Tried Everything Still Hijacked...plz Help (StartPage-DU.dll)

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Seaner

Thread Starter
Joined
Sep 8, 2003
Messages
56
Hi, I have "StartPage-DU.dll" virus causing all sorts of BHO issues and IE6 shutting down with "blank" homepage. I've run my Macaffee, they say they can't help because it is spyware related. I've run Virus scan in safemode, Adaware 6, Spybot, MS Spyware, and Spyware Blaster also in safe mode and regular and with Restore turned off, nothing has worked. Virusscan keeps popping up in the lower right corner saying "The file C:windows\xxxx.dll was infected by Startpage-du.dll trojan and has been deleted....but it hasn't it keeps popping up with a different infected .dll every couple of minutes....I'm using Firefox for now. I'm pasting in a Hijackthis log...please help me. I also ran CWSshredder and this log is after all that. Also, I can't get IE to open, it gets immediately shut down, please keep this in mind for your support suggestions as I cant get to websites that don't support Firefox (IE trendmicro)

Thanks in advance!!

Logfile of HijackThis v1.99.1
Scan saved at 11:23:58 PM, on 7/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\netdg32.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Sean Pitts.SEANPITTS.000\Desktop\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\dmnox.dll/sp.html#14044
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\dmnox.dll/sp.html#14044
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\dmnox.dll/sp.html#14044
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\dmnox.dll/sp.html#14044
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\dmnox.dll/sp.html#14044
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\dmnox.dll/sp.html#14044
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\dmnox.dll/sp.html#14044
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {13B8F199-A963-2933-DD22-E4C591B9A819} - C:\WINDOWS\system32\netww32.dll
O2 - BHO: Class - {2B877C0A-9AA5-A75B-5F21-A1984B658EB9} - C:\WINDOWS\system32\sysgu.dll
O2 - BHO: Class - {2CE88230-1C35-89B5-88A0-B07ACA0B401D} - C:\WINDOWS\system32\ntkn.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Class - {E3C75ADD-28CA-1552-C53A-CB5117FD483C} - C:\WINDOWS\winda.dll
O2 - BHO: Class - {EAA00845-B10D-A53B-8771-FBD4916BCE85} - C:\WINDOWS\system32\cric32.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [netdg32.exe] C:\WINDOWS\netdg32.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunOnce: [iplq.exe] C:\WINDOWS\system32\iplq.exe
O4 - HKLM\..\RunOnce: [appuf.exe] C:\WINDOWS\system32\appuf.exe
O4 - HKLM\..\RunOnce: [javaow.exe] C:\WINDOWS\javaow.exe
O4 - HKLM\..\RunOnce: [appii.exe] C:\WINDOWS\appii.exe
O4 - HKLM\..\RunOnce: [javalr32.exe] C:\WINDOWS\system32\javalr32.exe
O4 - HKLM\..\RunOnce: [sdkob.exe] C:\WINDOWS\sdkob.exe
O4 - HKLM\..\RunOnce: [sdkmz32.exe] C:\WINDOWS\sdkmz32.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [msqs.exe] C:\WINDOWS\msqs.exe
O4 - HKLM\..\RunOnce: [ipvu32.exe] C:\WINDOWS\system32\ipvu32.exe
O4 - HKLM\..\RunOnce: [javaxr32.exe] C:\WINDOWS\system32\javaxr32.exe
O4 - HKLM\..\RunOnce: [mfcdl.exe] C:\WINDOWS\mfcdl.exe
O4 - HKLM\..\RunOnce: [apiqi32.exe] C:\WINDOWS\apiqi32.exe
O4 - HKLM\..\RunOnce: [winwk32.exe] C:\WINDOWS\winwk32.exe
O4 - HKLM\..\RunOnce: [netrw32.exe] C:\WINDOWS\netrw32.exe
O4 - HKLM\..\RunOnce: [addeq.exe] C:\WINDOWS\addeq.exe
O4 - HKLM\..\RunOnce: [ntfy.exe] C:\WINDOWS\ntfy.exe
O4 - HKLM\..\RunOnce: [appst32.exe] C:\WINDOWS\appst32.exe
O4 - HKLM\..\RunOnce: [iput32.exe] C:\WINDOWS\system32\iput32.exe
O4 - HKLM\..\RunOnce: [apphn32.exe] C:\WINDOWS\apphn32.exe
O4 - HKLM\..\RunOnce: [iegb.exe] C:\WINDOWS\system32\iegb.exe
O4 - HKLM\..\RunOnce: [apims.exe] C:\WINDOWS\system32\apims.exe
O4 - HKLM\..\RunOnce: [sysru32.exe] C:\WINDOWS\system32\sysru32.exe
O4 - HKLM\..\RunOnce: [addlf32.exe] C:\WINDOWS\addlf32.exe
O4 - HKLM\..\RunOnce: [crpj32.exe] C:\WINDOWS\crpj32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: PC Alert 4.lnk = D:\Program Files\MSI\PC Alert 4\PCAlert4.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.line6.net
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15014/CTSUEng.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1093986143222
O16 - DPF: {D1ACD2D8-7312-4D06-BECD-90EB094D2277} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15014/CTPID.cab
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Groove Games Licensing Service - Groove Games - C:\Program Files\Common Files\Groove Games Shared\Service\ggameslicsvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

