WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93101 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Have Trojan-need help!

Started by Debbi , Nov 29 2005 07:18 PM

This topic is locked

23 replies to this topic

#1 Debbi

New Member

Authentic Member
13 posts

Posted 29 November 2005 - 07:18 PM

I origionally started a thread after I had used Micro Trend and it couldn't clean a file. I posted my HJT log at that thread
http://forums.tomcoy...=0
I didn't have the time to complete the steps but I did download everything to use except the Registrar Lite-it took me to a page that did not have a download link and I couldn't find one.
Since then I have ran AdAware and ran HJT again-here is the new log and I am ready to clean this damnable thing up.

Thanks,
Debbi

Logfile of HijackThis v1.99.1
Scan saved at 7:31:50 PM, on 11/29/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\atlmt32.exe
C:\WINDOWS\System32\alg.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Dit.exe
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
C:\WINDOWS\DitExp.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe
C:\Program Files\Common Files\MotiveBrowser\MotiveBrowser.exe
C:\WINDOWS\system32\winsl.exe
C:\Documents and Settings\Debbi\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\gyvyk.dll/sp.html#12047
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\gyvyk.dll/sp.html#12047
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {3C233686-02B4-9B00-6BC6-DD377E086962} - C:\WINDOWS\system32\mfcaw.dll
O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O2 - BHO: Class - {FF6D6BE4-0644-EFEF-B7B9-4B57D7A01483} - C:\WINDOWS\apiey.dll
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [A Verizon App] C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [winzx32.exe] C:\WINDOWS\system32\winzx32.exe
O4 - HKLM\..\Run: [winsl.exe] C:\WINDOWS\system32\winsl.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AOL Instant Messenger (SM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyds...oad/tgctlcm.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab34120.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/...dy.cab32846.cab
O16 - DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} (TGOnlineCtrl Class) - http://zone.msn.com/...pandaonline.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab32846.cab
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://zone.msn.com/...t/atomaders.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/...mjolauncher.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai....02/cpbrkpie.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,23/mcgdmgr.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/...ol.cab36107.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/...xy.cab35645.cab
O16 - DPF: {DB0474CC-8EF6-47FC-905B-23FC58A70817} (RegPropsCtrl Class) - http://download.veri...tWebInstall.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2353004A-82F8-4243-B9A3-D2020A633FD0}: NameServer = 85.255.114.75,85.255.112.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{2F0BE8BE-E927-4F24-B2FD-F9C0C416F1CF}: NameServer = 85.255.114.75,85.255.112.6
O17 - HKLM\System\CS1\Services\Tcpip\..\{2353004A-82F8-4243-B9A3-D2020A633FD0}: NameServer = 85.255.114.75,85.255.112.6
O17 - HKLM\System\CS2\Services\Tcpip\..\{2353004A-82F8-4243-B9A3-D2020A633FD0}: NameServer = 85.255.114.75,85.255.112.6
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

more crazy stuff has appeared on my husband's desktop: a "searchbar" that goes from the top of the screen to the bottom on the right side of the screen like huge icons, a new icon for a spyware killer-but they are not showing up on my daughter's or my desktop. We all use MSN thru Verizon's DSL, have the mcafee security suite with firewall, etc... please help if you can.

Advertisements

Register to Remove

#2 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 29 November 2005 - 08:02 PM

Debbi, Please use the Posted Image

below to reply. Thanks.

Did you do this?

I suggest you print this out.

Step#1:Getting Ready[/size]

(the reason Wordpad was chosen is that Notepad is sometimes deleted by this variant)

Please save these instructions to WordPad so that you have them accessible while following the steps. You also may want to print out these directions as the Internet will not be available.

After downloading the tools, you must disconnect from the internet totally, because staying connected while fixing will prevent the fix from working. Also please keep Internet Explorer and Outlook Express closed throughout as opening either will reinstall the infection.

To replace Internet Explorer to use during this fix, please use Internet Explorer once to download and install FireFox, to be used as your alternate browser throughout this fix.

Close Outlook Express and Internet Explorer for the duration of this fix

Please start by downloading the tools you will need to clean this infection. If you have a problem or question with any please continue to follow the list step by step to the end and ask the questions when you are asked to reply. Just be sure to let us know what the problem was when you finally reply.

Step#2:Show All Hidden Files

Please download and open the following zip file. Double-click on the file inside the zip and when it asks you if you would like to merge the file into your registry, please answer yes. This will make sure all files are visible on your computer.
http://www.davehigha...ds/xphidden.zip

Step#3:Download CWShredder

1. Please Download the most recent version of CWShredder, from CWSInstall.exe

2. Check for Updates but please Do NOT use it yet

Step#4:Download About Buster

1. Please download About:Buster from here: http://www.malwareby...AboutBuster.zip.

2. Once it is downloaded extract it to c:\aboutbuster.

3. Check to make sure it is up-to-date. Please Do NOT use it yet

Step#5:Download HSfix.zip and Registrar Lite

1 . Download HSfix.zip and unzip it to your desktop:

http://users.telenet...files/HSfix.zip[/b]

It will probably create a folder for itself (it does on my XP system)

Please Do NOT use it yet

2. Another program to download is Registrar Lite for use later: Please download Registrar Lite and install it to C:\Program Files\RegLite\ . This is a registry editor that is very easy to use.

