:30 <DIR> d-------- C:\d0567e9a3d13fd3209
2007-01-05 19:28 <DIR> d-------- C:\d69ed6b18b58c0035e918c25d5c4a6
2007-01-05 08:46 <DIR> d-------- C:\a8d6fda8e50eed09e4
2007-01-04 09:55 <DIR> d-------- C:\6c42503c658ce3b8ca24965838
2007-01-03 09:27 <DIR> d-------- C:\27e97fe0b335d4e80ae2cbf4700bd7d7
2007-01-02 17:10 <DIR> d-------- C:\b166ed7e7548d9d618e7
2007-01-02 13:09 <DIR> d-------- C:\ef78c21b6d62aea2dd640ac5b86bb29f
2007-01-02 11:26 <DIR> d-------- C:\1b62461527f9ddf91a0c1a9f
2007-01-01 10:22 <DIR> d-------- C:\ebb154143125b0b25ede82d2
2006-12-31 18:11 <DIR> d-------- C:\b137b0cc804b8b197fd5
2006-12-31 12:23 <DIR> d-------- C:\bf2760edb7e823ae776a5554ac66409c

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-01-31 17:48 -------- d-------- C:\Program Files\mozilla firefox
2007-01-24 21:39 -------- d-------- C:\Program Files\Common Files\aol
2007-01-24 20:28 -------- d-------- C:\Program Files\java
2007-01-12 22:11 -------- d-------- C:\Program Files\minilyrics
2007-01-12 22:09 -------- d-------- C:\Program Files\quicktime
2006-12-11 21:06 -------- d-------- C:\Program Files\poker
2006-11-08 05:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-07 21:03 6049280 --------- C:\WINDOWS\system32\ieframe.dll
2006-11-07 21:03 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-11-07 21:03 458752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-11-07 21:03 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-11-07 21:03 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-11-07 21:03 180736 --------- C:\WINDOWS\system32\ieui.dll
2006-11-07 21:03 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-11-07 03:27 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-11-07 03:27 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-11-07 03:26 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-11-07 03:26 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-11-07 03:26 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-11-07 03:26 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-11-07 03:26 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-11-07 03:26 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-11-07 03:26 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-11-07 03:25 161792 --a------ C:\WINDOWS\system32\ieakui.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"CHotkey"="zHotkey.exe"
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"MCUpdateExe"="C:\\PROGRA~1\\mcafee.com\\agent\\McUpdate.exe"
"VSOCheckTask"="\"c:\\PROGRA~1\\mcafee.com\\vso\\mcmnhdlr.exe\" /checktask"
"McAfee Guardian"="C:\\Program Files\\McAfee\\McAfee Shared Components\\Guardian\\CMGrdian.exe /SU"
"VirusScan Online"="\"c:\\PROGRA~1\\mcafee.com\\vso\\mcvsshld.exe\""
"MSKDetectorExe"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MSKDetct.exe /startup"
"MPFTray"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe"
"MMTray"="\"C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mm_tray.exe\""
"YBrowser"="C:\\PROGRA~1\\Yahoo!\\browser\\ybrwicon.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"YOP"="C:\\PROGRA~1\\Yahoo!\\YOP\\yop.exe /autostart"
"mmtask"="\"C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mmtask.exe\""
"dscService"="C:\\WINDOWS\\system32\\USBPlug.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICcontrol]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iccontrol"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\iccontrol.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mnyexpr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Microsoft Money\\System\\mnyexpr.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MskAgent"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MskAgent.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAVNet]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="8"
"hkey"="HKLM"
"command"="\"C:\\DOCUME~1\\BIGDAV~1\\LOCALS~1\\Temp\\8.tmp\" /m"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDVDServ"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Dragdiag"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Thomson\\SpeedTouch USB\\Dragdiag.exe\" /icon"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="cdaEngine0500"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\WildTangent\\Apps\\CDA\\GameDrvr.exe\" /startup \"C:\\Program Files\\WildTangent\\Apps\\CDA\\cdaEngine0500.dll\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ypager"
"hkey"="HKCU"
"command"="C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\ypager.exe -quiet"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="YBrowser"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Yahoo!\\browser\\YBrowser.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{C1A8B6A1-2C81-1C3D-A3C6-A1CCDB10B47F}"="Windows Update"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{20d8bda1-1958-11d6-b00f-00b0d0c6b6a5}"="McAfee Internet Security"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source REG_SZ file:///C:/DOCUME~1/EMZ/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1093868859.job
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1094393465.job
C:\WINDOWS\tasks\McAfee Privacy Service Anti-Spyware Scan.job
C:\WINDOWS\tasks\McAfee.com Update Check ().job
C:\WINDOWS\tasks\McAfee.com Update Check (EMZ-ROOM-BIG DAVE).job
C:\WINDOWS\tasks\McAfee.com Update Check (EMZ-ROOM-EMZ).job
C:\WINDOWS\tasks\McAfee.com Update Check (EMZ-ROOM-GUEST 1).job
C:\WINDOWS\tasks\McAfee.com Update Check (EMZ-ROOM-MARION).job
C:\WINDOWS\tasks\McAfee.com Update Check (GARY-BIG DAVE).job
C:\WINDOWS\tasks\McAfee.com Update Check (GARY-EMZ).job
C:\WINDOWS\tasks\McAfee.com Update Check (GARY-MARION).job
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: 07-01-31 18:16:09

VirusTotal:

Antivirus Version Update Result
AntiVir 7.3.1.33 01.31.2007 no virus found
Authentium 4.93.8 01.30.2007 no virus found
Avast 4.7.936.0 01.31.2007 no virus found
AVG 386 01.31.2007 no virus found
BitDefender 7.2 01.31.2007 no virus found
CAT-QuickHeal 9.00 01.31.2007 no virus found
ClamAV devel-20060426 01.31.2007 no virus found
DrWeb 4.33 01.31.2007 no virus found
eSafe 7.0.14.0 01.31.2007 no virus found
eTrust-InoculateIT 30.4.3361 01.31.2007 no virus found
eTrust-Vet 30.4.3361 01.31.2007 no virus found
Ewido 4.0 01.31.2007 no virus found
Fortinet 2.85.0.0 01.31.2007 no virus found
F-Prot 4.2.1.29 01.30.2007 no virus found
Ikarus T3.1.0.27 01.31.2007 no virus found
Kaspersky 4.0.2.24 01.31.2007 no virus found
McAfee 4953 01.31.2007 no virus found
Microsoft 1.2101 01.31.2007 no virus found
NOD32v2 2023 01.31.2007 no virus found
Norman 5.80.02 01.31.2007 no virus found
Panda 9.0.0.4 01.31.2007 no virus found
Prevx1 V2 01.31.2007 no virus found
Sophos 4.13.0 01.31.2007 no virus found
Sunbelt 2.2.907.0 01.31.2007 no virus found
Symantec 10 01.30.2007 no virus found
TheHacker 6.0.3.160 01.31.2007 no virus found
UNA 1.83 01.31.2007 no virus found
VBA32 3.11.2 01.31.2007 no virus found
VirusBuster 4.3.19:9 01.31.2007 no virus found

Aditional Information
File size: 278528 bytes
MD5: 0d4c71e318f6ca3c9818780e76459f9c
SHA1: 0373c6109a0f4da6023fcd2283b3befb0cf0383c

HijackThis:

Logfile of HijackThis v1.99.1
Scan saved at 18:32:21, on 31/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE
C:\WINDOWS\zHotkey.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\WINDOWS\system32\USBPlug.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BT Yahoo! Broadband
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [McAfee Guardian] C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe /SU
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [dscService] C:\WINDOWS\system32\USBPlug.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\Poker\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\Poker\PartyPoker\RunApp.exe
O9 - Extra button: Privacy Bar - {cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - C:\Program Files\McAfee\McAfee Privacy Service\GDIEHELP.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Homepage - {6DA6C6C1-F4E8-469F-A46A-F1989006B06E} - http://bt.yahoo.com (file missing) (HKCU)
O9 - Extra button: BT - {ACB19E59-FFAE-441D-A681-DAFDE732B1DE} - http://www.bt.com (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/game...ts/y/ct4_x.cab
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://courses.learndirect.co.uk/pro...er/awswaxf.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...3/mcinsctl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...20/mcgdmgr.cab
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - http://register.btinternet.com/templ...control023.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: McAfee Privacy Service (GuardDogEXE) - Unknown owner - C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE" /SERVICE (file missing)
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: McAfee SpamKiller Server (MskService) - Networks Associates Technology. Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

Thanks so much for your help so far

tetonbob · 01-31-2007, 08:18 PM

That looks much better, but there's more work to do.

Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading, select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Also make sure there is no checkmark beside Hide file extensions for known file types
* Click Yes to confirm and then click OK.

Delete the following files:

C:\WINDOWS\SYSTEM32\CSKFR.EXE
C:\WINDOWS\SYSTEM32\DMBVN.EXE
C:\WINDOWS\SYSTEM32\DMGHK.EXE
C:\WINDOWS\SYSTEM32\DMLLC.EXE
C:\WINDOWS\SYSTEM32\DMLPR.EXE
C:\WINDOWS\SYSTEM32\DMRLB.EXE
C:\WINDOWS\SYSTEM32\DMWEK.EXE
C:\WINDOWS\SYSTEM32\DMWMU.EXE

If they resist deletion, boot to safe mode and delete from there.

---------------------------------------------------------------------------------------------

Now, before we continue, I need a bit more information, please.

Please download SmitfraudFix (by S!Ri) to your Desktop.

Double-click smitfraudfix.exe to start the tool.
Select option #1 - Search by typing 1 and press "Enter"
and a text file will appear which lists infected files (if present).
Please copy/paste the content of that report into your next reply. It will be located at C:\rapport.txt if you happen to close it.

IMPORTANT: Do NOT run option #2 OR any other option until you are directed to do so!

Create an uninstall list:

Open HiJackThis
Click on the button " Open the Misc Tools section"
Click on the Box that says "Open Uninstall Manager"
Click on the button "Save list"
Copy and past the List from the notepad file into your post

Please tell me the contents of these folders:

C:\92237345ca2f02005178e2
C:\b3b0f612d0e445f8a2e933cd
C:\32aae832b0c65165c4d370

pelling · 02-04-2007, 10:40 AM

SmitFraud Report:

SmitFraudFix v2.138

Scan done at 17:36:34.23, 07-02-04
Run from C:\Documents and Settings\EMZ\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\d3??.dll FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\hp????.tmp FOUND !
C:\WINDOWS\system32\ld????.tmp FOUND !
C:\WINDOWS\system32\ncompat.tlb FOUND !
C:\WINDOWS\system32\ot.ico FOUND !
C:\WINDOWS\system32\ts.ico FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\EMZ

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\EMZ\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

C:\DOCUME~1\EMZ\STARTM~1\Programs\SpyAxe FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\EMZ\FAVORI~1

C:\DOCUME~1\EMZ\FAVORI~1\Antivirus Test Online.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="file:///C:/DOCUME~1/EMZ/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg"
"SubscribedURL"="file:///C:/DOCUME~1/EMZ/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg"
"FriendlyName"=""

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{C1A8B6A1-2C81-1C3D-A3C6-A1CCDB10B47F}"="Windows Update"

[HKEY_CLASSES_ROOT\CLSID\{C1A8B6A1-2C81-1C3D-A3C6-A1CCDB10B47F}\InProcServer32]
@="C:\WINDOWS\system32\ioctrl.dll"

[HKEY_CURRENT_USER\Software\Classes\CLSID\{C1A8B6A1-2C81-1C3D-A3C6-A1CCDB10B47F}\InProcServer32]
@="C:\WINDOWS\system32\ioctrl.dll"

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"system"=""

»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

Uninstall List:

Ad-Aware SE Personal
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Download Manager 1.2 (Remove Only)
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader 6.0.1
AOL UK (Choose which version to remove)
AOL You've Got Pictures Screensaver
BT Voyager Wireless Utility
BT Yahoo! Applications
CleanUp!
Creative Jukebox Driver
Cult II - Federal Crime
Google Earth
HighGrow
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 1.99.1
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
HP Memories Disc
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp psc 1200 series
hp psc 1200 series
hp psc 1200 series
Hypertext Builder 2004
iMeshBar
Intel(R) Extreme Graphics Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet
InterActual Player
Internet Connection Control
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_05
LiveUpdate BVRP Software
Macromedia Flash Player 8
McAfee Internet Security 6.0
McAfee SecurityCenter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money
Microsoft Money System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Standard for Students and Teachers
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Windows Journal Viewer
Microsoft Works 7.0
Mobility
Mozilla Firefox (2.0.0.1)
MSN Messenger 7.5
MSXML 4.0 SP2 (KB927978)
Multimedia Keyboard Driver
Musicmatch® Jukebox
My Search Bar
NTI Photo Suite
OLYMPUS CAMEDIA Master 2.5
Pagan Daybook II
PartyPoker
Philips GoGear HDD Device Manager
PowerDVD
QuickTime
RealPlayer Basic
Realtek AC'97 Audio
SafeCast Shared Components
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB926255)
Smart Link 56K Voice Modem
Sony Ericsson PC Suite
SpeedTouch USB Software
SpywareBlaster v3.5.1
Think & Talk French
Tradewinds 2
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB900930)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
WCDMA Handset USB Driver
WildTangent Web Driver
Windows Backup Utility
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Media Player 9 Series Winter Fun Pack
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885626
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB887797
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2

Those folders you mentioned don't exist any more, they are deleted. The computer seems to be responding alot better, thanks.

tetonbob · 02-04-2007, 01:26 PM

Before begining the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Please print out or copy these instructions/tutorial to Notepad as the internet will not (while in Safe Mode) be available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.

---------------------------------------------------------------------------------------------

Download AVG Anti Spyware

Use the link at the bottom of the page under "AVG Anti-Spyware Free for Windows"

Install AVG Anti Spyware
Double-click the icon on Desktop to launch AVG
On the top of the main screen click Shield
Click the word active to change it to inactive
On the top of the main screen click Update.
Then click on Start Update. The update will start and a progress bar will show the updates being installed.
Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
Under "Reports"
- Select "Automatically generate report after every scan"
- Un-Select "Only if threats were found"

When you have finished updating, EXIT AVG Anti Spyware. Do Not run a scan just yet, we will shortly.

---------------------------------------------------------------------------------------------

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

We'll use this later.

---------------------------------------------------------------------------------------------

Reboot your computer in Safe Mode.
- If the computer is running, shut down Windows, and then turn off the power.
- Wait 30 seconds, and then turn the computer on.
- Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
- Ensure that the Safe Mode option is selected.
- Press Enter. The computer then begins to start in Safe mode.
- Login on your usual account.
---------------------------------------------------------------------------------------------

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist:

iMeshBar
My Search Bar

---------------------------------------------------------------------------------------------

Double-click smitfraudfix.exe to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : " Registry cleaning - Do you want to clean the registry?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question " Replace infected file?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot in Safe Mode.