:(
 
Joined
Nov 18, 2004
Messages
747
Hi Seaner,

You may want to print out these instructions or save them to your desktop as a text file with Notepad because we will be restarting into Safe Mode later on in the fix and you might not be able to access the Internet.
  1. Prepare CWShredder for use:
    • Download CWShredder.
    • Save CWShredder.exe to a convenient location.
    • Please do not do anything with it yet.
  2. Prepare cwsserviceremove.reg for use:
  3. Prepare AboutBuster for use:
    • Download AboutBuster.
    • Unzip the contents of AboutBuster.zip and an AboutBuster directory will be created.
    • Navigate to the AboutBuster directory and double-click on AboutBuster.exe.
    • Click "OK" at the prompt with instructions.
    • Click "Update" and then "Check For Update" to begin the update process.
    • If any updates exist please download them by clicking "Download Update".
    • You should not run the program yet so click "Exit".
Boot into Safe Mode:
Restart your computer and immediately begin tapping the F8 key on your keyboard.
If done right a Windows Advanced Options menu will appear. Select the Safe Mode option and press Enter.
To return to normal mode just restart your computer as you normally would.
  1. Run CWShredder:
    • Double-click on CWShredder.exe.
    • Click "Fix ->" and click "OK" at the prompt.
    • CWShredder will scan and clean your system of CWS files.
    • Click "Next->" and then "Exit".
  2. Run AboutBuster and save the logs:
    • Browse to where you saved AboutBuster and run AboutBuster.exe.
    • Click "OK" at the directions Read: Important! prompt.
    • Click "Start" and then "OK" to allow AboutBuster to scan for Alternate Data Streams.
    • Click "Yes" at the About:Buster prompt to allow it to shutdown explorer.exe.
    • Please wait while AboutBuster scans your computer for malicious files. If it asks if you would like to do a second pass, allow it to do so.
    • When it has finished, click "Save Log...". Make sure you save it as I will need a copy of it.
    • Click "Exit" and "Exit" again to exit AboutBuster.
  3. Remove the offending service:
    • Double-click the cwsserviceremove.reg file you downloaded at the beginning.
    • Answer Yes when prompted to add the contents to the registry.
  4. Clean out temporary files:
    • Start | Run | type cleanmgr | OK
    • Let it scan your system for files to remove.
    • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
    • Click "OK" to remove them.
    • Click "Yes" to confirm the deletion.
  5. Restart your computer normally to return to normal mode.
  6. Free TrendMicro Housecall scan:
    • Vist the TrendMicro Housecall (This is a java version) website.
    • Follow the steps they metion.
    • Please wait while the Housecall engine is updated.
    • Select the drives to be scanned by placing a check in their respective boxes.
    • Check the "Auto Clean" box.
    • Click "SCAN" in order to begin scanning your system.
    • Please be patient while Housecall scans your system for malicious files.
    • If not auto-cleaned, remove anything it finds.
    • Click "Close" to exit the Housecall scanner.
    • Choose "Yes" at the HouseCall message prompt.
  7. Prepare your reply:
    • Please post a fresh HijackThis log
    • Please post the AboutBuster log.
    • Please note any complications you had.
 

Seaner

Thread Starter
Joined
Sep 8, 2003
Messages
56
Ok, great. You guys are great. I'm going to start on this now and will follow through as your directions ask.

Back to you in a bit...and thanks again.
 

Seaner

Thread Starter
Joined
Sep 8, 2003
Messages
56
Ok, everything went smoothly. However, I was unable to do the TrendMicro house call as I can't get IE to stay open, keeps shutting down with "blank", and the TrendMicro site only supports IE, not Mozilla. The AboutBuster did not ask to scan Alternate Data Streams, maybe its a different version now, but it did scan and find stuff. CWS Shredder only found CWS.msconfig and restored 7 IE pages. I think thats it for "issues during your instructions". Here are the logs from Hijack this....also System Restore has been off this entire time as well.

