Looking-For.Home Search Assistant Browser Modifier

[Matt147]

Earlier this week Counterspy scanned this piece of spyware along with 2 others on my pc. Every time I deleted them, they would reappear in the next scan. I managed to remove the 2 "elevated risk" items, but this "severe" risk still remains. I contacted Sunbelt Software, but they said that Counterspy would not be updated to deal with this for another 2 months, and a friend suggested I contact this site. I've made a HijackThis Log and hope this will be of some help. Many thanks, Matt.

Logfile of HijackThis v1.99.1
Scan saved at 01:21:18, on 06/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\SecCopy\SecCopy.exe
C:\Program Files\Common Files\RTE\RTEGPRS.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\PROGRA~1\MI1933~1\OFFICE11\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Matthew\My Documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [pdfFactory Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Second Copy 2000] "C:\Program Files\SecCopy\SecCopy.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RTEGPRS] "C:\Program Files\Common Files\RTE\RTEGPRS.exe" tray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - Startup: E-mail.lnk = ?
O4 - Startup: MSN Messenger 7.0.lnk = C:\Program Files\MSN Messenger\msnmsgr.exe
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1125595778260
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro.dell.com/global/...r/PROFILER.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/z...ylomloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C25D70C7-BBD5-42B7-8862-E572D3144309}: NameServer = 80.225.252.58 80.225.252.50
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

[sUBs]

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted.

Please read this post completely before begining the fix. If there's anything that you do not understand, kindly ask your questions before proceeding. Please ensure that there aren't any any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.


* * * * * * ADDITIONAL DOWNLOADS * * * * * * * * * * * * * *


Download & install CleanUp.exe (not recommended for WinXP64)

Download & extract it to it's own folder - About Buster.zip.

'UNPLUG'/DISCONNECT your computer from the Internet when you have finished downlaoding.
It is IMPORTANT that you don't miss a step & perform everything in the correct order.

Please disable CounterSpy, as it may hinder the removal of some entries. You can re-enable it after you're clean.
To disable CounterSpy:

• Right Click on the CounterSpy Icon located in your system tray.
• With your mouse, hover over Active Protection Status (This should be enabled)
• A menu will slide out, then right click on Disable Active Protection

* * * * * * FIXING ENTRIES WITH HIJACKTHIS * * * * * * * * * *


Do a HijackThis scan & place a check next to these items and select "Fix checked":

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R3 - Default URLSearchHook is missing
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)


* * * * * * RESTART WINDOWS IN SAFE MODE * * * * * * * * * *


1. Restart your computer
2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3. Instead of Windows loading as normal, a menu should appear
4. Select the option to run Windows in Safe Mode.


* * * * * * PURGING TEMP FOLDERS * * * * * * * * * * * * * * *


Run Cleanup! using the following configuration:

1. Click Options...
2. Set the slider initially to Standard CleanUp!
3. Uncheck the following:

• Delete Newsgroup cache
• Delete Newsgroup Subscriptions
• Scan local drives for temporary files

4. Click OK
5. Press the CleanUp! button to start the program.
6. Do NOT reboot/logoff if prompted.

* CleanUp! will not create any backups!!


* * * * * * RUNNING ADDITIONAL SCANNERS * * * * * * * * * * *

Run About Buster and click - Begin Removal.
Locate 'Ab LogFile.txt' (... in the same folder as AboutBuster) and post it in your next reply.


* * * * * * REBOOT TO NORMAL MODE * * * * * * * * * * * * * *


Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.

• The program will then begin downloading the latest definition files.
• Once the files have been downloaded click on NEXT
• Locate the Scan Settings button & configure to:
  • Scan using the following Anti-Virus database:
    • Extended
  • Scan Options:
    • Scan Archives
    • Scan Mail Bases
• Click OK & have it scan My Computer
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

* Turn off the real time scanner of any existing antivirus program while performing the online scan


* * * * * * CHECK LIST * * * * * * * * * * * * * * * * * * * * *


In your next post, please include fresh logs from:

• HiJackThis log
• Online Scan
• About Buster

Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now

[Matt147]

I have followed your instructions, and enclose the HiJackThis Log, and the Online Scan. However I was not able to locate the Ab LogFile.txt. Hope this is of some help. Thanks, Matt.