Please disconnect from the Internet

Step#6:Disable The Bad Service

Reboot your computer into Safe Mode by tapping F8 while booting up and continue for the rest of the fix in SAFE MODE
Click on start > control panel > administrative programs > services. Look for a service called Remote Procedure Call . Double click on that service and click stop and then set the startup to disabled. Also write down the name and path of the file listed in the Path to executable field. This filename must be deleted below.

Step#7:Stop The Running Processes

(only for Win2k/XP)

Press control-alt-delete to get into the task manager and end the following processes if they exist:

C:\WINDOWS\atlmt32.exe
C:\WINDOWS\atlhn.exe
C:\WINDOWS\system32\winzx32.exe

Step#8:Use HijackThis to Delete About BlankOpen HJT and select Misc Tools, select delete a File on Reboot.

I now need you to delete the following files:

C:\WINDOWS\atlmt32.exe
C:\WINDOWS\atlhn.exe
C:\WINDOWS\system32\winzx32.exe

If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. if it is uncheck it and try again.

Step#9:Cleaning With HijackThis

Then close all programs and windows and run hijackthis. Put a checkmark next to each of these entries and click 'fix checked' button when ready (some may be gone after uninstalling some programs):

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\earnv.dll/sp.html#12047
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\earnv.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\earnv.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\earnv.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\earnv.dll/sp.html#12047
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\earnv.dll/sp.html#12047

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O2 - BHO: Class - {FF6D6BE4-0644-EFEF-B7B9-4B57D7A01483} - C:\WINDOWS\apiey.dll

O4 - HKLM\..\Run: [atlhn.exe] C:\WINDOWS\atlhn.exe
O4 - HKLM\..\Run: [winzx32.exe] C:\WINDOWS\system32\winzx32.exe

O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai....02/cpbrkpie.cab

O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\atlmt32.exe

click "fix checked"

Step#10: Backup The Registry

In the next step we are going to remove a service that gets installed by this malware.

1. Open Registrar Lite and run it.

2. Copy and paste the bold text below into the address bar of Registrar Lite:(this is making a Registry backup for safety in case of error)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\

Go to File> Export and and save as (in the C:\Program Files\Registrar Lite (Reglite) folder):

1.) Winkey.reg (Save as type: regedit4 .reg type)
2.) Winkey.hiv (Save as type: Scroll to select-regetd32/WinAPI *hiv *dat files)

Step#11: Delete the Registry Entries

Then double-click on the HSfix.reg file, and when it prompts to merge say yes, and this will clear some registry entries left behind by the process.

You should get a message reporting that the changes were successfully merged.

Step#12:Fixing With CWShredder

CLOSE ALL WINDOWS except CWShredder
Run the program by clicking 'fix' and letting it fix all CWS remnants.

Step#13:Fixing With About Buster

This is the step where we will use About:Buster that you had downloaded previously.

Navigate to the c:\aboutbuster directory
double-click on aboutbuster.exe
When the tool opens press the OK button, then Start button, then the OK button
then finally the Yes button. It will start scanning your computer for files.
If it asks if you would like to do a second pass, allow it to do so.
Post the log file in your next reply

Step#14:Reboot Sytem normally

Reboot your computer back to normal mode

Step#15:Scan and Post a New HJT log with other logs[
[*] Scan again with HijackThis. We still have a few steps to complete but a log file at this time would be helpful.

Reconnect To The Internet

[*] Post both your log from About Buster and your HijackThis log here in this thread with any questions or problems that you have run into. There are still some steps that are necessary to clear out all of the malware. There will be necessary files that it has deleted that will need to be replaced.[/QUOTE]
[/quote]

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

#3 Debbi

New Member

Authentic Member
13 posts

Posted 29 November 2005 - 08:11 PM

Hi LDTAte- sorry so late getting back I downloaded all the links except the registrar lite, when i click on download it takes me to a page to down load the following programs- Registrar Regsitry Manager Trial/Lite version & Registrar for the Command Line Also R1 in the HJT log has changed and the instructions you just printed were for the old HJT log.

The new log is at the top Thanks for any help.

#4 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 29 November 2005 - 08:19 PM

Do everything I posted.
Download Registrar Lite from here:
http://www.resplende...oad/reglite.exe

Just replace with these then

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\gyvyk.dll/sp.html#12047
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\gyvyk.dll/sp.html#12047

If you reboot before fixing them, they will change again. Important you do the fix as listed.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

#5 Debbi

New Member

Authentic Member
13 posts

Posted 29 November 2005 - 09:19 PM

Ran into some errors as follows all under safe mode as administrator

Step #6- disable bad service
when I double clicked on the RPC service, the startup type and other options were greyed out.
the executable path is c:windows\system32\svchost -k rpcss
the startup type cannot be changed in safe mode or in normal mode

Step#9- clean up with HJT
deleted keys as corrected
RPC line was not there to delete

Step#10-Backup registry
open registrar lite and pasted bold text into address bar, went to file-export-window popped up saying export cannot be used with lite version, must purchase pro version so this step was not done

Step #11 delete registry files
did not delete registry file because i could not back up my registry in step 10

Step #13 fixing with aboutbuster
double clicked exe and updated then started scan, it deleted 2 files. when I clicked to save log i recieved error- failed to load control 'tab strip' from comctl32.ocx. version is outdated. click ok. clicked ok and no log was created or saved.

have not statrted IE or outlook[i never use outlook].Here is HJT log after completeing what steps I could
how am I looking now?

