Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93100 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Please Help! CWS.mrhop is killing me


  • This topic is locked This topic is locked
10 replies to this topic

#1 harleyshon

harleyshon

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 03 January 2006 - 03:09 PM

1st time user please be kind!

I have run CWShredder it says nothing found.
I have run Spybot nothing found.
But when I run xoftspy it keeps finding 12 to 16 definitions of cws but cannot delete it.
Here is my log. PLEASE HELP ME!!!

Logfile of HijackThis v1.99.1
Scan saved at 2:55:57 PM, on 1/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\iepi32.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\winur32.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\XoftSpy\XoftSpy.exe
C:\Documents and Settings\Shon\My Documents\security\hijackthis.1-3-06zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\nhqse.dll/sp.html#37049%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\nhqse.dll/sp.html#37049%resultposition.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\nhqse.dll/sp.html#37049%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\nhqse.dll/sp.html#37049%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\nhqse.dll/sp.html#37049%resultposition.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\nhqse.dll/sp.html#37049%resultposition.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\nhqse.dll/sp.html#37049%resultposition.net
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {01F91520-9F2B-B84B-1458-DF849EFEAEE8} - C:\WINDOWS\system32\mfcld32.dll
O2 - BHO: Class - {7E41E0F3-FA9A-2D8F-5F4A-6520AEDE0C0A} - C:\WINDOWS\system32\crww.dll
O2 - BHO: Class - {D78A2FEB-561A-C5BA-83C3-DB7E4F6BEFF5} - C:\WINDOWS\msgx32.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [winur32.exe] C:\WINDOWS\system32\winur32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-bet...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1134518362887
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://dgl.microsoft...nloads/outc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F49E6144-7B18-49B3-93CE-1C42AC2AA1E9}: NameServer = 64.251.160.2 64.251.173.40
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\iepi32.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Intuit Fuse Service - Intuit - C:\Program Files\Common Files\Intuit\Fuse\Service\Intuit Fuse Service.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

    Advertisements

Register to Remove


#2 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 03 January 2006 - 09:28 PM

The Fix:

Step#1:Getting Ready

(the reason Wordpad was chosen is that Notepad is sometimes deleted by this variant)


Please save these instructions to WordPad so that you have them accessible while following the steps. You also may want to print out these directions as the Internet will not be available.

After downloading the tools, you must disconnect from the internet totally, because staying connected while fixing will prevent the fix from working. Also please keep Internet Explorer and Outlook Express closed throughout as opening either will reinstall the infection.

To replace Internet Explorer to use during this fix, please use Internet Explorer once to download and install FireFox, to be used as your alternate browser throughout this fix.

Close Outlook Express and Internet Explorer for the duration of this fix

Read through all the instructions so that you can ask any questions now, before you disconnect from the Internet.

Please start by downloading the tools you will need to clean this infection with FireFox. If you have a problem or question with any please continue to follow the list step by step to the end and ask the questions when you are asked to reply. Just be sure to let us know what the problem was when you finally reply.


Step#2:Show All Hidden Files Very Important

Please download and open the following zip file. Double-click on the file inside the zip and when it asks you if you would like to merge the file into your registry, please answer yes. This will make sure all files are visible on your computer.
http://www.davehigha...ds/xphidden.zip


Step#3:Download CWShredder Do Not Use Yet

1. Please Download the most recent version of CWShredder, from CWSInstall.exe

2. Check for Updates but please Do NOT use it yet



Step#4:Download About Buster Do Not Use Yet

1. Please download About:Buster from here: http://www.malwareby...AboutBuster.zip

2. Once it is downloaded extract it to c:\aboutbuster.

3. Check to make sure it is up-to-date. Please Do NOT use it yet



Step#5:Download Registrar Lite Do Not Use Yet

Another program to download is Registrar Lite for use later: Please download Registrar Lite and install it to C:\Program Files\RegLite\ . This is a registry editor that is very easy to use. Caution should be exercised when editing the registry as it is very easy to render a Computer unbootable by deleting the wrong key



Step#6:Download Ewido Security Suite Only For Windows 2000 and XP Do Not Use Yet
  • Download and install Ewido security suite
  • Right Click on the “E” icon in your taskbar and open Ewido Security Suite then click “update” to get the most recent definitions for it to use.
  • When it prompts you to update, click the OK button.
  • download the updates and when they are finished installing, close the window
  • Please Do Not Use It Yet