HIJACK THIS LOG
Logfile of HijackThis v1.99.1
Scan saved at 8:55:29 AM, on 7/6/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Sean Pitts.SEANPITTS.000\Desktop\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\tyupm.dll/sp.html#14044
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\tyupm.dll/sp.html#14044
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\tyupm.dll/sp.html#14044
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\tyupm.dll/sp.html#14044
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\tyupm.dll/sp.html#14044
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\tyupm.dll/sp.html#14044
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\tyupm.dll/sp.html#14044
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {13B8F199-A963-2933-DD22-E4C591B9A819} - C:\WINDOWS\system32\netww32.dll
O2 - BHO: Class - {2B877C0A-9AA5-A75B-5F21-A1984B658EB9} - C:\WINDOWS\system32\sysgu.dll
O2 - BHO: Class - {2CE88230-1C35-89B5-88A0-B07ACA0B401D} - C:\WINDOWS\system32\ntkn.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Class - {E3C75ADD-28CA-1552-C53A-CB5117FD483C} - C:\WINDOWS\winda.dll
O2 - BHO: Class - {EAA00845-B10D-A53B-8771-FBD4916BCE85} - C:\WINDOWS\system32\cric32.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [netdg32.exe] C:\WINDOWS\netdg32.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\RunOnce: [iplq.exe] C:\WINDOWS\system32\iplq.exe
O4 - HKLM\..\RunOnce: [appuf.exe] C:\WINDOWS\system32\appuf.exe
O4 - HKLM\..\RunOnce: [javaow.exe] C:\WINDOWS\javaow.exe
O4 - HKLM\..\RunOnce: [appii.exe] C:\WINDOWS\appii.exe
O4 - HKLM\..\RunOnce: [javalr32.exe] C:\WINDOWS\system32\javalr32.exe
O4 - HKLM\..\RunOnce: [sdkmz32.exe] C:\WINDOWS\sdkmz32.exe
O4 - HKLM\..\RunOnce: [msqs.exe] C:\WINDOWS\msqs.exe
O4 - HKLM\..\RunOnce: [ipvu32.exe] C:\WINDOWS\system32\ipvu32.exe
O4 - HKLM\..\RunOnce: [javaxr32.exe] C:\WINDOWS\system32\javaxr32.exe
O4 - HKLM\..\RunOnce: [mfcdl.exe] C:\WINDOWS\mfcdl.exe
O4 - HKLM\..\RunOnce: [apiqi32.exe] C:\WINDOWS\apiqi32.exe
O4 - HKLM\..\RunOnce: [winwk32.exe] C:\WINDOWS\winwk32.exe
O4 - HKLM\..\RunOnce: [netrw32.exe] C:\WINDOWS\netrw32.exe
O4 - HKLM\..\RunOnce: [addeq.exe] C:\WINDOWS\addeq.exe
O4 - HKLM\..\RunOnce: [ntfy.exe] C:\WINDOWS\ntfy.exe
O4 - HKLM\..\RunOnce: [appst32.exe] C:\WINDOWS\appst32.exe
O4 - HKLM\..\RunOnce: [iput32.exe] C:\WINDOWS\system32\iput32.exe
O4 - HKLM\..\RunOnce: [apphn32.exe] C:\WINDOWS\apphn32.exe
O4 - HKLM\..\RunOnce: [iegb.exe] C:\WINDOWS\system32\iegb.exe
O4 - HKLM\..\RunOnce: [apims.exe] C:\WINDOWS\system32\apims.exe
O4 - HKLM\..\RunOnce: [sysru32.exe] C:\WINDOWS\system32\sysru32.exe
O4 - HKLM\..\RunOnce: [addlf32.exe] C:\WINDOWS\addlf32.exe
O4 - HKLM\..\RunOnce: [crpj32.exe] C:\WINDOWS\crpj32.exe
O4 - HKLM\..\RunOnce: [addkv.exe] C:\WINDOWS\addkv.exe
O4 - HKLM\..\RunOnce: [netji32.exe] C:\WINDOWS\netji32.exe
O4 - HKLM\..\RunOnce: [ipjy32.exe] C:\WINDOWS\system32\ipjy32.exe
O4 - HKLM\..\RunOnce: [d3sr32.exe] C:\WINDOWS\d3sr32.exe
O4 - HKLM\..\RunOnce: [mfcaz.exe] C:\WINDOWS\system32\mfcaz.exe
O4 - HKLM\..\RunOnce: [addwd.exe] C:\WINDOWS\addwd.exe
O4 - HKLM\..\RunOnce: [ipcw.exe] C:\WINDOWS\system32\ipcw.exe
O4 - HKLM\..\RunOnce: [netma32.exe] C:\WINDOWS\system32\netma32.exe
O4 - HKLM\..\RunOnce: [javakh.exe] C:\WINDOWS\javakh.exe
O4 - HKLM\..\RunOnce: [iegl32.exe] C:\WINDOWS\iegl32.exe
O4 - HKLM\..\RunOnce: [crpm.exe] C:\WINDOWS\crpm.exe
O4 - HKLM\..\RunOnce: [d3dj32.exe] C:\WINDOWS\d3dj32.exe
O4 - HKLM\..\RunOnce: [d3sf32.exe] C:\WINDOWS\system32\d3sf32.exe
O4 - HKLM\..\RunOnce: [netoc32.exe] C:\WINDOWS\netoc32.exe
O4 - HKLM\..\RunOnce: [d3rn.exe] C:\WINDOWS\system32\d3rn.exe
O4 - HKLM\..\RunOnce: [sdkvr32.exe] C:\WINDOWS\sdkvr32.exe
O4 - HKLM\..\RunOnce: [apimh.exe] C:\WINDOWS\system32\apimh.exe
O4 - HKLM\..\RunOnce: [addit32.exe] C:\WINDOWS\addit32.exe
O4 - HKLM\..\RunOnce: [winxc32.exe] C:\WINDOWS\system32\winxc32.exe
O4 - HKLM\..\RunOnce: [ipkv32.exe] C:\WINDOWS\ipkv32.exe
O4 - HKLM\..\RunOnce: [d3to32.exe] C:\WINDOWS\system32\d3to32.exe
O4 - HKLM\..\RunOnce: [ipzq.exe] C:\WINDOWS\system32\ipzq.exe
O4 - HKLM\..\RunOnce: [d3wf32.exe] C:\WINDOWS\d3wf32.exe
O4 - HKLM\..\RunOnce: [ipbz32.exe] C:\WINDOWS\system32\ipbz32.exe
O4 - HKLM\..\RunOnce: [nthw.exe] C:\WINDOWS\system32\nthw.exe
O4 - HKLM\..\RunOnce: [appmy32.exe] C:\WINDOWS\appmy32.exe
O4 - HKLM\..\RunOnce: [adduk.exe] C:\WINDOWS\adduk.exe
O4 - HKLM\..\RunOnce: [mfcku.exe] C:\WINDOWS\mfcku.exe
O4 - HKLM\..\RunOnce: [sysxw32.exe] C:\WINDOWS\sysxw32.exe
O4 - HKLM\..\RunOnce: [winxe.exe] C:\WINDOWS\winxe.exe
O4 - HKLM\..\RunOnce: [javacg32.exe] C:\WINDOWS\javacg32.exe
O4 - HKLM\..\RunOnce: [iege.exe] C:\WINDOWS\system32\iege.exe
O4 - HKLM\..\RunOnce: [netpl32.exe] C:\WINDOWS\system32\netpl32.exe
O4 - HKLM\..\RunOnce: [addfa.exe] C:\WINDOWS\addfa.exe
O4 - HKLM\..\RunOnce: [d3eq32.exe] C:\WINDOWS\system32\d3eq32.exe
O4 - HKLM\..\RunOnce: [ntcf32.exe] C:\WINDOWS\ntcf32.exe
O4 - HKLM\..\RunOnce: [sdkgj32.exe] C:\WINDOWS\system32\sdkgj32.exe
O4 - HKLM\..\RunOnce: [sdkez32.exe] C:\WINDOWS\sdkez32.exe
O4 - HKLM\..\RunOnce: [netuo32.exe] C:\WINDOWS\netuo32.exe
O4 - HKLM\..\RunOnce: [d3rj32.exe] C:\WINDOWS\system32\d3rj32.exe
O4 - HKLM\..\RunOnce: [winlg.exe] C:\WINDOWS\system32\winlg.exe
O4 - HKLM\..\RunOnce: [javagt.exe] C:\WINDOWS\system32\javagt.exe
O4 - HKLM\..\RunOnce: [apitv32.exe] C:\WINDOWS\system32\apitv32.exe
O4 - HKLM\..\RunOnce: [sysyp.exe] C:\WINDOWS\system32\sysyp.exe
O4 - HKLM\..\RunOnce: [mfcjl32.exe] C:\WINDOWS\mfcjl32.exe
O4 - HKLM\..\RunOnce: [syswg.exe] C:\WINDOWS\system32\syswg.exe
O4 - HKLM\..\RunOnce: [javabi32.exe] C:\WINDOWS\system32\javabi32.exe
O4 - HKLM\..\RunOnce: [sdkxx32.exe] C:\WINDOWS\system32\sdkxx32.exe
O4 - HKLM\..\RunOnce: [atlqk32.exe] C:\WINDOWS\atlqk32.exe
O4 - HKLM\..\RunOnce: [msve32.exe] C:\WINDOWS\system32\msve32.exe
O4 - HKLM\..\RunOnce: [ntaz.exe] C:\WINDOWS\system32\ntaz.exe
O4 - HKLM\..\RunOnce: [d3bp32.exe] C:\WINDOWS\d3bp32.exe
O4 - HKLM\..\RunOnce: [addlm.exe] C:\WINDOWS\system32\addlm.exe
O4 - HKLM\..\RunOnce: [mfcvz32.exe] C:\WINDOWS\system32\mfcvz32.exe
O4 - HKLM\..\RunOnce: [iebb.exe] C:\WINDOWS\system32\iebb.exe
O4 - HKLM\..\RunOnce: [apipq.exe] C:\WINDOWS\system32\apipq.exe
O4 - HKLM\..\RunOnce: [winuk.exe] C:\WINDOWS\winuk.exe
O4 - HKLM\..\RunOnce: [appcv.exe] C:\WINDOWS\system32\appcv.exe
O4 - HKLM\..\RunOnce: [ipns32.exe] C:\WINDOWS\system32\ipns32.exe
O4 - HKLM\..\RunOnce: [d3go32.exe] C:\WINDOWS\d3go32.exe
O4 - HKLM\..\RunOnce: [ipli32.exe] C:\WINDOWS\system32\ipli32.exe
O4 - HKLM\..\RunOnce: [d3ef32.exe] C:\WINDOWS\system32\d3ef32.exe
O4 - HKLM\..\RunOnce: [adddy32.exe] C:\WINDOWS\system32\adddy32.exe
O4 - HKLM\..\RunOnce: [cris32.exe] C:\WINDOWS\cris32.exe
O4 - HKLM\..\RunOnce: [crcl.exe] C:\WINDOWS\system32\crcl.exe
O4 - HKLM\..\RunOnce: [netqg32.exe] C:\WINDOWS\netqg32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: PC Alert 4.lnk = D:\Program Files\MSI\PC Alert 4\PCAlert4.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.line6.net
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15014/CTSUEng.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1093986143222
O16 - DPF: {D1ACD2D8-7312-4D06-BECD-90EB094D2277} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15014/CTPID.cab
O23 - Service: Network Security Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\iplq.exe" /s (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Groove Games Licensing Service - Groove Games - C:\Program Files\Common Files\Groove Games Shared\Service\ggameslicsvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

