Hijacked by securityuptodate.net

fattony · 28th May 2006

Hello, securityuptodate.net has hijacked my homepage. Any and all help is appreciated.

Thanks

**PeteC** · 28th May 2006

fattony - Welcome to the Board

Please download SmitfraudFix and unzip the contents to a folder on your Desktop.

Open the SmitfraudFix folder and double click on Smitfraudfix.cmd

If a Security Warning pops up hit the Run button

A command window appears > press any key to continue

On the line with the flashing cursor 'Enter your choice (1.2 ....) type 1 and press Enter

The program scans your system and when the scan has completed a Notepad window opens containing the scan report.

Select Edit from the menu bar then Select All from the dropdown menu - the text is highlighted in blue

Select Edit from the menu bar then Copy

Return to your thread here and hit Reply and right click on the white area of the message pane and select Paste from the menu which appears. The report will be pasted into your reply.

fattony · 28th May 2006

here it is

SmitFraudFix v2.49b

Scan done at 16:45:36.39, Sun 05/28/2006
Run from C:\Documents and Settings\Anthony\Desktop\folder\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\atmclk.exe FOUND !
C:\WINDOWS\system32\dcomcfg.exe FOUND !
C:\WINDOWS\system32\hp???.tmp FOUND !
C:\WINDOWS\system32\hp????.tmp FOUND !
C:\WINDOWS\system32\ld????.tmp FOUND !
C:\WINDOWS\system32\ot.ico FOUND !
C:\WINDOWS\system32\regperf.exe FOUND !
C:\WINDOWS\system32\simpole.tlb FOUND !
C:\WINDOWS\system32\stdole3.tlb FOUND !
C:\WINDOWS\system32\ts.ico FOUND !
C:\WINDOWS\system32\wfkduei.dll FOUND !
C:\WINDOWS\system32\1024\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Anthony\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\anthony\FAVORI~1

C:\DOCUME~1\anthony\FAVORI~1\Antivirus Test Online.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\Security Toolbar\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Share dTaskScheduler]
"{0c7416f0-dd23-420f-97f5-aae352ea2bf1}"="glochid"

[HKEY_CLASSES_ROOT\CLSID\{0c7416f0-dd23-420f-97f5-aae352ea2bf1}\InProcServer32]
@="C:\WINDOWS\system32\wfkduei.dll"

[HKEY_CURRENT_USER\Software\Classes\CLSID\{0c7416f0-dd23-420f-97f5-aae352ea2bf1}\InProcServer32]
@="C:\WINDOWS\system32\wfkduei.dll"

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

**PeteC** · 28th May 2006

The next step ....

Please download HijackThis through Quicklinks in my signature and save it to a folder on your hard drive, say C:\HJT - not to the Desktop or a temporary location. When entries are fixed with HJT a backup is made to the folder from which HJT is run and this must be in a permanent location.

You may like to print out these instructions as you will be unable to connect to the Internet to read them while in Safe Mode.

Boot into Safe Mode and log onto your usual account.

Quote:

To use the F8 key to start Windows XP in Safe mode
Restart the computer.
Some computers have a progress bar that refers to the word BIOS. Others may not let you know what is happening.
As soon as the BIOS loads, begin tapping the F8 key on your keyboard. Do so until the Windows Advanced Options menu appears.
If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. If this happens, restart the computer and try again.
Using the arrow keys on the keyboard, select Safe mode and then press Enter.

In Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd

Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process. A text file will appear onscreen, with results from the cleaning process - a copy of this file is saved as C:\rapport.txt.

Stay in or reboot to Safe Mode and open the HJT folder and double click on hijackthis.exe. When the program opens select Scan and save a logfile - this will be saved in the folder from which you ran HJT.

Reboot into Normal Mode and post the contents of the SmitfraudFix log located at C:\rapport.txt and the HJT log into this thread.

fattony · 28th May 2006

Thanks for the quick replies.

Unfortunatly I'm having a problem with starting up in safe mode. After logging into my account I come to a black screen with "Safe Mode" labeled in white in each corner of the screen, and "Windows XP (bunch of numbers and stuff" on the very top of the screen. While at this screen there doesnt appear to be anything to click on, besides a window that pops up in hte middle of the screen very briefly asking me to answer yes or no. I can't read this popup fast enough to know the correct answer, so I'm left with nothing to do but hit the power button on my computer.

**PeteC** · 29th May 2006

The pop up screen should stay there until you click Yes or No - a problem there. The question on the pop up is along the lines of ' To run in Safe Mde click Yes or to run System Restore click No.

As soon as you see the pop up hit the Enter key - hopefully that will get you into Safe Mode.

If you can't get into Safe Mode run SmitfraudFix, etc in normal mode and we'll see how things pan out.

fattony · 29th May 2006

I was unable to get into safe mode, so i did it in normal mode. Here it is...

