Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Help to Remove Winfixer 2005

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Help to Remove Winfixer 2005

Unread postby bigQoo » November 10th, 2005, 8:31 pm

Logfile of HijackThis v1.99.1
Scan saved at 7:27:38 PM, on 11/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Program Files\eFax Messenger 3.5\J2GDllCmd.exe
C:\Program Files\eFax Messenger 3.5\J2GTray.exe
C:\Program Files\InterMute\PopSubtract\PopSub.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\My Documents\HiJack\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
R3 - Default URLSearchHook is missing
O1 - Hosts: 127.0.1.15 csc06krintpa03s.keybank.com
O1 - Hosts: 127.0.1.17 ckt02derivaa01s
O1 - Hosts: 127.0.1.14 csc06krintpa02s.keybank.com
O1 - Hosts: 127.0.1.10 pgninprod.keybank.com
O1 - Hosts: 127.0.1.13 csc06krintpa01s.keybank.com
O1 - Hosts: 127.0.1.11 pgnscprod.keybank.com
O1 - Hosts: 127.0.1.12 domino3.keybank.com
O1 - Hosts: 127.0.1.16 csc06krintpa04s.keybank.com
O1 - Hosts: 127.0.1.15 csc06krintpa03s.keybank.com
O1 - Hosts: 127.0.1.17 ckt02derivaa01s
O1 - Hosts: 127.0.1.14 csc06krintpa02s.keybank.com
O1 - Hosts: 127.0.1.10 pgninprod.keybank.com
O1 - Hosts: 127.0.1.13 csc06krintpa01s.keybank.com
O1 - Hosts: 127.0.1.11 pgnscprod.keybank.com
O1 - Hosts: 127.0.1.12 domino3.keybank.com
O1 - Hosts: 127.0.1.16 csc06krintpa04s.keybank.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - C:\WINDOWS\system\hardfont.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [cdkhilgj] C:\WINDOWS\cdkhilgj.exe
O4 - HKLM\..\Run: [bpclvfhstxhe] C:\WINDOWS\System32\vdznmxb.exe
O4 - HKLM\..\Run: [¢‰¸u0–4C
}ïÃ
bigQoo
Regular Member
 
Posts: 15
Joined: November 10th, 2005, 7:42 pm
Advertisement
Register to Remove

Unread postby Surreal2 » November 11th, 2005, 8:46 am

Hi bigQoo - I'm checking your log now and will post back as soon as possible. Researching the log takes a little time so please be patient.

Cheers...
Surreal2
Regular Member
 
Posts: 207
Joined: September 30th, 2005, 1:24 pm
Location: Peterborough, UK

Unread postby Nick-YF19 » November 11th, 2005, 9:17 am

While we are looking at your log, you need to immeadiately call your bank if it is Key bank. Some of the entries show that you are being redirected from your real banks online banking pages. Assume that you are being robbed and tell them to investigate all activity that may have occured on your account or accounts. If you have used any credit cards on this computer, it is best to assume that they may have been compromised as well.

Go do this now. we'll be here with an idea of what exactly is going on.
User avatar
Nick-YF19
Admin/Teacher Emeritus
 
Posts: 4036
Joined: May 17th, 2005, 12:42 am
Location: California

Unread postby bigQoo » November 11th, 2005, 10:37 am

THANKS!! Calling Right Now!
bigQoo
Regular Member
 
Posts: 15
Joined: November 10th, 2005, 7:42 pm

Unread postby Surreal2 » November 12th, 2005, 1:50 pm

Hi bigQoo

FIRST PRIORITY is to deal with the security issue that Nick warned about. You must assume that your computer has been compromised - it looks like a specific attack on your computer and you/your bank.

You need to consider what sensitive information may have been entered on the computer and, after discussion with the bank, decide whether you should also cancel any credit cards, change bank account numbers and passwords - and perhaps also contact the police.

This is the most critical problem showing in your log, so attend to this first as a matter of urgency and only then carry on with the steps below.

+++++

You have been infected by the Vundo trojan, and that is the first thing we need to get rid of. There are quite a few things to do and it will take some time, so please choose a quiet period where you can work without interruption and carefully follow each of the following steps.

I cannot see a specific firewall active on your computer - and without a firewall you are leaving yourself wide open to attack when browsing the Internet. For now, please ensure that Windows' built-in firewall is turned on - later I will suggest a better alternative.


Step 1 - Ewido Security Suite
  1. Click HERE and use the 'Download now' button at the bottom of the page to download the trial version of Ewido Security Suite
  2. Click or double-click on ewido-setup.exe to install the program
  3. When installing, under 'Additional Options' UN-check 'Install background guard' and UN-check 'Install scan via context menu'
  4. There should be a big 'E' icon on your desktop, click or double-click it to launch the program
  5. Click 'OK' when prompted to update the program
  6. On the left hand side of the main screen click 'Update' and then 'Start'
  7. When the updates have been installed, exit Ewido - DO NOT RUN IT YET
Step 2 - Microsoft AntiSpyware
    I see you have Microsoft AntiSpyware. We need to ensure that the Real-time Protection function is turned off as it may interfere with the fixes. Please therefore:
    1. Open Microsoft AntiSpyware, click on 'Tools --> Settings', and in the left-hand section click on Real-time Protection
    2. Under 'Startup Options' ensure there is NO check mark next to 'Enable the Microsoft AntiSpyware Security Agents on startup (recommended)'
    3. Under 'Real-time spyware threat protection', ensure there is NO check mark against 'Enable real-time spyware threat protection (recommended)'
    4. Click 'Save' and close the program
    5. If there is a Microsoft AntiSpyware icon on the taskbar, right-click on it and select 'Shutdown Microsoft AntiSpyware'
Step 3 - Show hidden files
  1. Go to Start --> Control panel --> Folder options and select the View tab.
  2. Choose to 'Show hidden files and folders' and UNcheck both 'Hide protected operating system files' and 'Hide extensions for known file types'.
  3. Click 'OK' to close the window
Step 4 - Netstat
  1. Go Start --> Run
  2. In the dialogue box type cmd
  3. In the new window that opens type the following exactly as shown:
      netstat.exe -a -b>c:\1.txt