The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: (C:\rapport.txt) or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

---------------------------------------------------------------------------------------------

Clean out your Temporary Internet files.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

---------------------------------------------------------------------------------------------

Next go to Control Panel click Display>Desktop>Customize Desktop>Web> Now, Uncheck Everything and delete if present:

"Security Info"
"Warning Message"
"Security Desktop"
"Warning Homepage"
"Desktop Uninstall" or something similar

Also make sure the 'Lock desktop items' box is unticked. Click OK, and then Click Apply, then OK.

---------------------------------------------------------------------------------------------

Run AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed)

Click Scanner
Click on the Scan tab
Click Complete System Scan to begin scanning.
Once the scan is complete do the following:
If you have any infections you will prompted, then select "Apply all actions"
Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important).

Restart in normal mode.

---------------------------------------------------------------------------------------------

Double-click smitfraudfix.exe to start the tool.
Select option #3 - Delete Trusted zone by typing 3 and press Enter
Answer Yes to the question "Restore Trusted Zone ?" by typing Y and hit Enter.

Note, if you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.

---------------------------------------------------------------------------------------------

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:

Download the latest version of Java Runtime Environment (JRE) 6.
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement".
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6-windowsi586-p.exe to install the newest version.

After the install is complete, go back into the Control Panel and double-click the Java Icon.
Under Temporary Internet Files, click the Delete Files button.
There are three options in the window to clear the cache - Leave ALL 3 Checked
- Other Files
Click OK on Delete Temporary Files Window
Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
Click OK to leave the Java Control Panel.

---------------------------------------------------------------------------------------------

Perform an online scan with Internet Explorer with Panda ActiveScan

Click on located at the bottom of the page.
A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
Enter your e-mail address, country, and state & click "Free Online Scan" *The download of the 8 MB Panda's ActiveX control will take place*

Begin the scan by selecting

If it finds any malware, it will offer you a report.
Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
Click on then click

* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan

---------------------------------------------------------------------------------------------

Run a new HijackThis scan. Save the log file and post it here.

---------------------------------------------------------------------------------------------

Then post the following logs in your next reply...

C:\rapport.txt (log from the tool)
AVG Anti-Spyware log
Panda log
Hijackthis log

pelling · 02-06-2007, 01:52 PM

big problem, i got up to the avg scan, it finished, then the computer was turned off. When it is turned back on a message says 'invalid system disk', and it will not get any further. Any ideas?

tetonbob · 02-06-2007, 06:35 PM

Pelling -

Do you happen to have a non-bootable CD in the drive? Or a non-bootable floppy in your A drive if you have one?

pelling · 02-07-2007, 01:01 PM

Yeah there was a floopy disk in there, doh!

The imesh bar and my search bar both say 'the specified module could not be found' when i click to remove. they are still in the list. Everything else seemed to work.

the panda scan is running now and i wont be able to post the log until the weekend, but here are the others:

rapport log:

SmitFraudFix v2.138

Scan done at 22:35:28.64, 07-02-04
Run from C:\Documents and Settings\EMZ\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{C1A8B6A1-2C81-1C3D-A3C6-A1CCDB10B47F}"="Windows Update"

[HKEY_CLASSES_ROOT\CLSID\{C1A8B6A1-2C81-1C3D-A3C6-A1CCDB10B47F}\InProcServer32]
@="C:\WINDOWS\system32\ioctrl.dll"

[HKEY_CURRENT_USER\Software\Classes\CLSID\{C1A8B6A1-2C81-1C3D-A3C6-A1CCDB10B47F}\InProcServer32]
@="C:\WINDOWS\system32\ioctrl.dll"

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\d3??.dll Deleted
C:\WINDOWS\system32\hp????.tmp Deleted
C:\WINDOWS\system32\ld????.tmp Deleted
C:\WINDOWS\system32\ncompat.tlb Deleted
C:\WINDOWS\system32\ot.ico Deleted
C:\WINDOWS\system32\ts.ico Deleted
C:\DOCUME~1\EMZ\STARTM~1\Programs\SpyAxe Deleted
C:\DOCUME~1\EMZ\FAVORI~1\Antivirus Test Online.url Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"system"=""

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

pelling · 02-07-2007, 01:02 PM

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 00:18 07-02-05

+ Scan result:

HKLM\SOFTWARE\Altnet -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Altnet\Dashboard -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Altnet\Dashboard\Settings -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{00E97FF9-C2D5-30AF-2580-1DF6C99280CB} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{0119F278-475B-E5B8-00B6-C88D1EE40346} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{02B346C4-C2D8-E7EA-C145-EF1A22D8F514} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{02C2F74B-206D-DFEE-6CAE-D4094E17A18D} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{037FA2F8-372A-C652-77FF-F23198522B67} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{0398569A-F6D9-89D9-F9B7-ADD52E2E6CE9} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{05A55FD0-07CB-11D2-9597-D96F9FF82934} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{05C095E7-A44C-D83C-D547-D3462410CF3E} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{073C7FC6-8137-7BA8-FC4D-8518F53DD1BA} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{0872D53B-E933-07FC-C2E5-7DC654FA5E79} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{08A3F77E-B372-3B7C-92A6-F7BB57030BB6} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{09D46D1A-7C15-52D7-CA95-F0B35470CD73} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{0AA13D05-4B32-5457-1F77-A94E37FEE4D1} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{0AC5F1BA-88F9-BABF-38E9-516BD249B257} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{0B28B10C-0852-4322-CD8D-98680E44C015} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{0B3798A2-69E9-E91E-D230-89C13C63C169} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{0B478A5F-80D3-2FF6-AF0E-5653B825ADD2} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{0CEB6F75-E0B3-3168-B619-8AA78957178F} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{0CEEC41A-54F9-F1D2-230D-B4B044ECC202} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{0DC9678A-0260-8CEB-0563-594D9FB02903} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{0F0032FA-B0AE-AAE8-9CDC-8004A516B1C6} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{0F8C4166-6513-FF22-D406-84A3652D603F} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{117089AA-D3C6-C679-D791-5088F7B82125} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{1430B49C-AF69-4F6D-F513-71EADE457EFD} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{1433BDB4-D628-3EC4-BB12-57F1E0CFC5E7} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{145896F4-04D4-E36D-D255-E680A896EAC3} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{14A8A5FE-B57D-0B1C-6508-01E9615DFBD7} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{151159EF-C5FE-DEA7-6C94-33A3EC6A9C14} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{1680C9F9-C963-3F25-F481-EBF1DF741AE8} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{18A17541-1D7D-F514-A197-5E995C5D8B77} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{18F2290B-AA23-9004-41A5-72FD0032E2B4} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{19AA31BF-1750-E89C-CB6E-11F9A6477CE9} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{1B2CE911-68F7-69D8-FD56-1C69860411AF} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{1BD58A3D-D84D-3006-CA07-81714822BEDB} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{1BE2B2AB-53D2-4036-F80C-58CE9EFF47A6} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{1D3E4E2E-E8BE-F392-C1A4-B33BB3205F18} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{1D626295-5E91-2B59-7E71-D5BE067A9719} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{1DFFBD4D-E8D2-D6F9-3733-F3C0A037E369} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{1EB1BC61-A9B6-80CA-CDCE-E2A960428849} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{1F7B837E-CC0C-8A77-DD3C-43144BEFEB4B} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{21E654F5-CF30-4A95-C97F-98763D1324F9} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{22534257-B254-2291-813B-BCB9B04DF538} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{226D04FA-2789-3B92-34EC-54F449E5F224} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{22BF9CFD-BC21-2C25-35F3-9EFED9FD26C6} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{231229E0-8FB3-D7A9-388F-5DFA8E972C70} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{24B04B37-46C5-2A97-DB2A-5C229426D32E} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{25901F49-AB9D-2865-1DD3-8ECE5EAAD128} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{264D7706-46BC-1C89-7DC5-AC71424D3C22} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{27622543-E879-3A47-D05A-97903406A96F} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{29CAABAC-A010-A9C2-B119-3F6044E0AF6D} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{2ABCBCF0-8C96-2872-D4B2-E7057D74D936} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{2B49D9DE-8B8E-0B64-675D-28453B9B313A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{2C14596F-F821-7151-8E15-D6C625BA9326} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{2E680D50-E71E-782F-D9B8-35F01AB7B904} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{2FCA15DA-4534-DA39-35D0-ED78D3F19541} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{2FD6FA5C-0926-8DFD-5D77-4533A2EF1BD2} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{2FF733AC-EFD0-2CC6-763F-6F47E66BD853} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{306F8479-A75A-9D8E-3C63-AD58B0678A6A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{315397E1-2F75-F176-4C18-ED9C483D3FF6} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{33894CDF-39DC-A5B5-7657-E16A8CBB005D} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{33EAF5FD-7FC6-F387-E5DB-FBB059A0113A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{345A2686-3958-CD0F-8965-C10B010F97E8} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{3486D353-DD52-CE8D-13DF-21EF33F536A7} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{349E1E95-2B1A-6197-C0B2-772F2AD2A94E} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{35E653B9-0A5B-823F-60FD-264CBA397F4C} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{36E15370-5FD0-D1EC-3368-C6A73C8F506F} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{372E43F3-E88F-9DD4-2CC3-449DD77DFD7B} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{381988C0-977D-2B6F-F8DB-298FF4DB7FEB} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{38F41646-514A-BEFB-2B53-10FCB9C143C4} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{393086F8-8C8A-1DEE-A3F6-675E8A4AA231} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{3940377F-DB2F-F5F2-3E4F-5B4DA6794EAA} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{39652FC9-57E8-9F1F-F728-8F55D9E5F49F} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{3A45712A-04D7-9561-0AF2-7704CBBF8F75} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{3B9B0373-B9FE-5F54-EB4B-89AD06547F32} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{3C429116-BB93-5F0C-88F2-42257E2E113A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{3D3177E3-B283-0367-5485-9DB32FC7FD05} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{3E33BE39-16CB-2D3C-7875-D4E363D00283} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{3EAE7E41-1C8C-F033-435F-737FE0B9121D} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{3F1BB4CB-FD6D-A0D8-C38F-183CE033C2DA} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{3F3B846F-39AC-DB00-4233-61BEF19625AF} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{3FF0B32B-4F42-6F99-B6F4-C207F166CA3E} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{4098B116-3E9F-6C68-3DD2-D1F9DE132411} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{4197FF54-5C18-A7E5-9CC3-32130092E2A4} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{424D322F-007D-619B-BC17-63F3201B9FED} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{44CA1B09-A138-68F7-B9B7-7FDD017A3009} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{45055C44-55E6-AD22-DB63-D4A8D31544AB} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{456A683C-2EFD-6989-F755-F01E8A079425} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{45735144-763F-14AF-585D-A8C411A2567D} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{477B7AAD-0649-5E89-9CE8-C2D797FBBFCE} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{47C74D0E-24B0-3C42-95D1-CF0F4E376A71} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{47EA1720-78C9-292F-1E61-12875D376490} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{482ED513-8F9F-5049-FF7A-8FB035464E5F} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{49D9C3D0-94CC-611C-83AF-233BCD1C07C4} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{4B04F9FF-A8D2-CC97-F041-1BB1E9874193} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{4B1013E8-F567-66FB-F819-618EA93458EB} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{4B118F46-F4FC-AB84-7871-B58A68ED1E7F} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{4BBEC0FD-DA38-B544-F1BF-7C2CC424B596} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{4C7D3C5F-2A2C-6D88-350C-CC5AF574F6A5} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{4C928477-3A6D-F1DD-A78A-1F75F7C46F82} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{4D1C4EAC-A430-DBE2-2610-2619907F1D5A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{4D7AAE7E-60D8-7CE4-E215-285680E2A5E4} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{4DF5116B-0DFE-9D51-AA17-CE70AC5E652D} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{4EF0D9F9-63B6-2367-B60D-ED50906569B1} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{4FF9C393-E570-D9A6-713C-6FB33AE7F3E8} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{510C09CC-B06A-EFC8-2E17-38F386848F3E} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{516B05B7-D345-D25A-1547-83C52F819898} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{51B2C0C2-DF6A-09F0-BA9D-6ECF1A6BD194} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{5241C50B-BD53-DE43-6854-8F9CF02CE647} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{52CA19C1-11C8-4272-E11C-3426F72C0AB9} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{5341F52F-9CCF-343D-25AE-3C3DC70625D1} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{538ECC2F-29D9-9161-D485-51734843D8C5} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{54595623-DD6E-DF6D-5647-D57D6B2CFEEB} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{55BE37F8-1985-13E8-CD9B-5D824C0086C6} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{566EC2B1-F11B-E4D3-77CE-AF486B2F02B1} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{58766EEB-28FF-2649-FB38-0338B821DD25} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{58DD0040-152D-AAB9-F142-E64CF6034F50} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{5AD1C8F8-A89B-7AC1-A165-9D86BEDAA202} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{5B9CEB83-9D3B-C5DC-ADCC-0893E71F7845} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{5C41979E-0C08-52D9-D1AE-1F0F1035ABB0} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{5C74F9CB-19A6-7A1A-EAF6-EB84A7061D05} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{5D05DF96-D875-77AB-A229-43E7371F233E} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{5D8249B4-E958-6B03-D2C1-6480C0BABA6A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{5DF80176-CDC7-77E9-4909-E10E7131683D} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{5E880ABF-397E-7169-9342-D26277AB758A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{5EBA8955-B344-15FE-33C5-FBCADFC86742} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{61675AEA-0AAC-FB29-2A8B-E712314B4A52} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{61962599-064B-C5A8-AF52-14758C8A1676} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{61BF9567-4606-B8F2-4A15-3227A0E2E184} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{61D24A14-3A46-AD55-E435-902793177389} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{63FDEF1C-0EE1-D79E-9B02-5C38E90AF168} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{644B228B-5F23-F011-99CB-59911BD7A0BE} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{65D9A653-FEE7-1F32-CC4D-FA547CDA683C} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{6671C461-7CCF-9AA0-86E0-D85FD407E962} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{6769CB49-248D-E08B-15E7-10A94D7C172A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{68BA8E7B-48F1-E65F-C86B-FB26EE5902B5} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{68C5CF24-785E-97D7-630A-94036B407E7F} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{6A2FC992-C464-7D8E-A831-1F567C681F79} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{6A3BB01D-5411-3AF3-1EF2-EC21C6B41EAD} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{6A75C515-CC5F-6696-8035-27DB2757E092} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{6AF005A3-AB9D-AA25-A620-35F3DD52A8B7} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{6B0A0065-BF72-A729-7FBE-A94089940339} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{6BB2E8F6-02D5-0F8D-0BB7-2EB249A684B2} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{6BEFD4B0-C0B5-475A-EEFC-3C81D2C22E10} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{6C95404A-E5AF-4D52-3E8A-81F9CF4E4876} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{6F2F7312-647A-C992-D9BF-8F4A5CC18F6E} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{6F61BA9A-5EA1-7903-5454-DCA081431490} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{6F8F6D52-E43E-F6A7-3704-C2291FA9AAF6} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{6FCAF567-3DE8-8E0A-AE66-85CFEC2FA8D2} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{7102DB64-6D5A-007D-9967-B48F49B041BD} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{72AA3942-7EBA-7625-0B9E-B2AC70C085DB} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{74573A6C-C0FD-80B4-5489-3A6D60261E63} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{7621039D-911B-1A3D-343B-0F72B58EF21C} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{7712FA8E-35A0-B2CF-ECDA-F2AEB55869AB} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{785049AB-40E2-B10B-F9E3-2408A16CBAA2} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{7869E6B3-D323-6BCB-ADD4-E5D10D876F39} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{789315CF-8D02-B60F-844E-580336201FAB} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{789633A1-F496-8010-8FAA-259360894C00} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{79070860-7C41-91F7-846B-070A0E3A7557} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{7ABCD029-951E-14CE-B7AE-546600884A73} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{7AF168F5-335D-EAEE-007B-C6675F542A72} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{7B197E28-9E40-E13E-D193-C6BD227A9291} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{7B30C370-FA75-1822-2540-7558BEE71EA1} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{7B566BE2-5C20-280B-C5D8-C38CBA964C00} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{7C22DAC8-169B-E97C-53C6-5A1CBD80CF1B} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{805F569D-AC14-25AE-CADB-313C73BC0FD1} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{80E8CD34-35DC-961E-EADE-11A17381D170} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{83ADA2D7-30D9-F180-8B07-61C750D80457} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{83B938F6-F9C9-99A7-F5D7-08A5CE8EF0D7} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{85201D02-CB9B-DA81-6BE1-09CB85676F6E} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{87993483-A3AD-794F-F265-DD005BD9116B} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{88C96295-FCAE-0B3D-8F00-3F0E0A009428} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{89E5B9B5-75EB-DD47-2CDA-AEE61977C3C4} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{8A6CC37B-7883-F9CA-C742-9785D83F18C7} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{8BCC463E-389A-AC36-B7B5-0B7AF0E04FD4} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{8BE5B60C-8756-9F71-6279-292C14490AD2} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{8D2AB820-4792-EC0B-EEC6-7066F20405E7} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{8D4FBE2D-404E-877D-0359-34F79402CC75} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{8D5677A8-8EC4-A206-E11B-F72C0B1F7287} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{8D61D565-594D-1C95-CFF7-EAEB4D30FF42} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{8EB47657-BB7C-EE46-7E07-788E22830E97} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{90BB89A8-5B4A-68E8-7401-A7595938B8F3} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{91EF62AC-1515-4102-869D-7CF17FBD48DC} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{92B2D986-CF62-44F7-66D4-D1D7DD85E680} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{92CC5C0D-CBB0-8A30-792D-BB1F26844AC7} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{9338A68E-C2D6-FE0B-248E-E647AE91C6CC} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{9349E2D9-9792-5461-B625-11C9885773A4} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{9434255B-D282-E431-E0E7-8744033717AD} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{9597FEB8-B9C1-7284-AB98-81C97CE95934} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{95A3F09B-4262-4283-DBCC-7F94A44A9BA9} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{963172C1-9CFB-90AB-260B-ADEE79CDF55E} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{964E2124-4EFC-8478-D558-FA3F46CA1604} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{977907C4-FEB4-AC8C-7FEA-8B1DE9098D54} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{9819E734-ABC7-8536-E943-A461C8EBAC8C} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{98BD56A6-FD27-366E-29CF-8EBA94F81ED9} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{99F991F4-B99D-9CF6-C0E1-008449A5E64C} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{9A743FF5-9855-DCF3-FC2A-DE372D168301} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{9A8194E4-E89A-F96E-41AC-3B95DC66C7C0} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{9B49E3CB-0644-7E8D-7874-A5140FECDE14} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{9CC8F542-1A40-D18B-FB14-9CD9B4908857} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{9D392CE1-0E98-05C3-BB34-7FC5B9D8D07E} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{9D3DCB85-C38C-2CD8-1768-75E8BDB64A72} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{9DBEE8BB-183E-C5DF-4EAC-83ACE1F34A8B} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{9E0A8FB3-D7A9-388F-5DFA-E972C70DCF3F} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{9E10B616-D6A4-32D5-95E7-6F227792C942} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{9E40464B-CE86-2A95-419A-510B0FC95988} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{9E6480CF-41D5-ADA6-566E-13AE9287A0CD} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{9ED8F3B4-54EF-916F-F314-9E0AA1CBAA46} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{9F71F4BF-46BC-53C7-6A69-232432BE1A6A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{A18C57E8-D993-69E3-56A8-F81A17FC9316} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{A1963F3B-3090-7909-8C1F-E3655DCD0684} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{A230D058-A0E6-4037-5AD0-597C10DBA3B0} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{A2E2EDE4-E2D3-F3DF-1F23-8C3BEE10E0AA} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{A4318BE1-E66F-7DB1-18C4-93375E85F230} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{A509FBA3-878A-C3A5-877D-BD1BD48538C9} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{A5181EB4-FBCD-5B6F-4454-F9FEB6BD85FB} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{A7595DD0-954D-787A-73FC-769C95DF9F01} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{AA263228-3BD8-2587-D631-015F1B7BC24F} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{AA486C7E-C375-E0DC-4D52-76EAF4510DC7} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{ABB31889-F03A-F55D-2B32-E90543672A95} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{AF5089F1-B33A-D60F-B08A-801E89C146C5} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{AF9E4499-5741-2FA8-A50F-64532BF9D788} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{B03430E3-E090-8CBB-E139-B55E6B313D07} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{B12712D7-ACFD-449A-2E4E-B5894E2E6766} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{B1D1D324-FC8B-3721-9BF6-C3F37D8175F7} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{B1F3BAEA-BD86-2534-8240-9604FA149FAF} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{B264D484-9FD0-1008-BB3F-897E9586D92D} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{B27E8BCF-1A21-257E-958D-00B94008A3E8} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{B291DEE2-D9B2-592B-0C2E-27B58D348424} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{B3490904-F3B6-8EA1-180E-4FB2A9AA166D} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{B4818A00-3F49-E55B-35AC-96779152E22A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{B48F24F6-EAF7-53A3-84DB-486DEABAC736} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{B4C91D4F-8735-A88D-E8BE-4D168226F78A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{B4EFEC2D-7EFF-8608-94F7-063C1233592C} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{B4F8C4E0-F516-5DEF-B102-AAF1ADBCBB04} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{B557B1D3-7FA6-E393-C514-F461DE0B5943} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{B6029097-47C6-0FE2-A8B2-F4630B4C91AF} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{B603722E-D99E-739D-1178-A7705AF0213C} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{B82481C7-B557-7846-27D8-AB9B49DA1476} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{B85FFBF7-B2D8-D30A-8289-46564A899064} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{B89B5A4B-A477-CC8D-A74D-8A1989AEEB9C} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{BB540F8A-4134-49B4-F1C4-4452D5210129} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{BB648EA3-E2F1-44DA-FB06-B0408BFEB57E} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{BCDF83DD-AE56-4C7F-FEC3-FE7DFCAF30C3} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{BDA74CC6-38A7-086D-02AC-3E704D602E43} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{BEE5AE94-A804-E8A2-F6F9-E353C5F4CD12} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{BFB065A2-4F3C-61BB-4A5B-FA6D452D3EAC} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{C0853BFB-0434-401E-E2E0-2034267C5FC8} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{C0D6118A-10DD-AC3B-68F2-E19B4CD32C89} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{C0E97C0D-2D4A-BFEF-29D3-ED9E3AF48637} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{C17630F0-44D4-91C7-ECCD-5C43EB80D769} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{C216F9B0-0E1F-744C-D26F-31960E39901F} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{C2B026F6-C5B8-9C19-DB4C-E1227AD1BD1B} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{C2D3D802-55DE-AF83-8D28-DCB9E085F258} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{C2EFCA32-D3CF-3801-B32F-6A7589AA0A8A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{C3F45515-C97C-FE89-7CF4-93B09594255D} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{C448539A-1A24-DCB9-3152-D2DCA94E1831} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{C4D2AC2E-07C1-9311-0E17-585FF4D9D9CE} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{C5181690-38C8-DDED-C0A9-7E7D8268395A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{C5844CBD-D015-394D-8C9A-B52CFEA94E45} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{C5904348-7FC2-F6B1-F15B-83F848E64D79} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{C5F1A43E-D80F-8BEB-AA6B-2CC3989B60D7} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{C63F0E5D-0B29-AB74-2CEB-7C3C66A175AE} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{C88C5868-A520-9D6E-B1C4-AA3EABDBF5E4} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{C92A7209-D878-CDBA-715F-0ADF6FD6C738} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{CAC07790-0078-A300-8F5F-4A6A5ED1010B} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{CAE622B3-C75C-94D1-073A-1B08D60F8D32} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{CBA95868-A744-3