Step#6:Download A Registry File to Remove Registry Entries Do Not Use Yet
  • Please download the following zip file to your desktop:
    HSfix
  • Double Click on HSfix.zip and it will unzip to a new folder it makes on your desktop, called HSfix
  • Do Not Use It Yet


Please disconnect from the Internet




Step#7:Disable The Bad Service ** Very Important!!**
  • Reboot your computer into Safe Mode by tapping F8 while booting up and continue for the rest of the fix in SAFE MODE
  • Click on start > control panel > administrative programs > services. Look for a service called Workstation NetLogon Service . Double click on that service and click stop and then set the startup to disabled. Also write down the name and path of the file listed in the Path to executable field. This filename must be deleted below.

Step#8:Stop The Running Processes


Press control-alt-delete to get into the task manager and end the following processes if they exist:

iepi32.exe
winur32.exe

Step#9:Use HijackThis to Delete About Blank Bad Files

I now need you to delete the following files:

C:\WINDOWS\system32\nhqse.dll
C:\WINDOWS\system32\mfcld32.dll
C:\WINDOWS\system32\crww.dll
C:\WINDOWS\msgx32.dll
C:\WINDOWS\system32\winur32.exe
C:\WINDOWS\iepi32.exe


If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. if it is uncheck it and try again.



Step#10:Cleaning With HijackThis

Then close all programs and windows and run hijackthis. Put a checkmark next to each of these entries and click 'fix checked' button when ready (some may be gone after uninstalling some programs):



R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\nhqse.dll/sp.html#37049%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\nhqse.dll/sp.html#37049%resultposition.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\nhqse.dll/sp.html#37049%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\nhqse.dll/sp.html#37049%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\nhqse.dll/sp.html#37049%resultposition.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\nhqse.dll/sp.html#37049%resultposition.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\nhqse.dll/sp.html#37049%resultposition.net

R3 - Default URLSearchHook is missing

O2 - BHO: Class - {01F91520-9F2B-B84B-1458-DF849EFEAEE8} - C:\WINDOWS\system32\mfcld32.dll
O2 - BHO: Class - {7E41E0F3-FA9A-2D8F-5F4A-6520AEDE0C0A} - C:\WINDOWS\system32\crww.dll
O2 - BHO: Class - {D78A2FEB-561A-C5BA-83C3-DB7E4F6BEFF5} - C:\WINDOWS\msgx32.dll

O4 - HKLM\..\Run: [winur32.exe] C:\WINDOWS\system32\winur32.exe

O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\iepi32.exe



click "fix checked"


Step#11: Backup The Registry

In the next step we are going to remove a service that gets installed by this malware.

1. Open Registrar Lite and run it.

2. Copy and paste the bold text below into the address bar of Registrar Lite:(this is making a Registry backup for safety in case of error)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\

Go to File> Export and and save as (in the C:\Program Files\Registrar Lite (Reglite) folder):

1.) Winkey.reg (Save as type: regedit4 .reg type)
2.) Winkey.hiv (Save as type: Scroll to select-regetd32/WinAPI *hiv *dat files)


Step#12: Use the HSfix.reg file
  • Navigate to the HSfix folder on your Desktop
  • Then double-click on the HSfix.reg file, and when it prompts to merge say yes, and this will clear some registry entries left behind by the process.
  • if you have a popup from any of your protection programs asking if you want to make a change to the registry, say Yes or Accept it

Step#13:Fixing With CWShredder
  • CLOSE ALL WINDOWS except CWShredder
  • Run the program by clicking 'fix' and letting it fix all CWS remnants.


Step#14:Fixing With About Buster

This is the step where we will use About:Buster that you had downloaded previously.
  • Navigate to the c:\aboutbuster directory
  • double-click on aboutbuster.exe
  • When the tool opens press the OK button, then Start button, then the OK button
  • then finally the Yes button. It will start scanning your computer for files.
  • If it asks if you would like to do a second pass, allow it to do so.
  • Post the log file in your next reply

Step#15:Scan With Ewido Security Suite
  • Launch Ewido again
  • Click on Scanner>Complete System Scan.
  • Let the program scan your PC.
  • When the scan asks to clean files click OK.
  • When scan is completed, click Save report. to your desktop.
  • Post the report in your next reply.