      (That's netstat.exe (space) -a (space)-b>c:\1.txt)
  4. Wait a minute until you see the blinking white cursor again, then type 'exit' to close the window
  5. A log file named 1.txt will be created in the C:\ drive - ignore it for now but I'll ask you to post that along with other logs when you've finished all these steps
Step 5 - Vundo removal tool
  1. Click HERE and download VundoFix© to your desktop
  2. Click or double-click on the VundoFix.exe file on your desktop. It will create and extract files to a new VundoFix© folder on your desktop - DO NOT OPEN THE FOLDER YET

When the files have been extracted and the new folder created, please PRINT OUT the rest of this post and then close Internet Explorer, disconnect from the Internet and remain disconnected for the next few steps (you might want to unplug the modem cable just to be sure the computer does not reconnect automatically)

Step 6 - Reboot into Safe mode
  • Restart your computer and immediately begin repeatedly tapping the 'F8' key on your keyboard until a menu appears
  • Use the arrow keys on the keyboard to select 'Safe Mode', then press the 'Enter' key
Step 7 - Vundo removal
  • In Safe Mode, open the VundoFix© folder and click or doubleclick on KillVundo.bat. You will be presented with a warning like this:
    VundoFix V2.15 by Atri
    By using VundoFix you agree that you are doing so at your own risk
    Press enter to continue....
  • At this point press 'Enter' ONCE. You will then see:
    Please Type in the filepath as instructed by the forum staff
    and then press enter:
  • At this point please type the following file path (make sure you enter it exactly as below):
      C:\WINDOWS\system\hardfont.dll
  • Then press 'Enter'
  • Next you will see:
    Please type in the second filepath as instructed by the forum
    staff then press enter:
  • At this point please type the following file path (making sure you enter it exactly as below):
      C:\WINDOWS\system\tnofdrah.*
  • Then press 'Enter'
  • The fix will run then HijackThis will open (if it does not open automatically, start it manually and click 'Do a system scan only')
  • In HijackThis, click to place a check mark against the following entries:
      R3 - Default URLSearchHook is missing

      O1 - Hosts <-- place a check mark against ALL the entries beginning '01 - Hosts;'

      O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - C:\WINDOWS\system\hardfont.dll vundob

      O4 - HKCU\..\Run: [Yahoo! Pager] 1 <-- this entry looks strange so check mark it and, if required, you can reset the pager to load at start up when we have finished cleaning the computer

      O20 - Winlogon Notify: hardfont - C:\WINDOWS\system\hardfont.dll
  • Make sure all other programs/windows are closed except for Hijackthis and click 'Fix checked'
  • Then press Enter to close HijackThis
  • Then restart your computer in SAFE MODE again
Step 8 - delete bad files
  • Using Windows Explorer, navigate to the C:\WINDOWS\system directory
  • In the right-hand window, click on the 'Name' tab at the top to sort the entries in alphabetical order
  • Look for files beginning tnofdrah and ending with various extensions (ie you might find tnofdrah.bak, tnofdrah.bak1, tnofdrah.bak2, tnofdrah.ini, tnofdrah.ini2, tnofdrah.tmp, tnofdrah.tmp1 etc)
  • Don't worry if you can't find any, but for any that you do find, right-click on them and choose 'Delete'
Step 9 - Ewido Security Suite
  • Still in Safe Mode, ensure there are no open programs/windows on your computer and start Ewido
    • Click on 'Scanner'…then click 'Settings'
    • Under 'How to scan' make sure all boxes are selected
    • Under 'Possibly unwanted software' make sure all boxes are selected
    • Under 'What to scan' select 'Scan every file'
    • Click 'OK' and then click 'Complete system scan'

      Note - if Ewido finds anything, it will pop up a notification. We have been finding some cases of 'false positives' with the new version of Ewido, so you need to step through the fixes one by one. If Ewido finds something that you KNOW is legitimate or you receive alerts that have the word 'Heuristic' in them and you recognise the file name - or if you are unsure of any entry - then select 'NONE' as the action…DO NOT check 'Perform action with all infections'. If any of the files for which you select 'None' are bad, they will show up in the next HijackThis log.
    • When the scan has finished there will be a button on the bottom of the screen named 'Save report' - click this and save the report to your desktop, then close Ewido

      Then restart your computer in Normal mode
Step 10 - Kaspersky online scan
  • In Normal mode, plug your modem cable back into the computer then start Internet Explorer and click HERE to visit the Kaspersky site
  • Click the Kaspersky Online button - and click 'Yes' when you are prompted to install an ActiveX component from Kaspersky
  • The program will launch and then start to download the latest definition files
  • Once the scanner is installed and the definitions have downloaded, click 'Next' and then click on 'Scan Settings' and ensure that the following are selected:
    • Scan using the following Anti-Virus database:
      • Extended (If available otherwise Standard)
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click 'OK'
  • Now under 'Select a target to scan' choose My Computer
  • The scan will take a while so be patient and let it run
  • When the scan is complete it will display if your system has been infected
  • Click on the 'Save as Text' button and save the file to your desktop
Step 11 - Rootkit Revealer
  • Click HERE, scroll to the bottom of the page and click the button 'Download RootkitRevealer'
  • Click or double-click to open the zip folder, and then extract the contents to a suitable folder (such as C:/Program Files/RootkitRevealer)
  • Navigate to the RootkitRevealer folder and click or double-click on the rootkitrevealer.exe file to launch the program
  • When Rootkit Revealer is running it's essential that nothing else happens on your computer - so make sure no other programs or windows are open on your computer
  • Click the 'Scan' button and then move away from the computer and don't touch anything while it scans
  • You'll see that the 'Scan' button changes to 'Abort' and information will appear in the status area at the bottom of the program's window
  • You'll know the scan has finished when the 'Abort' button changes back to 'Scan' - and at the bottom of the window it will show how many 'discrepancies' were found
  • When the scan is finished, click on File --> Save and save the log file

Finally, run HijackThis again and post back with:
  • New HijackThis log
  • Ewido log
  • KAV online scan log
  • RootkitRevealer log
  • Using Windows Explore, nagivate to the C:\ drive and find the file 1.txt - open it, copy and paste the entire contents