AF3-A50C-963AC455EAE7} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{CBE5A8A2-4CC5-4DF2-2929-3684A8D4A515} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{CBFF6A45-C0FA-57F2-DCDA-DECF316CA202} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{CDF96010-544C-2876-47C1-6FC957F26539} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{CDFCC711-5B8F-E6AA-57FB-086AA2F5FF24} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{CE4FA47D-D08C-AA19-CF3F-D3763B505A56} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{CE911D1A-DD83-51E5-4A5F-1BD9DDAA421D} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D07F1F46-B038-2C91-B844-DF763F1DF757} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D0F03457-32E5-5715-6CDD-72C94F05ABBE} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D0FA4573-5875-8801-7435-2625AB6EFC42} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D197A0E1-57CF-5D1D-AB6B-C7313C71B514} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D1A1BD55-7743-8294-8D26-9D9D77FF49D8} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D1B77085-930D-7845-2B1E-10B33DE519D9} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D1B99D61-58A0-27DA-C712-92CBC0E3C647} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D2791DC8-E844-20C6-064B-0E07A6489FE8} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D2883E8D-E979-BAC6-30CC-DA62F802FEC2} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D2ABAA1C-3D1A-AA15-B41E-6D61C89C2341} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D3E658EA-D131-DCCF-DC18-81C5D9AD1C73} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D55C13C3-AAF3-B1F4-0CB5-DD79312066D6} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D6F7942A-2903-FD22-A0E5-7716B284A428} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D6F96C8F-4512-A517-5DA8-FB1C35C3D1C0} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D9B53A46-47B7-D878-52B2-44D6F9883DB1} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{DAD64CB5-6A52-35C2-38BD-73771485436C} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{DB05DD47-8AE4-A3F2-5630-77F02E11D7E8} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{DBD17118-557D-6A66-C881-9D6BA43E91D2} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{DBF9F02E-3228-CEAC-5B78-70AE0D8E8BEE} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{DC8D6028-5621-EAE8-8F5F-FA8C76A99410} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{DD1EDCC2-5B87-1522-23E4-6D64FE142317} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{DE009CAE-4B28-D350-13CF-E88F46A3C5C3} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{DEDAA38D-5B6D-AA20-3229-79F7683E4FFC} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{DEE73BDA-597A-B499-19B2-6F569DFF8BCF} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{E04CBCE8-7AAF-910E-F544-D6F82541E588} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{E12E07B7-2F78-59F6-02FA-A8BD15A926C8} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{E2D1983C-BABF-2AAE-DED6-6001C5E50B35} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{E39627D7-43DC-A961-EB4B-E16C959872CC} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{E4410E41-BFC6-F741-B0FA-9FF5146F9091} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{E464D507-70C1-E654-A743-720591F1BB59} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{E4CBD514-E599-C72F-5DD0-DC9B8741D00A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{E594D9FB-2903-944E-1F01-F8F22E8EC180} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{E60A6763-2D25-6B37-4911-ADA52D9E50FF} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{E6226C29-4068-EB26-B869-9B4C7E50B3E9} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{E66C96EB-E88B-0373-5F1A-CE7FF6D27C39} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{E68315F1-B546-67BA-D301-A1A15F225655} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{E6B010B5-D034-830A-78ED-43E932E280CC} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{E791487A-CF48-4A68-B35E-83AD1F5337D5} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{E7F1BE67-5EBA-84D9-788F-B4E2E69B286C} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{E96492E3-A3E5-3012-7C18-417213B80AA5} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{EAEA7E42-2EFC-13EE-A0A9-5979E3A224CD} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{EB3F1F3A-312D-1F0B-BE12-33935E41A208} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{EC2CE72D-3A01-7B4A-1F9B-FABF8EB79BD0} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{ED9A9904-1A77-7088-1F23-D2794EDA2131} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{EF2B7C2D-742C-AC11-F013-B8534263D991} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{F18B8F19-2940-0876-54D4-FBE52283D28C} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{F1A4571F-46C9-C368-C70C-9911C42A8A18} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{F2ED9C90-6F9E-3933-3B86-955D08CA0AF8} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{F52E2033-83A1-5DFD-596F-100DD7ACA4B6} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{F55D073A-8824-3A16-989A-7E60E10FA31B} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{F61ADFCC-EC0B-5F28-BF9C-C68326229FE2} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{F710B350-342B-CDD4-0BB3-EFD563F6AFF2} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{F74BE206-1DFE-36CA-AD40-4E17A18DEFF4} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{F76604BF-96C5-81C9-07E5-094D1BB88043} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{F7AC6D6E-CC2C-9312-B04A-BE6B29FCC68C} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{F8EA4B26-A394-AA9E-10DB-155FDEB474C6} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{F9AD27F1-50B4-A52F-10E5-9CAEB34A9715} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{F9D7B838-0128-DA47-424A-9E6B5C35E7D6} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{F9DE2FD1-D201-F180-75AC-500B7D9A8F17} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{FB2B91F2-20FB-CDCE-D34A-E50E5910E44F} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{FBE44A98-DCBF-9DB3-6DD2-44E146EF1C57} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{FE91C2E0-AC39-4A6A-04FE-D8C6B10B23F3} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{FE94D56A-1AD9-11E0-34F7-8455FC4F3D27} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{FEE3991F-A9A9-FEB5-A46D-D1B381BB004A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\v2.dll -> Adware.EliteBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-2795649000-174745431-299376212-1005\Software\INSTAFINK -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-2795649000-174745431-299376212-1005\Software\INSTAFINK\Stat -> Adware.InstaFinder : Cleaned with backup (quarantined).
HKU\S-1-5-21-2795649000-174745431-299376212-1005\Software\RX Toolbar -> Adware.RXToolbar : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\btwebcontrol.dll -> Dialer.BT.a : Cleaned with backup (quarantined).
C:\Program Files\Hijackthis\backups\backup-20070131-180219-877.dll -> Dialer.Creazione.x : Cleaned with backup (quarantined).
C:\WINDOWS\A19Bowl.cfg:cbmin -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\A19Bowl.cfg:eetct -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\A19Bowl.cfg:kquqd -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\A19Bowl.cfg:pzdvf -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\A19Bowl.cfg:tbvoa -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\A19Bowl.cfg:usdxh -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\A19Bowl.cfg:zugnv -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\A5W.INI:alzpq -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\A5W.INI:cmyzb -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\A5W.INI:sbize -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\A6W.INI:tqmox -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Active Setup Log.BAK:cplew -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Active Setup Log.BAK:snwfc -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Active Setup Log.txt:cawtn -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Active Setup Log.txt:goicv -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Active Setup Log.txt:qtldj -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Active Setup Log.txt:ujjfi -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Active Setup Log.txt:urbqg -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Active Setup Log.txt:zfrij -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Active Setup Log.txt:zspmu -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Blue Lace 16.bmp:egimd -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Blue Lace 16.bmp:ezsye -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Coffee Bean.bmp:fndlt -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Coffee Bean.bmp:hzfoq -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Coffee Bean.bmp:rxuut -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\DirectX.log:emkrp -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\DirectX.log:fbizp -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\DirectX.log:vrbgq -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\DirectX.log:xsdmg -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\DtcInstall.log:msffm -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\DtcInstall.log:yoneb -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\DtcInstall.log:ztumj -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\EReg077.dat:duxzk -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\EReg077.dat:vyece -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\EReg077.dat:wntgr -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\EReg077.dat:xgfyd -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\FeatherTexture.bmp:dhdyt -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\FeatherTexture.bmp:hwklh -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\FeatherTexture.bmp:lgkan -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Gone Fishing.bmp:aroiz -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Gone Fishing.bmp:cfypa -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Gone Fishing.bmp:fjrxp -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Gone Fishing.bmp:kxpfc -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Gone Fishing.bmp:oykdm -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Gone Fishing.bmp:wbmuj -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Gone Fishing.bmp:xnypx -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Greenstone.bmp:kcwvj -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Greenstone.bmp:ufyfo -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Greenstone.bmp:uxwoh -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Greenstone.bmp:yxumf -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB810217.log:eahaq -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB822603.log:blbuq -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB822603.log:eoxik -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB822603.log:iourq -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB822603.log:ndyrb -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB822603.log:waang -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB823182.log:hqkhr -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB823182.log:pkqtk -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB823182.log:thwzk -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB824105.log:sqxen -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB824141.log:jfrny -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB824141.log:vqnyt -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB824141.log:ytthk -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB825119.log:bgdlx -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB825119.log:dqqxl -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB825119.log:ehdnw -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB825119.log:hizzb -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB825119.log:ixnvn -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB825119.log:lhzss -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB825119.log:npxgo -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB825119.log:whuqh -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB826939.log:vofzy -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB828028.log:ajibw -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB828028.log:awgff -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB828028.log:cnciu -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB828028.log:eurtf -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB828028.log:rrawy -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB828035.log:qlikr -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB828035.log:sweck -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB828741.log:cxnwv -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB828741.log:qhmrw -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB833987.log:jdgsf -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB834707-IE6SP1-20040929.091901.log:geems -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB834707-IE6SP1-20040929.091901.log:mrjxk -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB834707-IE6SP1-20040929.091901.log:oylat -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB834707.log:zzkch -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB835732.log:hesev -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB835732.log:kdjza -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB835732.log:lemqx -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB835732.log:ttcgg -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB835732.log:unqnu -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB835732.log:uyofn -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB837001.log:dxxcz -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB837001.log:mpekt -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB837001.log:ruaro -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB839643-DirectX9.log:nfscb -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB839643-DirectX9.log:ngqwy -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB839645.log:ohegl -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB839645.log:qmqym -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB839645.log:yrflu -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB840315.log:chnwu -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB840315.log:entjy -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB840315.log:gnxvg -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB840315.log:jszjd -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB840315.log:qbvvc -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB840315.log:rdbng -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB840315.log:vbucs -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB840374.log:exqtb -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB840374.log:pdjnb -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB840374.log:ypcdh -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB840987.log:hottb -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB840987.log:ixfev -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB840987.log:jitxw -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB840987.log:vquac -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB840987.log:yhiiw -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB841873.log:attuk -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB841873.log:dsbbt -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB841873.log:hbsig -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB841873.log:hvfdq -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB841873.log:oldou -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB841873.log:uzgfh -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB842773.log:bjolf -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB842773.log:blqdb -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB842773.log:eymvi -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB842773.log:hlqgt -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB842773.log:mivpr -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB842773.log:ptxyq -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB842773.log:rwkrk -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB842773.log:wppkb -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB867282.log:cdamw -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB867282.log:hlzxo -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB867282.log:mzqqd -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB867282.log:shfux -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB867282.log:xhcey -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB873333.log:kraut -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB873333.log:qhspa -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB873333.log:zpkab -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB873339.log:erpee -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB873339.log:ihnud -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB873339.log:mjlma -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB873339.log:npynw -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB873339.log:yuack -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB883939.log:faekc -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB883939.log:rjopn -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB883939.log:vepeq -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB883939.log:xoxwq -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB885250.log:lebjq -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB885250.log:qsvvy -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB885250.log:safvm -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB885250.log:wdzfx -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB885250.log:xqarp -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB885626.log:lqqmk -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB885835.log:agpxp -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB885835.log:jpked -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB885835.log:ppahd -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB885835.log:ppgkp -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB885835.log:pxwvm -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB885835.log:ukbaa -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB885836.log:bouju -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB885836.log:ebeuz -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB886185.log:dmowg -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB886185.log:lvbef -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB886185.log:rhwhc -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB886185.log:twlbf -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB887472.log:yxucd -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB887472.log:zawzx -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB887742.log:ecnsl -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB887742.log:rxfus -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB887742.log:xxtlw -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB887742.log:ylfkf -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB888113.log:ghnnk -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB888113.log:giwjd -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB888113.log:lxled -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB888113.log:qaxge -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB888302.log:bzjxa -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB888302.log:eiysm -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB888302.log:hdrjr -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB888302.log:iihoy -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB888302.log:nhgmx -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB888302.log:ocbgv -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB890046.log:eklce -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB890046.log:mgzva -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB890046.log:omdac -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB890047.log:dnvoj -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB890047.log:vvkzs -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB890175.log:fzmhj -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB890175.log:igdte -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB890175.log:ohbnt -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB890175.log:sygew -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB890175.log:tsqxi -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB890175.log:vmhti -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB890175.log:xdmxl -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB890859.log:ayxda -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB890859.log:nhmnw -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB890859.log:udhkz -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB890859.log:usdxf -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB890859.log:wbzwi -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB890923.log:edjaa -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB890923.log:ocyvn -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB890923.log:omggy -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB890923.log:uzbuv -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB891781.log:hardm -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB891781.log:vygln -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB893066.log:asepi -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB893066.log:bmlak -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB893066.log:jfswl -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB893066.log:lyxwl -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB893066.log:trcvv -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB893066.log:vgfki -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB893066.log:yshkj -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB893086.log:fdzqg -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB893086.log:glrpc -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB893086.log:sfdrz -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB893086.log:uoscw -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB893803.log:bmqvx -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB893803.log:casyz -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB893803.log:enijm -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB893803.log:gtyaw -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB893803.log:lvhmf -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB893803.log:oewwg -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB893803v2.log:aozwb -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB893803v2.log:ksnqa -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB896358.log:fujlj -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB896358.log:hdjbj -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB896358.log:hzuwb -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB896358.log:orjfe -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB896358.log:qvfbi -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB896358.log:sdqyq -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB896422.log:jiuuu -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB896422.log:ldxrk -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB896422.log:mkumk -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB896422.log:pcylv -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB896422.log:vjxhe -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB896422.log:xuzmv -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB896422.log:xyecq -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB896423.log:xnxvu -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB896428.log:csnqa -> Downloader.Agent.bc : Cleaned with backup (quarantined).