Reboot your computer back to normal mode and

Reconnect To The Internet



Step#16:Scan and Post a New HJT log with other logs
  • Scan again with HijackThis.
  • Post your logs from HijackThis, About Buster, and Ewido Security Suite here in this thread with any questions or problems that you have run into.
  • There are still some steps that are necessary to clear out all of the malware. There will be necessary files that it has deleted that will need to be replaced.
Good Luck!

#3 harleyshon

harleyshon

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 04 January 2006 - 01:13 PM

Ok I have followed your instructions. Here are the problems that I had:

I could not receive an update from EWIDO. I assume I had the latest update.
when I went to update it found the iepi32.exe file right away and it might have removed it.
Step 8: The running processes were not there. so nothing to delete
Step10: My hijack log change since yesterday because the things you told me to delete Were not there I deleted all the (r's) and the 2 (bho's) plus winur32. I think that's what you were getting at.
Step13: CWShredder found nothing.
Here is the new hijack log.

I'm still using firefox, will I ever be able to go back to internet explorer?

Thank You Very Much For Your Help!!! YOU ROCK!!!

Logfile of HijackThis v1.99.1
Scan saved at 12:45:51 PM, on 1/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Shon\My Documents\security\hijackthis.1-3-06zip\HijackThis.exe

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-bet...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1134518362887
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://dgl.microsoft...nloads/outc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F49E6144-7B18-49B3-93CE-1C42AC2AA1E9}: NameServer = 64.251.160.2 64.251.173.40
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Intuit Fuse Service - Intuit - C:\Program Files\Common Files\Intuit\Fuse\Service\Intuit Fuse Service.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Here is the Ewido log

ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 12:31:36 PM, 1/4/2006
+ Report-Checksum: 5CEDD9CD