    You may have to put each of these in separate posts


Cheers…
Surreal2
Regular Member
 
Posts: 207
Joined: September 30th, 2005, 1:24 pm
Location: Peterborough, UK

HiJack log #2

Unread postby bigQoo » November 13th, 2005, 10:04 am

Logfile of HijackThis v1.99.1
Scan saved at 9:02:54 AM, on 11/13/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Program Files\eFax Messenger 3.5\J2GDllCmd.exe
C:\Program Files\eFax Messenger 3.5\J2GTray.exe
C:\Program Files\InterMute\PopSubtract\PopSub.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Real\RealOne Player\RealPlay.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\My Documents\HiJack\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [cdkhilgj] C:\WINDOWS\cdkhilgj.exe
O4 - HKLM\..\Run: [bpclvfhstxhe] C:\WINDOWS\System32\vdznmxb.exe
O4 - HKLM\..\Run: [¢‰¸u0–4C
}ïÃ
bigQoo
Regular Member
 
Posts: 15
Joined: November 10th, 2005, 7:42 pm

Ewido Log

Unread postby bigQoo » November 13th, 2005, 10:04 am

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 11:22:20 PM, 11/12/2005
+ Report-Checksum: 7F488268

+ Scan result:

HKLM\SOFTWARE\Classes\Interface\{1B540D44-3F61-4394-AE30-25FDC3649405}\ProxyStubClsid32\\ -> Spyware.P2PNetworking : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/AdmilliServX.dll\\.Owner -> Spyware.WinFavorites : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/AdmilliServX.dll\\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -> Spyware.WinFavorites : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.2/AdmilliServX.dll\\.Owner -> Spyware.WinFavorites : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.2/AdmilliServX.dll\\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -> Spyware.WinFavorites : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.2/ISTactivex.dll\\.Owner -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.2/ISTactivex.dll\\{386A771C-E96A-421F-8BA7-32F1B706892F} -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.3/ISTactivex.dll\\.Owner -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.3/ISTactivex.dll\\{386A771C-E96A-421F-8BA7-32F1B706892F} -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.4/ISTactivex.dll\\.Owner -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.4/ISTactivex.dll\\{386A771C-E96A-421F-8BA7-32F1B706892F} -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.5/ISTactivex.dll\\.Owner -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.5/ISTactivex.dll\\{386A771C-E96A-421F-8BA7-32F1B706892F} -> Spyware.ISTBar : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ad1.clickhype[1].txt -> Spyware.Cookie.Clickhype : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ads.addynamix[2].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ads.pointroll[1].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@adtech[2].txt -> Spyware.Cookie.Adtech : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@bluestreak[1].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@centrport[2].txt -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@citi.bridgetrack[1].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@cnn.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@data.coremetrics[1].txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfk4cjc5wlo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfk4cjdzado.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfk4cmc5ecp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfk4gjdpiap.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfk4kkazcbo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfk4kpd5wlq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfk4shczidp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfk4wgc5sfp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfk4woczgbo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfkiaiazkfo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfkiakdpkbo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfkianczebp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfkiclcjwcp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfkisgdpckp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfkisjdzkho.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfkoegc5igo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfkoegcjcbp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfkogkcpebo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfkosgazkep.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfkouicjieq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfkowidjkbp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfkyajdpigp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfkyakcjslq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfkyamcpglp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfkyomcpcep.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfkysidjoao.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfkyunazmep.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfkywgc5meq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfkywkdpolo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfl4sndzsko.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wflignczedp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wflikmc5cdo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wflocndzgdo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfloeoc5ohp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfmiqnd5mhp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfmiwgazcdo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfmyeiczcco.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfmygod5klq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfmykoczgdp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfmyumcjshq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wgkichczwbp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wgkickcjcfp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wgkiejd5ego.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wgkiggd5cdp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wgkikodzafo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wgkygld5oko.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjk4cpcpcbp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjk4ekajmgo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjk4emdjofo.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjk4gndpeco.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjk4kpd5gao.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjk4ojd5clo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjk4oocjkkp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjk4qndjmkq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjk4ulc5kep.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjk4wndpcgp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjkochcpocp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjkoehcjcbo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjkoqocjcaq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjkosmd5kgp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjkoupd5gho.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjkoupdpwlp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjkycodzckq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjkyehdzoap.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjkyemd5kco.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjkykjczweo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjkykkdzido.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjkyojdpobp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjkyqiazsgq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjkyqodpcfo.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjkyuid5ckp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjkyulajibo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjl4gjcjeco.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjl4gmd5egq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjl4ohcpgho.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjl4soajakp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjl4upcjwhq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjl4wld5adp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjligidjihp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjlikkcpoep.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjliondzgkq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjliqldzoep.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjlismdpmgo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjlisodzwkq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjliwgd5kdp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjliwpd5wlp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjloaoazeeq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjloghd5eap.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjlogndjwap.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjlokjajsgo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjloqpdpkhp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjlowpcpkap.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjlyajdjicp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjlyakczaep.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjlyanajolp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjlycidjaeo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjlygocjkeo.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjlywjczagq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjmiamdjwap.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjmiepd5gco.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjmioid5map.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjmiokczeao.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjmiqkazado.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjmiqmajofp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjmiqmd5abp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjmisidjcgo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjmiundzsgq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjmycgdpceo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjmyepc5gco.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjmykoajofp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjmyohcpikp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjmyonajkao.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjmysicpmdo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjny-1jdzsc.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjny-1pc5ik.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjnycodpscp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjnyekajwbq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjnyelczmhp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjnygicjkep.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjnygjdjkep.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjnygkcpeap.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjnygkdzsgp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjnyohcpsgp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjnyqgajoao.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjnyqhczsco.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjnysidzwgo.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjnysnajkgo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjnysnc5wap.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjnyuoczmko.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjnywjczogo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@edfinancial.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@edge.ru4[2].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ehg-communityconnect.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ehg-foxsports.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@estat[1].txt -> Spyware.Cookie.Estat : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@highbeam.122.2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@image.masterstats[1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@jcrew.112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@linksynergy[1].txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@mediaplex[2].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@msnportal.112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@polo.112.2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@revenue[2].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@rotator.adjuggler[1].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@s.as-us.falkag[1].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@sel.as-us.falkag[2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@servedby.advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@server.iad.liveperson[2].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@sonycorporate.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@sonymediasoftware.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@statcounter[2].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@twci.coremetrics[1].txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@www.burstbeacon[1].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@www.burstnet[1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Program Files\InterMute\SpySubtract\Backup\Clean Session - 1103964838.ssb/C:\Program Files\DownloadWare\dw.exe -> TrojanDownloader.Realtens.e : Cleaned with backup
C:\Program Files\InterMute\SpySubtract\Backup\Clean Session - 1103964838.ssb/c:\WINDOWS\salm.exe -> Spyware.180Solutions : Cleaned with backup
C:\Program Files\InterMute\SpySubtract\Backup\Clean Session - 1103964838.ssb/C:\Program Files\Internet Optimizer\optimize.exe -> TrojanDownloader.Dyfuca.dk : Cleaned with backup
C:\Program Files\InterMute\SpySubtract\Backup\Clean Session - 1103964838.ssb/C:\WINDOWS\system32\SahAgent.exe -> Adware.SAHA : Cleaned with backup
C:\Program Files\InterMute\SpySubtract\Backup\Clean Session - 1103964838.ssb/C:\Program Files\NaviSearch\bin\nls.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\InterMute\SpySubtract\Backup\Clean Session - 1103964838.ssb/C:\Program Files\BullsEye Network\bin\bargains.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\InterMute\SpySubtract\Backup\Clean Session - 1103964838.ssb/C:\Program Files\CashBack\bin\cashback.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\InterMute\SpySubtract\Backup\Clean Session - 1103965282.ssb/C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0PIH6V2J\wsem302[1].dll -> TrojanDownloader.Dyfuca.dc : Cleaned with backup
C:\Program Files\InterMute\SpySubtract\Backup\Clean Session - 1103965282.ssb/C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\ENUJCVOD\nem220[1].dll -> TrojanDownloader.Dyfuca : Cleaned with backup
C:\Program Files\InterMute\SpySubtract\Backup\Clean Session - 1103965282.ssb/C:\Program Files\Bargain Buddy\bin\apuc.dll -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\InterMute\SpySubtract\Backup\Clean Session - 1103965282.ssb/C:\Program Files\BullsEye Network\bin\adv.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\InterMute\SpySubtract\Backup\Clean Session - 1103965282.ssb/C:\Program Files\BullsEye Network\bin\adx.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\InterMute\SpySubtract\Backup\Clean Session - 1103965282.ssb/C:\Program Files\CashBack\bin\cb.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\InterMute\SpySubtract\Backup\Clean Session - 1103965367.ssb/C:\Program Files\Bargain Buddy\bin\apuc.dll -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\InterMute\SpySubtract\Backup\Clean Session - 1103965660.ssb/C:\WINDOWS\cdkhilgj.exe -> Spyware.180Solutions : Cleaned with backup
C:\Program Files\InterMute\SpySubtract\Backup\Clean Session - 1103965660.ssb/C:\WINDOWS\salm.exe -> Spyware.180Solutions : Cleaned with backup
C:\Program Files\InterMute\SpySubtract\Backup\Clean Session - 1103965660.ssb/C:\Program Files\DownloadWare\dw.exe -> TrojanDownloader.Realtens.e : Cleaned with backup
C:\Program Files\InterMute\SpySubtract\Backup\Clean Session - 1103965660.ssb/c:\WINDOWS\FLEOK\salm.exe -> Spyware.180Solutions : Cleaned with backup
C:\Program Files\InterMute\SpySubtract\Backup\Clean Session - 1103965660.ssb/C:\WINDOWS\wdskctl.exe -> Spyware.ShopNav : Cleaned with backup
C:\Program Files\InterMute\SpySubtract\Backup\Clean Session - 1103966791.ssb/C:\Program Files\BullsEye Network\bin\adv.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\InterMute\SpySubtract\Backup\Clean Session - 1103966791.ssb/C:\Program Files\BullsEye Network\bin\adx.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\InterMute\SpySubtract\Backup\Clean Session - 1103966791.ssb/C:\Program Files\BullsEye Network\bin\bargains.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\InterMute\SpySubtract\Backup\Clean Session - 1103966791.ssb/C:\Program Files\se\v11\se.EXE -> Spyware.WindowEnhancer : Cleaned with backup
C:\Program Files\InterMute\SpySubtract\Backup\Clean Session - 1103966791.ssb/C:\Temp\optimize.exe -> TrojanDownloader.Dyfuca.dk : Cleaned with backup
C:\Program Files\InterMute\SpySubtract\Backup\Clean Session - 1103966791.ssb/C:\WINDOWS\bargain3.exe -> Spyware.BargainBuddy.f : Cleaned with backup
C:\Program Files\InterMute\SpySubtract\Backup\Clean Session - 1103966791.ssb/C:\WINDOWS\clipg.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\Program Files\InterMute\SpySubtract\Backup\Clean Session - 1103966791.ssb/C:\WINDOWS\Downloaded Program Files\lsp_.dll -> Adware.SAHA : Cleaned with backup
C:\Program Files\InterMute\SpySubtract\Backup\Clean Session - 1103966791.ssb/C:\WINDOWS\Downloaded Program Files\SAHAgent_.exe -> Adware.SAHA : Cleaned with backup
C:\Program Files\InterMute\SpySubtract\Backup\Clean Session - 1103966791.ssb/C:\WINDOWS\Downloaded Program Files\SAHUninstall_.exe -> Adware.SAHA : Cleaned with backup
C:\Program Files\InterMute\SpySubtract\Backup\Clean Session - 1103966791.ssb/C:\WINDOWS\FLEOK\salm.exe -> Spyware.180Solutions : Cleaned with backup
C:\Program Files\InterMute\SpySubtract\Backup\Clean Session - 1103966791.ssb/C:\WINDOWS\nem220.dll -> TrojanDownloader.Dyfuca : Cleaned with backup
C:\Program Files\InterMute\SpySubtract\Backup\Clean Session - 1103966791.ssb/C:\WINDOWS\rgrt.exe -> Adware.ShopNav : Cleaned with backup
C:\Program Files\InterMute\SpySubtract\Backup\Clean Session - 1103966791.ssb/C:\WINDOWS\SAHUninstall.exe -> Adware.SAHA : Cleaned with backup
C:\Program Files\InterMute\SpySubtract\Backup\Clean Session - 1103966791.ssb/C:\WINDOWS\salm.exe -> Spyware.180Solutions : Cleaned with backup
C:\Program Files\InterMute\SpySubtract\Backup\Clean Session - 1103966791.ssb/C:\WINDOWS\salmhook.dll -> Spyware.180Solutions : Cleaned with backup
C:\Program Files\InterMute\SpySubtract\Backup\Clean Session - 1103966791.ssb/C:\WINDOWS\systb.dll -> Spyware.ImiBar : Cleaned with backup
C:\Program Files\InterMute\SpySubtract\Backup\Clean Session - 1103966791.ssb/C:\WINDOWS\system32\bbchk.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\InterMute\SpySubtract\Backup\Clean Session - 1103966791.ssb/C:\WINDOWS\system32\lsp.dll -> Adware.SAHA : Cleaned with backup
C:\Program Files\InterMute\SpySubtract\Backup\Clean Session - 1103966791.ssb/C:\WINDOWS\wsem302.dll -> TrojanDownloader.Dyfuca.dc : Cleaned with backup
C:\Program Files\InterMute\SpySubtract\Backup\Clean Session - 1103966791.ssb/C:\WINDOWS\wupdt.exe -> Spyware.Imiserverieplugin : Cleaned with backup
C:\Program Files\InterMute\SpySubtract\Backup\Clean Session - 1103966791.ssb/C:\WINDOWS\yfuh.exe -> Spyware.180Solutions : Cleaned with backup
C:\Program Files\InterMute\SpySubtract\Backup\Clean Session - 1103966845.ssb/C:\WINDOWS\system32\lsp.dll -> Adware.SAHA : Cleaned with backup
C:\Program Files\InterMute\SpySubtract\Backup\Clean Session - 1103989505.ssb/C:\Program Files\eZula\mmod.exe -> Adware.eZula : Cleaned with backup
C:\Program Files\InterMute\SpySubtract\Backup\Clean Session - 1103989505.ssb/C:\Program Files\Web_Rebates\WebRebates1.exe -> Spyware.WebRebates : Cleaned with backup
C:\Program Files\InterMute\SpySubtract\Backup\Clean Session - 1103989505.ssb/C:\Program Files\Web_Rebates\WebRebates0.exe -> Spyware.HelpExpress : Cleaned with backup
C:\Program Files\InterMute\SpySubtract\Backup\Clean Session - 1104076201.ssb/C:\Program Files\Internet Optimizer\optimize.exe -> TrojanDownloader.Dyfuca.dk : Cleaned with backup
C:\Program Files\InterMute\SpySubtract\Backup\Clean Session - 1104076201.ssb/C:\Program Files\Internet Optimizer\actalert.exe -> TrojanDownloader.Dyfuca.dp : Cleaned with backup
C:\Program Files\InterMute\SpySubtract\Backup\Clean Session - 1104077267.ssb/C:\Documents and Settings\Owner\Local Settings\Temp\djtopr1150.exe -> Spyware.WebRebates.g : Cleaned with backup
C:\Program Files\InterMute\SpySubtract\Backup\Clean Session - 1104077267.ssb/C:\Documents and Settings\Owner\Local Settings\Temp\jkill.exe -> Spyware.VX2 : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\5662AF29-2C2D-45F6-BF09-55F956\492BB187-8F16-48DE-B132-54343D -> Spyware.P2PNetworking : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\5662AF29-2C2D-45F6-BF09-55F956\C7C8DE75-2AD0-4DA8-A22B-8F37F1 -> Spyware.P2PNetworking : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\717CD56D-3A47-4C44-B6D1-BB8483\007EFD9E-18BE-4A72-869D-A989A8 -> Spyware.MyWay : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\717CD56D-3A47-4C44-B6D1-BB8483\19F0F751-0363-415F-9A9C-9D3429 -> Spyware.MyWay : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\717CD56D-3A47-4C44-B6D1-BB8483\6939C6A6-62B4-4791-B285-BA5E69 -> Spyware.MyWay : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\popcaploader.dll.tcf -> Not-A-Virus.PornWare.PopCap.b : Cleaned with backup
C:\WINDOWS\system32\pmnlk.dll -> TrojanDownloader.ConHook.k : Cleaned with backup