pelling · 02-07-2007, 01:03 PM

C:\WINDOWS\KB896428.log:xrvtg -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB898461.log:edrnf -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB898461.log:hwigp -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB898461.log:nnqry -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB901214.log:yquaa -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB901214.log:zqjmf -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\KB903235.log:lpzde -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\ODBC.INI:aoesu -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\ODBC.INI:dipdy -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\ODBC.INI:dteui -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\ODBC.INI:gghda -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\ODBC.INI:gjynk -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\ODBC.INI:jljnz -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\ODBC.INI:qfobm -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\ODBC.INI:yahca -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\ODBCINST.INI:cvhvr -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\ODBCINST.INI:mkbzz -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\ODBCINST.INI:wzfva -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\OEWABLog.txt:kpwbh -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\OEWABLog.txt:lmpjf -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\OEWABLog.txt:spjzb -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\OEWABLog.txt:szcoz -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\OEWABLog.txt:ytlgu -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\PAGAN2.INI:advaa -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\PAGAN2.INI:btmtv -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\PAGAN2.INI:ckaye -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\PAGAN2.INI:ehlxc -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\PAGAN2.INI:fjglf -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\PAGAN2.INI:sfvik -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\PAGAN2.INI:tfoqp -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Pagan II Saver.scr:ekrgh -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Pagan II Saver.scr:eoxko -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Pagan II Saver.scr:vhksh -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Prairie Wind.bmp:eccyf -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Prairie Wind.bmp:kbqvw -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Prairie Wind.bmp:kbutq -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Prairie Wind.bmp:lvhsa -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Prairie Wind.bmp:oklfl -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Q327979.log:hmjqq -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Q327979.log:rtmru -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Q811114.log:ajlxx -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Q811114.log:ayqrt -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Q811114.log:edksk -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Q811114.log:mdmfv -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Q811114.log:mfocz -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Q811114.log:qjioy -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Q811114.log:qyenj -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Q811114.log:rpoor -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Q811114.log:ucizz -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Q811114.log:xzcki -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Q811114.log:ysqxz -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Q811114.log:zjzox -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Q828026.log:djnzg -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Q828026.log:gfwrb -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Q828026.log:hwcpi -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Q828026.log:kivph -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Q828026.log:phwms -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Q828026.log:pjubr -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Q828026.log:tbyrz -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Q828026.log:yiomr -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\QFE.log:aiexv -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\QFE.log:bwfzj -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\QFE.log:jszcd -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\QFE.log:kjkpo -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\QFE.log:mebhq -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\REGLOCS.OLD:amguj -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\REGLOCS.OLD:hhnlu -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\REGLOCS.OLD:narlg -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\REGLOCS.OLD:nxvwt -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\REGLOCS.OLD:ryepg -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\REGLOCS.OLD:tmmkg -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Rhododendron.bmp:bjqam -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Rhododendron.bmp:rvwvp -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Rhododendron.bmp:rxafz -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Rhododendron.bmp:snyxx -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Rhododendron.bmp:suddl -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\River Sumida.bmp:vzfrk -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Run32A60.mch:cdcpu -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Run32A60.mch:jfpdz -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Run32A60.mch:rjhic -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Run32A60.mch:xgarn -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Santa Fe Stucco.bmp:ddbvq -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Santa Fe Stucco.bmp:dgveb -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\SchedLgU.Txt:qaebf -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\SchedLgU.Txt:rehjy -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\SchedLgU.Txt:xrbqj -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Soap Bubbles.bmp:mnorp -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Soap Bubbles.bmp:ovydr -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Soap Bubbles.bmp:urukp -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Soap Bubbles.bmp:whlyc -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Soap Bubbles.bmp:xbqxn -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Sti_Trace.log:ejiyc -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Sti_Trace.log:ishff -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Sti_Trace.log:pkmvu -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\WMSysPrx.prx:jgqzb -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\WMSysPrx.prx:jjaus -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\WMSysPrx.prx:voufx -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Windows Update.log:eznat -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Windows Update.log:fixsb -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Windows Update.log:qbvxd -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Windows Update.log:uravm -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\WindowsUpdate.log:iqxsq -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\WindowsUpdate.log:lthlm -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\WindowsUpdate.log:myzcj -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\WindowsUpdate.log:obftw -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\WindowsUpdate.log:pmwea -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Zapotec.bmp:fkmvs -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Zapotec.bmp:gvnwx -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Zapotec.bmp:jaoio -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Zapotec.bmp:wbyig -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\Zapotec.bmp:zgqgg -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\aiiry.dat:euuxg -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\aiiry.dat:rjesj -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\bgphp.log:alekc -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\bgphp.log:bjese -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\bgphp.log:edljg -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\bgphp.log:hsezt -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\bgphp.log:qemlx -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\bootstat.dat:eeifp -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\bootstat.dat:fjcjt -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\bootstat.dat:kuckp -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\bootstat.dat:lkcsw -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\ccsaz.txt:jxnzv -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\ccsaz.txt:wcezi -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\ccsaz.txt:wqvft -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\cgminivw.ini:rkecy -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\cgminivw.ini:ycmug -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\chmig.dat:jyepv -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\cktjp.txt:fphsa -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\cktjp.txt:nznmn -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\cktjp.txt:oopep -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\cktjp.txt:vphzy -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\clock.avi:lngnv -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\clock.avi:mvwiu -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\clock.avi:pxpwr -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\clock.avi:qqtim -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\cmsetacl.log:yrgek -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\comsetup.log:ibjjc -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\comsetup.log:ndrgm -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\comsetup.log:tdppa -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\control.ini:dxcoy -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\control.ini:gawmv -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\control.ini:kxlmw -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\control.ini:rkumr -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\control.ini:upggh -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\control.ini:wssrv -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\cool.ini:evwcn -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\cool.ini:fcoxj -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\cool.ini:oiopu -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\cool.ini:ufmal -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\cool.ini:zdwkm -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\cpeak.log:xizvb -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\csmut.dat:whjhm -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\csmut.dat:xnxnw -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\ctisp.dat:cszbc -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\ctisp.dat:ctzcy -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\dccni.txt:chfvk -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\dccni.txt:jutmp -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\dccni.txt:mkpyf -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\dccni.txt:qhzsj -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\desktop.ini:fosxe -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\desktop.ini:mmqzy -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\desktop.ini:nfowp -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\desktop.ini:obhdr -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\desktop.ini:toybk -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\desktop.ini:yneey -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\dirdib.drv:kjznh -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\dirdib.drv:lhavz -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\dirdib.drv:rhhhu -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\dlxrj.log:uhppg -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\doe_vap4.ini:bayke -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\doe_vap4.ini:soujs -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\doe_vap4.ini:sqvll -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\doe_vap4.ini:xikyl -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\dpwql.log:cyivd -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\duhpz.txt:lxbsw -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\duhpz.txt:xqcdw -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\eewot.dat:lrfpz -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\emachines_32.bmp:nijcy -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\emachines_32.bmp:vfejt -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\emachines_32.bmp:vowns -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\emachines_32.bmp:wetks -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\emachines_32.bmp:wiyde -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\emmnp.log:oawnk -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\emmnp.log:rcsps -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\emmnp.log:rjhne -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\epaxg.txt:rvjzj -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\ewtig.txt:chmxc -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\ewtig.txt:whcwe -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\explorer.scf:qypzu -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\explorer.scf:tfowd -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\extmk.log:bkqdy -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\extmk.log:qsvgh -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\extmk.log:robfx -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\extmk.log:yrujw -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\fgnml.txt:ghpir -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\fgnml.txt:rchyo -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\firstrun.vbs:wpakl -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\firstrun.vbs:ympom -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\fjhnp.txt:fegqb -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\fjhnp.txt:hbhtg -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\fjhnp.txt:klfzz -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\fjhnp.txt:lfmwh -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\fjhnp.txt:mdigl -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\fjhnp.txt:mkoie -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\fjhnp.txt:ragod -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\fsymi.log:fitik -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\fsymi.log:tsugt -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\gosqd.log:uzrnz -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\gsvdiag.log:amwun -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\gsvdiag.log:mexbx -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\gsvdiag.log:ylcgp -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\gsvdiag.log:yuhbs -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\guhss.log:veucs -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\guhss.log:vsqty -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\guhss.log:xshrz -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\hceeb.dat:dpzig -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\hgcbt.dat:rffyw -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\hgcbt.dat:uxynm -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\hkiyh.dat:agmir -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\hkiyh.dat:rgfci -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\hkoqc.txt:qrlgu -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\hlkyq.dat:esbnt -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\hlkyq.dat:nogtc -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\hlkyq.dat:qfkje -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\hlkyq.dat:wqwbs -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\hotbtnv.vxd:gjqcb -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\hotbtnv.vxd:mrloa -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\hotbtnv.vxd:ukbgc -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\hpoins01.dat:cboac -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\hpoins01.dat:keuhk -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\hpoins01.dat:pqfev -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\hpoins01.dat:zxduy -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\hpomdl01.dat:dkyxz -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\hpomdl01.dat:idjoo -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\hpomdl01.dat:isgzc -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\hpomdl01.dat:qhvgx -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\hpomdl01.dat:toogz -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\hssfc.txt:cmaig -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\hssfc.txt:imbvr -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\hssfc.txt:lstqd -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\hssfc.txt:tzhyo -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\hssfc.txt:vkxov -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\hugqk.log:dxknd -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\hugqk.log:fjrse -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\hugqk.log:jvbrn -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\hugqk.log:rojni -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\hugqk.log:vriub -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\hwlea.dat:cbqgf -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\hwlea.dat:kqkbs -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\hwlea.dat:qxswr -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\hwlea.dat:xohkg -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\hxvxj.txt:jpvub -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\iis6.log:dnvmz -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\iis6.log:fsemc -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\iis6.log:icboh -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\iis6.log:kkzzu -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\iis6.log:nyogh -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\iis6.log:pyefd -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\iis6.log:rrzvk -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\jautoexp.dat:eowjh -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\jautoexp.dat:gqcfy -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\jautoexp.dat:hbxjt -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\jautoexp.dat:ibbrx -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\jautoexp.dat:inmry -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\jautoexp.dat:nqbwx -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\jautoexp.dat:ugjgr -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\jautoexp.dat:yqzxl -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\jfsji.txt:csfen -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\jfsji.txt:egigc -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\jfsji.txt:hglsm -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\jgvlb.txt:hlljn -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\jgvlb.txt:iuwgv -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\jgvlb.txt:qunec -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\jgvlb.txt:rerwk -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\jgvlb.txt:wlunx -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\keacr.log:hbdxi -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\kkztq.txt:axiih -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\kkztq.txt:brsqf -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\kkztq.txt:llgdm -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\kkztq.txt:oxeot -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\kkztq.txt:pwqxc -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\krqru.log:myzwg -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\krqru.log:wmngk -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\lbkig.log:ahqcf -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\lbkig.log:lqubo -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\lbkig.log:omyjz -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\lbkig.log:oowhq -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\lbkig.log:ustwx -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\lbkig.log:zhvza -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\llert.log:qcjil -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\llert.log:xanie -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\lmewf.log:dvfkw -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\lmewf.log:ruhes -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\lmqmj.log:htfel -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\lmqmj.log:mlsvr -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\lmqmj.log:rhyfj -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\lpgoy.txt:fujgy -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\lpgoy.txt:jbmwj -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\mHotkey.reg:dlmwd -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\mHotkey.reg:rclzn -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\meebz.dat:ijixd -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\mehgh.dat:gvyjc -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\mgpid.log:eehnm -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\mgpid.log:fnfjw -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\mgxoschk.ini:bakmk -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\mgxoschk.ini:gaeui -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\mgxoschk.ini:gzlhf -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\mgxoschk.ini:khwnh -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\mgxoschk.ini:yjqex -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\mhozg.txt:geajp -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\mhozg.txt:mtdqi -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\mhozg.txt:nhnwl -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\mhozg.txt:vpqgq -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\mhozg.txt:zihut -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\mhssd.log:mmdxp -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\mhssd.log:zxzhg -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\mlkde.dat:fipsm -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\mlkde.dat:puuka -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\msdfmap.ini:umlpq -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\msgsocm.log:iexgg -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\msgsocm.log:jofid -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\msxmidi.exe.js:alsyy -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\msxmidi.exe.js:aubhh -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\msxmidi.exe.js:gqoin -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\msxmidi.exe.js:kamly -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\msxmidi.exe.js:kchgt -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\msxmidi.exe.js:rwfjy -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\msxmidi.exe.js:txhgm -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\mzvmk.log:auvef -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\mzvmk.log:ecsjk -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\mzvmk.log:kvlbn -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\mzvmk.log:mzose -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\nnzdi.dat:ggmvm -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\nnzdi.dat:gmwtp -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\nnzdi.dat:uuevf -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\nnzdi.dat:wqmen -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\norgl.log:hqwqg -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\norgl.log:ooicv -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\nsjvc.dat:qwnqc -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\nsreg.dat:kmfuq -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\nsreg.dat:siiaw -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\nsreg.dat:truoe -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\nsreg.dat:veyhy -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\nsreg.dat:wjpxt -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\nsreg.dat:wpqho -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\ntdtcsetup.log:hlcly -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\ntdtcsetup.log:wtktm -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\nullm.log:aywkb -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\nuxnq.log:moiaj -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\ocgen.log:glgir -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\ocgen.log:muzot -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\ocgen.log:nsifo -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\ocgen.log:pecta -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\ocgen.log:pvobz -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\ocgen.log:ujisa -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\ocgen.log:vznho -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\ocgen.log:xjotz -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\ocmsn.log:bcgoz -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\odfyf.txt:ihmsj -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\odfyf.txt:nqueh -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\odfyf.txt:qxeao -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\odfyf.txt:wnerj -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\odfyf.txt:wztod -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\oehqo.log:sthzz -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\ofapk.txt:bbxvj -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\ofapk.txt:fwkon -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\ofapk.txt:ofvlg -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\ofapk.txt:oparq -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\ofapk.txt:tjiik -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\ofapk.txt:vbedb -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\oijzu.txt:hncif -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\oijzu.txt:nbrkm -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\oijzu.txt:ngodr -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\oijzu.txt:zdyya -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\oijzu.txt:zosrp -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\oomki.txt:curju -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\oomki.txt:dbbwm -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\paebz.dat:iylyj -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\popcinfo.dat:hcgec -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\popcinfo.dat:weqnj -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\pvlto.dat:cuvfo -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\pxlgm.txt:gytvs -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\pxlgm.txt:ihimq -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\qjnec.txt:oznpm -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\qjnec.txt:qfzxc -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\qjnec.txt:ufcpi -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\qjnec.txt:wvimo -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\qznzh.log:huuyb -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\qznzh.log:ieoii -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\regopt.log:iasvf -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\regopt.log:nizcr -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\regopt.log:xcgbvf -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\rfcii.log:geakp -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\rfcii.log:ohavk -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\rmkbn.dat:pftip -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\rpvsk.log:wuszj -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\rwzvw.txt:stsav -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\rwzvw.txt:xwxui -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\sessmgr.setup.log:cstib -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\sessmgr.setup.log:fjcta -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\sessmgr.setup.log:izvex -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\sessmgr.setup.log:kqytk -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\setupact.log:bvpim -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\setupact.log:jieyu -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\setupact.log:oamnm -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\setupact.log:zzysj -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\setupapi.log.0.old:cvqth -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\setupapi.log.0.old:dcpov -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\setupapi.log.1.old:ehkrr -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\setupapi.log.1.old:tywfg -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\setupapi.log.2.old:abkbf -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\setupapi.log.2.old:dwjpb -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\setupapi.log.2.old:gngmw -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\setupapi.log.2.old:tqwst -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\setupapi.log.3.old:gqnho -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\setupapi.log.3.old:rwzhs -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\setupapi.log.3.old:whssg -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\setupapi.log.3.old:wzewi -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\setupapi.log.3.old:xiohe -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\setupapi.log.4.old:dlwwj -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\setupapi.log.4.old:psdnu -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\setupapi.log.4.old:ptbjo -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\setupapi.log.5.old:dmjpy -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\setupapi.log.5.old:jccty -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\setupapi.log.5.old:rtcay -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\setupapi.log.6.old:gfhxk -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\setupapi.log.6.old:jaldv -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\setupapi.log.7.old:garxi -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\setupapi.log.7.old:lsekk -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\setuperr.log:csxmb -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\setuperr.log:jkist -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\setuperr.log:mmvhs -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\setuperr.log:suqrm -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\setuperr.log:sxgnz -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\setuperr.log:unneu -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\sjlms.dat:svbjs -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\smscfg.ini:iswxq -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\smscfg.ini:lsgvl -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\smscfg.ini:otlgt -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\smscfg.ini:ovoen -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\smscfg.ini:psgbk -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\smscfg.ini:xichb -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\spupdsvc.log:hssow -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\spupdsvc.log:tigwo -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\svcpack.log:dhfvn -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\svcpack.log:gicau -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\svcpack.log:ugcls -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\svkjw.txt:cmjrj -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\sxiln.dat:pdaph -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\tbqua.txt:eaehf -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\tbqua.txt:qzcxp -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\tbqua.txt:zxklv -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\tepto.log:xmqyp -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\teryb.log:hyuox -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\tfvdt.dat:wuksb -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\tfvdt.dat:xemze -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\tmrum.txt:elejr -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\tsoc.log:bhfzg -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\tsoc.log:ccbuu -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\tsoc.log:huewv -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\tsoc.log:mcciv -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\tsqfa.txt:fkyfb -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\ttooo.log:rqbmo -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\ttooo.log:sqwaj -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\ttooo.log:zfuki -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\ttooo.log:zsqpg -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\ukcog.txt:wlmrq -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\ulics.dat:lernh -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\ulics.dat:psuvw -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\ulics.dat:whatq -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\updspapi.log:dgnjv -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\updspapi.log:ejfli -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\updspapi.log:rbxps -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\updspapi.log:vphci -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\uycgq.txt:ewoxx -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\uycgq.txt:rdpmq -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\uycgq.txt:rtzpe -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\uycgq.txt:rvuai -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\uycgq.txt:zgqqz -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\uylpt.txt:abnpg -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\uyvtm.dat:dznaq -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\uyvtm.dat:jjeun -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\uyvtm.dat:txtvu -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\uzacm.txt:vuamz -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\uznyb.dat:eruwv -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\uznyb.dat:zifun -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\vb.ini:fsbjp -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\vb.ini:uzkli -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\vb.ini:vnhfi -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\vbaddin.ini:eldxh -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\vbaddin.ini:ofsvd -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\vbaddin.ini:qequm -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\vbaddin.ini:udxad -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\vbaddin.ini:wrkjo -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\vbaddin.ini:xfopt -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\vminst.log:daxdf -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\vminst.log:pbhho -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\vnauj.log:ecgzh -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\vnauj.log:ypkzo -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\vtckq.txt:vpmuw -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\wfuyp.log:tfjdy -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\wfuyp.log:xtqrw -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\wgnth.txt:tkgbs -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\wiaservc.log:jifxo -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\wiaservc.log:lbiiw -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\wiaservc.log:ssxmg -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\wiaservc.log:vduzx -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\winamp.ini:aereu -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\winamp.ini:bytax -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\winamp.ini:dsfvr -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\winamp.ini:ovnum -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\winnt.bmp:frjxs -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\winnt.bmp:gvdwr -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\winnt.bmp:hiwrq -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\winnt.bmp:koohp -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\winnt256.bmp:aemen -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\winnt256.bmp:bhdqn -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\winnt256.bmp:irypl -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\wmsetup.log:iunqz -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\wsuzr.log:oxxhy -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\wsuzr.log:vqiul -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\wvkmn.txt:clxke -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\wvkmn.txt:iofkf -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\wvkmn.txt:nruqk -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\wvkmn.txt:wqcrl -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\wvsuv.log:zhfwm -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\xienf.txt:pvzuf -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\xpsp1hfm.log:lrubb -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\xpsp1hfm.log:mctsx -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\xpsp1hfm.log:rqjsb -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\xpsp1hfm.log:svypc -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\xpsp1hfm.log:tgeqf -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\xsboo.txt:dmcyx -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\xsboo.txt:taskb -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\yacs.log:ackuz -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\yacs.log:rpkyp -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\yacs.log:ukrbi -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\yacs.log:zrqkv -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\yfsae.txt:hxlbj -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\yfsae.txt:karun -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\yfsae.txt:olyar -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\ylnry.dat:bhnvu -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\zezup.dat:ksrzg -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\zidfs.dat:eawad -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\zidfs.dat:fsnjh -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\zidfs.dat:odzis -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\zidfs.dat:xlfdg -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\zkfei.log:hjifp -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\zmyyr.txt:bqelz -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\zuret.log:psnxd -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{A2F88BA6-CD59-4FEB-9EBC-F670424F967B}\RP819\A0963633.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{daa873d4-958c-453c-81ca-3fe6f3676a87} -> Downloader.Fugif : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\gdnFR2218.exe -> Downloader.Small.ayl : Cleaned with backup (quarantined).
C:\WINDOWS\system32:sgaa.dll -> Downloader.Small.azk : Cleaned with backup (quarantined).
C:\Documents and Settings\BIG DAVE\Local Settings\Temp\temp.fr001B -> Downloader.Zlob.dr : Cleaned with backup (quarantined).
C:\Documents and Settings\BIG DAVE\Local Settings\Temp\temp.frFDD1 -> Downloader.Zlob.dr : Cleaned with backup (quarantined).
C:\WINDOWS\service.exe -> Hijacker.Small : Cleaned with backup (quarantined).
C:\WINDOWS\service.dll -> Hijacker.Small.jb : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\UWFX5_0001_MNINetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Cleaned with backup (quarantined).