Logfile of HijackThis v1.99.1
Scan saved at 9:58:41 PM, on 11/29/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Dit.exe
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\DitExp.exe
C:\WINDOWS\System32\alg.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
c:\program files\mcafee.com\agent\mcupdate.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe
C:\Program Files\Common Files\MotiveBrowser\MotiveBrowser.exe
C:\WINDOWS\System32\drwtsn32.exe
C:\Documents and Settings\Debbi\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {3C233686-02B4-9B00-6BC6-DD377E086962} - C:\WINDOWS\system32\mfcaw.dll
O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [A Verizon App] C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AOL Instant Messenger (SM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyds...oad/tgctlcm.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab34120.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/...dy.cab32846.cab
O16 - DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} (TGOnlineCtrl Class) - http://zone.msn.com/...pandaonline.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab32846.cab
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://zone.msn.com/...t/atomaders.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/...mjolauncher.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,23/mcgdmgr.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/...ol.cab36107.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/...xy.cab35645.cab
O16 - DPF: {DB0474CC-8EF6-47FC-905B-23FC58A70817} (RegPropsCtrl Class) - http://download.veri...tWebInstall.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2353004A-82F8-4243-B9A3-D2020A633FD0}: NameServer = 85.255.114.75,85.255.112.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{2F0BE8BE-E927-4F24-B2FD-F9C0C416F1CF}: NameServer = 85.255.114.75,85.255.112.6
O17 - HKLM\System\CS1\Services\Tcpip\..\{2353004A-82F8-4243-B9A3-D2020A633FD0}: NameServer = 85.255.114.75,85.255.112.6
O17 - HKLM\System\CS2\Services\Tcpip\..\{2353004A-82F8-4243-B9A3-D2020A633FD0}: NameServer = 85.255.114.75,85.255.112.6
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

#6 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 29 November 2005 - 09:28 PM

I suggest you do this:

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Clear "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Clear "Hide protected operating system files."
Click Apply, and then click OK.

Please do not delete anything unless instructed to.

Run hijackthis. Hit None of the above, Click Do a System Scan Only. Put a Check in the box on the left side on these:

O2 - BHO: Class - {3C233686-02B4-9B00-6BC6-DD377E086962} - C:\WINDOWS\system32\mfcaw.dll

Unless you are in the Ukraine fix these:
O17 - HKLM\System\CCS\Services\Tcpip\..\{2353004A-82F8-4243-B9A3-D2020A633FD0}: NameServer = 85.255.114.75,85.255.112.6

O17 - HKLM\System\CCS\Services\Tcpip\..\{2F0BE8BE-E927-4F24-B2FD-F9C0C416F1CF}: NameServer = 85.255.114.75,85.255.112.6

O17 - HKLM\System\CS1\Services\Tcpip\..\{2353004A-82F8-4243-B9A3-D2020A633FD0}: NameServer = 85.255.114.75,85.255.112.6

O17 - HKLM\System\CS2\Services\Tcpip\..\{2353004A-82F8-4243-B9A3-D2020A633FD0}: NameServer = 85.255.114.75,85.255.112.6

Close ALL windows and browsers except HijackThis and click "Fix checked"

Restart in Safe Mode:
Restart your computer.

Press F8 after the Power-On Self Test (POST) is done. If the Windows Advanced Options Menu does not appear, try restarting and then pressing F8 several times after the POST screen.
Choose the Safe Mode option from the Windows Advanced Options Menu then press Enter.

Open C:\Windows\Prefetch\ Delete ALL files in this folder.

Do this also if these Temp Folders are part of your OS.

Also in safe mode navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Next navigate to the C:\Documents and Settings\(EVERY LISTED PROFILE USER)\Local Settings\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Finally go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.

Empty the Recycle Bin

Reboot and "copy/paste" a new HijackThis log file into this thread.

Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

#7 Debbi

New Member

Authentic Member
13 posts

Posted 29 November 2005 - 10:11 PM

did as directed.
rebooted and when I signed in under my screen name, it loaded to my desktop but it continued to load and I couldn't navigate anywhere. I could ctrl-alt-del and bring up task manager. there were 22 process loaded when normally there is about 40. My desktop was still 'busy' so thru task manager I logged off my screenname and went in under my husband's. The multiple large repating icons are still going from top to bottom right side but his desktop loaded normal other than that. My daughter's screen name did a successful login-no strange icons on desk. I then tried to login under my screen name again and it loaded but had a hard time loading the motiveb and verizon programs for the DSL but it all loaded and here's the new HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 10:59:41 PM, on 11/29/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Dit.exe
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\WINDOWS\System32\lexpps.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
C:\WINDOWS\DitExp.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe
C:\Program Files\Common Files\MotiveBrowser\MotiveBrowser.exe
C:\Documents and Settings\Debbi\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [A Verizon App] C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AOL Instant Messenger (SM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyds...oad/tgctlcm.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab34120.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/...dy.cab32846.cab
O16 - DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} (TGOnlineCtrl Class) - http://zone.msn.com/...pandaonline.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab32846.cab
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://zone.msn.com/...t/atomaders.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/...mjolauncher.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,23/mcgdmgr.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/...ol.cab36107.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/...xy.cab35645.cab
O16 - DPF: {DB0474CC-8EF6-47FC-905B-23FC58A70817} (RegPropsCtrl Class) - http://download.veri...tWebInstall.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v6.cab
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

would you like me to sign in under my husbnad and run HJT and see if the log is different?