ABOUT BUSTER LOG
AboutBuster 5.0 reference file 30
Scan started on [7/6/2005] at [8:21:19 AM]
------------------------------------------------
Removed Stream! C:\WINDOWS\CTDV10K2.CDF:eek:xscl
Removed Stream! C:\WINDOWS\iis6.log:qiqfja
Removed Stream! C:\WINDOWS\kgisj.dat:zodmal
Removed Stream! C:\WINDOWS\LEXSTAT.INI:dysag
Removed Stream! C:\WINDOWS\ntbtlog.txt:ygzbyh
Removed Stream! C:\WINDOWS\PowerReg.dat:eek:stkcj
Removed Stream! C:\WINDOWS\Prairie Wind.bmp:znvwag
Removed Stream! C:\WINDOWS\Santa Fe Stucco.bmp:thgsf
Removed Stream! C:\WINDOWS\setuperr.log:eruaoq
Removed Stream! C:\WINDOWS\Thumbs.db:encryptable
------------------------------------------------
Removed File! : C:\Windows\System32\ulaae.dat
Removed File! : C:\Windows\System32\ztgon.dat
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 8:21:44 AM


AboutBuster 5.0 reference file 30
Scan started on [7/6/2005] at [8:23:39 AM]
------------------------------------------------
No Ads Found!
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 8:23:54 AM


Thank you, I am anxiously awaiting your reply.

Sean
 
Joined
Nov 18, 2004
Messages
747
Hi Seaner,

  1. Prepare Ewido Security Suite for use:
    • Download the trial version of Ewido Security Suite.
    • Install the Program.
    • Click on the "update" button on the left hand side of the window.
    • Click on "Start Update".
    • You should not run the program yet so Exit the program.
  2. Reboot into Safe mode. To reboot in Safe mode:
    • Restart your computer and immediately begin tapping the F8 key on your keyboard.
    • If done right a Windows Advanced Options menu will appear. Select the Safe Mode option and press Enter.
  3. Run Ewido Security Suite:
    • Open Ewido Security Suite.
    • Click on the "scanner" button on the left hand side of the window.
    • Click on "Start".
    • After the scan is completed, save the logfile from the scan.
  4. Restart your computer normally to return to normal mode.
  5. Prepare in your reply:
    • Please post a fresh HijackThis log.
    • Please post the Ewido Security Suite log.
 