::Report end

tetonbob · 02-07-2007, 07:20 PM

I'm so glad that's all it was....

In addition to posting the Panda log and the new HijackThis log, please do this:

Run ADS Spy

Open HijackThis
Click on the button " Open the Misc Tools section"
Click the button labelled "Open ADSSpy"
Make sure "Quick Scan (Windows based folders only)" is unchecked.

Make sure "Ignore Safe System Info Streams" is checked.
Click the "Scan" button.
When it has finished scanning, checkmark/tick all that entries that it found.
Click the "remove selected" button, then Click "Yes" at the following prompt.
Click the "Scan" button once again.
Click the "Save Log" button once this scan is complete.

Please post that log here for review.

pelling · 02-11-2007, 09:02 AM

Panda Log:

Incident Status Location

Adware:adware/searchaid Not disinfected c:\windows\system32\appkm.exe
Adware:adware/webattaker Not disinfected c:\windows\uniq
Adware:adware/keenvalue Not disinfected c:\program files\common files\SearchUpgrader
Adware:adware/cydoor Not disinfected c:\windows\cdmxtras
Potentially unwanted tool:application/myway Not disinfected hkey_local_machine\software\microsoft\windows\currentversion\uninstall\My Way Speedbar Uninstall
Potentially unwanted tool:application/need2find Not disinfected hkey_local_machine\software\Need2Find
Potentially unwanted tool:application/altnet Not disinfected hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\AltnetDM
Adware:adware/mediatickets Not disinfected Windows Registry
Adware:adware/elitebar Not disinfected Windows Registry
Adware:Adware/CWS.Searchmeup Not disinfected C:\Documents and Settings\BIG DAVE\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-241eca98-180fe27d.zip[GetAccess.class]
Adware:Adware/CWS.Searchmeup Not disinfected C:\Documents and Settings\BIG DAVE\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-241eca98-180fe27d.zip[Installer.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\BIG DAVE\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-241eca98-180fe27d.zip[NewSecurityClassLoader.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\BIG DAVE\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-241eca98-180fe27d.zip[NewURLClassLoader.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\BIG DAVE\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv557.jar-6ac1efcd-5dc6dcab.zip[Matrix.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\BIG DAVE\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv557.jar-6ac1efcd-5dc6dcab.zip[Counter.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\BIG DAVE\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv557.jar-6ac1efcd-5dc6dcab.zip[Dummy.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\BIG DAVE\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv557.jar-6ac1efcd-5dc6dcab.zip[Parser.class]
Adware:Adware/CommAd Not disinfected C:\Documents and Settings\BIG DAVE\Local Settings\Temp\01808300\2896.tmp
Adware:Adware/SpySheriff Not disinfected C:\Documents and Settings\BIG DAVE\Local Settings\Temp\jav5.tmp
Possible Virus. Not disinfected C:\Documents and Settings\BIG DAVE\Local Settings\Temp\svchst.exe
Hacktool:Exploit/LoadImage Not disinfected C:\Documents and Settings\BIG DAVE\Local Settings\Temporary Internet Files\Content.IE5\OZZBISTX\sex[2].ani
Hacktool:Exploit/LoadImage Not disinfected C:\Documents and Settings\BIG DAVE\Local Settings\Temporary Internet Files\Content.IE5\YNVZQJCY\ifect[2].anr
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\EMZ\Desktop\SmitfraudFix\Process.exe
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\MARION\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-8b25842-57f35a99.zip[BlackBox.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\MARION\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-8b25842-57f35a99.zip[VerifierBug.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\MARION\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-8b25842-57f35a99.zip[Dummy.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\MARION\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-8b25842-57f35a99.zip[Beyond.class]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\MARION\Cookies\marion@atdmt[1].txt
Spyware:Spyware/BetterInet Not disinfected C:\Program Files\Common Files\SearchUpgrader\system.cfg
Spyware:Cookie/HotLog Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq11B.tmp
Potentially unwanted tool:Application/Need2Find Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq22.tmp\bar\1.bin\N2PLUGIN.DLL
Potentially unwanted tool:Application/Need2Find Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq22.tmp\bar\1.bin\NPND2FN.DLL
Spyware:Cookie/Sextracker Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq9.tmp
Adware:Adware/SpyAxe Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppqF.tmp\ld1E40.tmp
Adware:Adware/SystemDoctor Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppqF.tmp\ld836B.tmp
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\sUBs\TSF\nircmd.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:gttnt
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:gtvvw
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:gtwdk
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:guboi
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:gufqm
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:guijq
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:gujvd
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:gunak
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:gundz
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:guoci
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:gutig
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:guyjw
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:guzyq
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:gvfit
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:gvldy
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:gvmyc
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:gvqtw
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:gwhsk
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:gwojx
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:gwtht
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:gxdek
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:gxiva
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:gxwjj
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:gxxok
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:gydvn
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:gytpx
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:gyxpr
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:gzgqs
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:gzjqc
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:gzkfp
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:gzlju
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:gzlnr
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:gzofj
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:gztbg
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:gzuid
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:gzxsk
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hajeu
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:haopa
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hayzt
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hbfbv
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hbmsh
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hbpkd
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hbqda
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hbupa
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hcaqu
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hcctg
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hccuk
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hcfrh
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hcogl
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hcpdh
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hcylk
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hdknn
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hdxlr
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hebzh
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:heniq
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hesax
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hewyh
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hezpc
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hfmmb
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hfrat
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hftky
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hgags
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hgapf
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hglyo
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hgmjl
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hgtuo
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hgzgh
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hhgjo
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hhkeh
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hhowz
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hhpgz
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hhplr
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hhrkn
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hhspn
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hhtfy
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hhvdt
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hikca
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:himmc
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:himti
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hixem
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hjiwp
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hkcyv
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hkfbg
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hkohz
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hkpjk
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hkwef
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hkwlt
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hldud
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hlgua
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hlhaf
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hlvnr
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hlwys
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hlzqs
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hmcrf
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hmfvs
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hmgdw
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hmieq
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hmrwq
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hmsrl
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hnded
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hnfgs
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hnpbp
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hoifm
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:honps
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hoszm
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hotvc
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hoygy
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hphir
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hpjzm
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hpnce
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hpxuf
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hqepo
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hqiky
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hqoiz
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hqvfi
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hqvqp
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hqzxv
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hraay
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hrchl
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hrgie
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hrizp
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hrqmx
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hrugs
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hrugt
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hsfwy
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hstij
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hstqj
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hsxbk
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hsyct
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:htczj
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:htduq
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:htkbt
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:htqiw
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:htsce
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:htvyw
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hutih
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hvczd
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hvopv
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hvttv
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hwlwn
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hxfsm
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hyect
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hylfw
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hzbnz
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hzcak
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hzqad
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:iafgk
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:iajpm
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:ibany
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:ibpgi
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:ibutj
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:ibwgf
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:icemm
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:icgnm
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:idisi
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:idmgs
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:idxlq
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:iebyv
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:iedte
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:iekzw
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:ieqtm
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:ievrq
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:iewfr
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:iexyn
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:ieyzp
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:ifadw
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:ifaxi
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:ifhva
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:ifpbw
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:ifqxn
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:ifwsi
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:ifzcs
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:igcog
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:igyyz
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:ihsqf
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:ihzkx
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:iinhy
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:iiqnk
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:iiuio
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:iizxz
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:ijccg
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:ijgom
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:ijtwo
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:ijtwp
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:ikytz
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:ilakc
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:ilvdr
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:ilvpw
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:imecl
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:imjgr
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:imuki
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:imvat
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:invgy
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:invvl
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:inywm
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:ioaoc
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:ioaua
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:ipalb
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:ipanl
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:ipbfk
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:ipfsx

pelling · 02-11-2007, 09:03 AM

Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:ipgcm
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:ippnr
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:ipsol
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:ipwtg
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:iqbvu
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:iqifw
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:iqnus
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:iqotn
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:iqylp
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:irawi
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:irfte
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:irrlw
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:isfvp
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:isgwh
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:isnzo
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:ispop
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:itdoi
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:itdpf
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:ithhi
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:itlmr
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:itmbn
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:itwaa
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:itwts
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:iudlr
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:iudnu
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:iujmr
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:iusyl
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:ivbnr
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:ivjyi
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:ivldt
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:ivplk
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:ivwcx
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:iwbeu
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:iwcks
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:iwksx
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:iwrwv
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:iwzmk
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:ixbbn
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:ixsyt
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:ixzyd
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:iyixs
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:iyjiw
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:iylvf
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:iymxu
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:iysde
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:iyydz
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:izfkp
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:izviw
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:izxqe
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:izxxs
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:japuc
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jbefh
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jbgsf
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jbgzm
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jbjhu
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jbjpe
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jbklc
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jbllz
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jbrwb
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jbzal
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jccbt
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jcccr
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jchin
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jcipx
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jcomd
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jczvp
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jdbxj
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jdcxf
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jddhf
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jdefs
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jdghc
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jdrex
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jdtma
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jdueh
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jegqj
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jeyfu
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jfrgq
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jfulp
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jfwny
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jgbpj
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jgbvf
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jgfnq
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jgibi
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jgiqw
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jgjpg
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jgrew
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jguow
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jgzvo
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jhitp
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jhjnn
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jhkwo
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jhmkb
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jhnqf
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jhpgc
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jhyge
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jiayk
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jiecc
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jigqv
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jjrdd
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jkijx
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jkjcz
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jknne
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jkvya
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jlale
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jldif

pelling · 02-11-2007, 09:03 AM

Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jllaa
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jllkl
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jlzzf
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jmbqi
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jmfjv
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jmuxx
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jmycj
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jnhib
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jnjyn
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jnlkb
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jnpku
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jocdk
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jolio
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jolzf
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jonml
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jopnv
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:joukq
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jpisw
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jprkj
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jpsav
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jpzak
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jqctr
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jqeqf
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jqjkq
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jqpkv
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jresc
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jricg
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jrlde
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jruqr
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jsang
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jsgax
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jsnsh
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jsoye
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jsqbw
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jssbw
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jtluo
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jtmjq
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jtmtf
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jtrha
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jtwjh
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jucuu
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jugjf
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jvzcc
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jvzjd
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jwcmj
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jwfgf
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jwhgc
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jwifz
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jwopq
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jwpwl
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jxkmf
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jxmfo
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jxmpl
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jxrhf
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jyagt
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jyauw
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jyego
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jyrgy
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jysfh
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jyuvx
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jywkx
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jzcyt
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jzgdh
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jzlka
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jzsuj
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jzxcb
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jzxzt
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:kagnm
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:kaiow
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:kamhp
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:kaqyf
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:kbdod
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:kbymm
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:kcfxu
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:kcoem
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:kcorg
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:kcvdv
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:kdkwg
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:kdrkq
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:kdzqx
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:keaax
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:keijq
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:kesjk
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:ketbu
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:ketmo
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:keuai
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:kexqv
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:kfejr
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:kfrqi
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:kgdzb
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:kglzk
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:kgnls
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:kgnma
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:kgnmr
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:kgtjq
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:khbmh
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:khpre
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:khwhz
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:khzbs
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:kifkg
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:kimxy
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:kirek
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:kitdf
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:kivoy
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:kjbew
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:kjdcj
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:kjgji
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:kjnzn
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:kjtfs
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:kjwwx
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:kkcyw
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:kkixo
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:kkjhy
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:kktcb
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:kkuba
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:klltn
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:klpnc
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:klqgc
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:klwav
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:klydz
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:klyeb
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:kmbuh
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:kmcsz
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:kmgov
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:kmiuy
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:kmqqf
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:kmznm
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:knehg
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:knfck
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:knpsg
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:kocfh
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:koduk
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:kozen
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:kpbqq
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:kplqz
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:kqeke
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:kqswa
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:kqurr
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:kradm
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:krhts
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:krkkt
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:krqtq
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:krvac
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:kryph
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:ksaey
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:ksgzq
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:ksiid
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:ksqyr
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:kszuz

01-24-2007, 01:42 PM	#1 (permalink)
pelling Registered User Join Date: Mar 2006 Location: Brighton, UK Posts: 53 OS: WinXP	Logfile check please Hi, my girlfriends computer is really really slow and i'm pretty sure it's got viruses of some sort. Could you check this hijackthis logfile please? Thanks: ` Logfile of HijackThis v1.99.1 Scan saved at 20:39:16, on 24/01/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\system32\svchost.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE C:\WINDOWS\zHotkey.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe C:\PROGRA~1\Yahoo!\browser\ycommon.exe C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe C:\PROGRA~1\Yahoo!\YOP\yop.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe C:\WINDOWS\system32\USBPlug.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\WINDOWS\System32\HPZipm12.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\bcmwltry.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.live.com/login.srf?id=2...=1033&_lang=EN R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BT Yahoo! Broadband O2 - BHO: (no name) - {2DC65906-D457-B6FE-6F9B-0A2682594BE0} - C:\WINDOWS\system32\agoydjg.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: (no name) - {5345A7A9-805A-4923-B505-86B2FEBA3FE0} - (no file) O4 - HKLM\..\Run: [CHotkey] zHotkey.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [McAfee Guardian] C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe /SU O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" O4 - HKLM\..\Run: [dscService] C:\WINDOWS\system32\USBPlug.exe O4 - HKLM\..\Run: [hpakmfl.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\hpakmfl.dll,aqoriid O4 - HKLM\..\Run: [dmfrx.exe] C:\WINDOWS\system32\dmfrx.exe O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\McRegWiz.exe /autorun O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll (file missing) O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\Poker\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\Poker\PartyPoker\RunApp.exe O9 - Extra button: Privacy Bar - {cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - C:\Program Files\McAfee\McAfee Privacy Service\GDIEHELP.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Homepage - {6DA6C6C1-F4E8-469F-A46A-F1989006B06E} - http://bt.yahoo.com (file missing) (HKCU) O9 - Extra button: BT - {ACB19E59-FFAE-441D-A681-DAFDE732B1DE} - http://www.bt.com (file missing) (HKCU) O11 - Options group: [INTERNATIONAL] International* O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/game...ts/y/ct4_x.cab O16 - DPF: {0D62A517-E7C6-4E1F-A577-07D4AC549A48} (Progetto1.int_ver32) - http://advnt01.com/dialer/int_ver32b.CAB O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://courses.learndirect.co.uk/pro...er/awswaxf.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...3/mcinsctl.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...20/mcgdmgr.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://utu.popcap.com/games/popcaploader_v6.cab O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - http://register.btinternet.com/templ...control023.cab O16 - DPF: {F57D17AE-CE37-4BC8-B232-EA57747BE5E7} - http://66.230.146.53/EPlugin_GB.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{81028C57-504A-40FC-A140-C8D5ED0F3C2E}: NameServer = 85.255.115.238,85.255.112.198 O17 - HKLM\System\CCS\Services\Tcpip\..\{89AC1B1A-0296-45E7-9481-3843C293F5E4}: NameServer = 85.255.115.238,85.255.112.198 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: McAfee Privacy Service (GuardDogEXE) - Unknown owner - C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE" /SERVICE (file missing) O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe O23 - Service: McAfee SpamKiller Server (MskService) - Networks Associates Technology. Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