#8 Debbi

New Member

Authentic Member
13 posts

Posted 29 November 2005 - 10:31 PM

As I thought - a different HJT log under his login name-

Also when the large icons loaded, mcafee popped up an application block with C:\windows\system32\idemlog.exe trying to communicate out. I blocked all access. Here's the log from his login

Logfile of HijackThis v1.99.1
Scan saved at 11:22:40 PM, on 11/29/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Dit.exe
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\WINDOWS\System32\lexpps.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe
C:\Program Files\Common Files\MotiveBrowser\MotiveBrowser.exe
C:\Documents and Settings\Rick\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\earnv.dll/sp.html#12047
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\earnv.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://searchclick.cc/CHMhelp.chm
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [A Verizon App] C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AOL Instant Messenger (SM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyds...oad/tgctlcm.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab34120.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/...dy.cab32846.cab
O16 - DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} (TGOnlineCtrl Class) - http://zone.msn.com/...pandaonline.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab32846.cab
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://zone.msn.com/...t/atomaders.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/...mjolauncher.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,23/mcgdmgr.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/...ol.cab36107.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/...xy.cab35645.cab
O16 - DPF: {DB0474CC-8EF6-47FC-905B-23FC58A70817} (RegPropsCtrl Class) - http://download.veri...tWebInstall.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v6.cab
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

#9 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 30 November 2005 - 03:36 PM

I suggest you do this:

Run hijackthis. Hit None of the above, Click Do a System Scan Only. Put a Check in the box on the left side on these:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\earnv.dll/sp.html#12047

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\earnv.dll/sp.html#12047

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://searchclick.cc/CHMhelp.chm

R3 - Default URLSearchHook is missing

Close ALL windows and browsers except HijackThis and click "Fix checked"

1. Open My Computer
2. Right click on your hard drive that you wish to clean (C drive, for example)
3. In the context menu that opens, select properties
4. Under the general tab you should select Disk Cleanup
5. Windows will scan your drive which will take a few seconds/minutes
6. A box will display the various files you can remove.
Check all boxes except compress old files (If listed)
7. Click OK and windows will comply.

Restart your computer.

Reboot and "copy/paste" a new log file into this thread.
Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

#10 Debbi

New Member

Authentic Member
13 posts

Posted 30 November 2005 - 07:24 PM

here's the newest HJT-still have adware toolbar

Logfile of HijackThis v1.99.1
Scan saved at 8:20:23 PM, on 11/30/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Dit.exe
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\QuickTime\qttask.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\DitExp.exe
C:\WINDOWS\System32\alg.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe
C:\Program Files\Common Files\MotiveBrowser\MotiveBrowser.exe
C:\Documents and Settings\Rick\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [A Verizon App] C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AOL Instant Messenger (SM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyds...oad/tgctlcm.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab34120.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/...dy.cab32846.cab
O16 - DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} (TGOnlineCtrl Class) - http://zone.msn.com/...pandaonline.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab32846.cab
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://zone.msn.com/...t/atomaders.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/...mjolauncher.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,23/mcgdmgr.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/...ol.cab36107.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/...xy.cab35645.cab
O16 - DPF: {DB0474CC-8EF6-47FC-905B-23FC58A70817} (RegPropsCtrl Class) - http://download.veri...tWebInstall.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v6.cab
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

Advertisements

Register to Remove

#11 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 30 November 2005 - 07:44 PM

Download the following programs.

a.
Download Killbox HERE and put it on your desktop

b.
Download CCleaner HERE and install it.

c.
Download Ewido security suite HERE

1. After the download of Ewido is complete, double click on the file to launch the install process.
2. During installation under the Additonal Options menu, you will be asked if you want to "Install background guard (required for automatic updates)" and "Install scan via context menu". Please UNCHECK both of these options.
3. Once installation is complete, launch Ewido by double-clicking the big "E" icon on your desktop. The program will prompt you to update -- click the 'OK' button.
4. The program will now go to the main screen. On the left hand side of the main screen, click on Update and then click 'Start Update'. The update will start and a progress bar will show the updates being installed. After the updates are installed, you will see 'Update Successful' in the lower left corner.
5. Close Ewido.

Next:

Reboot into Safemode:
Immediately begin tapping the F8 key (or F5 on some computers)
Use the arrow keys to highlight Safe Mode and press the Enter key.

This can take a few minutes to get into Safe Mode.

Run hijackthis. Hit None of the above, Click Do a System Scan Only. Put a Check in the box on the left side on these:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

Close ALL windows and browsers except HijackThis and click "Fix checked"

Next:
Open CCleaner.

Before first use, check under Options, Settings, and ensure "Only delete files in Windows Temp folder older than 48 hours" is unchecked.