Logfile of HijackThis v1.99.1
Scan saved at 6:23:33 PM, on 5/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\CACHEM~1\CachemanXP.exe
C:\Program Files\Ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\notepad.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\MicrosoftAntiSpyware\gcasServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\MicrosoftAntiSpyware\gcasDtServ.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Anthony\Desktop\folder\HijackThis.exe

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {1F499D48-ECE7-D492-016F-B8A978A5D02A} - C:\WINDOWS\system32\netow.dll (file missing)
O2 - BHO: InfoDocReader Object - {295BA105-3506-4D25-B0DD-54346320BDC5} - C:\WINDOWS\system32\awvvw.dll
O2 - BHO: (no name) - {39497903-FC95-F850-8965-3C13F3D7274A} - C:\WINDOWS\system32\wincj.dll (file missing)
O2 - BHO: Class - {3D9AD4EE-16C6-72F9-85E6-92DA8D18F8D0} - C:\WINDOWS\system32\javaxt32.dll (file missing)
O2 - BHO: Class - {5180E740-7C37-6551-4A6A-64CDA5B4D81B} - C:\WINDOWS\system32\sdkmv.dll (file missing)
O2 - BHO: Class - {6B100404-4F9A-E142-E0A7-930DC8A6A6C8} - C:\WINDOWS\system32\javabv.dll (file missing)
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: Class - {8180A8D4-06ED-349E-1259-67BB545C5A93} - C:\WINDOWS\system32\addro.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Class - {BFBFA424-9910-08B0-2FBF-CC5180D847C2} - C:\WINDOWS\system32\sysrz.dll (file missing)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [MPSExe] C:\Program Files\McAfee.com\MPS\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [Messenger Plus] "C:\Program Files\AIM\Messenger Plus\messplus.exe" -silent
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [2A.tmp] C:\DOCUME~1\Anthony\LOCALS~1\Temp\2A.tmp.exe 5 10001
O4 - HKLM\..\Run: [e] C:\documents and settings\anthony\local settings\temp\e.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\MicrosoftAntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [6E.tmp] C:\DOCUME~1\Anthony\LOCALS~1\Temp\6E.tmp.exe 3 10001
O4 - HKLM\..\Run: [60.tmp] C:\DOCUME~1\Anthony\LOCALS~1\Temp\60.tmp.exe 2 10001
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [ares lite] "C:\Program Files\Ares Lite Edition\AresLite.exe" -h
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [NetGuard] "C:\Program Files\FBM Software\ZeroSpyware 2004\NetGuard.exe" -STARTUP
O4 - HKCU\..\Run: [Jzje] C:\WINDOWS\System32\m?hta.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Aida] C:\Program Files\rdso\eetu.exe
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{6597EF90-6185-4F49-BC20-459D857D523C}: NameServer = 68.237.161.12 71.250.0.12
O20 - Winlogon Notify: awvvw - C:\WINDOWS\system32\awvvw.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: CachemanXP (CachemanXPService) - OuterTechnologies - C:\PROGRA~1\CACHEM~1\CachemanXP.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\Ewido\security suite\ewidoctrl.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

SmitFraudFix v2.49b

Scan done at 18:16:01.65, Sun 05/28/2006
Run from C:\Documents and Settings\Anthony\Desktop\folder\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Share dTaskScheduler]
"{0c7416f0-dd23-420f-97f5-aae352ea2bf1}"="glochid"

[HKEY_CLASSES_ROOT\CLSID\{0c7416f0-dd23-420f-97f5-aae352ea2bf1}\InProcServer32]
@="C:\WINDOWS\system32\wfkduei.dll"

[HKEY_CURRENT_USER\Software\Classes\CLSID\{0c7416f0-dd23-420f-97f5-aae352ea2bf1}\InProcServer32]
@="C:\WINDOWS\system32\wfkduei.dll"

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

Problem while deleting C:\WINDOWS\system32\atmclk.exe
Problem while deleting C:\WINDOWS\system32\dcomcfg.exe
Problem while deleting C:\WINDOWS\system32\hp???.tmp
Problem while deleting C:\WINDOWS\system32\hp????.tmp
Problem while deleting C:\WINDOWS\system32\ld????.tmp
C:\WINDOWS\system32\ot.ico Deleted
Problem while deleting C:\WINDOWS\system32\regperf.exe
C:\WINDOWS\system32\simpole.tlb Deleted
Problem while deleting C:\WINDOWS\system32\stdole3.tlb
C:\WINDOWS\system32\ts.ico Deleted
C:\WINDOWS\system32\wfkduei.dll Deleted
C:\WINDOWS\system32\1024\ Deleted
C:\DOCUME~1\anthony\FAVORI~1\Antivirus Test Online.url Deleted
C:\Program Files\Security Toolbar\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

C:\WINDOWS\system32\wfkduei.dll -> Missing File

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Reboot

C:\WINDOWS\system32\atmclk.exe Deleted
C:\WINDOWS\system32\dcomcfg.exe Deleted
C:\WINDOWS\system32\hp???.tmp Deleted
C:\WINDOWS\system32\ld????.tmp Deleted
C:\WINDOWS\system32\stdole3.tlb Deleted

»»»»»»»»»»»»»»»»»»»»»»»» End

**PeteC** · 29th May 2006

OK - SmitfraudFix seems to have worked eventually in normal mode.

I specifically asked you to ....

Quote:

Please download HijackThis through Quicklinks in my signature and save it to a folder on your hard drive, say C:\HJT - not to the Desktop or a temporary location. When entries are fixed with HJT a backup is made to the folder from which HJT is run and this must be in a permanent location.

You ran HJT from....

C:\Documents and Settings\Anthony\Desktop\folder\HijackThis.exe

Please move hijackthis.exe to a folder on your hard drive as originally requested. Close all windows and scan again and place a check mark against these entries and hit Fix selected ....