01-27-2007, 08:39 PM	#2 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,697 OS: 2000 Pro; XP Pro; XP Home	Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe. Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence. This is but Round 1 of what could be several posts to complete the cleaning of this system. Stick with me until you receive the "All Clear". --------------------------------------------------------------------------------------------- Download combofix.exe to your desktop. * IMPORTANT !!! Place it on your Desktop. We'll use this shortly. --------------------------------------------------------------------------------------------- Please download FixWareout from one of these sites: http://downloads.subratam.org/Fixwareout.exe http://www.bleepingcomputer.com/file...Fixwareout.exe Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal. Once the desktop loads a text file will open (report.txt), you can close it - the file has already been saved. Run HijackThis. Click "Do a System Scan Only", and place a check next to the following items (if found): R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/ O3 - Toolbar: (no name) - {5345A7A9-805A-4923-B505-86B2FEBA3FE0} - (no file) O4 - HKLM\..\Run: [hpakmfl.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\hpakmfl.dll,aqoriid O4 - HKLM\..\Run: [dmfrx.exe] C:\WINDOWS\system32\dmfrx.exe O16 - DPF: {0D62A517-E7C6-4E1F-A577-07D4AC549A48} (Progetto1.int_ver32) - http://advnt01.com/dialer/int_ver32b.CAB O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://utu.popcap.com/games/popcaploader_v6.cab O16 - DPF: {F57D17AE-CE37-4BC8-B232-EA57747BE5E7} - http://66.230.146.53/EPlugin_GB.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{81028C57-504A-40FC-A140-C8D5ED0F3C2E}: NameServer = 85.255.115.238,85.255.112.198 O17 - HKLM\System\CCS\Services\Tcpip\..\{89AC1B1A-0296-45E7-9481-3843C293F5E4}: NameServer = 85.255.115.238,85.255.112.198 Click FIX CHECKED. Close HijackThis. Finally, please post the contents of the text file that opened earlier (you can find it at C:\fixwareout\report.txt ), at the end of this fix. If you receive an error message while trying to run FixWareout, copy autoexec.nt from the C:\WINDOWS\repair folder to C:\WINDOWS\system32 folder, and run FixWareout again. ---------------------------------------------------------------------------------------------------------- Run ComboFix Click the Windows 'Start' button > Select 'Run' - then copy/paste this into the run box & click OK "%userprofile%\desktop\combofix.exe" /v hpakmfl agoydjg When finished, it shall produce a log for you. Post that log in your next reply. It's located at C:\ComboFix.txt Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall. --------------------------------------------------------------------------------------------- Download SpywareBlaster 3.5.1 Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items --------------------------------------------------------------------------------------------- Please go to: VirusTotal At the top of the page you'll find a "Browse" button. Click the "Browse" button and browse to this file in BOLD: C:\WINDOWS\system32\USBPlug.exe Click "Open". Then click the "Send" button at the top of the VirusTotal page. This will scan the file. Please be patient. Once scanned, copy and paste the results in your next reply.. --------------------------------------------------------------------------------------------- Open Hijack This and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here. --------------------------------------------------------------------------------------------- Please return with results from: FixWareout (C:\fixwareout\report.txt) ComboFix (C:\ComboFix.txt) VirusTotal HijackThis Has Party Poker been intentionally installed on this machine? __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? ** Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

01-28-2007, 02:47 PM	#3 (permalink)
pelling Registered User Join Date: Mar 2006 Location: Brighton, UK Posts: 53 OS: WinXP	Hi. Thanks so much for the reply. I can only use her computer on wednesdays and some weekends so this could be quite a slow process, but i'll stick with it whenever i can. I'll post back wednesday when i've done the above steps :) also yes, party poker was installed on purpose... Last edited by pelling; 01-28-2007 at 02:49 PM.

01-28-2007, 06:10 PM	#4 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,697 OS: 2000 Pro; XP Pro; XP Home	Advised to keep that machine disconnected from the internet until such time as the fix can be performed. While it's infected, it can get worse if left unattended and with internet access. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

01-31-2007, 08:18 PM	#7 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,697 OS: 2000 Pro; XP Pro; XP Home	That looks much better, but there's more work to do. Go to My Computer->Tools->Folder Options->View tab: * Under the Hidden files and folders heading, select Show hidden files and folders. * Uncheck the Hide protected operating system files (recommended) option. * Also make sure there is no checkmark beside Hide file extensions for known file types * Click Yes to confirm and then click OK. Delete the following files: C:\WINDOWS\SYSTEM32\CSKFR.EXE C:\WINDOWS\SYSTEM32\DMBVN.EXE C:\WINDOWS\SYSTEM32\DMGHK.EXE C:\WINDOWS\SYSTEM32\DMLLC.EXE C:\WINDOWS\SYSTEM32\DMLPR.EXE C:\WINDOWS\SYSTEM32\DMRLB.EXE C:\WINDOWS\SYSTEM32\DMWEK.EXE C:\WINDOWS\SYSTEM32\DMWMU.EXE If they resist deletion, boot to safe mode and delete from there. --------------------------------------------------------------------------------------------- Now, before we continue, I need a bit more information, please. Please download SmitfraudFix (by S!Ri) to your Desktop. Double-click smitfraudfix.exe to start the tool. Select option #1 - Search by typing 1 and press "Enter" and a text file will appear which lists infected files (if present). Please copy/paste the content of that report into your next reply. It will be located at C:\rapport.txt if you happen to close it. IMPORTANT: Do NOT run option #2 OR any other option until you are directed to do so! Create an uninstall list: Open HiJackThis Click on the button " Open the Misc Tools section" Click on the Box that says "Open Uninstall Manager" Click on the button "Save list" Copy and past the List from the notepad file into your post Please tell me the contents of these folders: C:\92237345ca2f02005178e2 C:\b3b0f612d0e445f8a2e933cd C:\32aae832b0c65165c4d370 __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

01-28-2007, 06:30 PM	#5 (permalink)
pelling Registered User Join Date: Mar 2006 Location: Brighton, UK Posts: 53 OS: WinXP	noted, thanks

02-04-2007, 10:40 AM	#8 (permalink)
pelling Registered User Join Date: Mar 2006 Location: Brighton, UK Posts: 53 OS: WinXP	SmitFraud Report: SmitFraudFix v2.138 Scan done at 17:36:34.23, 07-02-04 Run from C:\Documents and Settings\EMZ\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS C:\WINDOWS\d3??.dll FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 C:\WINDOWS\system32\hp????.tmp FOUND ! C:\WINDOWS\system32\ld????.tmp FOUND ! C:\WINDOWS\system32\ncompat.tlb FOUND ! C:\WINDOWS\system32\ot.ico FOUND ! C:\WINDOWS\system32\ts.ico FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\EMZ »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\EMZ\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu C:\DOCUME~1\EMZ\STARTM~1\Programs\SpyAxe FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\EMZ\FAVORI~1 C:\DOCUME~1\EMZ\FAVORI~1\Antivirus Test Online.url FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="file:///C:/DOCUME~1/EMZ/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg" "SubscribedURL"="file:///C:/DOCUME~1/EMZ/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg" "FriendlyName"="" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{C1A8B6A1-2C81-1C3D-A3C6-A1CCDB10B47F}"="Windows Update" [HKEY_CLASSES_ROOT\CLSID\{C1A8B6A1-2C81-1C3D-A3C6-A1CCDB10B47F}\InProcServer32] @="C:\WINDOWS\system32\ioctrl.dll" [HKEY_CURRENT_USER\Software\Classes\CLSID\{C1A8B6A1-2C81-1C3D-A3C6-A1CCDB10B47F}\InProcServer32] @="C:\WINDOWS\system32\ioctrl.dll" »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "system"="" »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32 »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End Uninstall List: Ad-Aware SE Personal Adobe Atmosphere Player for Acrobat and Adobe Reader Adobe Download Manager 1.2 (Remove Only) Adobe Photoshop Album 2.0 Starter Edition Adobe Reader 6.0.1 AOL UK (Choose which version to remove) AOL You've Got Pictures Screensaver BT Voyager Wireless Utility BT Yahoo! Applications CleanUp! Creative Jukebox Driver Cult II - Federal Crime Google Earth HighGrow HighMAT Extension to Microsoft Windows XP CD Writing Wizard HijackThis 1.99.1 Hotfix for Windows XP (KB914440) Hotfix for Windows XP (KB915865) Hotfix for Windows XP (KB926239) HP Memories Disc HP Photo and Imaging 2.0 - All-in-One HP Photo and Imaging 2.0 - All-in-One Drivers HP Photo and Imaging 2.0 - hp psc 1200 series hp psc 1200 series hp psc 1200 series Hypertext Builder 2004 iMeshBar Intel(R) Extreme Graphics Driver Intel(R) PRO Network Adapters and Drivers Intel(R) PROSet InterActual Player Internet Connection Control J2SE Runtime Environment 5.0 Update 3 J2SE Runtime Environment 5.0 Update 9 Java 2 Runtime Environment, SE v1.4.2_05 LiveUpdate BVRP Software Macromedia Flash Player 8 McAfee Internet Security 6.0 McAfee SecurityCenter Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB886903) Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Data Access Components KB870669 Microsoft Internationalized Domain Names Mitigation APIs Microsoft Money Microsoft Money System Pack Microsoft National Language Support Downlevel APIs Microsoft Office XP Standard for Students and Teachers Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Windows Journal Viewer Microsoft Works 7.0 Mobility Mozilla Firefox (2.0.0.1) MSN Messenger 7.5 MSXML 4.0 SP2 (KB927978) Multimedia Keyboard Driver Musicmatch® Jukebox My Search Bar NTI Photo Suite OLYMPUS CAMEDIA Master 2.5 Pagan Daybook II PartyPoker Philips GoGear HDD Device Manager PowerDVD QuickTime RealPlayer Basic Realtek AC'97 Audio SafeCast Shared Components Security Update for Windows Internet Explorer 7 (KB929969) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player 10 (KB911565) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB883939) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896422) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896424) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB896688) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899588) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901190) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB903235) Security Update for Windows XP (KB904706) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB905915) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB911562) Security Update for Windows XP (KB911567) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB912812) Security Update for Windows XP (KB912919) Security Update for Windows XP (KB913446) Security Update for Windows XP (KB913580) Security Update for Windows XP (KB914388) Security Update for Windows XP (KB914389) Security Update for Windows XP (KB916281) Security Update for Windows XP (KB917159) Security Update for Windows XP (KB917344) Security Update for Windows XP (KB917422) Security Update for Windows XP (KB917953) Security Update for Windows XP (KB918439) Security Update for Windows XP (KB918899) Security Update for Windows XP (KB919007) Security Update for Windows XP (KB920213) Security Update for Windows XP (KB920214) Security Update for Windows XP (KB920670) Security Update for Windows XP (KB920683) Security Update for Windows XP (KB920685) Security Update for Windows XP (KB921398) Security Update for Windows XP (KB921883) Security Update for Windows XP (KB922616) Security Update for Windows XP (KB922760) Security Update for Windows XP (KB922819) Security Update for Windows XP (KB923191) Security Update for Windows XP (KB923414) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB923694) Security Update for Windows XP (KB923980) Security Update for Windows XP (KB924191) Security Update for Windows XP (KB924270) Security Update for Windows XP (KB924496) Security Update for Windows XP (KB925486) Security Update for Windows XP (KB926255) Smart Link 56K Voice Modem Sony Ericsson PC Suite SpeedTouch USB Software SpywareBlaster v3.5.1 Think & Talk French Tradewinds 2 Update for Windows XP (KB894391) Update for Windows XP (KB896727) Update for Windows XP (KB898461) Update for Windows XP (KB900485) Update for Windows XP (KB900930) Update for Windows XP (KB904942) Update for Windows XP (KB908531) Update for Windows XP (KB910437) Update for Windows XP (KB911280) Update for Windows XP (KB916595) Update for Windows XP (KB920872) Update for Windows XP (KB922582) WCDMA Handset USB Driver WildTangent Web Driver Windows Backup Utility Windows Genuine Advantage v1.3.0254.0 Windows Installer 3.1 (KB893803) Windows Installer 3.1 (KB893803) Windows Internet Explorer 7 Windows Live Messenger Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Player 11 Windows Media Player 11 Windows Media Player 9 Series Winter Fun Pack Windows XP Hotfix - KB834707 Windows XP Hotfix - KB867282 Windows XP Hotfix - KB873333 Windows XP Hotfix - KB873339 Windows XP Hotfix - KB885250 Windows XP Hotfix - KB885626 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB885884 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB887742 Windows XP Hotfix - KB887797 Windows XP Hotfix - KB888113 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890047 Windows XP Hotfix - KB890175 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB890923 Windows XP Hotfix - KB891781 Windows XP Hotfix - KB893066 Windows XP Hotfix - KB893086 Windows XP Service Pack 2 Those folders you mentioned don't exist any more, they are deleted. The computer seems to be responding alot better, thanks.