::Report End
bigQoo
Regular Member
 
Posts: 15
Joined: November 10th, 2005, 7:42 pm

KAV Online Scan

Unread postby bigQoo » November 13th, 2005, 10:06 am

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Sunday, November 13, 2005 08:40:42
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 13/11/2005
Kaspersky Anti-Virus database records: 159509
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan Statistics:
Total number of scanned objects: 78275
Number of viruses found: 10
Number of infected objects: 15
Number of suspicious objects: 0
Duration of the scan process: 4179 sec

Infected Object Name - Virus Name
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-16e6c0b4-265ed746.zip/Counter.class Infected: Trojan.Java.Femad
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-16e6c0b4-265ed746.zip/VerifierBug.class Infected: Trojan.Java.Femad
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-16e6c0b4-265ed746.zip/web.exe Infected: Trojan-Clicker.Win32.Small.hs
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-16e6c0b4-265ed746.zip/Worker.class Infected: Trojan.Java.Femad
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-16e6c0b4-265ed746.zip/Xeyond.class Infected: Trojan.Java.Femad
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-16e6c0b4-265ed746.zip Infected: Trojan.Java.Femad
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv505.jar-47cfdd92-2534fd6f.zip/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv505.jar-47cfdd92-2534fd6f.zip/Counter.class Infected: Trojan.Java.ClassLoader.h
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv505.jar-47cfdd92-2534fd6f.zip/Parser.class Infected: Trojan.Java.ClassLoader.d
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv505.jar-47cfdd92-2534fd6f.zip Infected: Trojan.Java.ClassLoader.d
C:\System Volume Information\_restore{ED1AD764-6EE8-45D8-B9BD-559926E4C6F0}\RP249\A0066251.dll Infected: not-a-virus:AdWare.Win32.Comet.c
C:\System Volume Information\_restore{ED1AD764-6EE8-45D8-B9BD-559926E4C6F0}\RP249\A0066254.exe Infected: not-a-virus:AdWare.Win32.Gator.a
C:\System Volume Information\_restore{ED1AD764-6EE8-45D8-B9BD-559926E4C6F0}\RP251\A0066331.exe Infected: Backdoor.Win32.IRCBot.jh
C:\System Volume Information\_restore{ED1AD764-6EE8-45D8-B9BD-559926E4C6F0}\RP291\A0081176.dll Infected: Trojan.Win32.Crypt.o
C:\System Volume Information\_restore{ED1AD764-6EE8-45D8-B9BD-559926E4C6F0}\RP291\A0082176.dll Infected: Trojan-Downloader.Win32.ConHook.k