Then open it and select the items you wish to clean up.

In the Windows Tab:

I recommend cleaning all entries in the "Internet Explorer" section except Cookies.
Clean all the entries in the "Windows Explorer" section
Clean all entries in the "System" section
Clean all entries in the "Advanced" section.

In the Applications Tab:

Clean all except cookies in the Firefox/Mozilla section if you use it.
Clean all in the Opera section if you use it.
Clean Sun Java in the Internet Section.
Clean any others that you choose.

Then click the "Run Cleaner" button

Next:
Open Ewido

1. Click on 'Scanner' (the 3rd bar from the top on the left) and Choose 'Settings'
2. Please make sure 'Scan Every File' is selected. Finally, please click 'OK'
3. On the main screen, please select 'Complete System Scan' and the scan should begin.
4. While the scan is in progress, you will be prompted to clean the first infected file it finds. Choose clean, then put a check next to 'Perform action on all infections' in the left corner of the box so you don't have to sit and watch Ewido the whole time. Click OK.
5. When the scan is complete, click "Save Report". You scan results will be saved in a textfile. Please submit that with your next post.

If during your scan Ewido "crashes" or "hangs", please try scanning again. Before running the scan, click on 'Scanner' (the 3rd bar from the top on the left) and Choose 'Settings'. Uncheck 'Scan in NTFS Alternate Data Streams' as this can cause problems in overly infected systems. Click 'OK' and then follow the instructions from step #8 again.

Exclamation Note: Ewido is a free trial product for 14 days. Since Ewido is a trial version, the realtime guard and automatic update will stop functioning after 14 days (which is the reason we uncheck them during installation). You can use Ewido as an on-demand scanner (recommended) but you will have to manually update the definition file each time you scan.

If you decide to purchase Ewido, you can enable the 'Realtime Protect' and 'Automatic Update' functions by clicking on the 'Status' bar (Top left) and clicking on both items under "Your Security Status".

Now close ewido security suite.

Next:
Then double-click on the killbox.exe program.

Start Killbox, Use standard file kill.(default settings).
Copy this whole list into the windows clipboard, all the Bolded below.

C:\windows\system32\idemlog.exe

Back in Killbox go > file > paste from clipboard, now click the red X
that looks like a stop sign, wait until a success message appears.
Repeat those same step's until each file has been deleted.

If your computer does not restart automatically, please restart it manually.

After Reboot, "copy/paste" a new log file into this thread.
Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

#12 Debbi

New Member

Authentic Member
13 posts

Posted 30 November 2005 - 09:00 PM

everything went okay in safe mode until I got to Killbox- it could not delete the file it said.
still had adware toolband

Logfile of HijackThis v1.99.1
Scan saved at 9:54:45 PM, on 11/30/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Dit.exe
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\DitExp.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe
C:\Program Files\Common Files\MotiveBrowser\MotiveBrowser.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Rick\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://www.emachines.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} -

C:\WINDOWS\DOWNLO~1\vzbb.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program

Files\Yahoo!\Common\yiesrvc.dll
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} -

C:\WINDOWS\DOWNLO~1\vzbb.dll (file missing)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} -

c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -

C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program

Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100

Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [A Verizon App] C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program

Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program

Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program

Files\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AOL Instant Messenger (SM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -

C:\Program Files\aim\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -

C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) -

https://activatemyds...oad/tgctlcm.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) -

http://housecall60.t...all/xscan60.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) -

http://zone.msn.com/...UI.cab34120.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) -

http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program

Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) -

http://zone.msn.com/...dy.cab32846.cab
O16 - DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} (TGOnlineCtrl Class) -

http://zone.msn.com/...pandaonline.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) -

http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) -

http://zone.msn.com/...at.cab32846.cab
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) -

http://zone.msn.com/...t/atomaders.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -

http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) -

http://zone.msn.com/...mjolauncher.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -

http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) -

http://download.mcaf...,23/mcgdmgr.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) -

http://zone.msn.com/...ol.cab36107.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) -

http://zone.msn.com/...xy.cab35645.cab
O16 - DPF: {DB0474CC-8EF6-47FC-905B-23FC58A70817} (RegPropsCtrl Class) -

http://download.veri...tWebInstall.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -

http://zone.msn.com/...aploader_v6.cab
O23 - Service: ewido security suite control - ewido networks - C:\Program

Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program

Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -

C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program

files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner -

c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc -

c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc -

C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc -

c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation -

C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

ewido log coming next

#13 Debbi

New Member

Authentic Member
13 posts

Posted 30 November 2005 - 09:01 PM

--------------------------------------------------------- ewido security suite - Scan report --------------------------------------------------------- + Created on: 9:49:25 PM, 11/30/2005 + Report-Checksum: D277DC8B + Scan result: HKLM\SOFTWARE\Classes\CLSID\{B2E28203-4884-D849-F129-5F1A3C2A59D2} -> Spyware.CoolWebSearch : Cleaned with backup HKU\S-1-5-21-2305360272-1013200645-2037238808-500\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Cleaned with backup [188] VM_00D60000 -> TrojanDownloader.Agent.uj : Error during cleaning [212] VM_00C10000 -> TrojanDownloader.Agent.uj : Error during cleaning [844] VM_007B0000 -> TrojanDownloader.Agent.uj : Error during cleaning C:\Documents and Settings\Debbi\Cookies\debbi@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\Debbi\Cookies\debbi@gateway.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup C:\Documents and Settings\Debbi\Desktop\hijackthis\backups\backup-20051129-214239-986.dll -> Spyware.Coupons : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP1\A0000005.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP1\A0000005.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP1\A0000075.exe -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP1\A0000076.exe -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP1\A0000077.exe -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP1\A0000078.exe -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP1\A0000079.exe -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP1\A0000087.OLD:uucmhd -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP1\A0000088.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP1\A0000088.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP1\A0000102.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP1\A0000102.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP1\A0000104.ini:nlufrp -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP1\A0000117.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP1\A0000117.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP1\A0000120.ini:nlufrp -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP1\A0000131.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP1\A0000131.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP10\A0000936.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP10\A0000936.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP10\A0000939.ini:nlufrp -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP10\A0000950.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP10\A0000950.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP10\A0000953.ini:nlufrp -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP10\A0000964.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP10\A0000964.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP10\A0000967.ini:nlufrp -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP10\A0000979.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP10\A0000979.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP10\A0000980.ini:nlufrp -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP10\A0000994.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP10\A0000994.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP10\A0000996.ini:nlufrp -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP10\A0001009.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP10\A0001009.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP10\A0001017.ini:nlufrp -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP10\A0001024.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP10\A0001024.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP10\A0001027.ini:nlufrp -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP10\A0001042.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP10\A0001042.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP10\A0001045.ini:nlufrp -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP10\A0001059.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP10\A0001059.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP10\A0001060.ini:nlufrp -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP10\A0001072.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP10\A0001072.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP10\A0001075.ini:nlufrp -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP10\A0001086.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP10\A0001086.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP10\A0001089.ini:nlufrp -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP10\A0001100.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP10\A0001100.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP10\A0001103.ini:nlufrp -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP10\A0001117.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP10\A0001117.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP10\A0001120.ini:nlufrp -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP11\A0001129.ini:nlufrp -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP11\A0001130.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP11\A0001130.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP11\A0001142.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP11\A0001142.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP11\A0001143.ini:nlufrp -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP11\A0001154.ico:motpkt -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP11\A0001156.ini:ilmgok -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP11\A0001162.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP11\A0001162.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP11\A0001169.ini:nlufrp -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP11\A0001173.dll -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP11\A0001174.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP11\A0001174.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP11\A0001177.ini:nlufrp -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP12\A0001219.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP12\A0001219.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP12\A0001223.ico:motpkt -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP12\A0001224.ini:nlufrp -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP12\A0001226.ini:ilmgok -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP12\A0001233.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP12\A0001233.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP12\A0001236.ini:nlufrp -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP12\A0001244.ico:motpkt -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP12\A0001246.ini:ilmgok -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP12\A0001250.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP12\A0001250.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP12\A0001253.ini:nlufrp -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP12\A0001262.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP12\A0001262.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP12\A0001268.ini:nlufrp -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP12\A0001280.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP12\A0001280.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP12\A0001283.ini:nlufrp -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP12\A0001323.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP12\A0001323.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP12\A0001328.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP12\A0001328.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP12\A0001334.ini:nlufrp -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP12\A0001341.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP12\A0001341.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP12\A0001342.ini:nlufrp -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP12\A0001354.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP12\A0001354.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP12\A0001356.ini:nlufrp -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP12\A0001368.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP12\A0001368.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP12\A0001371.ini:nlufrp -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP12\A0001381.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP12\A0001381.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP12\A0001383.ini:nlufrp -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP12\A0001395.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP12\A0001395.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP12\A0001398.ini:nlufrp -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP13\A0001404.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP13\A0001404.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP13\A0001405.ini:nlufrp -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP13\A0001411.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP13\A0001411.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP13\A0001412.ini:nlufrp -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP13\A0001430.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP13\A0001430.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP13\A0001433.ini:nlufrp -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP13\A0001444.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP13\A0001444.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP13\A0001447.ini:nlufrp -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP14\A0001461.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP14\A0001461.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP14\A0001471.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP14\A0001471.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP14\A0001474.ini:nlufrp -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP14\A0001486.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP14\A0001486.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP14\A0001492.ini:nlufrp -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP14\A0001500.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP14\A0001500.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP14\A0001506.ini:nlufrp -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP14\A0001513.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP14\A0001513.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP14\A0001516.ini:nlufrp -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP14\A0001523.exe -> TrojanDownloader.Small.bws : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP14\A0001528.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP14\A0001528.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP14\A0001531.ini:nlufrp -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP15\A0001536.ini:nlufrp -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP15\A0001537.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP15\A0001537.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP15\A0001547.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP15\A0001547.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP15\A0001549.ini:nlufrp -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP15\A0001561.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP15\A0001561.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP15\A0001564.ini:nlufrp -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP15\A0001575.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP15\A0001575.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP15\A0001578.ini:nlufrp -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP15\A0001588.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP15\A0001588.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP15\A0001591.ini:nlufrp -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP15\A0001606.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP15\A0001606.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP16\A0001608.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP16\A0001608.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP16\A0001610.ini:nlufrp -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP16\A0001618.exe -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP16\A0001619.exe -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP16\A0001620.exe -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP16\A0001621.exe -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP16\A0001622.exe -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP16\A0001623.exe -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP16\A0001624.exe -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP16\A0001625.exe -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP16\A0001626.exe -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP16\A0001627.exe -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP16\A0001628.exe -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP16\A0001629.exe -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP16\A0001630.exe -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP16\A0001631.exe -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP16\A0001632.exe -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP16\A0001633.exe -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP16\A0001634.exe -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP16\A0001635.exe -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP16\A0001636.exe -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP16\A0001637.exe -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP16\A0001638.exe -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP16\A0001639.exe -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP16\A0001640.exe -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP16\A0001641.exe -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP16\A0001642.exe -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP16\A0001643.exe -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP16\A0001652.