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{1082088A-E784-5093-F9A0-07E5588FA67C} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1F5650BA-2C95-0E8C-5C3F-D482646BF979} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1FE935FF-DB66-AC76-99D8-18EC1F0F013C} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2B284248-D0FE-C340-0D87-ABD55DD24BFA} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{30E36B0A-CA1D-18E7-7FD2-9BA91D4D1710} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{32FB9A97-C47A-795A-3B47-9A97C1448DFC} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{52B4CF45-26F1-4D6B-6CF6-3866CC4868F3} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{5C2B2D9C-60FC-5F4C-5894-68EB7DFA3935} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{621C5F14-0928-7C3B-745B-DA8F9C0CDA43} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{676575DD-4D46-911D-8037-9B10D6EE8BB5} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6F8FA771-74ED-EABB-5DE2-9E2B3143177C} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{794DE92B-5B3E-DFB3-BD79-2505954D24D5} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{83932FFA-626F-D818-24C0-738D1BC631BF} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8A75B9E2-7BAB-C3F7-4007-DCC3D24A9C47} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8BBD3FEB-8F56-FA45-F83E-0589E7E09434} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8C63D038-2323-A079-1DD0-E7F346EF140E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8E883EC3-ABB5-0CD9-EC0A-78CB81A818D1} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8EAD04F4-5BB3-9C45-58C9-26C339B63513} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{916E0E7F-1B81-53C6-429D-2ABB3F3CFBCF} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9C060FC3-F4CE-894D-8EB7-FA3935CE5AA1} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9E960055-CBAB-522C-F6D0-3C06FAA39285} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A6BFC374-18DF-B761-3902-53957EFA4847} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A8703447-9782-72D3-AA41-606A7E155CE5} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{AEDEFEF1-3732-630E-951F-1CBF02877CF3} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B5423394-16FB-1F60-5AF9-6CAF30B35009} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B825DEE4-D4B5-9286-E839-48249C3E89A6} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B94F6C89-3F0F-F6B6-335A-C678A9A97D9F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BCA234F8-DBE0-1CBE-CE94-63240442E405} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BD757058-7180-2CE5-E5B6-8C70AEF236CC} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C35C2F78-0E5E-F4AA-FD24-04CC74056392} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C39816D8-BA82-0890-929F-D27B4B0A27F0} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C6986041-AF54-9AEF-5EA0-8C5C69D8DEB3} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{DF7346F5-4EB1-7F19-9320-5E86CBCBDA80} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E8A06DEA-6626-407D-5720-FE211C989AC1} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{EDE4719B-AC04-9EE1-7AEA-7712560B2832} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{EFF18EAC-64BF-91FF-8F1B-42B57350D99F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F065E398-2ACB-9034-8B2A-28A827FF521F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F78C8767-D7AA-B6F9-7220-5FF80088C727} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FD657148-CFF7-B0FA-3DF2-27DD4B37658F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FDEDD1BB-EE5D-1AF2-C50B-11681C5E2A93} -> Spyware.CoolWebSearch : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Shon\Application Data\Mozilla\Firefox\Profiles\qvn94x7z.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051219-065722-275.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051219-065722-393.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051219-071315-204.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051219-094938-295.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051219-102324-291.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051219-145744-735.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051219-161443-759.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051219-161722-875.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051220-113406-457.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051220-113501-936.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051220-115758-710.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051220-115933-953.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051220-120425-243.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051220-120425-599.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051220-120425-654.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051220-121824-309.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051220-122602-862.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051220-122613-513.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051220-184945-139.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051221-064852-420.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051221-064852-694.dll -> Downloader.Agent.acc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051221-090025-270.dll -> Downloader.Agent.acc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051221-090025-574.dll -> Downloader.Agent.acc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051221-090025-973.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051221-090114-491.dll -> Downloader.Agent.acc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051221-092847-814.dll -> Downloader.Agent.acc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051221-101706-309.dll -> Downloader.Agent.acc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051221-101706-451.dll -> Downloader.Agent.acc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051221-135413-885.dll -> Downloader.Agent.acc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051221-135422-377.dll -> Downloader.Agent.acc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051221-135743-921.dll -> Downloader.Agent.acc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051221-135759-695.dll -> Downloader.Agent.acc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051221-163756-708.dll -> Downloader.Agent.acc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051221-163802-874.dll -> Downloader.Agent.acc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051221-163922-726.dll -> Downloader.Agent.acc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051221-164038-190.dll -> Downloader.Agent.acc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051221-164038-630.dll -> Downloader.Agent.acc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051221-180230-368.dll -> Downloader.Agent.acc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051221-180230-797.dll -> Downloader.Agent.acc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051221-180442-830.dll -> Downloader.Agent.acc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051222-070312-821.dll -> Downloader.Agent.acc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051222-085305-294.dll -> Downloader.Agent.acc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051222-085305-439.dll -> Downloader.Agent.acc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051222-085410-253.dll -> Downloader.Agent.acc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051222-091942-398.dll -> Downloader.Agent.acc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051222-091942-432.dll -> Downloader.Agent.acc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051222-092158-152.dll -> Downloader.Agent.acc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051222-120626-660.dll -> Downloader.Agent.acc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051222-165102-412.dll -> Downloader.Agent.acc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051222-170047-125.dll -> Downloader.Agent.acc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051222-170047-843.dll -> Downloader.Agent.acc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051222-172430-693.dll -> Downloader.Agent.acc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051222-172813-166.dll -> Downloader.Agent.acc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051222-173131-303.dll -> Downloader.Agent.acc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051222-174759-697.dll -> Downloader.Agent.acc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051223-071005-238.dll -> Downloader.Agent.acc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051223-071005-763.dll -> Downloader.Agent.acc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051223-100301-665.dll -> Downloader.Agent.acc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051223-203157-359.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051224-120949-968.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051224-123607-255.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051224-123607-957.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051224-123750-350.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051224-180722-443.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051224-180722-560.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051225-190111-188.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051225-215641-765.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051226-081401-560.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051226-081401-705.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051226-084121-304.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051226-084121-882.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051226-113111-303.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051226-113111-533.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051226-113819-959.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051226-224849-420.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051226-224849-928.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051226-232140-988.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051227-233123-172.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051228-064943-291.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051228-074308-278.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051228-074308-337.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051228-141249-410.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051228-141249-728.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051228-141307-199.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051228-141307-780.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051228-191714-837.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051228-191714-907.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051228-191714-985.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051228-221708-457.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051228-221708-809.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051229-135610-122.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051229-135610-708.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051229-140721-248.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051229-140721-794.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051229-142935-313.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051229-142935-643.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051229-143732-135.