Scan process completed.
bigQoo
Regular Member
 
Posts: 15
Joined: November 10th, 2005, 7:42 pm

Rootkit Revealer Log

Unread postby bigQoo » November 13th, 2005, 10:12 am

HKLM\SOFTWARE\DeterministicNetworks\DNE\Parameters\SymbolicLinkValue 1/30/2005 6:20 PM 132 bytes Hidden from Windows API.
C:\Documents and Settings\Owner\Local Settings\Temp\Rar$EX01.907\README.TXT 2/22/2005 3:15 PM 825 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Owner\Local Settings\Temp\Rar$EX01.907\RootkitRevealer.chm 6/24/2005 12:51 PM 98.85 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\NXXS0RAN\44121[28].xml 11/13/2005 8:50 AM 25.79 KB Hidden from Windows API.
D: 0 bytes Error mounting volume
bigQoo
Regular Member
 
Posts: 15
Joined: November 10th, 2005, 7:42 pm

1.txt Log

Unread postby bigQoo » November 13th, 2005, 10:15 am

Active Connections

Proto Local Address Foreign Address State PID
TCP your-c8bh3jaglt:epmap your-c8bh3jaglt:0 LISTENING 1036
bigQoo
Regular Member
 
Posts: 15
Joined: November 10th, 2005, 7:42 pm

Unread postby wng_z3r0 » November 13th, 2005, 12:17 pm

HI. I think you closed the dos window too soon when running that command. Let's try it again.

Go Start --> Run
In the dialogue box type cmd
In the new window that opens type the following exactly as shown:

netstat.exe -a -b>c:\1.txt

(That's netstat.exe (space) -a (space)-b>c:\1.txt)


Wait a minute until you seea new line with the words c:\***, where *** wil be some more words. Don't close the window if all you see is a flashing cursor.
then type 'exit' to close the window
A log file named 1.txt will be created in the C:\ drive -
please post it here.

wng
User avatar
wng_z3r0
Admin/Teacher Emeritus
 
Posts: 4282
Joined: March 6th, 2005, 8:22 pm

1.txt log

Unread postby bigQoo » November 13th, 2005, 8:22 pm

Active Connections

Proto Local Address Foreign Address State PID
TCP your-c8bh3jaglt:epmap your-c8bh3jaglt:0 LISTENING 1028
c:\windows\system32\WS2_32.dll
C:\WINDOWS\system32\RPCRT4.dll
c:\windows\system32\rpcss.dll
C:\WINDOWS\system32\svchost.exe
-- unknown component(s) --
[svchost.exe]

TCP your-c8bh3jaglt:microsoft-ds your-c8bh3jaglt:0 LISTENING 4
[System]

TCP your-c8bh3jaglt:netbios-ssn your-c8bh3jaglt:0 LISTENING 4
[System]

TCP your-c8bh3jaglt:1035 your-c8bh3jaglt:0 LISTENING 2748
[alg.exe]

TCP your-c8bh3jaglt:4999 your-c8bh3jaglt:0 LISTENING 860
[DesktopWeather.exe]

TCP your-c8bh3jaglt:1047 download.ebay.com:http ESTABLISHED 396
[eBayTBDaemon.exe]

TCP your-c8bh3jaglt:1049 localhost:4999 ESTABLISHED 860
[DesktopWeather.exe]

TCP your-c8bh3jaglt:4999 localhost:1049 ESTABLISHED 860
[DesktopWeather.exe]

TCP your-c8bh3jaglt:1080 essexhosting.com:http TIME_WAIT 0
TCP your-c8bh3jaglt:1082 essexhosting.com:http TIME_WAIT 0
TCP your-c8bh3jaglt:1084 essexhosting.com:http TIME_WAIT 0
TCP your-c8bh3jaglt:1085 essexhosting.com:http TIME_WAIT 0
TCP your-c8bh3jaglt:1087 essexhosting.com:http TIME_WAIT 0
TCP your-c8bh3jaglt:1088 essexhosting.com:http TIME_WAIT 0
TCP your-c8bh3jaglt:1089 essexhosting.com:http TIME_WAIT 0
TCP your-c8bh3jaglt:1090 essexhosting.com:http TIME_WAIT 0
TCP your-c8bh3jaglt:1093 essexhosting.com:http TIME_WAIT 0
TCP your-c8bh3jaglt:1094 essexhosting.com:http TIME_WAIT 0
TCP your-c8bh3jaglt:1096 38.116.156.114:http TIME_WAIT 0
TCP your-c8bh3jaglt:1097 essexhosting.com:http TIME_WAIT 0
TCP your-c8bh3jaglt:1098 essexhosting.com:http TIME_WAIT 0
TCP your-c8bh3jaglt:1101 essexhosting.com:http TIME_WAIT 0
TCP your-c8bh3jaglt:1104 essexhosting.com:http TIME_WAIT 0
TCP your-c8bh3jaglt:1107 essexhosting.com:http TIME_WAIT 0
TCP your-c8bh3jaglt:1110 essexhosting.com:http TIME_WAIT 0
TCP your-c8bh3jaglt:1113 essexhosting.com:http TIME_WAIT 0
TCP your-c8bh3jaglt:1114 essexhosting.com:http TIME_WAIT 0
UDP your-c8bh3jaglt:isakmp *:* 796
[lsass.exe]

UDP your-c8bh3jaglt:1038 *:* 1172
C:\WINDOWS\system32\mswsock.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\DNSAPI.dll
c:\windows\system32\dnsrslvr.dll
C:\WINDOWS\system32\RPCRT4.dll
-- unknown component(s) --
[svchost.exe]

UDP your-c8bh3jaglt:1039 *:* 1172
C:\WINDOWS\system32\mswsock.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\DNSAPI.dll
c:\windows\system32\dnsrslvr.dll
C:\WINDOWS\system32\RPCRT4.dll
[svchost.exe]

UDP your-c8bh3jaglt:4500 *:* 796
[lsass.exe]

UDP your-c8bh3jaglt:1026 *:* 1172
C:\WINDOWS\system32\mswsock.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\DNSAPI.dll
c:\windows\system32\dnsrslvr.dll
C:\WINDOWS\system32\RPCRT4.dll
[svchost.exe]