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP16\A0001652.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP16\A0001657.ini:nlufrp -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP16\A0001664.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP16\A0001664.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP16\A0001667.ini:nlufrp -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP17\A0001685.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP17\A0001685.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP17\A0001694.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP17\A0001694.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP17\A0001697.ini:nlufrp -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP17\A0001708.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP17\A0001708.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP17\A0001711.ini:nlufrp -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP17\A0001721.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP17\A0001721.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP17\A0001724.ini:nlufrp -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP17\A0001735.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP17\A0001735.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP17\A0001738.ini:nlufrp -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP17\A0001748.ico:motpkt -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP17\A0001750.ini:ilmgok -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP18\A0001763.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP18\A0001763.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP18\A0001777.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP18\A0001777.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP18\A0001789.ini:nlufrp -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP18\A0001795.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP18\A0001795.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP18\A0001798.ini:nlufrp -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP18\A0001810.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP18\A0001810.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP18\A0001813.ini:nlufrp -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP18\A0001816.exe -> TrojanDownloader.Small.byj : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP18\A0001827.exe -> TrojanDownloader.Small.byj : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP18\A0001828.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP18\A0001828.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP18\A0001834.ini:nlufrp -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP18\A0001843.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP18\A0001843.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP18\A0001844.ini:nlufrp -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP18\A0001845.exe -> TrojanDownloader.Small.byj : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP18\A0001857.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP18\A0001857.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP18\A0001860.ini:nlufrp -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP18\A0001863.exe -> TrojanDownloader.Small.byj : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP18\A0001870.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP18\A0001870.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP18\A0001875.exe -> TrojanDownloader.Small.byj : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP18\A0001883.ini:nlufrp -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP18\A0001894.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP18\A0001894.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP18\A0001897.ini:nlufrp -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP18\A0001899.exe -> TrojanDownloader.Small.byj : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP18\A0001964.ocx -> Spyware.Coupons : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP18\A0001971.exe -> TrojanDownloader.Small.byj : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP18\A0001982.exe -> TrojanDownloader.Small.byj : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP18\A0002002.exe -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP18\A0002013.exe -> TrojanDownloader.Small.byj : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP18\A0002040.exe -> TrojanDownloader.Small.byj : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP18\A0002052.exe -> TrojanDownloader.Small.byj : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP19\A0002070.exe -> TrojanDownloader.Small.byj : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP19\A0002106.exe -> TrojanDownloader.Small.byj : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP19\A0002115.dll -> Spyware.SBSoft : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP2\A0000133.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP2\A0000133.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP2\A0000135.ini:nlufrp -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP2\A0000154.ini:nlufrp -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP2\A0000155.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP2\A0000155.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP2\A0000168.ini:nlufrp -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP2\A0000169.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP2\A0000169.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP2\A0000188.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP2\A0000188.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP2\A0000198.ico:motpkt -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP2\A0000199.ini:nlufrp -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP2\A0000201.ini:ilmgok -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP3\A0000203.ini:nlufrp -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP3\A0000288.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP3\A0000288.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP3\A0000375.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP3\A0000375.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP3\A0000378.ini:nlufrp -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP3\A0000389.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP3\A0000389.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP3\A0000392.ini:nlufrp -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP3\A0000404.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP3\A0000404.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP3\A0000410.ini:nlufrp -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP3\A0000418.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP3\A0000418.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP3\A0000421.ini:nlufrp -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP3\A0000432.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP3\A0000432.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP3\A0000435.ini:nlufrp -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP3\A0000446.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP3\A0000446.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP3\A0000449.ini:nlufrp -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP3\A0000460.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP3\A0000460.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP3\A0000463.ini:nlufrp -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP3\A0000474.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP3\A0000474.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP3\A0000477.ini:nlufrp -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP4\A0000482.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP4\A0000482.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP4\A0000483.ini:nlufrp -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP4\A0000517.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP4\A0000517.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP4\A0000523.ini:nlufrp -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP4\A0000529.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP4\A0000529.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP4\A0000532.ini:nlufrp -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP4\A0000544.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP4\A0000544.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP4\A0000549.ini:nlufrp -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP5\A0000550.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP5\A0000550.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP5\A0000551.ini:nlufrp -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP6\A0000562.ico:motpkt -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP6\A0000563.ini:nlufrp -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP6\A0000565.ini:ilmgok -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP7\A0000583.ico:motpkt -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP7\A0000585.ini:ilmgok -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP7\A0000587.ini:nlufrp -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP7\A0000588.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP7\A0000588.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP7\A0000597.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP7\A0000597.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP7\A0000604.ini:nlufrp -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP7\A0000616.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP7\A0000616.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP7\A0000621.ini:nlufrp -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP7\A0000625.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP7\A0000625.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP7\A0000628.ini:nlufrp -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP7\A0000640.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP7\A0000640.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP7\A0000647.ini:nlufrp -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP7\A0000655.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP7\A0000655.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP7\A0000658.ini:nlufrp -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP7\A0000670.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP7\A0000670.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP7\A0000673.ini:nlufrp -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP7\A0000684.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP7\A0000684.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP7\A0000687.ini:nlufrp -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP7\A0000700.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP7\A0000700.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP7\A0000703.ini:nlufrp -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP7\A0000714.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP7\A0000714.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP7\A0000717.ini:nlufrp -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP8\A0000721.ini:nlufrp -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP8\A0000722.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP8\A0000722.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP8\A0000738.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP8\A0000738.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP8\A0000741.ini:nlufrp -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP8\A0000752.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP8\A0000752.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP8\A0000759.ini:nlufrp -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP8\A0000765.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP8\A0000765.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP8\A0000768.ini:nlufrp -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP8\A0000780.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP8\A0000780.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP8\A0000781.ini:nlufrp -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP8\A0000799.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP8\A0000799.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP8\A0000802.ini:nlufrp -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP8\A0000813.ico:motpkt -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP8\A0000815.ini:ilmgok -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP8\A0000823.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP8\A0000823.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP9\A0000825.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP9\A0000825.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP9\A0000827.ini:nlufrp -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP9\A0000838.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP9\A0000838.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA53}\RP9\A0000841.ini:nlufrp -> Trojan.Agent.bi : Cleaned with backup C:\System Volume Information\_restore{963BE347-39CA-4EE9-93DD-C3D92B51EA