02-04-2007, 01:26 PM	#9 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,697 OS: 2000 Pro; XP Pro; XP Home	Before begining the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence. --------------------------------------------------------------------------------------------- Please print out or copy these instructions/tutorial to Notepad as the internet will not (while in Safe Mode) be available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes. --------------------------------------------------------------------------------------------- Download AVG Anti Spyware Use the link at the bottom of the page under "AVG Anti-Spyware Free for Windows" Install AVG Anti Spyware Double-click the icon on Desktop to launch AVG On the top of the main screen click Shield Click the word active to change it to inactive On the top of the main screen click Update. Then click on Start Update. The update will start and a progress bar will show the updates being installed. Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab. Once in the Settings screen click on "Recommended actions" and then select "Quarantine". Under "Reports" Select "Automatically generate report after every scan" Un-Select "Only if threats were found" When you have finished updating, EXIT AVG Anti Spyware. Do Not run a scan just yet, we will shortly. --------------------------------------------------------------------------------------------- Please download ATF Cleaner by Atribune. This program is for XP and Windows 2000 only We'll use this later. --------------------------------------------------------------------------------------------- Reboot your computer in Safe Mode. If the computer is running, shut down Windows, and then turn off the power. Wait 30 seconds, and then turn the computer on. Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again. Ensure that the Safe Mode option is selected. Press Enter. The computer then begins to start in Safe mode. Login on your usual account. --------------------------------------------------------------------------------------------- Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist: iMeshBar My Search Bar --------------------------------------------------------------------------------------------- Double-click smitfraudfix.exe to start the tool. Select option #2 - Clean by typing 2 and press Enter. Wait for the tool to complete and disk cleanup to finish. You will be prompted : " Registry cleaning - Do you want to clean the registry?" answer Yes by typing Y and hit Enter. The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question " Replace infected file?" by typing Y and hit Enter. A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot in Safe Mode. The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: (C:\rapport.txt) or partition where your operating system is installed. Please post that log along with all others requested in your next reply. --------------------------------------------------------------------------------------------- Clean out your Temporary Internet files. Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. If you use Firefox browser Click Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. If you use Opera browser Click Opera at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. Click Exit on the Main menu to close the program. For Technical Support, double-click the e-mail address located at the bottom of each menu. --------------------------------------------------------------------------------------------- Next go to Control Panel click Display>Desktop>Customize Desktop>Web> Now, Uncheck Everything and delete if present: "Security Info" "Warning Message" "Security Desktop" "Warning Homepage" "Desktop Uninstall" or something similar Also make sure the 'Lock desktop items' box is unticked. Click OK, and then Click Apply, then OK. --------------------------------------------------------------------------------------------- Run AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed) Click Scanner Click on the Scan tab Click Complete System Scan to begin scanning. Once the scan is complete do the following: If you have any infections you will prompted, then select "Apply all actions" Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important). Restart in normal mode. --------------------------------------------------------------------------------------------- Double-click smitfraudfix.exe to start the tool. Select option #3 - Delete Trusted zone by typing 3 and press Enter Answer Yes to the question "Restore Trusted Zone ?" by typing Y and hit Enter. Note, if you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection. --------------------------------------------------------------------------------------------- Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update. Updating Java: Download the latest version of Java Runtime Environment (JRE) 6. Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications". Click the "Download" button to the right. Check the box that says: "*Accept* License Agreement". The page will refresh. Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-6-windowsi586-p.exe to install the newest version. After the install is complete, go back into the Control Panel and double-click the Java Icon. Under Temporary Internet Files, click the Delete Files button. There are three options in the window to clear the cache - Leave ALL 3 Checked Downloaded Applets Downloaded Applications Other Files Click OK on Delete Temporary Files Window Note: This deletes ALL the Downloaded Applications and Applets from the CACHE. Click OK to leave the Java Control Panel. --------------------------------------------------------------------------------------------- Perform an online scan with Internet Explorer with Panda ActiveScan Click on located at the bottom of the page. A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it * Enter your e-mail address, country, and state & click "Free Online Scan" The download of the 8 MB Panda's ActiveX control will take place Begin the scan by selecting If it finds any malware, it will offer you a report. Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later. Click on then click * You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report. * Turn off the real time scanner of any existing antivirus program while performing the online scan --------------------------------------------------------------------------------------------- Run a new HijackThis scan. Save the log file and post it here. --------------------------------------------------------------------------------------------- Then post the following logs in your next reply... C:\rapport.txt (log from the tool) AVG Anti-Spyware log Panda log Hijackthis log __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

02-06-2007, 01:52 PM	#10 (permalink)
pelling Registered User Join Date: Mar 2006 Location: Brighton, UK Posts: 53 OS: WinXP	big problem, i got up to the avg scan, it finished, then the computer was turned off. When it is turned back on a message says 'invalid system disk', and it will not get any further. Any ideas?

02-06-2007, 06:35 PM	#11 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,697 OS: 2000 Pro; XP Pro; XP Home	Pelling - Do you happen to have a non-bootable CD in the drive? Or a non-bootable floppy in your A drive if you have one? __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009 Last edited by tetonbob; 02-06-2007 at 06:38 PM.

02-07-2007, 01:01 PM	#12 (permalink)
pelling Registered User Join Date: Mar 2006 Location: Brighton, UK Posts: 53 OS: WinXP	Yeah there was a floopy disk in there, doh! The imesh bar and my search bar both say 'the specified module could not be found' when i click to remove. they are still in the list. Everything else seemed to work. the panda scan is running now and i wont be able to post the log until the weekend, but here are the others: rapport log: SmitFraudFix v2.138 Scan done at 22:35:28.64, 07-02-04 Run from C:\Documents and Settings\EMZ\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{C1A8B6A1-2C81-1C3D-A3C6-A1CCDB10B47F}"="Windows Update" [HKEY_CLASSES_ROOT\CLSID\{C1A8B6A1-2C81-1C3D-A3C6-A1CCDB10B47F}\InProcServer32] @="C:\WINDOWS\system32\ioctrl.dll" [HKEY_CURRENT_USER\Software\Classes\CLSID\{C1A8B6A1-2C81-1C3D-A3C6-A1CCDB10B47F}\InProcServer32] @="C:\WINDOWS\system32\ioctrl.dll" »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files C:\WINDOWS\d3??.dll Deleted C:\WINDOWS\system32\hp????.tmp Deleted C:\WINDOWS\system32\ld????.tmp Deleted C:\WINDOWS\system32\ncompat.tlb Deleted C:\WINDOWS\system32\ot.ico Deleted C:\WINDOWS\system32\ts.ico Deleted C:\DOCUME~1\EMZ\STARTM~1\Programs\SpyAxe Deleted C:\DOCUME~1\EMZ\FAVORI~1\Antivirus Test Online.url Deleted »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "system"="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End Last edited by pelling; 02-07-2007 at 01:04 PM.

02-07-2007, 07:20 PM	#15 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,697 OS: 2000 Pro; XP Pro; XP Home	I'm so glad that's all it was.... In addition to posting the Panda log and the new HijackThis log, please do this: Run ADS Spy Open HijackThis Click on the button " Open the Misc Tools section" Click the button labelled "Open ADSSpy" Make sure *"Quick Scan (Windows based folders only)"* is unchecked. Make sure "Ignore Safe System Info Streams" is checked. Click the "Scan" button. When it has finished scanning, checkmark/tick all that entries that it found. Click the "remove selected" button, then Click "Yes" at the following prompt. Click the "Scan" button once again. Click the "Save Log" button once this scan is complete. Please post that log here for review. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

02-11-2007, 09:02 AM	#16 (permalink)
pelling Registered User Join Date: Mar 2006 Location: Brighton, UK Posts: 53 OS: WinXP	Panda Log: Incident Status Location Adware:adware/searchaid Not disinfected c:\windows\system32\appkm.exe Adware:adware/webattaker Not disinfected c:\windows\uniq Adware:adware/keenvalue Not disinfected c:\program files\common files\SearchUpgrader Adware:adware/cydoor Not disinfected c:\windows\cdmxtras Potentially unwanted tool:application/myway Not disinfected hkey_local_machine\software\microsoft\windows\currentversion\uninstall\My Way Speedbar Uninstall Potentially unwanted tool:application/need2find Not disinfected hkey_local_machine\software\Need2Find Potentially unwanted tool:application/altnet Not disinfected hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\AltnetDM Adware:adware/mediatickets Not disinfected Windows Registry Adware:adware/elitebar Not disinfected Windows Registry Adware:Adware/CWS.Searchmeup Not disinfected C:\Documents and Settings\BIG DAVE\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-241eca98-180fe27d.zip[GetAccess.class] Adware:Adware/CWS.Searchmeup Not disinfected C:\Documents and Settings\BIG DAVE\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-241eca98-180fe27d.zip[Installer.class] Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\BIG DAVE\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-241eca98-180fe27d.zip[NewSecurityClassLoader.class] Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\BIG DAVE\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-241eca98-180fe27d.zip[NewURLClassLoader.class] Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\BIG DAVE\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv557.jar-6ac1efcd-5dc6dcab.zip[Matrix.class] Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\BIG DAVE\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv557.jar-6ac1efcd-5dc6dcab.zip[Counter.class] Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\BIG DAVE\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv557.jar-6ac1efcd-5dc6dcab.zip[Dummy.class] Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\BIG DAVE\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv557.jar-6ac1efcd-5dc6dcab.zip[Parser.class] Adware:Adware/CommAd Not disinfected C:\Documents and Settings\BIG DAVE\Local Settings\Temp\01808300\2896.tmp Adware:Adware/SpySheriff Not disinfected C:\Documents and Settings\BIG DAVE\Local Settings\Temp\jav5.tmp Possible Virus. Not disinfected C:\Documents and Settings\BIG DAVE\Local Settings\Temp\svchst.exe Hacktool:Exploit/LoadImage Not disinfected C:\Documents and Settings\BIG DAVE\Local Settings\Temporary Internet Files\Content.IE5\OZZBISTX\sex[2].ani Hacktool:Exploit/LoadImage Not disinfected C:\Documents and Settings\BIG DAVE\Local Settings\Temporary Internet Files\Content.IE5\YNVZQJCY\ifect[2].anr Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\EMZ\Desktop\SmitfraudFix\Process.exe Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\MARION\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-8b25842-57f35a99.zip[BlackBox.class] Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\MARION\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-8b25842-57f35a99.zip[VerifierBug.class] Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\MARION\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-8b25842-57f35a99.zip[Dummy.class] Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\MARION\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-8b25842-57f35a99.zip[Beyond.class] Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\MARION\Cookies\marion@atdmt[1].txt Spyware:Spyware/BetterInet Not disinfected C:\Program Files\Common Files\SearchUpgrader\system.cfg Spyware:Cookie/HotLog Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq11B.tmp Potentially unwanted tool:Application/Need2Find Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq22.tmp\bar\1.bin\N2PLUGIN.DLL Potentially unwanted tool:Application/Need2Find Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq22.tmp\bar\1.bin\NPND2FN.DLL Spyware:Cookie/Sextracker Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq9.tmp Adware:Adware/SpyAxe Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppqF.tmp\ld1E40.tmp Adware:Adware/SystemDoctor Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppqF.tmp\ld836B.tmp Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\sUBs\TSF\nircmd.exe Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:gttnt Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:gtvvw Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:gtwdk Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:guboi Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:gufqm Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:guijq Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:gujvd Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:gunak Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:gundz Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:guoci Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:gutig Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:guyjw Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:guzyq Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:gvfit Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:gvldy Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:gvmyc Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:gvqtw Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:gwhsk Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:gwojx Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:gwtht Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:gxdek Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:gxiva Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:gxwjj Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:gxxok Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:gydvn Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:gytpx Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:gyxpr Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:gzgqs Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:gzjqc Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:gzkfp Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:gzlju Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:gzlnr Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:gzofj Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:gztbg Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:gzuid Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:gzxsk Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hajeu Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:haopa Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hayzt Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hbfbv Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hbmsh Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hbpkd Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hbqda Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hbupa Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hcaqu Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hcctg Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hccuk Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hcfrh Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hcogl Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hcpdh Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hcylk Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hdknn Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hdxlr Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hebzh Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:heniq Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hesax Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hewyh Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hezpc Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hfmmb Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hfrat Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hftky Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hgags Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hgapf Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hglyo Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hgmjl Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hgtuo Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hgzgh Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hhgjo Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hhkeh Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hhowz Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hhpgz Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hhplr Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hhrkn Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hhspn Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hhtfy Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hhvdt Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hikca Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:himmc Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:himti Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hixem Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hjiwp Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hkcyv Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hkfbg Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hkohz Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hkpjk Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hkwef Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hkwlt Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hldud Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hlgua Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hlhaf Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hlvnr Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hlwys Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hlzqs Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hmcrf Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hmfvs Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hmgdw Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hmieq Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hmrwq Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hmsrl Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hnded Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hnfgs Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hnpbp Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hoifm Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:honps Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hoszm Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hotvc Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hoygy Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hphir Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hpjzm Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hpnce Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hpxuf Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hqepo Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hqiky Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hqoiz Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hqvfi Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hqvqp Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hqzxv Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hraay Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hrchl Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hrgie Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hrizp Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hrqmx Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hrugs Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hrugt Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hsfwy Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hstij Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hstqj Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hsxbk Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hsyct Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:htczj Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:htduq Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:htkbt Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:htqiw Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:htsce Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:htvyw Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hutih Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hvczd Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hvopv Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hvttv Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hwlwn Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hxfsm Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hyect Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hylfw Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hzbnz Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hzcak Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:hzqad Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:iafgk Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:iajpm Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:ibany Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:ibpgi Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:ibutj Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:ibwgf Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:icemm Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:icgnm Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:idisi Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:idmgs Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:idxlq Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:iebyv Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:iedte Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:iekzw Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:ieqtm Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:ievrq Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:iewfr Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:iexyn Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:ieyzp Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:ifadw Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:ifaxi Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:ifhva Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:ifpbw Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:ifqxn Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:ifwsi Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:ifzcs Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:igcog Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:igyyz Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:ihsqf Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:ihzkx Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:iinhy Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:iiqnk Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:iiuio Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:iizxz Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:ijccg Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:ijgom Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:ijtwo Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:ijtwp Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:ikytz Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:ilakc Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:ilvdr Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:ilvpw Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:imecl Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:imjgr Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:imuki Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:imvat Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:invgy Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:invvl Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:inywm Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:ioaoc Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:ioaua Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:ipalb Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:ipanl Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:ipbfk Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:ipfsx

02-11-2007, 09:03 AM	#17 (permalink)
pelling Registered User Join Date: Mar 2006 Location: Brighton, UK Posts: 53 OS: WinXP	Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:ipgcm Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:ippnr Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:ipsol Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:ipwtg Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:iqbvu Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:iqifw Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:iqnus Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:iqotn Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:iqylp Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:irawi Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:irfte Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:irrlw Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:isfvp Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:isgwh Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:isnzo Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:ispop Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:itdoi Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:itdpf Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:ithhi Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:itlmr Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:itmbn Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:itwaa Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:itwts Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:iudlr Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:iudnu Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:iujmr Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:iusyl Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:ivbnr Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:ivjyi Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:ivldt Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:ivplk Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:ivwcx Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:iwbeu Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:iwcks Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:iwksx Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:iwrwv Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:iwzmk Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:ixbbn Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:ixsyt Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:ixzyd Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:iyixs Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:iyjiw Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:iylvf Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:iymxu Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:iysde Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:iyydz Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:izfkp Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:izviw Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:izxqe Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:izxxs Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:japuc Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jbefh Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jbgsf Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jbgzm Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jbjhu Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jbjpe Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jbklc Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jbllz Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jbrwb Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jbzal Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jccbt Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jcccr Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jchin Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jcipx Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jcomd Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jczvp Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jdbxj Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jdcxf Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jddhf Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jdefs Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jdghc Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jdrex Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jdtma Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jdueh Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jegqj Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jeyfu Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jfrgq Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jfulp Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jfwny Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jgbpj Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jgbvf Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jgfnq Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jgibi Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jgiqw Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jgjpg Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jgrew Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jguow Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jgzvo Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jhitp Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jhjnn Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jhkwo Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jhmkb Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jhnqf Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jhpgc Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jhyge Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jiayk Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jiecc Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jigqv Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jjrdd Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jkijx Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jkjcz Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jknne Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jkvya Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jlale Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\_default.pif:jldif