UDP your-c8bh3jaglt:microsoft-ds *:* 4
[System]

UDP your-c8bh3jaglt:1900 *:* 1276
c:\windows\system32\WS2_32.dll
c:\windows\system32\ssdpsrv.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\kernel32.dll
[svchost.exe]

UDP your-c8bh3jaglt:netbios-ns *:* 4
[System]

UDP your-c8bh3jaglt:netbios-dgm *:* 4
[System]

UDP your-c8bh3jaglt:ntp *:* 1120
c:\windows\system32\WS2_32.dll
c:\windows\system32\w32time.dll
ntdll.dll
C:\WINDOWS\system32\kernel32.dll
[svchost.exe]

UDP your-c8bh3jaglt:ntp *:* 1120
c:\windows\system32\WS2_32.dll
c:\windows\system32\w32time.dll
ntdll.dll
C:\WINDOWS\system32\kernel32.dll
[svchost.exe]

UDP your-c8bh3jaglt:1900 *:* 1276
c:\windows\system32\WS2_32.dll
c:\windows\system32\ssdpsrv.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\kernel32.dll
[svchost.exe]

UDP your-c8bh3jaglt:1034 *:* 108
[msmsgs.exe]

UDP your-c8bh3jaglt:1027 *:* 860
[DesktopWeather.exe]

UDP your-c8bh3jaglt:1025 *:* 2036
[MotiveSB.exe]

UDP your-c8bh3jaglt:1063 *:* 3828
[iexplore.exe]

UDP your-c8bh3jaglt:1062 *:* 3764
[iexplore.exe]
bigQoo
Regular Member
 
Posts: 15
Joined: November 10th, 2005, 7:42 pm

Unread postby Surreal2 » November 16th, 2005, 4:32 am

Hi bigQoo

Sorry for the delay but I've been researching the logs you've posted so far.

I have a couple of questions:
  1. Do you have a VPN (Virtual Private Network) connection on your computer, perhaps linking to your office network? If so please tell the network admin/IT staff about the suspected hacking of your computer, since there is a possibility the infection could have spread through the network to other machines.
  2. I don't want to know details of your conversation with the bank, but if suspicious activity has been uncovered, are you considering reporting the matter to the police? The reason I ask this is that your computer might be important evidence, and you should therefore consider whether it would be better NOT to continue cleaning your computer but to disconnect it from the Internet and from any local network and stop using it until the investigations are complete.
In the meantime, please do the following (I know I'm asking you for lots of information but this infection is complicated). I'm going to ask you for three more logs, each of which should be posted as a separate reply to this thread (if any of the logs are too long to fit in one post, just split them into more than one post):

HijackThis
  1. Start HijackThis and click 'None of the above, just start the program'
  2. In the new window, click the 'Config' button (bottom right)
  3. In the next window, click on the 'Misc tools' button
  4. Click to place a check mark in the two boxes next to the button 'Generate StartupList log' and then click the 'Generate StartupList log' button and click 'Yes' in the dialogue box that appears
  5. Click 'File --> Save' to save the startuplist.txt log into your HijackThis folder, then close the log window
  6. Back on the HijackThis menu, click 'Open process manager'
  7. In the new window click to place a check mark in the box next to 'Show DLLs' (top right), then click the 'clipboard' icon just to the left of that box (this will copy the log contents)
  8. Now come back to this forum and click 'post reply' to open your next reply to this thread, then press and hold down the Ctrl key on your keyboard while pressing the letter V to paste the contents of the clipboard and submit it as your next reply
  9. Close HijackThis, then navigate to the Hijackthis folder and open the startuplist.txt file, copy and paste the contents into a separate reply and post it back here
Silent Runners
  1. Please RIGHT-CLICK HERE and choose 'Save Target As', and download Silent Runners to your desktop
  2. Click or double-click on the Silent Runners icon on your desktop
  3. You will see a text file appear on the desktop - it won't appear to be doing anything but let it run until you receive the prompt 'All Done!'
  4. Then click or double-click the new text file on the desktop, copy the entire log, and paste it into a third reply
  5. NOTE - if you receive any warning message about scripts, please choose to allow the script to run.
Upload suspicious files

There are two files I would like copies of in order to check them out
  • Using Windows Explorer, navigate to the C:\WINDOWS directory, click on the 'Name' tab at the top to sort the list of files in alphabetical order and look down the list for:
      cdkhilgj.exe - DO NOT CLICK ON IT
  • Hover the mouse cursor over the file and then RIGHT-CLICK and choose 'Send To' and then 'Compressed (zipped) Folder'
  • Go back to Windows Explorer and navigate to the C:\WINDOWS\System32 directory and look down the list for:
      vdznmxb.exe - DO NOT CLICK ON IT
  • Hover the mouse cursor over the file and then RIGHT-CLICK and choose 'Copy'
  • Then right-click on the compressed folder created above and choose 'Paste'
  • Click or double-click on the compressed folder to open it and check that it contains both files, then close the folder, RIGHT-CLICK on it and choose ''Explore'
  • In the 'File' menu choose 'Add a Password', type in the password infected and confirm the password
  • Please send the compressed zip folder as an attachment to an email:

    Address the email to cjwd-subAThostingatessex.com (replacing 'AT' with an '@' symbol

    For the subject header use 'File submission requested by Surreal2'

    In the text box of the email, copy and paste the following:


Please remember to let me know the answers to the two questions I asked at the start of this post.