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051229-194438-109.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051229-194438-250.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051230-063241-572.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051230-063241-829.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051230-064236-138.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051230-074448-903.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051230-091004-168.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051230-091004-244.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051230-091004-365.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051230-094848-317.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051230-094848-488.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051230-095127-761.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051230-100606-209.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051230-100606-473.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051230-100606-502.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051230-102748-440.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051230-102748-842.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051230-102748-899.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051231-110342-199.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051231-110342-377.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051231-175934-743.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051231-175935-962.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051231-180417-656.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051231-180417-818.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20051231-180417-856.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-083328-183.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-083328-302.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-083328-501.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-084435-259.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-084435-591.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-084435-766.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-101112-350.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-101112-511.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-101112-562.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-101112-629.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-101112-715.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-101112-813.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-101112-826.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-101112-895.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-101112-954.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-101113-113.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-101113-258.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-101113-309.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-101113-326.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-101113-403.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-101113-437.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-101113-537.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-101113-548.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-101113-549.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-101113-640.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-101113-855.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-101113-968.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-101232-856.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-102748-236.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-102748-425.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-102748-789.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-103104-234.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-103104-282.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-103104-358.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-103104-650.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-103104-716.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-111653-390.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-111653-464.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-111653-490.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-111653-562.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-111653-761.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-111653-804.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-111653-817.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-111654-140.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-111654-564.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-111654-666.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-111654-998.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-112430-307.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-112430-448.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-113704-418.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-113704-514.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-113704-752.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-113704-876.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-155232-114.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-155232-129.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-155232-162.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-155232-178.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-155232-201.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-155232-226.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-155232-229.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-155232-237.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-155232-247.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-155232-253.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-155232-254.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-155232-271.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-155232-280.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-155232-282.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-155232-338.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-155232-344.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-155232-356.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-155232-369.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-155232-403.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-155232-422.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-155232-455.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-155232-475.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-155232-480.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-155232-582.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-155232-586.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-155232-605.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-155232-623.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-155232-662.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-155232-726.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-155232-760.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-155232-783.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-155232-795.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-155232-800.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-155232-839.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-155232-848.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-155232-894.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-155232-930.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-155232-934.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-155232-963.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-155233-148.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-155233-259.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-155233-303.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-155233-325.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-155233-345.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-155233-350.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-155233-352.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-155233-385.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-155233-393.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-155233-474.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-155233-532.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-155233-536.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-155233-572.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-155233-575.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-155233-583.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-155233-595.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-155233-640.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-155233-649.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-155233-671.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-155233-738.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-155233-770.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-155233-804.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-155233-812.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-155233-815.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-155233-824.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-155233-895.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-155233-938.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-155233-979.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-155451-684.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-160024-432.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-160024-573.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-192947-113.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-192947-148.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-192947-153.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-192947-161.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-192947-187.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-192947-239.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-192947-249.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-192947-254.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-192947-297.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-192947-361.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-192947-382.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-192947-390.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-192947-452.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-192947-461.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-192947-507.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-192947-608.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-192947-627.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-192947-682.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-192947-700.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-192947-763.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-192947-813.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-192947-826.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-192947-848.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-192947-874.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-192947-879.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-20060101-192947-979.dll -> Downloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Shon\My Documents\security\hijackthis\backups\backup-2006010