Seaner

Thread Starter
Joined
Sep 8, 2003
Messages
56
Hey TJ, again thanks for the help, currently I'm opening my browser and no hijacking or Virusscan alerts that I have infected files....anyway here are the logs, I look foward to your response.

HJT Log

Logfile of HijackThis v1.99.1
Scan saved at 3:02:06 PM, on 7/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Sean Pitts.SEANPITTS.000\Desktop\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\RunOnce: [netrp32.exe] C:\WINDOWS\netrp32.exe
O4 - HKLM\..\RunOnce: [addws.exe] C:\WINDOWS\addws.exe
O4 - HKLM\..\RunOnce: [sdkqd.exe] C:\WINDOWS\system32\sdkqd.exe
O4 - HKLM\..\RunOnce: [atlvx32.exe] C:\WINDOWS\system32\atlvx32.exe
O4 - HKLM\..\RunOnce: [ipuf32.exe] C:\WINDOWS\system32\ipuf32.exe
O4 - HKLM\..\RunOnce: [addzh.exe] C:\WINDOWS\addzh.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: PC Alert 4.lnk = D:\Program Files\MSI\PC Alert 4\PCAlert4.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.line6.net
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15014/CTSUEng.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1093986143222
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {D1ACD2D8-7312-4D06-BECD-90EB094D2277} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15014/CTPID.cab
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Groove Games Licensing Service - Groove Games - C:\Program Files\Common Files\Groove Games Shared\Service\ggameslicsvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
 

Seaner

Thread Starter
Joined
Sep 8, 2003
Messages
56
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 3:00:03 PM, 7/7/2005
+ Report-Checksum: AA6F63B8

+ Scan result:

HKLM\SOFTWARE\Altnet -> Spyware.Altnet : Error during cleaning
HKLM\SOFTWARE\Altnet\Dashboard -> Spyware.Altnet : Error during cleaning
HKLM\SOFTWARE\Altnet\Dashboard\Messages -> Spyware.Altnet : Error during cleaning
HKLM\SOFTWARE\Classes\CLSID\{0661C16F-8ED8-1431-8A0B-2C95C6994589} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{08A3BAAE-CEB8-766F-9585-A831A8E94068} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0AD1A770-F33D-516E-A6BD-A3AEB8568EAC} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2B5A2313-AE67-454E-9A8B-F74070E57F1B} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2CB60D9D-BA37-058C-7EA3-A52155F01235} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3A1550DD-FD7B-8D6E-989A-49A66DF1433F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4AEDA6FC-6816-F03C-12F8-CDE056451F16} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{5345A51F-E5D0-5A0D-1418-A1C95C417E3C} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{5E60DAD4-D59A-D1EA-A0B3-BD226EE43523} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{62B52B4D-547B-BFC7-9850-79709FDECF27} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{63DCBFC8-9F1C-3DA5-A957-E5BCF32589B1} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6D3DF846-86BE-A81E-C69E-5A1818F8E929} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{85E6B001-B482-61AE-78C6-6EAE60D74D00} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{98832348-0E38-D102-51A5-517934760119} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9B9D4A7D-1232-E364-432D-B58ECFAE5AF4} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9C149FC6-86A5-C649-4760-9E20AC138BED} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A7737E2C-9C15-D4BE-4A5B-C15B7E8C41E9} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A9629E20-9B59-1F5F-58AE-E699D9122E1F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{AF197E67-53B8-6C01-4733-3E7C25BA3A3B} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B6E89CAB-169D-C0D8-F8D0-4EB58B02ABAB} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{CC6A9DFF-521F-7DD3-E624-B30C0B9FF83A} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D75B9D6B-FB2A-EE40-24DA-791D27C77147} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{DF74F87A-B7C0-F480-1D25-D81A257B3152} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F065E398-2ACB-9034-8B2A-28A827FF521F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F1E91259-92C0-8767-A2E0-85139867622A} -> Spyware.CoolWebSearch : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Jill Pitts.SEANPITTS\Application Data\Mozilla\Firefox\Profiles\bj2sgk0q.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Jill Pitts.SEANPITTS\Application Data\Mozilla\Firefox\Profiles\bj2sgk0q.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Jill Pitts.SEANPITTS\Application Data\Mozilla\Firefox\Profiles\bj2sgk0q.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Jill Pitts.SEANPITTS\Application Data\Mozilla\Firefox\Profiles\bj2sgk0q.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Jill Pitts.SEANPITTS\Application Data\Mozilla\Firefox\Profiles\bj2sgk0q.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Jill Pitts.SEANPITTS\Application Data\Mozilla\Firefox\Profiles\bj2sgk0q.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Jill Pitts.SEANPITTS\Application Data\Mozilla\Firefox\Profiles\bj2sgk0q.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Jill Pitts.SEANPITTS\Application Data\Mozilla\Firefox\Profiles\bj2sgk0q.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Jill Pitts.SEANPITTS\Application Data\Mozilla\Firefox\Profiles\bj2sgk0q.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Jill Pitts.SEANPITTS\Application Data\Mozilla\Firefox\Profiles\bj2sgk0q.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Jill Pitts.SEANPITTS\Application Data\Mozilla\Firefox\Profiles\bj2sgk0q.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Jill Pitts.SEANPITTS\Application Data\Mozilla\Firefox\Profiles\bj2sgk0q.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Jill Pitts.SEANPITTS\Cookies\jill [email protected][2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Program Files\Common Files\Verizon Online\ConnMgr\Verizon Online.exe -> Heuristic.Win32.Dialer : Cleaned with backup
C:\WINDOWS\AC3API.INI:eek:yuzq -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\addbz32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\adddw32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addeq.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addex.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addfa.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addfu32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addij32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addit32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addiw32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addkv.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addlf32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addmm32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addnh.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addoh32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addpb32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addpr.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addrj.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addtc.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\adduk.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addvy.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addwd.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addws.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addzh.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apiaa.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apiaz32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apiev32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apigc32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apikb32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apiob.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apiqi32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apiqy.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apiqz.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apira.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apiwb.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apixz32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apizg32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apizh32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appbu32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appdb32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appdv.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appeq.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apphn32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appii.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appjf32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appks.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\applt.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\applv32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\applz.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appmy32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appst32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appta.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appta32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appuo32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appva32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appxp32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appzc.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appzm.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlbu32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlek.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlgt32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlhs.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atljm.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atljs32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlkc.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlmi32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlqg.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlqk32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlqv32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlqx32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlse.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atluh32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlvf.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlvq32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlys32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlzl.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlzz.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\aucfg.ini:czags -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\briwm04a.ini:xvggis -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\brmx2001.ini:gnpoc -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\brmx2001.ini:mqtnh -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\brmx2001.ini:mupmr -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\BROWNIE.INI:eyqfj -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\BRPP2KA.INI:yfign -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\BRPP2KA.INI:ympdd -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\cdplayer.ini:ascbc -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\control.ini:vfaeu -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\control.ini:zwixb -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\crba.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crbg32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crce.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crct32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\creb32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\cris32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crki.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crlr32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crmh.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crog32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crpj32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crpm.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crrh32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crrv.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crtx.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crwp32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crxk.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\CS_setup.ini:eolwn -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\CTACD.INI:jerha -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\CTACD.INI:kbpep -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\CTACD.INI:lzhig -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\d3bf32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3bp32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3dj32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3dv32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3eu.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3go32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3ij32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3ik32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3lp.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3oa.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3oh32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3oi.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3px32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3rm32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3rr.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3sq32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3sr32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3tq32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3wf32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\desktop.ini:meotr -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\desktop.ini:tlibe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\disney.ini:vckwn -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\disney.ini:wnoke -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\foyli.txt:fgcqp -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\foyli.txt:kksbx -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\foyli.txt:sdefk -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\gosns.txt:excpb -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\gosns.txt:pesht -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\gosns.txt:qvpuq -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\iecy32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ieen.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\iefb.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iefo.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iegl32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iehm.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ieje32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iejm.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iekk32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ielo.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iepv32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ierg.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ierm32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iery.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iesj.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iesw.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iesz.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ieuu32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ievn32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iezd.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\inlkt.txt:qnsce -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ipdi.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipdn.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iphd32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iphe.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipib.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipiu32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipke32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipko32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipkv32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipkz32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iplh32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipnf32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipon32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipqu32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipti.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipue32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipur32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipxd.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipxj32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javabd.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javacg32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javacl32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javaet.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javagt.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javahj32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javahw.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javaiq32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javaji32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javajq32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javajs32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javakh.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javamp32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javanu.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javaow.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javaqt.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javasa.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javase32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javawn.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\jiolq.txt:bixmn -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\jiolq.txt:chjsu -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\jiolq.txt:gwudv -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\jiolq.txt:iujrib -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\jiolq.txt:eek:atui -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\jiolq.txt:tminr -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\jiolq.txt:wtozd -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\LEXSTAT.INI:apphf -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\LEXSTAT.INI:bllfp -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\LEXSTAT.INI:eckvo -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\LEXSTAT.INI:nbgrz -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\LProS.ini:dnjnh -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\LProS.ini:smhie -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\LProS.ini:wfihy -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\maxlink.ini:kvkfd -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\maxlink.ini:wjfhc -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\mfcdl.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcgd.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcha32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcjl32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfckd32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcku.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcpv32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfctl.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcub32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcww.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcww32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mscl32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msdfmap.ini:cfviv -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\msdfmap.ini:kwfmq -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\msdfmap.ini:lronnw -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mses.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mset.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msey32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msfi32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msfj.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msgv32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\Msiosd.ini:gmgoh -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\Msiosd.ini:eek:ezoy -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\Msiosd.ini:eek:wstm -> TrojanDownloader.Agent.bq :
 

Seaner

Thread Starter
Joined
Sep 8, 2003
Messages
56
Cleaned with backup
C:\WINDOWS\msji32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msjw32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msop32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mspy.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msqb32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msqi.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msqs.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mssf.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msuw32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msvd.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mswd.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msya32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msyp32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\NeroDigital.ini:akrrl -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\netae32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netbh.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netbl32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netby32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netdg32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\netej.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netgw32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\nethp32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\nethu32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netji32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netkr32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netle32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netmj32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netmx.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netnb.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netnl32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netnx32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netoc32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netpi32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netqg32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netqu.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netrp32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netrw32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\nettw.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netub.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netuj.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netuo32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netva32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netvr32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netwa.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netza.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netzi32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntbs.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntce.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntcf32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntek.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntel32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntfj32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntfy.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntfz32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntgm.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\nthg.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntkh.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntlg32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntnf.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntot32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntpb32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\nttb32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\nttq.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntub32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntwg32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntyd32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntye32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntyi32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntzq.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ODBCINST.INI:znbuq -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\okkuc.txt:jlhbn -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\okkuc.txt:skpbo -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\OpPrintServer.INI:bbytl -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\OpPrintServer.INI:mnoha -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\OpPrintServer.INI:ypqog -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\orecq.txt:lllbr -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\OUTSTACKER.INI:dbvxh -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ozmce.txt:vhwvh -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\qjbmr.txt:lmded -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\qjbmr.txt:ltjnb -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\SBWIN.INI:bzsmk -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\SBWIN.INI:hcekw -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\SBWIN.INI:kcafx -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\SBWIN.INI:lccgo -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\SBWIN.INI:smiko -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\sdkbh32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkbj.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkbs32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkce.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkcl32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkcs32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkez32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkgl32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkgs.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkll32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkln.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdklu.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkmz32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkne.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkob.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkqa32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkrd32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkvr32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkvt32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkwl.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkxd.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkxi32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkxm.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkyp.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkzh.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sectors.txt:zyhef -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\syscp.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sysez32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sysio.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sysiu32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sysks32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sysmc.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sysrn32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\syssf.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system.ini:fscil -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\addab32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\addaf.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\addbp.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\adddx32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\adddy32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\addgo32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\addhy.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\addiz32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\addle.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\addlm.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\addmc.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\addmw.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\addob.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\addon.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\addoz32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\addql.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\addrs32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\addtb32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\adduc32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\addug32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\addvc32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\addvo32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\addxr.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\addzc32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\addzi.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\addzz32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apiac.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apief32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apieo32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apilx.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apimh.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apims.exe -> Trojan.Agent.bi : Cleaned with backup



C:\WINDOWS\system32\apioc.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apipj32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apipq.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apiru.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apirx32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apisb32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apite32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apitv32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apivx.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apiye32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apiyt32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apiyu32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\appcv.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\appdm32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\appel32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\appev.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apphv.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\appjd.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\appjq.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\appkn.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\applr32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\appna.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\appod.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\appoz.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\appph32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apppx.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\appqi.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\appuf.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\appvw.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\appwd32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\appwf32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\atlao32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\atlef.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\atler.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\atlet32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\atlfe32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\atlhc32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\atlhe.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\atlhm32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\atlhp.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\atliy.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\atljb32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\atlkt32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\atlog32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\atlqk32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\atlsu.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\atlsy32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\atltf.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\atluc.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\atlvi32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\atlvw.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\atlvx32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\atlwh.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\atlwq.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\atlxx32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\atlzq.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\crcl.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\crcu32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\crdr32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\crfk32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\crhn32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\crjq.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\crkh32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\crmc32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\crno32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\crqe32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\crtv32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\crvl32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\crwr.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\cryj.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\cryn32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\d3at32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\d3dl32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\d3ef32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\d3eq32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\d3fs32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\d3it32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\d3jk.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\d3kl32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\d3mn.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\d3ni.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\d3pv32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\d3qr32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\d3rj32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\d3rn.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\d3sf32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\d3to32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\d3tu.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\d3uv32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\d3vj.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\d3vq32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\d3wu32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\d3xk.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\d3xw32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\d3zg32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\iebb.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\iecc.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ieef32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\iegb.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\iege.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\iegx.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ieig.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\iela32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\iemq32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ieoy32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ierj32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ierp32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\iesg.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ievj.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ievz32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\iewo32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\iexj32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\iexv32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ipay.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ipbz32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ipcs32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ipcw.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ipcx.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ipgd32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\iphm32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ipjg.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ipjy32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ipli32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\iplj32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\iplq.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\iply32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ipma32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ipml32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ipns32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ipuf32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\iput32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ipvu32.exe -> Trojan.Agent.bi : Cleaned with backup
 

Seaner

Thread Starter
Joined
Sep 8, 2003
Messages
56
C:\WINDOWS\system32\ipwa32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ipxp.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ipyp.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ipzq.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\javabi32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\javabs.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\javagt.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\javair.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\javajb.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\javajt32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\javalr32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\javape32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\javaqh.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\javaqk32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\javauh.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\javavt32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\javawm.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\javawy.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\javaxl.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\javaxr32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\javaya.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\javazm.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\javazv32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mfcal.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mfcaz.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mfcbs32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mfcdt.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mfcdv.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mfcem.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mfchh32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mfcis.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mfcje.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mfcjw32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mfcnp.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mfcpu.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mfcrx32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mfcso32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mfcuq32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mfcvf32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mfcvh32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mfcvz32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mfcwb32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mfczg.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mfczl32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mfczy32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\msbh32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\msek32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\msfc32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\msfi.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\msid.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\msij32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\msiq32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\msjk32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\msmq.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\msng.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\msnu.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mspg32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\msrl32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\msul.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\msve32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\msvg32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\msvm.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\mswk32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\netdl32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\netei.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\netgn.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\netiu32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\netiv.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\netkb.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\netlc.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\netld32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\netma32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\netpl32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\netpq32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\netqk32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\netqy.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\nettm32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\netwu32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\netxi32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\netxk.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\netyz.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\netzx32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ntaz.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ntbz.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ntcj.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ntey32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ntfa32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\nthw.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ntlg.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ntlo.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ntlt.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ntmj32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ntmq32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ntos32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ntph32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ntqf32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ntqh.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ntqp.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ntun.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ntxs32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ntxx.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ntyx32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ntzp32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sdkav.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sdkeg32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sdkgj32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sdkhb.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sdkhf.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sdkhn.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sdkoe32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sdkok32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sdkpd.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sdkqd.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sdkqn.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sdkrm32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sdkrp.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sdkuf32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sdkwn.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sdkxx32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\syscz.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\syscz32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sysdr32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sysej.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\syseu32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sysgx.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sysku.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sysmk32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sysmt.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sysnn.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sysqo.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sysru32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\systo32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sysuy32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\syswg.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sysyp.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\wineu32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\winfr.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\wingv.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\winia32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\winis32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\winix32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\winlg.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\winlk32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\winmc32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\winmw.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\winnr.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\winoa.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\winop.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\winou32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\winpr32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\winrk32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\wintr32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\winub.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\winwc.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\winxc32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\winym.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\winzy.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\systr32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sysuz.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sysxw32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sysye32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sysyt32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\syszs.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\tgovp.txt:dfrni -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\vb.ini:nowco -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\vbaddin.ini:ddyve -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\vbaddin.ini:insnw -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\vcbhu.txt:edsjh -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\vcbhu.txt:gvjvn -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\vcbhu.txt:gxjls -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\vtmb.ini:hmkuc -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\vtmb.ini:yubeg -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\wbocx.ini:rmixq -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\wbocx.ini:sqlei -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\winamp.ini:shixh -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\winamp.ini:ynkyw -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\winamp.ini:zzmli -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\winar32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\winex32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\wingg.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\winht32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\WININIT.INI:eek:bhif -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\WININIT.INI:xlasxq -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\winiz.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\winnj.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\winnn.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\winok32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\winoz32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\winpe.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\winpn32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\winru.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\winuf32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\winuk.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\winwk32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\winxc32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\winxe.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\winxx32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
C:\WINDOWS\wt\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
C:\WINDOWS\xifao.txt:daafg -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\xifao.txt:mdchd -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\xifao.txt:mdfgo -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\xifao.txt:qiqoq -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\xifao.txt:rlobo -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\yvqoc.txt:enpps -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\yvqoc.txt:eek:acbd -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:bmwau -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:tjkjn -> TrojanDownloader.Agent.bq : Cleaned with backup


::Report End
 

Seaner

Thread Starter
Joined
Sep 8, 2003
Messages
56
I did TJ, it was the first one, then I had to break up the Ewido log into multiple posts since it was so long.

The HTJ log posted first was actually run after the ewido, I just posted it first.
 
Joined
Nov 18, 2004
Messages
747
Hi Seaner,

Go to Add/Remove Programs and uninstall (if present):
Wild Tangent (optional) - It is not required for games to work.

Then, open HijackThis, run a scan and check these items:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll (file missing)

O4 - HKLM\..\RunOnce: [netrp32.exe] C:\WINDOWS\netrp32.exe
O4 - HKLM\..\RunOnce: [addws.exe] C:\WINDOWS\addws.exe
O4 - HKLM\..\RunOnce: [sdkqd.exe] C:\WINDOWS\system32\sdkqd.exe
O4 - HKLM\..\RunOnce: [atlvx32.exe] C:\WINDOWS\system32\atlvx32.exe
O4 - HKLM\..\RunOnce: [ipuf32.exe] C:\WINDOWS\system32\ipuf32.exe
O4 - HKLM\..\RunOnce: [addzh.exe] C:\WINDOWS\addzh.exe


If you decided to uninstall Wild Tangent, check this item.
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"

If you didn't add this website to your trusted zone, check it. You only put websites in the trusted zone only if you are sure they won't damage your computer. Adding the wrong websites to your trusted zone will damage your computer and/or open it up for attacks.
O15 - Trusted Zone: *.line6.net

Now please close all windows and browsers, except HijackThis, and have HijackThis fix them by clicking on Fix Checked.

Then, reboot in Safe mode. To reboot in Safe mode:
Restart your computer and immediately begin tapping the F8 key on your keyboard. If done right a Windows Advanced Options menu will appear. Select the Safe Mode option and press Enter.

You will need to configure Windows XP to show all files and folders.
1. Open My Computer.
2.Select the Tools menu and click Folder Options.
3. Select the View Tab.
4.Under the Hidden files and folders heading select Show hidden files and folders.
5.Uncheck the Hide protected operating system files (recommended) option.
6.Click Yes to confirm.
7.Click OK.

Then, delete these files:
C:\WINDOWS\netrp32.exe
C:\WINDOWS\addws.exe
C:\WINDOWS\system32\sdkqd.exe
C:\WINDOWS\system32\atlvx32.exe
C:\WINDOWS\system32\ipuf32.exe
C:\WINDOWS\addzh.exe

Then, delete this folder:
C:\Program Files\WildTangent - Delete this folder only if you decided to remove Wild Tangent.

Then, delete Temp Files. To delete temp files:
Click on Start and then run, and type %temp% and press the ok button.

This should open up the temp directory that your machine uses. Please delete all files that are found there.

Do this same process for %windir%\temp.

Then, delete Temporary Internet Files. To delete Temporary Internet Files:
Open up Internet Explorer, and click on the Tools menu and then Internet Options. At the General tab, which should be the first tab you are currently on, click on the Delete Files button and put a checkmark in Delete offline content. Then press the OK button. This may take quite a while, so do not be alarmed with how long it takes. When it is done, your Temporary Internet Files will now be deleted.

Then, reboot (in the normal mode) and post a new log in this thread.
 

Seaner

Thread Starter
Joined
Sep 8, 2003
Messages
56
Ok TJ, here is the final log...everything seems to be running without incident.
Though I feel like my system is a bit slower to open erh "pop". But maybe its just me.

Logfile of HijackThis v1.99.1
Scan saved at 10:58:02 PM, on 7/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\MSI\PC Alert 4\PCAlert4.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Creative\ShareDLL\MediaDet.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Documents and Settings\Sean Pitts.SEANPITTS.000\Desktop\EXE Files\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [MtdAcq] C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe /s
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: PC Alert 4.lnk = D:\Program Files\MSI\PC Alert 4\PCAlert4.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.line6.net
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1093986143222
O16 - DPF: {D1ACD2D8-7312-4D06-BECD-90EB094D2277} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15014/CTPID.cab
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Groove Games Licensing Service - Groove Games - C:\Program Files\Common Files\Groove Games Shared\Service\ggameslicsvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top