O2 - BHO: Class - {1F499D48-ECE7-D492-016F-B8A978A5D02A} - C:\WINDOWS\system32\netow.dll (file missing)
O2 - BHO: InfoDocReader Object - {295BA105-3506-4D25-B0DD-54346320BDC5} - C:\WINDOWS\system32\awvvw.dll
O2 - BHO: (no name) - {39497903-FC95-F850-8965-3C13F3D7274A} - C:\WINDOWS\system32\wincj.dll (file missing)
O2 - BHO: Class - {3D9AD4EE-16C6-72F9-85E6-92DA8D18F8D0} - C:\WINDOWS\system32\javaxt32.dll (file missing)
O2 - BHO: Class - {5180E740-7C37-6551-4A6A-64CDA5B4D81B} - C:\WINDOWS\system32\sdkmv.dll (file missing)
O2 - BHO: Class - {6B100404-4F9A-E142-E0A7-930DC8A6A6C8} - C:\WINDOWS\system32\javabv.dll (file missing)
O2 - BHO: Class - {8180A8D4-06ED-349E-1259-67BB545C5A93} - C:\WINDOWS\system32\addro.dll (file missing)
O2 - BHO: Class - {BFBFA424-9910-08B0-2FBF-CC5180D847C2} - C:\WINDOWS\system32\sysrz.dll (file missing)
O4 - HKLM\..\Run: [2A.tmp] C:\DOCUME~1\Anthony\LOCALS~1\Temp\2A.tmp.exe 5 10001
O4 - HKLM\..\Run: [e] C:\documents and settings\anthony\local settings\temp\e.exe
O4 - HKLM\..\Run: [6E.tmp] C:\DOCUME~1\Anthony\LOCALS~1\Temp\6E.tmp.exe 3 10001
O4 - HKLM\..\Run: [60.tmp] C:\DOCUME~1\Anthony\LOCALS~1\Temp\60.tmp.exe 2 10001
O4 - HKCU\..\Run: [Jzje] C:\WINDOWS\System32\m?hta.exe
O4 - HKCU\..\Run: [Aida] C:\Program Files\rdso\eetu.exe
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O20 - Winlogon Notify: awvvw - C:\WINDOWS\system32\awvvw.dll

Close HJT

Looking through your log your computer is heavily infected with a number of trojans - fixing the above in normal mode may not be enough.

Please download the trial version of Ewido. When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".

Run Ewido - this would normally be run in Safe Mode too.

Click on the Scanner button in the left menu, then click on Complete System Scan. This scan can take quite a while to run.
If Ewido finds anything, it will pop up a notification. Please select "clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.
When the scan finishes, click on "Save Report". This will create a text file. Make sure you know where to find this file again.

Post the HJT log and the Ewido report here - I'll look at it in the morning - rather later today as it is past midnight here.

fattony · 29th May 2006

Very sorry for my mistake earlier, you have been amazing help. Here are the 2 logs.

I can see that they are very long, so before you go reading them id like to tell you that my homepage is no longer hijacked, thank you very much for the help !!

Logfile of HijackThis v1.99.1
Scan saved at 7:47:58 PM, on 5/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\CACHEM~1\CachemanXP.exe
C:\Program Files\Ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\MicrosoftAntiSpyware\gcasServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\MicrosoftAntiSpyware\gcasDtServ.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\hijackthis\HijackThis.exe

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {1F499D48-ECE7-D492-016F-B8A978A5D02A} - C:\WINDOWS\system32\netow.dll (file missing)
O2 - BHO: InfoDocReader Object - {295BA105-3506-4D25-B0DD-54346320BDC5} - C:\WINDOWS\system32\awvvw.dll
O2 - BHO: (no name) - {39497903-FC95-F850-8965-3C13F3D7274A} - C:\WINDOWS\system32\wincj.dll (file missing)
O2 - BHO: Class - {3D9AD4EE-16C6-72F9-85E6-92DA8D18F8D0} - C:\WINDOWS\system32\javaxt32.dll (file missing)
O2 - BHO: Class - {5180E740-7C37-6551-4A6A-64CDA5B4D81B} - C:\WINDOWS\system32\sdkmv.dll (file missing)
O2 - BHO: Class - {6B100404-4F9A-E142-E0A7-930DC8A6A6C8} - C:\WINDOWS\system32\javabv.dll (file missing)
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: Class - {8180A8D4-06ED-349E-1259-67BB545C5A93} - C:\WINDOWS\system32\addro.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Class - {BFBFA424-9910-08B0-2FBF-CC5180D847C2} - C:\WINDOWS\system32\sysrz.dll (file missing)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [MPSExe] C:\Program Files\McAfee.com\MPS\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [Messenger Plus] "C:\Program Files\AIM\Messenger Plus\messplus.exe" -silent
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [2A.tmp] C:\DOCUME~1\Anthony\LOCALS~1\Temp\2A.tmp.exe 5 10001
O4 - HKLM\..\Run: [e] C:\documents and settings\anthony\local settings\temp\e.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\MicrosoftAntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [6E.tmp] C:\DOCUME~1\Anthony\LOCALS~1\Temp\6E.tmp.exe 3 10001
O4 - HKLM\..\Run: [60.tmp] C:\DOCUME~1\Anthony\LOCALS~1\Temp\60.tmp.exe 2 10001
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [ares lite] "C:\Program Files\Ares Lite Edition\AresLite.exe" -h
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [NetGuard] "C:\Program Files\FBM Software\ZeroSpyware 2004\NetGuard.exe" -STARTUP
O4 - HKCU\..\Run: [Jzje] C:\WINDOWS\System32\m?hta.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Aida] C:\Program Files\rdso\eetu.exe
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{6597EF90-6185-4F49-BC20-459D857D523C}: NameServer = 68.237.161.12 71.250.0.12
O20 - Winlogon Notify: awvvw - C:\WINDOWS\system32\awvvw.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: CachemanXP (CachemanXPService) - OuterTechnologies - C:\PROGRA~1\CACHEM~1\CachemanXP.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\Ewido\security suite\ewidoctrl.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

fattony · 29th May 2006

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 8:38:19 PM, 5/28/2006
+ Report-Checksum: 5DDDCDD6