#4 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 04 January 2006 - 07:31 PM

Step#1:Restore Deleted System Files

Now we need to see if we need to restore some deleted files:Please check for the following files using the Windows Search Engine:
  • control.exe
  • rundll32.exe
  • wmplayer.exe
  • msconfig.exe
  • notepad.exe
  • shell.dll
  • SDHelper.dll
If any are missing or not working properly then you can download new copies from
Merijn's Files and following the instructions at that site to have them where they belong for your OS.
  • If you are having any difficulty with Notepad, please go to Merijn's Files and choose 'Windows Files' from the menu on the left hand side of the page. Then choose 'Notepad' from the list and download it to C:\Windows and C:\Windows\System32
  • Download the Hoster from here. Press "Restore Original Hosts" and press "OK". Exit Program. This will restore the original deleted Hosts file.
  • This infection often deletes some system files that need to be replaced. The most frequent one it deletes is shell.dll in Win2K or XP. In XP there are two copies of this file, one in Windows (WINNT) and one in Windows\System32. It does not delete the one in Windows\System so it does not affect Win9x/ME. If you find it missing, please copy the shell.dll from c:\windows\system32\dllcache into both \Windows (WINNT) and Windows\System32 .
  • The other system file which is most frequently deleted is control.exe. Please check to make sure that you have this file and it is the correct size. If not Please check for the existence of this file by going to to Merijn's Files (sdhelper) and examine where the file should be for your operating system. If the file is missing then download the appropriate file and place it in the proper place according to the information at this website. The control.exe is more often deleted in Win9x/ME.
  • If you have Spybot S&D installed you will also need to replace one file. Go here: Merijn's Files (sdhelper) and download SDHelper.dll. Copy the file to the folder containing you Spybot S&D program (normally C:\Program Files\Spybot - Search & Destroy). Then click Start > Run > regsvr32 "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" and press the OK button
Step#2:Download CCleaner
  • Download Ccleaner to clean temp files from your computer.
  • Double click on Ccleaner to install the program, with its default settings, selecting language and agreeing to the license agreement.
  • Double click the CCleaner shortcut on the desktop to start the program.
  • Click Options > Advanced and uncheck "Only delete files in Windows Temp folders older than 48 hours".



    Step#3:Complete An Online AntiVirus Scan

    Run an online antivirus scan at:

    Trend Micro-Housecall Online AV

    Reboot



    Step#4:Find the Infected Files On Your Hard Drive
    [list]
  • Navigate to C:\Windows
  • look for files that were created at the approximate time and date as the infection occurred.
  • look for those that end in exe, DAT and DLL and if found, right click on the file and check properties. Legitimate files should be copyrighted by Microsoft
  • if you determine they are bad files, right click on them and choose delete
  • Navigate to C:\Windows\System or C:\Windows\System32 (depending on the OS) and repeat each of the above steps to check for those ending in exe, DAT and/or DLL
  • if the above files will not delete, then make a new folder on your desktop by right clicking on the desktop and choosing New > Folder. Name the folder CWS Files.
  • Move the files from C:\Windows or C:\Windows\System or C:\Windows\system32
    to the new folder CWS Files.
Step#5:Using your Windows CD to replace System Files

** In cases where many system files are missing you have no alternative but to have them insert their Windows OS disk and run sfc /scannow from the Run box if able or from Recovery Console if not able to get into windows[/b]



Step#6:Scan And Post a New HijackThis Log

1. Scan again with HijackThis

2. POST your log file using Add Reply to see what is left to fix.

#5 harleyshon

harleyshon

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 05 January 2006 - 05:25 PM

Ok I had to run the Housecall 3 times to get a clean record so that took some time. I have a few questions about step 4: Find Infected Files 1. I have looked at C:windows and there are a lot of them. If I look at properties should they have something in the summary tab?< If they don't tell me what or who they are for should I delete them? Most of them are 5 letters (Example appfz32.dll) 2. Do I have to look in the Sub Folders of windows?(example C:\Windows\Addins) The other ones in the previous question are all just in the windows file. 3. What about the .txt files? when I open them with notepad there is nothing in them! I think that's all the questions I can come up with. Sorry this is taking so long. It takes a while to do the downloads because I only have dial up and I keep loosing my phone connection (Not a computer problem) Thanks again for your help!!! YOU ARE AWSOME!!!

#6 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 05 January 2006 - 07:11 PM

Lets do this. Boot to safe mode and scan with about buster again (twice) then scan with ewido and post the ewido lofs as well as the aboutbuster log and a new hijackthis log.

#7 harleyshon

harleyshon

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 05 January 2006 - 10:47 PM

Ok scans are complete here are your logs. I ran all of the scan under safe mode including the hijack.

Here you go!! Good LUCK!!