#14 Debbi

New Member

Authentic Member
13 posts

Posted 30 November 2005 - 09:03 PM

the rest of the ewido log... C:\WINDOWS\atluu.exe -> Trojan.Agent.bi : Cleaned with backup C:\WINDOWS\btzcv087.exe -> TrojanDownloader.Small.bws : Cleaned with backup C:\WINDOWS\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.PornWare.PopCap.b : Cleaned with backup C:\WINDOWS\Downloaded Program Files\vzbb.dll -> Spyware.MegaSearch : Cleaned with backup C:\WINDOWS\encarta.ico:motpkt -> Trojan.Agent.bi : Cleaned with backup C:\WINDOWS\ig61m3m9.exe -> TrojanDownloader.Small.bws : Cleaned with backup C:\WINDOWS\loadnew.exe -> TrojanDownloader.Small.bws : Cleaned with backup C:\WINDOWS\msdfmap.ini:ilmgok -> TrojanDownloader.Agent.bc : Cleaned with backup C:\WINDOWS\msoffice.ini:beemiu -> Trojan.Agent.bi : Cleaned with backup C:\WINDOWS\net2fone.ini:nlufrp -> Trojan.Agent.bi : Cleaned with backup C:\WINDOWS\nortonav.ico:msqzo -> TrojanDownloader.Agent.bc : Cleaned with backup C:\WINDOWS\nsreg.dat:hyujvx -> TrojanDownloader.Agent.bc : Cleaned with backup C:\WINDOWS\QTFont.qfn:piepmc -> Trojan.Agent.bi : Cleaned with backup C:\WINDOWS\REGLOCS.OLD:uucmhd -> TrojanDownloader.Agent.bc : Cleaned with backup C:\WINDOWS\sl.lng:cbckaq -> Trojan.Agent.bi : Cleaned with backup C:\WINDOWS\system32:vfaa.dll -> TrojanDownloader.Small.azk : Cleaned with backup C:\WINDOWS\system32\addbe.exe -> Trojan.Agent.bi : Cleaned with backup C:\WINDOWS\system32\atlpc.exe -> Trojan.Agent.bi : Cleaned with backup C:\WINDOWS\vbaddin.ini:tpivd -> TrojanDownloader.Agent.td : Cleaned with backup C:\WINDOWS\winamp.ini:bfrwph -> Trojan.Agent.bi : Cleaned with backup C:\WINDOWS\Winamp1.ico:fpmzrx -> Trojan.Agent.bi : Cleaned with backup C:\WINDOWS\wininit.ini:yssojl -> Trojan.Agent.bi : Cleaned with backup C:\WINDOWS\_default.pif:abwbdu -> Trojan.Agent.bi : Cleaned with backup C:\WINDOWS\_default.pif:qbrmcz -> TrojanDownloader.Agent.bc : Cleaned with backup ::Report End

#15 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 30 November 2005 - 09:09 PM

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download FixWareout from one of these sites:
http://downloads.sub.../Fixwareout.exe
http://swandog46.gee.../Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

When your system reboots, follow the prompts. Afterwards, Hijack This will launch. Close Hijack This, and click OK to proceed.

At the end of the fix, you may need to restart your computer again.

Finally, please post the contents of the logfile C:\fixwareout\report.txt, along with a new Hijack This log.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

Body Background

skin color theme