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{007430E2-88D1-986B-566D-510B4B345BB4} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{007F3E5D-5957-E86E-8681-82EE2B1C5E7F} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{10124E2B-C235-B52C-4D84-90AC202AEAC7} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{10E343CF-6DF9-DFA8-1DE9-5DB0FBFA7458} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{11BA77F1-683B-FBF7-B61E-4821BC229D98} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{15EAF32F-E910-66D5-9145-A0FEDA5A8A51} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{166CDEFE-E88F-C410-5454-34602088172B} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1A8E8BF9-BC1C-41DD-5D9A-CEB7C14ABF94} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1B05716B-5FEA-54F5-0792-D4CE74369E8C} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1DCBFC66-4990-8A75-0B4D-74D7B850CC29} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1EB7F227-90B7-4538-37FD-ABD78516A5E3} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1F6B2AC9-8A18-97CC-C47B-CBBFB1EDBEF1} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{24C595AC-D914-BDA8-E0FE-1EC427E42B62} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{26EB855E-8020-394A-64FD-DB123824DB35} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{28830D9D-C872-8711-312D-AEA897FED29D} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2B2C0C44-9ED6-FEE0-320E-C3E92FC4F83F} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2EB4A458-A78A-FCDF-E8F5-8BB600C13EB8} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{315397E1-2F75-F176-4C18-ED9C483D3FF6} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{341B9E07-E631-08E1-BFE1-8EB9CB6DEC1A} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{35E2DD81-DA67-27CB-1169-9B2A5ABA388C} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3A1BDA7E-F499-48DE-E72D-92C016F9B8A9} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3C2B1AB6-73A2-2E68-E72B-1E8A67630D87} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3E92881C-5DEB-061D-127B-BAA4818F8349} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4005C68E-E6A6-3DC8-CE42-5C3DFA9ACA22} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{48522E44-2657-63AA-D1A5-88BD8F6F6BCB} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4A91B99F-D4CA-0C93-F3F2-1D4062632089} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4CAE5648-9935-C399-E8EE-E4C73A22884B} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4CF3F22B-5DA9-5DE0-5DEB-EE4100912572} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4EAAF6E2-F1CB-E7F1-EBAA-50DD78D3DCEB} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{538C9747-0E51-EDFD-1165-2CF2779ED78D} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{53963AD0-3478-1169-2370-10B4A6915370} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{568F19C5-53C8-85F1-FD40-5AC40D3DE0DA} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{5C19DA3A-627A-8F16-BA65-30D8566CB9E4} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{5C6B1178-B2A9-5AF4-A37F-F0397235BA97} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{603960DA-2A41-E212-F1A7-5E1DBE5E69D6} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6B056572-4FA8-611D-FBCD-36A51147E60D} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6BA6773B-A8AF-70D0-7147-7C6CE7CCFF4C} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{766F760C-5675-AA3E-633B-824CDA669540} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7C07EAE4-1BB8-4EB9-CF24-3BC8A5E89540} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7F0FD938-6921-7913-8F78-2E42633C1214} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8010E625-1DE0-49D3-B80B-55DBD56529E6} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{884E6B25-AD0F-BCD3-7EE3-FDF787A03978} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8D01516E-7DBC-FE91-591F-153D2B538EB3} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{93237320-F47B-455F-F77E-8BA6B320335A} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{99F991F4-B99D-9CF6-C0E1-008449A5E64C} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9A8FA81A-5DB1-391E-A47A-E2064E5B330E} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A010C180-853B-BE16-1DD3-344A479E1151} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A0D6035B-399F-77CC-3D27-652A6827CD9A} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A16CC660-152B-F183-766B-5D9B5621E906} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A19B27CF-5741-F8BA-D784-95739AD24FF8} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A81B07C1-A593-05C3-6C89-99E2C869B7B2} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{AAF6BD55-8AE9-15D5-7597-D5FECCFDF542} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{AE64FECC-BA9A-DD4F-3ADE-BE214507C2A4} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B0375CCF-9532-2B4F-8D3C-3766EF4FFA65} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B3770AC3-0147-2627-0720-789FE7DA486D} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B4A50848-307B-3898-1084-E41C9683A0F3} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B4B127D9-941C-DF50-6E09-19E9881B830A} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BA72B260-086C-8201-41C8-0314544BE181} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BD7AC764-39AD-B491-94D2-499FBED9C3C7} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C0ABA3B1-1D31-5501-C7B5-68D02849D3DC} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C3C7FD25-8011-C8E8-25B7-34DF607095C5} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C8BBF9F2-5F1D-686C-B265-A0082E15F49B} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C992AA3D-FB1D-7FD2-64CB-F767941BB231} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{CAD07FE9-6CBE-706E-AD3F-ABD30C3C2C92} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{CB4B2853-3459-B406-A3EB-9B86CEC2FC98} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{CE5A87FA-D18B-3151-897D-CFBA65E341E0} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D248E877-9147-B61A-9906-B49B9375DB01} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D2B31767-67AD-58DF-BE2B-18A14AC62F9C} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D568270B-05A0-5431-80D7-D046559307AC} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{DC5AC739-3DE1-DC4E-F480-C18D4DACA3AD} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{DFCA6089-FC42-BEAA-AD1E-45928A767714} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E07FEBA7-DA76-CC40-6C75-197B46A15FC9} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E4570B90-7C20-E207-84C0-EE2C0DFFBD27} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E68315F1-B546-67BA-D301-A1A15F225655} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{EAB76292-5DD2-1DC9-D5FB-E69DE2ECC235} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{ED81D60C-C426-844A-2785-263DC930B5C4} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{EDFA3DC7-4FA5-9A73-3FDF-ADBF6A984C0C} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{EE04E2CE-AE7D-4540-A3C8-B3211BFFCC44} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F169FEC0-94DA-3C7E-BB25-716D4B2AC681} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F20341B7-4D4B-5B61-38C8-74F9630B49F0} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F55D073A-8824-3A16-989A-7E60E10FA31B} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F74BE206-1DFE-36CA-AD40-4E17A18DEFF4} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F76325A3-D6FC-A732-6803-E6CF46D58D22} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FE91C2E0-AC39-4A6A-04FE-D8C6B10B23F3} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-940677800-3792119592-1358940367-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1F499D48-ECE7-D492-016F-B8A978A5D02A} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-940677800-3792119592-1358940367-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{39497903-FC95-F850-8965-3C13F3D7274A} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-940677800-3792119592-1358940367-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3D9AD4EE-16C6-72F9-85E6-92DA8D18F8D0} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-940677800-3792119592-1358940367-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5180E740-7C37-6551-4A6A-64CDA5B4D81B} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-940677800-3792119592-1358940367-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6B100404-4F9A-E142-E0A7-930DC8A6A6C8} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-940677800-3792119592-1358940367-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8180A8D4-06ED-349E-1259-67BB545C5A93} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-940677800-3792119592-1358940367-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BFBFA424-9910-08B0-2FBF-CC5180D847C2} -> Adware.CoolWebSearch : Cleaned with backup
C:\bla.exe -> Downloader.Small.aaq : Cleaned with backup
C:\Documents and Settings\Anthony\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-70dda463-4c319305.class -> Trojan.ClassLoader.Dummy.d : Cleaned with backup
C:\Documents and Settings\Anthony\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\VerifierBug.class-35d9afb9-78aa8c14.class -> Not-A-Virus.Exploit.Java.Bytverify : Cleaned with backup
C:\Documents and Settings\Anthony\Cookies\anthony@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Anthony\Cookies\anthony@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\Anthony\Local Settings\Temp\Cookies\anthony@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Anthony\Local Settings\Temp\Cookies\anthony@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Anthony\Local Settings\Temp\Cookies\anthony@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Anthony\Local Settings\Temp\Cookies\anthony@com[2].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Anthony\Local Settings\Temp\Cookies\anthony@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Anthony\Local Settings\Temp\Cookies\anthony@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Anthony\Local Settings\Temp\Cookies\anthony@ysbweb[1].txt -> TrackingCookie.Ysbweb : Cleaned with backup
C:\explorer.cab/explorer.exe -> Downloader.Small.or : Error during cleaning
C:\ntdetect.hta -> Downloader.Inor.cj : Cleaned with backup
C:\Program Files\Ares\Ares.exe -> Heuristic.Win32.Backdoor.IrcBot : Cleaned with backup
C:\Program Files\Internet Explorer\ccoptufj.exe -> Downloader.Petrolin.a : Cleaned with backup
C:\Program Files\Internet Explorer\feviba.exe -> Downloader.Petrolin.b : Cleaned with backup
C:\Program Files\Internet Explorer\rxqrtuwo.exe -> Downloader.Petrolin.a : Cleaned with backup
C:\Program Files\MicrosoftAntiSpyware\Quarantine\03CD21A1-15D0-4384-B55A-F8B7D9\A829D95B-712E-417B-9F83-D20015 -> Trojan.Dialer.bi : Cleaned with backup
C:\Program Files\MicrosoftAntiSpyware\Quarantine\9DF1591E-F46E-46F5-B453-DEAEB2\44A93037-9C12-46FC-B2FA-C05AC0 -> Adware.YourSiteBar : Cleaned with backup
C:\Program Files\MicrosoftAntiSpyware\Quarantine\9DF1591E-F46E-46F5-B453-DEAEB2\4FEA024C-3340-4F3D-8921-70F197 -> Downloader.IstBar.gz : Cleaned with backup
C:\Program Files\MicrosoftAntiSpyware\Quarantine\DF36D136-E2C4-4BC4-8F1A-C52C8E\BDA2923A-46C1-4BAB-910D-0E1EA2 -> Trojan.Dialer.bi : Cleaned with backup
C:\Program Files\MicrosoftAntiSpyware\Quarantine\E653F68E-41DC-449F-AC8B-A6FC05\ED0F2C15-ED93-418E-8458-873F9C -> Trojan.Dialer.bi : Cleaned with backup
C:\Program Files\Warcraft III\warcraft3_keygen.exe -> Dropper.AphexLace.a : Cleaned with backup
C:\Program Files\Windows Media Player\wmplayer.exe.tmp -> Trojan.Small.q : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4E.tmp -> TrackingCookie.Bluestreak : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4F.tmp -> TrackingCookie.Com : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq51.tmp -> TrackingCookie.Questionmarket : Cleaned with backup
C:\WINDOWS\abwtf.dat:zdbcf -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\astjt.log:mzubh -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\BOOTSTAT.DAT:khvat -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\BOOTSTAT.DAT:knrsz -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\BOOTSTAT.DAT:xbxue -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\CLOCK.AVI:hltws -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\clxst.dat:hnvyu -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\clxst.dat:tjssl -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\Coffee Bean.bmp:aaxon -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\dahotfix.log:mytvu -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\dahotfix.log:szxba -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\dahotfix.log:vzgbl -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\DELL.BMP:hctoj -> Downloader.Small.ajr : Cleaned with backup
C:\WINDOWS\DELL.BMP:neahw -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\dhugi.log:jgiss -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\DtcInstall.log:daauw -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\DtcInstall.log:frbbj -> Downloader.Agent.jb : Cleaned with backup
C:\WINDOWS\DtcInstall.log

gdjb -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\EReg072.dat:ghnow -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\EReg072.dat:qyvxm -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\excl.bin:dplyt -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\excl.bin:ezuic -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\EXPLORER.SCF:auseh -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\FeatherTexture.bmp:ivimx -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\FeatherTexture.bmp:rhtls -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\fnsmw.dat:cutth -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\Gone Fishing.bmp:ehuts -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\gpuyv.log:ciwwo -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\gpuyv.log:txlel -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\Greenstone.bmp:dizou -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\gtyhb.dat:nwwed -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\hldoj.dat:cooph -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\hmcry.dat:aqjhb -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\hmcry.dat:yzpzq -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\ieoft.log:mcpbb -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\ispsd.dat:uqitz -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ispsd.dat:xdbty -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\jnrtp.log:nrayt -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\jqrpa.log:kbelp -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\jqrpa.log:zfzqi -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB821557.log:qrsmk -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB826959.log:sndek -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\KB839643-DirectX9.log:vrzcr -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\KB839643-DirectX9.log:ydvmp -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\KB839643-DirectX9Uninst.log:fdqaq -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\KB840374.log:aoaig -> Downloader.Agent.jb : Cleaned with backup
C:\WINDOWS\KB840374.log:ntqfd -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\KB840987.log:jfljh -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\KB841356.log:vgudr -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\KB841533.log:cxjtg -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\KB841533.log

ebnl -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\KB842773.log:jfzfl -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB842773.log:wpdrw -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\KB867282.log:dvmyy -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\KB867282.log:mipqt -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\KB871250.log:hxutn -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB871250.log

nclu -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\KB873333.log:ymtqz -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB873339.log:nuhea -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\KB873376.log:axmyh -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB873376.log:gzxnn -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB883939.log:rpybc -> Downloader.Agent.bc :

fattony · 29th May 2006

Cleaned with backup
C:\WINDOWS\KB885250.log:hrpjt -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB885835.log:aonvr -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB885835.log:gppru -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB885836.log:aeqrv -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\KB886185.log:nrotz -> Downloader.Small.ajr : Cleaned with backup
C:\WINDOWS\KB886185.log:xolxx -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB887472.log:iclnk -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB887472.log:wizmz -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB887742.log:mhlck -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\KB887742.log

usaq -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\KB887742.log:zfspe -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\KB888113.log:crbmz -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB889293-IE6SP1-20041111.235619.log:dybjr -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB890046.log:qtqks -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB890175.log:kgdia -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB890175.log:vylpt -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB890859.log:arvnt -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\KB890859.log:wjomh -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB891711.log:cwygh -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\KB893803.log:cbobi -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\KB893803.log:dphej -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB893803.log:tipvv -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\KB893803v2.log:ltggp -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB896422.log:nqjre -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB898461.log:aeqrv -> Downloader.Agent.bc :
Cleaned with backup
C:\WINDOWS\KB898461.log:dbsor -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB898461.log:ndzme -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\kowke.dat:kzbsw -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\kqnru.dat:jagls -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\mhtsp.log:vamlt -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\nlvdf.dat:devdf -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\nqxrp.dat

kwwh -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\nqxrp.dat

zlnj -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\nsreg.dat

mkne -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ntdtcsetup.log:hkvoi -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ntdtcsetup.log:qexhz -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ntoi.exe.bak:grlrl -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\ntoi.exe.bak:lmlus -> Downloader.Agent.jb : Cleaned with backup
C:\WINDOWS\nwwvi.log:mmwne -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\nwwvi.log:vgldc -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\nzvcm.log:zmzov -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\n_apunnx.dat:rkoji -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\n_bcgjfr.log:xkgji -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\n_blqosj.log:rdfcr -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\n_bojgyf.dat:nsjjv -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\n_bwnfcu.dat:gtcxx -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\n_gzixbx.log:amstt -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\n_gzixbx.log:mpoiw -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\n_hpamcb.log:rgsbr -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\n_hpepgj.dat:lgveq -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\n_hpepgj.dat:vsvkh -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\n_hrkhlx.log:qzcjd -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\n_ithzsi.dat:gtydd -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\n_koslgh.dat:aufbp -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\n_lidizh.log:cedcx -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\n_molmda.log:guiyb -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\n_molmda.log:voebs -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\n_molmda.log:ymhmd -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\n_ofisor.dat:jmkkq -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\n_qycnsh.dat:exxho -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\n_rwyuwl.log:wbbla -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\n_tgnbzc.dat:ssmtw -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\n_tgnbzc.dat:zgsnu -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\n_tgpzcu.dat:rtobl -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\n_umcdgs.dat:cuzli -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\n_umcdgs.dat:mnmdt -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\n_umcdgs.dat:mnmdt -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\n_vbiynu.dat:aiyuc -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\n_weoraf.dat:flhqe -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\n_weoraf.dat:zsoyu -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\n_ycubjk.dat:qgced -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\n_yjqccm.dat:eqrkg -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\n_yjqccm.dat

symb -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\n_yjqccm.dat:qqhon -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\n_yshdde.dat:eeqjq -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\n_yshdde.dat:tdyjq -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\n_zewdiy.log:bdqan -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\n_zgogsp.dat

sccd -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\n_zgogsp.dat:vyclm -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\n_zhuvri.dat:debtn -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\OCGEN.LOG:dfwim -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\OCGEN.LOG:usded -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\OCMSN.LOG:ebxqa -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\OCMSN.LOG:meblj -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\OCMSN.LOG:succt -> Downloader.Small.ajr : Cleaned with backup
C:\WINDOWS\OOBEACT.LOG:bvesf -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\oocfp.log:bdvhz -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\oocfp.log:fstab -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\orun32.isu:jxmut -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\orun32.isu

yxbd -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\orun32.isu:qrhmz -> Downloader.Agent.bc : Cleaned

fattony · 29th May 2006

with backup
C:\WINDOWS\orun32.isu:rjaaq -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\pjfcl.dat

auje -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\Prairie Wind.bmp:esvca -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\Prairie Wind.bmp:ibzql -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\Prairie Wind.bmp:ssata -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\prgzf.log:wsvsk -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\Q327979.log:nfqrn -> Downloader.Small.ajr : Cleaned with backup
C:\WINDOWS\Q327979.log:welyo -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\Q329048.log:huylg -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\Q329048.log:lccbh -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\Q329115.log:zrzri -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\Q329390.log:fytim -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\Q329441.log:iaawr -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\Q329441.log:qfsvf -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\Q331060.log:csckf -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\Q331060.log:evfpb -> Downloader.Agent.jb : Cleaned with backup
C:\WINDOWS\Q331953.log:gxcot -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\Q331953.log:sotln -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\Q810577.log:qafti -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\Q810577.log:ttdpo -> Downloader.Small.ajr : Cleaned with backup
C:\WINDOWS\Q810833.log:bgvgb -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\Q810833.log:mbdgf -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\Q811789.log:fkqdv -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\Q814033.log:cicld -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\Q816979.log:qmbor -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\Q816981.log:msadp -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\Q817287.log:mvipg -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\Q817472.log:zinlk -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\Q817606.log:lqwrb -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\Q817606.log:nqzwl -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\Q828026.log

nclp -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\qgned.log:xtdnl -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\qyaum.log:apthi -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\qyaum.log:kjqwg -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\qyaum.log

ptad -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\REGOPT.LOG:grjbg -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\REGOPT.LOG:zhfwd -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\River Sumida.bmp:sxxyu -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\Santa Fe Stucco.bmp:driii -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\Santa Fe Stucco.bmp:yrcpa -> Backdoor.Small.dc : Cleaned with backup
C:\WINDOWS\selbq.log:ngkls -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\sepsd.bin

liai -> Downloader.Agent.jb : Cleaned with backup
C:\WINDOWS\sessmgr.setup.log:iievf -> Downloader.Agent.jb : Cleaned with backup
C:\WINDOWS\setupapi.log.1.old:gwhmf -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\setupapi.log.1.old:lgxyo -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\setupapi.log.4.old:rmdir -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\setupapi.log.4.old:yukjj -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\SETUPERR.LOG:zmlle -> Downloader.Small.ajr : Cleaned with backup
C:\WINDOWS\Soap Bubbles.bmp:ivncf -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\Soap Bubbles.bmp:jqckw -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\Sti_Trace.log:dsmlc -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\SYSTEM32\ACLEDIT3.exe -> Adware.VB : Cleaned with backup
C:\WINDOWS\SYSTEM32\zsfiles\00020.rps -> Adware.Altnet : Cleaned with backup
C:\WINDOWS\SYSTEM32\zsfiles\00023.rps -> Adware.Altnet : Cleaned with backup
C:\WINDOWS\SYSTEM32\zsfiles\00024.rps -> Adware.Altnet : Cleaned with backup
C:\WINDOWS\SYSTEM32\zsfiles\00025.rps -> Adware.Altnet : Cleaned with backup
C:\WINDOWS\SYSTEM32\zsfiles\00044.rps -> Adware.PurityScan : Cleaned with backup
C:\WINDOWS\SYSTEM32\zsfiles\00074.rps -> Adware.EZula : Cleaned with backup
C:\WINDOWS\SYSTEM32\zsfiles\00083.rps -> Adware.EZula : Cleaned with backup
C:\WINDOWS\SYSTEM32\zsfiles\00158.rps -> Adware.EZula : Cleaned with backup
C:\WINDOWS\SYSTEM32\zsfiles\00159.rps -> Adware.PurityScan : Cleaned with backup
C:\WINDOWS\thytw.log:bxcnh -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\TSOC.LOG

tpey -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ujeak.log:nrhbp -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\vminst.log

cpvc -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\vmuninst.log:ytkum -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\vwmde.log:gdibw -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\wajhb.dat:tthiq -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\WINNT.BMP:hoiob -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\wmsetup.log:ipgnt -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\WMSysPrx.prx:qcpej -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\xqhnf.dat:fcfzf -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\xqhnf.dat:spthx -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\yovqw.dat

pnbz -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\yovqw.dat:trjgp -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\Zapotec.bmp:ehvur -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\zozyo.dat:ersjt -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\zozyo.dat:gnazf -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_delis32.ini:gylpi -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_delis32.ini:hakno -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_delis32.ini:hamqm -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_delis32.ini:hdiar -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_delis32.ini:hdijg -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_delis32.ini:hffuj -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_delis32.ini:hjyfn -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_delis32.ini:hopsi -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_delis32.ini:hopsi -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_delis32.ini:hsnyy -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_delis32.ini:hssud -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_delis32.ini:htwup -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_delis32.ini:hvlmb -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_delis32.ini:hwnmw -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_delis32.ini:hxosh -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_delis32.ini:hzpae -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_delis32.ini:iddrc -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_delis32.ini:ihbwm -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_delis32.ini:iihwt -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_delis32.ini:inlco -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_delis32.ini:inpdj -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_delis32.ini:iopnq -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_delis32.ini:itfmv -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_delis32.ini:ivmxa -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_delis32.ini:iwxbk -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_delis32.ini:ixhkc -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_delis32.ini:ixpgd -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_delis32.ini:ixyvf -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_delis32.ini:iztii -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_delis32.ini:jcvku -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_delis32.ini:jgfxe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_delis32.ini:jhifn -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_delis32.ini:jhtqi -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_delis32.ini:jiwrx -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_delis32.ini:jmyyk -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_delis32.ini:jnphf -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_delis32.ini:joczo -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_delis32.ini:jodfh -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_delis32.ini:jogqn -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_delis32.ini:jpsma -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_delis32.ini:jqiqt -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_delis32.ini:jqsea -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_delis32.ini:jriem -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_delis32.ini:jrsli -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_delis32.ini:jsagz -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_delis32.ini:jzzkv -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_delis32.ini:kchzj -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_delis32.ini:kenxc -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_delis32.ini:kgdxf -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_delis32.ini:kjqte -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_delis32.ini:kkqrc -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_delis32.ini:kleog -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_delis32.ini:kpvlc -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_delis32.ini:krxvz -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_delis32.ini:kvful -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_delis32.ini:kvlvu -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_delis32.ini:kxuee -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_delis32.ini:kyasa -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_delis32.ini:kypbe -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_delis32.ini:lbcvo -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_delis32.ini:lcgvs -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_delis32.ini:lfblf -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_delis32.ini:llohq -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_delis32.ini:lncov -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_delis32.ini:lodbu -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_delis32.ini:louax -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_delis32.ini:lpppw -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_delis32.ini:lrbln -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_delis32.ini:ltwxt -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_delis32.ini:lxfqm -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_delis32.ini:mfngm -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_delis32.ini:mfqrs -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_delis32.ini:mhrhm -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_delis32.ini:mioqa -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_delis32.ini:mipec -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_delis32.ini:mltps -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_delis32.ini:mmtpz -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_delis32.ini:mnnlb -> Downloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_delis32.ini:mqcge -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_delis32.ini:mqfkk -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_delis32.ini:mqzdx -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_delis32.ini:mrewv -> Downloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_delis32.ini:mrqeb -> Downloader.Agent.bc : Cleaned with backup

::Report End

**PeteC** · 29th May 2006

Hmm - your computer was heavily infected will all sorts of unwelcome - and uninvited guests

I was tired last night and should have asked you to run another HJT scan after running Ewido. I see from the log timings that the HJT scan you just posted was made after the HJT log was generated.

Please scan again with HJT and post a fresh log.

You might also like to read this ....

Keep your Computer free from Viruses, Trojans, Spyware and other Malware

fattony · 29th May 2006

Good morning my man Pete. Here it is

Logfile of HijackThis v1.99.1
Scan saved at 9:26:27 AM, on 5/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\CACHEM~1\CachemanXP.exe
C:\Program Files\Ewido\security suite\ewidoctrl.exe
C:\Program Files\Ewido\security suite\ewidoguard.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\MicrosoftAntiSpyware\gcasServ.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\MicrosoftAntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\hijackthis\HijackThis.exe

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: InfoDocReader Object - {295BA105-3506-4D25-B0DD-54346320BDC5} - C:\WINDOWS\system32\awvvw.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [MPSExe] C:\Program Files\McAfee.com\MPS\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [Messenger Plus] "C:\Program Files\AIM\Messenger Plus\messplus.exe" -silent
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\MicrosoftAntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [ares lite] "C:\Program Files\Ares Lite Edition\AresLite.exe" -h
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [NetGuard] "C:\Program Files\FBM Software\ZeroSpyware 2004\NetGuard.exe" -STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{6597EF90-6185-4F49-BC20-459D857D523C}: NameServer = 68.237.161.12 71.250.0.12
O20 - Winlogon Notify: awvvw - C:\WINDOWS\system32\awvvw.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: CachemanXP (CachemanXPService) - OuterTechnologies - C:\PROGRA~1\CACHEM~1\CachemanXP.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\Ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\Ewido\security suite\ewidoguard.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

**PeteC** · 29th May 2006

Mid afternoon here on a rainy Spring Bank Holiday - nothing unusual for a UK Holiday

Progress is being made - I think your main problem is that you are using peer to peer file sharing which is always hazardous. You need more protection - please read ....

Keep your Computer free from Viruses, Trojans, Spyware and other Malware

These are the unwanted entries which remain - here come the brutal approach ....

O2 - BHO: InfoDocReader Object - {295BA105-3506-4D25-B0DD-54346320BDC5} - C:\WINDOWS\system32\awvvw.dll
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O20 - Winlogon Notify: awvvw - C:\WINDOWS\system32\awvvw.dll

Please download VundoFix to your Desktop. Doubleclick on the icon and run the program.

Click on Scan for Vundo and if anything is found click on Fix Vundo.

If nothing was found please let me know.

Even if nothing was found boot into Safe Mode, scan with HJT and place a check mark against these entries and hit Fix selected ....

O2 - BHO: InfoDocReader Object - {295BA105-3506-4D25-B0DD-54346320BDC5} - C:\WINDOWS\system32\awvvw.dll
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O20 - Winlogon Notify: awvvw - C:\WINDOWS\system32\awvvw.dll

Teboot into normal mode, scan again with HJT and post a log.

In the meantime I will investigate crazywinnings.com further.