AboutBuster 5.1, reference file 3
Scan started on [1/5/2006] at [9:08:53 PM]
------------------------------------------------
No Ads Found!
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 9:09:17 PM


AboutBuster 5.1, reference file 3
Scan started on [1/5/2006] at [9:09:41 PM]
------------------------------------------------
No Ads Found!
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 9:09:43 PM


ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 10:27:25 PM, 1/5/2006
+ Report-Checksum: 34AFB2F0

+ Scan result:

:mozilla.9:C:\Documents and Settings\Shon\Application Data\Mozilla\Firefox\Profiles\qvn94x7z.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Shon\Application Data\Mozilla\Firefox\Profiles\qvn94x7z.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\WINDOWS\SYSTEM32\mszf32.exe -> Trojan.Agent.bi : Cleaned with backup


::Report End

Logfile of HijackThis v1.99.1
Scan saved at 10:29:05 PM, on 1/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Shon\My Documents\security\hijackthis.1-3-06zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-bet...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1134518362887
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://dgl.microsoft...nloads/outc.cab
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Intuit Fuse Service - Intuit - C:\Program Files\Common Files\Intuit\Fuse\Service\Intuit Fuse Service.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Have I told you THANKS yet??

#8 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 05 January 2006 - 10:51 PM

Looks clean :) How is it running?

#9 harleyshon

harleyshon

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 05 January 2006 - 11:43 PM

Seems to be ok :D It Boots up kinda slow. My subscription for Norton Anti Virus is up this month. Should I keep it or is there another one better out there I should be using? (HOUSE TREND) Why did Ewido find problems with Firefox? I'v only been to 3 other web sites Ebay, Housecall, & here. What about the Internet Explorer? Can I use it or should I stick to FireFox? And what about Step 7 the Network Station Log on? Do I need to change it back to enable? Are there any back ups I should make>(Registry, System Restore) Any thing else that I need to know? Sorry about all the questions. Thank YOU & Rock ON!! :thumbup:

#10 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 05 January 2006 - 11:52 PM

Lets do some cleaning see if that helps with the boot up speed.

Download ccleaner from the link below, save it to your desktop. Open ccleaner and click on run ccleaner at the bottom right.

http://www.majorgeek...wnload4191.html

Next download Regseeker from the link below. Save it to your destop. Open Regseeker and click on clean registry, next click ok. Once the scan is complete make sure the make backups is checked and then select all and delete it.

http://www.majorgeek...wnload2579.html

Next you neeed to clean out your system restore. You can do that by turning it off then back on

To turn off Windows XP System Restore:

NOTE: These instructions assume that you are using the default Windows XP Start Menu and have not changed to the Classic Start menu. To re-enable the default menu, right-click Start, click Properties, click Start menu (not Classic) and then click OK.


1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore" or "Turn off System Restore on all drives" as shown in this illustration:
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
8. Proceed with what you need to do; for example, virus removal. When you have finished, restart the computer and follow the instructions in the next section to turn on System Restore.

To turn on Windows XP System Restore:

1. Click Start.
2. Right-click My Computer, and then click Properties.
3. Click the System Restore tab.
4. Uncheck "Turn off System Restore" or "Turn off System Restore on all drives."
5. Click Apply, and then click OK.

Reboot.


My subscription for Norton Anti Virus is up this month. Should I keep it or is there another one better out there I should be using? (HOUSE TREND) As long as you keep it up to date they are all good.

Why did Ewido find problems with Firefox? I'v only been to 3 other web sites Ebay, Housecall, & here. Ewido doent like cookies from any browser so tags them all.

What about the Internet Explorer? Can I use it or should I stick to FireFox? You need IE for updates but I would suggest that you use Firefox as there are less hijackthis written for that browser.


And what about Step 7 the Network Station Log on? Do I need to change it back to enable? Leave it turned off.

If you dont have these three programs I would recommend that you get them. Spywareblaster, Spywareguard and IESPY AD. They will add 1000's of sites to your resticted zone and block some hijacks from happening. In my signature below is also a tutorial on how to harden IE, a good read and very helpful to stop these things in the future. I also have a FREE FIREWALL and FREE ANTI VIRUS if you need one.

It is critical to have both a firewall and anti virus to protect your system.

Keep your system up to date and run Adaware & Spybot, once a week works, and hopefully you will be ok from here on.

Safe Surfing. :D

#11 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 05 January 2006 - 11:52 PM

Glad we could be of assistance. This topic is now closed. If you wish it reopened, please send us an email (Click for address) with a link to your thread.

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
Make sure you use proper prevention to keep from having problems occur to your computer in the future.

Coyote's Installed programs for prevention:

http://forums.tomcoy...showtopic=31418

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Visit the CoyoteStore http://TomCoyote.org/coyotestore.php

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users