Logfile of HijackThis v1.99.1
Scan saved at 20:31:29, on 08/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\SecCopy\SecCopy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\RTE\RTEGPRS.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Matthew\My Documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [pdfFactory Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Second Copy 2000] "C:\Program Files\SecCopy\SecCopy.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RTEGPRS] "C:\Program Files\Common Files\RTE\RTEGPRS.exe" tray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - Startup: E-mail.lnk = ?
O4 - Startup: MSN Messenger 7.0.lnk = C:\Program Files\MSN Messenger\msnmsgr.exe
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1125595778260
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro.dell.com/global/...r/PROFILER.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/z...ylomloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C25D70C7-BBD5-42B7-8862-E572D3144309}: NameServer = 80.225.252.58 80.225.252.50
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

--------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Sunday, January 08, 2006 20:24:54
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 8/01/2006
Kaspersky Anti-Virus database records: 169924
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 67320
Number of viruses found: 9
Number of infected objects: 272
Number of suspicious objects: 0
Duration of the scan process: 7873 sec

Infected Object Name - Virus Name
C:\Documents and Settings\Matthew\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive1213.jar-353c96ce-69408b8b.zip/BlackBox.class Infected: Trojan.Java.ClassLoader.ak
C:\Documents and Settings\Matthew\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive1213.jar-353c96ce-69408b8b.zip/VB.class Infected: Trojan.Java.ClassLoader.ak
C:\Documents and Settings\Matthew\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive1213.jar-353c96ce-69408b8b.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.ah
C:\Documents and Settings\Matthew\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive1213.jar-353c96ce-69408b8b.zip Infected: Trojan-Downloader.Java.OpenConnection.ah
C:\Documents and Settings\Matthew\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive1213.jar-61c76c7d-15f16422.zip/BlackBox.class Infected: Trojan.Java.ClassLoader.ak
C:\Documents and Settings\Matthew\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive1213.jar-61c76c7d-15f16422.zip/VB.class Infected: Trojan.Java.ClassLoader.ak
C:\Documents and Settings\Matthew\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive1213.jar-61c76c7d-15f16422.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.ah
C:\Documents and Settings\Matthew\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive1213.jar-61c76c7d-15f16422.zip Infected: Trojan-Downloader.Java.OpenConnection.ah
C:\Program Files\Internet Explorer\BTOW Shared Files\btwebcontrol.dll Infected: not-a-virus:Dialer.Win32.BT.c
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP258\A0082498.exe Infected: Trojan-Downloader.Win32.WinShow.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP259\A0082524.exe Infected: Trojan-Clicker.Win32.Spywad.l
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP259\A0082540.ini:xqmjli:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP260\A0082595.ini:xqmjli:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP261\A0082632.ini:xqmjli:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP262\A0082662.ini:xqmjli:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP262\A0082695.ini:xqmjli:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP262\A0082725.ini:xqmjli:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP263\A0082757.ini:xqmjli:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082780.ini:xqmjli:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082805.ini:xqmjli:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082838.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082839.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082840.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082841.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082842.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082843.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082844.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082845.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082846.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082847.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082848.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082849.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082850.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082851.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082852.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082853.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082854.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082855.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082856.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082857.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082858.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082859.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082860.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082861.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082862.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082863.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082864.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082865.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082866.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082867.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082868.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082869.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082870.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082871.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082872.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082873.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082874.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082875.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082876.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082877.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082878.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082879.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082880.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082881.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082882.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082883.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082884.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082885.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082886.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082887.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082888.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082889.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082890.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082891.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082892.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082893.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082894.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082895.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082896.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082897.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082898.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082899.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082900.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082901.dll Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082902.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082903.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082904.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082905.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082906.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082907.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082908.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082909.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082910.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082911.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082912.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082913.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082914.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082915.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082916.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082917.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082918.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082919.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082920.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082921.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082922.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082923.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082924.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082925.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082926.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082927.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082928.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082929.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082930.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082931.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082932.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082933.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082934.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082935.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082936.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082937.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082938.dll Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082939.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082940.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082941.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082942.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082943.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082944.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082945.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082946.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082947.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082948.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082949.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082950.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082951.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082952.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082953.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082954.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082955.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082956.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082957.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082958.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082959.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082960.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082961.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082962.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082963.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082964.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082966.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082967.exe Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082968.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082969.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082970.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082971.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082972.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082973.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082974.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082975.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082976.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082977.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082978.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082980.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082981.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082982.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082983.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082984.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082985.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082986.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082987.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082988.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082989.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082990.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082991.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082992.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082993.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082994.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082995.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082996.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082997.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082998.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082999.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083000.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083001.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083002.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083003.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083004.dll Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083005.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083006.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083007.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083008.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083009.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083010.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083011.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083012.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083013.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083015.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083016.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083017.dll Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083018.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083019.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083020.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083021.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083022.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083023.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083024.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083025.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083026.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083027.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083028.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083029.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083030.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083031.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083032.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083033.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083034.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083035.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083036.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083037.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083038.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083039.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083040.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083041.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083042.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083043.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083044.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083045.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083046.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083047.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083048.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083049.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083050.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083051.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083052.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083053.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083054.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083055.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083056.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083057.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083058.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083059.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083060.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083061.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083062.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083063.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083064.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083065.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083066.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083067.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083068.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083069.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083070.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083071.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083072.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083073.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083074.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083075.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083076.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083077.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083078.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083079.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083080.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083081.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083082.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083083.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083084.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083085.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083086.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083087.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083088.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083089.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083090.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\Downloaded Program Files\240044__.exe511 Infected: Trojan.Win32.Dialer.eh
C:\WINDOWS\Downloaded Program Files\240240__.exe333 Infected: Trojan.Win32.Dialer.eh

Scan process completed

[Matt147]

I have followed your instructions, and enclose the HiJackThis Log, and the Online Scan. However I was not able to locate the Ab LogFile.txt. Hope this is of some help. Thanks, Matt.

Logfile of HijackThis v1.99.1
Scan saved at 20:31:29, on 08/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\SecCopy\SecCopy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\RTE\RTEGPRS.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Matthew\My Documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [pdfFactory Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Second Copy 2000] "C:\Program Files\SecCopy\SecCopy.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RTEGPRS] "C:\Program Files\Common Files\RTE\RTEGPRS.exe" tray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - Startup: E-mail.lnk = ?
O4 - Startup: MSN Messenger 7.0.lnk = C:\Program Files\MSN Messenger\msnmsgr.exe
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1125595778260
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro.dell.com/global/...r/PROFILER.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/z...ylomloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C25D70C7-BBD5-42B7-8862-E572D3144309}: NameServer = 80.225.252.58 80.225.252.50
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

--------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Sunday, January 08, 2006 20:24:54
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 8/01/2006
Kaspersky Anti-Virus database records: 169924
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 67320
Number of viruses found: 9
Number of infected objects: 272
Number of suspicious objects: 0
Duration of the scan process: 7873 sec

Infected Object Name - Virus Name
C:\Documents and Settings\Matthew\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive1213.jar-353c96ce-69408b8b.zip/BlackBox.class Infected: Trojan.Java.ClassLoader.ak
C:\Documents and Settings\Matthew\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive1213.jar-353c96ce-69408b8b.zip/VB.class Infected: Trojan.Java.ClassLoader.ak
C:\Documents and Settings\Matthew\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive1213.jar-353c96ce-69408b8b.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.ah
C:\Documents and Settings\Matthew\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive1213.jar-353c96ce-69408b8b.zip Infected: Trojan-Downloader.Java.OpenConnection.ah
C:\Documents and Settings\Matthew\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive1213.jar-61c76c7d-15f16422.zip/BlackBox.class Infected: Trojan.Java.ClassLoader.ak
C:\Documents and Settings\Matthew\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive1213.jar-61c76c7d-15f16422.zip/VB.class Infected: Trojan.Java.ClassLoader.ak
C:\Documents and Settings\Matthew\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive1213.jar-61c76c7d-15f16422.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.ah
C:\Documents and Settings\Matthew\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive1213.jar-61c76c7d-15f16422.zip Infected: Trojan-Downloader.Java.OpenConnection.ah
C:\Program Files\Internet Explorer\BTOW Shared Files\btwebcontrol.dll Infected: not-a-virus:Dialer.Win32.BT.c
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP258\A0082498.exe Infected: Trojan-Downloader.Win32.WinShow.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP259\A0082524.exe Infected: Trojan-Clicker.Win32.Spywad.l
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP259\A0082540.ini:xqmjli:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP260\A0082595.ini:xqmjli:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP261\A0082632.ini:xqmjli:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP262\A0082662.ini:xqmjli:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP262\A0082695.ini:xqmjli:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP262\A0082725.ini:xqmjli:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP263\A0082757.ini:xqmjli:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082780.ini:xqmjli:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082805.ini:xqmjli:$DATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082838.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082839.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082840.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082841.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082842.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082843.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082844.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082845.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082846.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082847.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082848.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082849.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082850.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082851.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082852.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082853.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082854.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082855.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082856.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082857.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082858.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082859.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082860.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082861.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082862.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082863.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082864.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082865.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082866.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082867.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082868.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082869.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082870.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082871.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082872.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082873.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082874.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082875.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082876.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082877.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082878.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082879.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082880.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082881.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082882.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082883.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082884.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082885.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082886.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082887.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082888.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082889.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082890.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082891.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082892.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082893.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082894.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082895.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082896.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082897.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082898.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082899.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082900.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082901.dll Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082902.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082903.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082904.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082905.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082906.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082907.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082908.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082909.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082910.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082911.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082912.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082913.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082914.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082915.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082916.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082917.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082918.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082919.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082920.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082921.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082922.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082923.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082924.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082925.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082926.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082927.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082928.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082929.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082930.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082931.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082932.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082933.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082934.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082935.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082936.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082937.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082938.dll Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082939.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082940.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082941.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082942.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082943.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082944.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082945.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082946.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082947.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082948.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082949.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082950.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082951.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082952.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082953.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082954.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082955.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082956.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082957.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082958.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082959.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082960.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082961.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082962.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082963.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082964.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082966.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082967.exe Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082968.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082969.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082970.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082971.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082972.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082973.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082974.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082975.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082976.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082977.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082978.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082980.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082981.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082982.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082983.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082984.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082985.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082986.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082987.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082988.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082989.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082990.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082991.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082992.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082993.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082994.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082995.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082996.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082997.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082998.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0082999.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083000.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083001.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083002.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083003.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083004.dll Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083005.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083006.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083007.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083008.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083009.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083010.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083011.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083012.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083013.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083015.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083016.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083017.dll Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083018.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083019.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083020.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083021.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083022.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083023.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083024.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083025.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083026.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083027.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083028.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083029.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083030.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083031.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083032.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083033.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083034.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083035.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083036.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083037.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083038.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083039.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083040.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083041.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083042.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083043.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083044.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083045.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083046.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083047.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083048.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083049.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083050.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083051.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083052.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083053.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083054.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083055.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083056.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083057.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083058.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083059.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083060.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083061.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083062.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083063.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083064.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083065.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083066.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083067.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083068.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083069.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083070.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083071.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083072.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083073.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083074.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083075.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083076.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083077.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083078.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083079.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083080.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083081.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083082.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083083.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083084.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083085.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083086.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083087.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083088.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083089.exe Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP264\A0083090.exe Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\Downloaded Program Files\240044__.exe511 Infected: Trojan.Win32.Dialer.eh
C:\WINDOWS\Downloaded Program Files\240240__.exe333 Infected: Trojan.Win32.Dialer.eh

Scan process completed

[sUBs]

Reboot to Safe Mode


Once in Safe Mode,, Go to Start->Run and type in regsvr32 /u occache.dll and hit OK.


If you have not done so already, please enable the viewing of Hidden files
From Windows Explorer, go to Tools -> Folder Options -> View tab.

• Tick - 'Show hidden files and folder'
• Untick - 'Hide file extensions for known types'
• Untick - 'Hide protected operating system files'
• Click Yes to confirm & then click OK

Locate and delete the following files/folders: (let me know if you fail to find/delete any)

• C:\Documents and Settings\Matthew\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arc hive1213.jar-353c96ce-69408b8b.zip
  C:\Documents and Settings\Matthew\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arc hive1213.jar-61c76c7d-15f16422.zip
  C:\Program Files\Internet Explorer\BTOW Shared Files\btwebcontrol.dll
  C:\WINDOWS\Downloaded Program Files\240044__.exe511
  C:\WINDOWS\Downloaded Program Files\240240__.exe333

Go to Start->Run and type in regsvr32 occache.dll and hit OK.


This will clear the System Volume Information folder
Go to Start >> Run - type control sysdm.cpl,,4 & press Enter

• Tick on the checkbox - Turn off System Restore on all drives
• Click Apply

Turn it back 'On' by unticking the same checkbox & click OK


Post a new HJT log. Tell me if Counterspy still finds those severe risks.

[Matt147]

I went to Safe Mode, Hit Start, Run and "regsvr32 occache.dll", and I tried various combinations with spaces included, but it kept coming back with "Windows cannot find....". Any ideas? Thanks, Matt.

[sUBs]

Matt,

What was the exact error message? Have you tried copy/paste regsvr32 /u occache.dll into the run box?

If it's still giving you problems, proceed to delete the files. There would be some files you may not be able to find. Let me know which ones they are.

[Matt147]

Hello again. I tried the copy and paste and it worked ok. Located and deleted all the files mentioned. Iran a scan with Counterspy and it still found "Looking-For.Home Search Assistant Browser Modifier" as a severe threat. Don't know if this is important, but I did all this in normal mode, not safe mode. Sorry, forgot. Here is the HJT Log that was made before the Counterspy scan:

Logfile of HijackThis v1.99.1
Scan saved at 12:35:39, on 09/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\SecCopy\SecCopy.exe
C:\Program Files\Common Files\RTE\RTEGPRS.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\PROGRA~1\MI1933~1\OFFICE11\OUTLOOK.EXE
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Matthew\My Documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [pdfFactory Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Second Copy 2000] "C:\Program Files\SecCopy\SecCopy.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RTEGPRS] "C:\Program Files\Common Files\RTE\RTEGPRS.exe" tray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - Startup: E-mail.lnk = ?
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1125595778260
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro.dell.com/global/...r/PROFILER.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/z...ylomloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C25D70C7-BBD5-42B7-8862-E572D3144309}: NameServer = 80.225.252.58 80.225.252.50
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

Thanks once more (hope I'm not being a pain)

[sUBs]

Quote:

ran a scan with Counterspy and it still found "Looking-For.Home Search Assistant Browser Modifier" as a severe threat.

Please show me the exact message as displayed by Counterspy

In the meanwhile, please disable CounterSpy before fixing these entries:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"

Kindly post a new HJT log after that

[Matt147]

Counterspy says it finds the fault in 4 locations.The exact message displayed by Counterspy is as follows:

Looking-For.Home Search Assistant

Type: Browser Modifier

Description: Home Search Assistant is an Internet Explorer browser helper object that was recently identified by the SpyNet community; research is currently under way to further identify its risks.

Advice: This is a very high risk threat and should be removed immediately as to prevent harm to your computer or your privacy.

Registry Keys:
HKEY_LOCAL_MACHINE/SYSTEM/ControlSet001/Enum/Root/LEGACY__11F*00DF*00E4*0006#*0
HKEY_LOCAL_MACHINE/SYSTEM/ControlSet001/Enum/Root/LEGACY__11F*00DF*00E4*0006#*0
HKEY_LOCAL_MACHINE/SYSTEM/ControlSet001/Enum/Root/LEGACY__11F*00DF*00E4*0006#*0
HKEY_LOCAL_MACHINE/SYSTEM/ControlSet001/Enum/Root/LEGACY__11F*00DF*00E4*0006#*0

It recommends that I quarantine it, but it always turns up in the next scan. Even when I delete it, it still turns up in quarantine, and then again in the next scan.

Here is the HJT log you requested:

Logfile of HijackThis v1.99.1
Scan saved at 18:22:01, on 09/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\SecCopy\SecCopy.exe
C:\Program Files\Common Files\RTE\RTEGPRS.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\PROGRA~1\MI1933~1\OFFICE11\OUTLOOK.EXE
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\CounterSpy.exe
C:\Documents and Settings\Matthew\My Documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [pdfFactory Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Second Copy 2000] "C:\Program Files\SecCopy\SecCopy.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RTEGPRS] "C:\Program Files\Common Files\RTE\RTEGPRS.exe" tray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - Startup: E-mail.lnk = ?
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1125595778260
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro.dell.com/global/...r/PROFILER.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/z...ylomloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C25D70C7-BBD5-42B7-8862-E572D3144309}: NameServer = 80.225.252.58 80.225.252.50
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

Thanks again, Matt.

[sUBs]

Matt,

CounterSpy must be mistaken. Those entries are indeed Home Search entries but they should no longer be existing in your machine. If the exist, it will show up in the HJT log, which it doesn't. About Buster would have fixed it when we ran it earlier.

No matter what...let's take a walk into the Registry. If we find it in there, we'll take it out via manual reg editing.

Go to Start>Run - type REGEDIT

1. Navigate to each of these keys -
   
   Quote:

   HKEY_LOCAL_MACHINE/SYSTEM/ControlSet001/Enum/Root/LEGACY__11F*00DF*00E4*0006#*0
   
   HKEY_LOCAL_MACHINE/SYSTEM/ControlSet001/Enum/Root/LEGACY__11F*00DF*00E4*0006#*0
   
   HKEY_LOCAL_MACHINE/SYSTEM/ControlSet001/Enum/Root/LEGACY__11F*00DF*00E4*0006#*0
   
   HKEY_LOCAL_MACHINE/SYSTEM/ControlSet001/Enum/Root/LEGACY__11F*00DF*00E4*0006#*0

2. Right click & delete the key (only keys listed in RED need to be deleted)
3. Close the Registry Editor when you've finished

If any of the above registry keys are giving you problems deleting, right click on them and click on Permissions. Then click on the Advanced button. Make sure the first box (Inherit from parent...) is checked. Click OK and OK. Then try deleting the entry again. Once you're done, close the Registry Editor.

Please let me know your findings.

[Matt147]

Could not find the keys quoted by Counterspy, the closest was this:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I

Looks the same till the last part.

[sUBs]

Fix that.

[Matt147]

Attempting to delete LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I, it says "Are you sure you want to delete thi key and all of its subkeys", I click YES, and it says "Cannot delete LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I: Error while deleting key."

[sUBs]

Did you do this?

Quote:

If any of the above registry keys are giving you problems deleting, right click on them and click on Permissions. Then click on the Advanced button. Make sure the first box (Inherit from parent...) is checked. Click OK and OK. Then try deleting the entry again. Once you're done, close the Registry Editor.

[Matt147]

Yes, and the same thing happens. After the first OK there are boxes to Allow or Deny Full Control for Everyone. Do I need to Apply that?

[sUBs]

We'll have to use another tool then
Please download, install & launch reglite

Using Reglite, navigate to the key in question:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\ LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I

From the right pane, select - LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I
Right click & select Properties.
From the Key properties page, click the "Take Ownership" button & exit the page
Then right click & try deleting the key

[Matt147]

I downloaded, installed & launched reglite.

The key:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\ LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I

appears in the left pane in the 4th position under Root, but it does not appear at all in the right pane.

[sUBs]

Sorry about that..left pane it is..

[Matt147]

I tried that but the Take Ownership button isn't highlighted, neither are the other 2 buttons. I tried to delete the key in the left pane and it says "Access Denied".