Cheers…
Surreal2
Regular Member
 
Posts: 207
Joined: September 30th, 2005, 1:24 pm
Location: Peterborough, UK

New Hihack Post

Unread postby bigQoo » November 17th, 2005, 12:07 am

Process list saved on 11:05:51 PM, on 11/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)

[pid] [full path to filename] [file version] [company name]
620 C:\WINDOWS\System32\smss.exe 5.1.2600.2180 Microsoft Corporation
720 C:\WINDOWS\system32\csrss.exe 5.1.2600.2180 Microsoft Corporation
744 C:\WINDOWS\System32\winlogon.exe 5.1.2600.2180 Microsoft Corporation
788 C:\WINDOWS\system32\services.exe 5.1.2600.2180 Microsoft Corporation
800 C:\WINDOWS\system32\lsass.exe 5.1.2600.2180 Microsoft Corporation
948 C:\WINDOWS\system32\svchost.exe 5.1.2600.2180 Microsoft Corporation
1032 C:\WINDOWS\system32\svchost.exe 5.1.2600.2180 Microsoft Corporation
1124 C:\WINDOWS\System32\svchost.exe 5.1.2600.2180 Microsoft Corporation
1176 C:\WINDOWS\System32\svchost.exe 5.1.2600.2180 Microsoft Corporation
1376 C:\WINDOWS\System32\svchost.exe 5.1.2600.2180 Microsoft Corporation
1512 C:\WINDOWS\system32\spoolsv.exe 5.1.2600.2696 Microsoft Corporation
1748 C:\WINDOWS\Explorer.EXE 6.0.2900.2180 Microsoft Corporation
1924 C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
1932 C:\windows\system\hpsysdrv.exe 1.7.0.0 Hewlett-Packard Company
1944 C:\WINDOWS\System32\hkcmd.exe 3.0.0.3889 Intel Corporation
1956 C:\HP\KBD\KBD.EXE 1.0.2.0 Hewlett-Packard Company
1976 C:\Program Files\ewido\security suite\ewidoctrl.exe 3.0.0.1 ewido networks
1988 C:\WINDOWS\AGRSMMSG.exe 2.1.51.0 Agere Systems
2024 C:\Program Files\Yahoo!\browser\ybrwicon.exe 2003.7.11.1 Yahoo!, Inc.
2032 C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe 5.8.0.13 Visual Networks
192 C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe 5.8.0.13 Visual Networks
180 C:\WINDOWS\system32\wdfmgr.exe 5.2.3790.1230 Microsoft Corporation
236 C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe 5.6.7.-22806 Motive Communications, Inc.
240 C:\WINDOWS\System32\MsPMSPSv.exe 7.0.0.1956 Microsoft Corporation
248 C:\WINDOWS\System32\igfxtray.exe 3.0.0.3889 Intel Corporation
276 C:\WINDOWS\ALCXMNTR.EXE 1.5.0.0 Realtek Semiconductor Corp.
308 C:\PROGRA~1\Yahoo!\browser\ycommon.exe 2003.7.14.1 Yahoo!, Inc.
388 C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe 2.236.4.0 HP
416 C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe 50.0.146.0 Hewlett-Packard Co.
492 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe 2.1.1.0 Hewlett-Packard Company
660 C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe 2.1.1.0 eBay
956 C:\Program Files\Common Files\Real\Update_OB\realsched.exe 0.1.0.3208 RealNetworks, Inc.
1152 C:\Program Files\iTunes\iTunesHelper.exe 6.0.1.3 Apple Computer, Inc.
1228 C:\Program Files\QuickTime\qttask.exe 7.0.3.50 Apple Computer, Inc.
1328 C:\Program Files\Messenger\msmsgs.exe 4.7.0.3001 Microsoft Corporation
1436 C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe 4.25.3.0 The Weather Channel Interactive
1612 C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe 1.0.0.615 Microsoft Corporation
1740 C:\Program Files\eFax Messenger 3.5\J2GDllCmd.exe 3.5.231.0 j2 Global Communications, Inc.
1340 C:\Program Files\eFax Messenger 3.5\J2GTray.exe 3.5.231.0 j2 Global Communications, Inc.
2220 C:\Program Files\InterMute\PopSubtract\PopSub.exe 1.3.8.0 interMute, Inc.
2532 C:\WINDOWS\system32\wscntfy.exe 5.1.2600.2180 Microsoft Corporation
2584 C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
2600 C:\Program Files\iPod\bin\iPodService.exe 6.0.1.3 Apple Computer, Inc.
3116 C:\WINDOWS\System32\alg.exe 5.1.2600.2180 Microsoft Corporation
2764 C:\Program Files\Internet Explorer\iexplore.exe 6.0.2900.2180 Microsoft Corporation
1384 C:\Documents and Settings\Owner\My Documents\HiJack\HijackThis.exe 1.99.0.1 Soeperman Enterprises Ltd.


DLLs loaded by process C:\WINDOWS\System32\smss.exe:

[full path to filename] [file version] [company name]
C:\WINDOWS\system32\ntdll.dll 5.1.2600.2180 Microsoft Corporation
bigQoo
Regular Member
 
Posts: 15
Joined: November 10th, 2005, 7:42 pm

Hijack Txt log #2

Unread postby bigQoo » November 17th, 2005, 12:08 am

StartupList report, 11/16/2005, 11:03:23 PM
StartupList version: 1.52.2
Started from : C:\Documents and Settings\Owner\My Documents\HiJack\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\eFax Messenger 3.5\J2GDllCmd.exe
C:\Program Files\eFax Messenger 3.5\J2GTray.exe
C:\Program Files\InterMute\PopSubtract\PopSub.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\My Documents\HiJack\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Owner\Start Menu\Programs\Startup]
IMStart.lnk = C:\Program Files\InterMute\IMStart.exe

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
eFax DllCmd 3.5.lnk = C:\Program Files\eFax Messenger 3.5\J2GDllCmd.exe
eFax Tray Menu 3.5.lnk = C:\Program Files\eFax Messenger 3.5\J2GTray.exe
KeyCorp VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
PopSubtract.lnk = C:\Program Files\InterMute\PopSubtract\PopSub.exe
Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

SunJavaUpdateSched = C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
hpsysdrv = c:\windows\system\hpsysdrv.exe
HotKeysCmds = C:\WINDOWS\System32\hkcmd.exe
KBD = C:\HP\KBD\KBD.EXE
Recguard = C:\WINDOWS\SMINST\RECGUARD.EXE
VTTimer = VTTimer.exe
AGRSMMSG = AGRSMMSG.exe
PS2 = C:\WINDOWS\system32\ps2.exe
Reminder = "C:\Windows\Creator\Remind_XP.exe"
YBrowser = C:\Program Files\Yahoo!\browser\ybrwicon.exe
IPInSightLAN 02 = "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
IPInSightMonitor 02 = "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
Motive SmartBridge = C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
cdkhilgj = C:\WINDOWS\cdkhilgj.exe
bpclvfhstxhe = C:\WINDOWS\System32\vdznmxb.exe
¢‰¸u0–4C
}ïÃ
bigQoo
Regular Member
 
Posts: 15
Joined: November 10th, 2005, 7:42 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 52 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware