Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

My Hijack Log

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

My Hijack Log

Unread postby Towel » July 28th, 2005, 9:45 pm

Hopefully you guys can help me out. Here is my log:

Logfile of HijackThis v1.99.1
Scan saved at 5:54:12 PM, on 7/28/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\netwd32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\atlyz.exe
C:\Scan\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\liyqv.dll/sp.html#28129
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\liyqv.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\liyqv.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\liyqv.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\liyqv.dll/sp.html#28129
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {60D3C2DA-22CF-E589-2EF0-062330D46C5E} - C:\WINDOWS\mscx.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - c:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Class - {D78A5F0E-80E3-B4FE-8284-E4F7345EF9A1} - C:\WINDOWS\system32\addja.dll
O2 - BHO: Class - {F27F1D27-3CF0-21F4-CC05-4594BE098CBB} - C:\WINDOWS\javaqa32.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [addwb32.exe] C:\WINDOWS\system32\addwb32.exe
O4 - HKLM\..\Run: [crhq32.exe] C:\WINDOWS\system32\crhq32.exe
O4 - HKLM\..\Run: [appgk.exe] C:\WINDOWS\appgk.exe
O4 - HKLM\..\Run: [nethb32.exe] C:\WINDOWS\system32\nethb32.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [mfclu32.exe] C:\WINDOWS\mfclu32.exe
O4 - HKLM\..\Run: [winwa32.exe] C:\WINDOWS\system32\winwa32.exe
O4 - HKLM\..\Run: [sdkxj.exe] C:\WINDOWS\system32\sdkxj.exe
O4 - HKLM\..\Run: [winyl32.exe] C:\WINDOWS\winyl32.exe
O4 - HKLM\..\Run: [atlyz.exe] C:\WINDOWS\atlyz.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com/ho ... scan60.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/viru ... ebscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = monolithicpower.com
O17 - HKLM\Software\..\Telephony: DomainName = monolithicpower.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = monolithicpower.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = monolithicpower.com
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Towel
Regular Member
 
Posts: 59
Joined: March 13th, 2005, 2:49 am
Advertisement
Register to Remove

Unread postby tj416 » July 29th, 2005, 2:24 am

Hi Towel,

Download Firefox and install it. Use that as your primary browser for the time being because opening IE will bring in more infected files.

You may want to print out these instructions or save them to your desktop as a text file with Notepad because we will be restarting into Safe Mode later on in the fix and you might not be able to access the Internet.
  1. Prepare CWShredder for use:
    • Download CWShredder.
    • Save CWShredder.exe to a convenient location.
    • Please do not do anything with it yet.
  2. Prepare cwsserviceremove.reg for use:
  3. Prepare AboutBuster for use:
    • Download AboutBuster.
    • Unzip the contents of AboutBuster.zip and an AboutBuster directory will be created.
    • Navigate to the AboutBuster directory and double-click on AboutBuster.exe.
    • Click "OK" at the prompt with instructions.
    • Click "Update" and then "Check For Update" to begin the update process.
    • If any updates exist please download them by clicking "Download Update".
    • You should not run the program yet so click "Exit".
  4. Prepare Ewido Security Suite for use:
    • Download the trial version of Ewido Security Suite.
    • Install the Program.
    • Click on the "update" button on the left hand side of the window.
    • Click on "Start Update".
    • You should not run the program yet so Exit the program.
Boot into Safe Mode:
Restart your computer and immediately begin tapping the F8 key on your keyboard.
If done right a Windows Advanced Options menu will appear. Select the Safe Mode option and press Enter.
To return to normal mode just restart your computer as you normally would.
  1. Run CWShredder:
    • Double-click on CWShredder.exe.
    • Click "Fix ->" and click "OK" at the prompt.
    • CWShredder will scan and clean your system of CWS files.
    • Click "Next->" and then "Exit".
  2. Run AboutBuster and save the logs:
    • Browse to where you saved AboutBuster and run AboutBuster.exe.
    • Click "OK" at the directions Read: Important! prompt.
    • Click "Start" and then "OK" to allow AboutBuster to scan for Alternate Data Streams.
    • Click "Yes" at the About:Buster prompt to allow it to shutdown explorer.exe.
    • Please wait while AboutBuster scans your computer for malicious files. If it asks if you would like to do a second pass, allow it to do so.
    • When it has finished, click "Save Log...". Make sure you save it as I will need a copy of it.
    • Click "Exit" and "Exit" again to exit AboutBuster.
  3. Run Ewido Security Suite:
    • Open Ewido Security Suite.
    • Click on the "scanner" button on the left hand side of the window.
    • Click on "Complete System Scan".
    • After the scan is completed, save the logfile from the scan.
  4. Remove the offending service:
    • Double-click the cwsserviceremove.reg file you downloaded at the beginning.
    • Answer Yes when prompted to add the contents to the registry.
  5. Clean out temporary files:
    • Start | Run | type cleanmgr | OK
    • Let it scan your system for files to remove.
    • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
    • Click "OK" to remove them.
    • Click "Yes" to confirm the deletion.
  6. Restart your computer normally to return to normal mode.
  7. Free TrendMicro Housecall scan:
    • Vist the TrendMicro Housecall website.
    • Select your country from the drop-down list and click "Go".
    • Choose "Yes" at the ActiveX Security Warning prompt.
    • Please wait while the Housecall engine is updated.
    • Select the drives to be scanned by placing a check in their respective boxes.
    • Check the "Auto Clean" box.
    • Click "SCAN" in order to begin scanning your system.
    • Please be patient while Housecall scans your system for malicious files.
    • If not auto-cleaned, remove anything it finds.
    • Click "Close" to exit the Housecall scanner.
    • Choose "Yes" at the HouseCall message prompt.
  8. Prepare your reply:
    • Please post a fresh HijackThis log
    • Please post the Ewido Security Suite log.
    • Please post the AboutBuster log.
    • Please note any complications you had.
User avatar
tj416
Regular Member
 
Posts: 40
Joined: March 5th, 2005, 8:47 pm

Unread postby Towel » July 29th, 2005, 2:48 pm

First of all thanks for your help. I had no complications following your steps at all.


Here is my new Hijack log:

Logfile of HijackThis v1.99.1
Scan saved at 11:27:14 AM, on 7/29/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Microsoft Office\Office\EXCEL.EXE
C:\Scan\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\spvse.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\spvse.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\spvse.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\spvse.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\spvse.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\spvse.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\spvse.dll/sp.html#28129
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - c:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Class - {F27F1D27-3CF0-21F4-CC05-4594BE098CBB} - C:\WINDOWS\javaqa32.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [addwb32.exe] C:\WINDOWS\system32\addwb32.exe
O4 - HKLM\..\Run: [crhq32.exe] C:\WINDOWS\system32\crhq32.exe
O4 - HKLM\..\Run: [appgk.exe] C:\WINDOWS\appgk.exe
O4 - HKLM\..\Run: [nethb32.exe] C:\WINDOWS\system32\nethb32.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [mfclu32.exe] C:\WINDOWS\mfclu32.exe
O4 - HKLM\..\Run: [winwa32.exe] C:\WINDOWS\system32\winwa32.exe
O4 - HKLM\..\Run: [sdkxj.exe] C:\WINDOWS\system32\sdkxj.exe
O4 - HKLM\..\Run: [winyl32.exe] C:\WINDOWS\winyl32.exe
O4 - HKLM\..\Run: [atlyz.exe] C:\WINDOWS\atlyz.exe
O4 - HKLM\..\Run: [ipdi.exe] C:\WINDOWS\system32\ipdi.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com/ho ... scan60.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/viru ... ebscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = monolithicpower.com
O17 - HKLM\Software\..\Telephony: DomainName = monolithicpower.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = monolithicpower.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = monolithicpower.com
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

============================

My AB logfile:

AboutBuster 5.0 reference file 28
Scan started on [7/29/2005] at [9:36:21 AM]
------------------------------------------------
Removed Stream! C:\WINDOWS\akaxz.txt:zsynxt
Removed Stream! C:\WINDOWS\alwcp.log:byjdqz
Removed Stream! C:\WINDOWS\aucfg.ini:ncqhpb
Removed Stream! C:\WINDOWS\ayaae.dat:dvxrul
Removed Stream! C:\WINDOWS\aydtf.log:kaqrna
Removed Stream! C:\WINDOWS\bbsbg.txt:gdinrm
Removed Stream! C:\WINDOWS\bcndh.log:kmjfmg
Removed Stream! C:\WINDOWS\blgkk.dat:iyxiek
Removed Stream! C:\WINDOWS\Blue Lace 16.bmp:jtfuak
Removed Stream! C:\WINDOWS\Blue Lace 16.bmp:nvigtm
Removed Stream! C:\WINDOWS\Blue Lace 16.bmp:tktjjt
Removed Stream! C:\WINDOWS\Blue Lace 16.bmp:vtbkjn
Removed Stream! C:\WINDOWS\Blue Lace 16.bmp:yqartq
Removed Stream! C:\WINDOWS\bonvx.txt:azqnyu
Removed Stream! C:\WINDOWS\BOOTSTAT.DAT:ebcwcn
Removed Stream! C:\WINDOWS\BOOTSTAT.DAT:nhfyxw
Removed Stream! C:\WINDOWS\BOOTSTAT.DAT:oumpex
Removed Stream! C:\WINDOWS\BOOTSTAT.DAT:retfgy
Removed Stream! C:\WINDOWS\bshbi.dat:buyhcm
Removed Stream! C:\WINDOWS\bvgeb.txt:iciyjq
Removed Stream! C:\WINDOWS\bwknq.txt:cdstde
Removed Stream! C:\WINDOWS\bwknq.txt:xnmvws
Removed Stream! C:\WINDOWS\cfqvu.log:oswpun
Removed Stream! C:\WINDOWS\cfqvu.log:xwwhhb
Removed Stream! C:\WINDOWS\Coffee Bean.bmp:apposf
Removed Stream! C:\WINDOWS\Coffee Bean.bmp:eletfg
Removed Stream! C:\WINDOWS\Coffee Bean.bmp:mxsbow
Removed Stream! C:\WINDOWS\COMSETUP.LOG:zlhhri
Removed Stream! C:\WINDOWS\CONTROL.INI:plapkn
Removed Stream! C:\WINDOWS\csrti.dat:smsntk
Removed Stream! C:\WINDOWS\csrti.dat:zdwpca
Removed Stream! C:\WINDOWS\cwdtb.txt:nfhocm
Removed Stream! C:\WINDOWS\cxetc.txt:fgruxo
Removed Stream! C:\WINDOWS\cyrsv.dat:drlejc
Removed Stream! C:\WINDOWS\DAHOTFIX.LOG:aeboto
Removed Stream! C:\WINDOWS\DAHOTFIX.LOG:uwzogv
Removed Stream! C:\WINDOWS\DAHOTFIX.LOG:xmphhq
Removed Stream! C:\WINDOWS\dasetup.log:bkwpjn
Removed Stream! C:\WINDOWS\dasetup.log:iircf
Removed Stream! C:\WINDOWS\denvt.dat:tfttvq
Removed Stream! C:\WINDOWS\DESKTOP.INI:iverbj
Removed Stream! C:\WINDOWS\DESKTOP.INI:mxruag
Removed Stream! C:\WINDOWS\DirectX.log:bbkia
Removed Stream! C:\WINDOWS\DJBDRV.LOG:bwxweu
Removed Stream! C:\WINDOWS\DJBDRV.LOG:rtszq
Removed Stream! C:\WINDOWS\dlkkq.log:ijdiyt
Removed Stream! C:\WINDOWS\drapi.dat:aknwad
Removed Stream! C:\WINDOWS\DtcInstall.log:ajklal
Removed Stream! C:\WINDOWS\DtcInstall.log:qqhzsc
Removed Stream! C:\WINDOWS\DtcInstall.log:xfxjkd
Removed Stream! C:\WINDOWS\dtjbf.dat:kmpgwd
Removed Stream! C:\WINDOWS\dvbwt.dat:cqiqri
Removed Stream! C:\WINDOWS\dyczo.dat:fgofhs
Removed Stream! C:\WINDOWS\dyqfq.dat:txpjye
Removed Stream! C:\WINDOWS\eaana.txt:oklyye
Removed Stream! C:\WINDOWS\eaana.txt:xzhljc
Removed Stream! C:\WINDOWS\egxgo.txt:gpbkhy
Removed Stream! C:\WINDOWS\ejbbk.dat:ebvpuj
Removed Stream! C:\WINDOWS\ejrdf.txt:zlwqur
Removed Stream! C:\WINDOWS\eoabq.txt:ornscj
Removed Stream! C:\WINDOWS\eoimp.dat:cgksiv
Removed Stream! C:\WINDOWS\eoimp.dat:lxapah
Removed Stream! C:\WINDOWS\erjqv.dat:fsiobo
Removed Stream! C:\WINDOWS\erjqv.dat:kxbtbr
Removed Stream! C:\WINDOWS\erjqv.dat:wcouwu
Removed Stream! C:\WINDOWS\esfbg.log:knzbrl
Removed Stream! C:\WINDOWS\etoms.log:bjxaxv
Removed Stream! C:\WINDOWS\etuon.log:cyuydb
Removed Stream! C:\WINDOWS\etuon.log:odgaqe
Removed Stream! C:\WINDOWS\EXPLORER.SCF:nandwi
Removed Stream! C:\WINDOWS\EXPLORER.SCF:sjuyyw
Removed Stream! C:\WINDOWS\eygkr.log:haxubt
Removed Stream! C:\WINDOWS\eygkr.log:hdrnsg
Removed Stream! C:\WINDOWS\eyjup.log:rcnuah
Removed Stream! C:\WINDOWS\ezrzn.txt:fbfqzs
Removed Stream! C:\WINDOWS\FaxSetup.log:pzdlcj
Removed Stream! C:\WINDOWS\FaxSetup.log:siawek
Removed Stream! C:\WINDOWS\FaxSetup.log:tbdnc
Removed Stream! C:\WINDOWS\FeatherTexture.bmp:xwvmzo
Removed Stream! C:\WINDOWS\feczz.dat:bsisrw
Removed Stream! C:\WINDOWS\feczz.dat:utjbmn
Removed Stream! C:\WINDOWS\fgcuz.dat:xbyvtu
Removed Stream! C:\WINDOWS\fiomd.log:ebybzj
Removed Stream! C:\WINDOWS\forgz.log:fvmlja
Removed Stream! C:\WINDOWS\forgz.log:wbqgbl
Removed Stream! C:\WINDOWS\ftpjq.dat:asgeye
Removed Stream! C:\WINDOWS\ftpjq.dat:laaisw
Removed Stream! C:\WINDOWS\ftpjq.dat:ylsnyz
Removed Stream! C:\WINDOWS\fxegh.dat:xwfzdl
Removed Stream! C:\WINDOWS\fzpzn.log:bsisrw
Removed Stream! C:\WINDOWS\gcqjp.txt:dbknvy
Removed Stream! C:\WINDOWS\Gone Fishing.bmp:pqvext
Removed Stream! C:\WINDOWS\Greenstone.bmp:ecnaw
Removed Stream! C:\WINDOWS\Greenstone.bmp:nvigtm
Removed Stream! C:\WINDOWS\guhzt.log:ipazlb
Removed Stream! C:\WINDOWS\gvslo.log:gjqkno
Removed Stream! C:\WINDOWS\gzwbn.dat:aqlmnd
Removed Stream! C:\WINDOWS\hbada.log:ibozfp
Removed Stream! C:\WINDOWS\hbada.log:trwlus
Removed Stream! C:\WINDOWS\hetql.log:bbjfxj
Removed Stream! C:\WINDOWS\hetql.log:lyjphz
Removed Stream! C:\WINDOWS\hfexs.log:xpkplt
Removed Stream! C:\WINDOWS\hfexs.log:zxgcxb
Removed Stream! C:\WINDOWS\hovfe.log:fgcuzg
Removed Stream! C:\WINDOWS\hovfe.log:ozvieu
Removed Stream! C:\WINDOWS\hovfe.log:zuoaxx
Removed Stream! C:\WINDOWS\hpbafd.ini:caqgvo
Removed Stream! C:\WINDOWS\hpbafd.ini:hqsdwe
Removed Stream! C:\WINDOWS\huftx.txt:aoxxcg
Removed Stream! C:\WINDOWS\huftx.txt:suyfri
Removed Stream! C:\WINDOWS\hzipm.log:cacaoy
Removed Stream! C:\WINDOWS\ibozf.dat:kvrktk
Removed Stream! C:\WINDOWS\ibozf.dat:mgkofv
Removed Stream! C:\WINDOWS\ibozf.dat:sphkwr
Removed Stream! C:\WINDOWS\ievoz.log:gvfnzl
Removed Stream! C:\WINDOWS\IIS6.LOG:bprpaq
Removed Stream! C:\WINDOWS\irnjz.log:rpqgwx
Removed Stream! C:\WINDOWS\iwybu.dat:jdwujp
Removed Stream! C:\WINDOWS\iwybu.dat:kpblqi
Removed Stream! C:\WINDOWS\iyxng.log:jvjidi
Removed Stream! C:\WINDOWS\jaawe.txt:mivawd
Removed Stream! C:\WINDOWS\jbzcy.txt:bwuvxk
Removed Stream! C:\WINDOWS\jeokj.log:beoala
Removed Stream! C:\WINDOWS\jeokj.log:gtdttq
Removed Stream! C:\WINDOWS\jgcnd.log:sbijan
Removed Stream! C:\WINDOWS\jgcnd.log:usfqic
Removed Stream! C:\WINDOWS\jipat.txt:lubwcp
Removed Stream! C:\WINDOWS\jixei.log:trwlus
Removed Stream! C:\WINDOWS\jixei.log:uezffk
Removed Stream! C:\WINDOWS\jmubc.log:xtpocq
Removed Stream! C:\WINDOWS\jrkms.txt:mfrshn
Removed Stream! C:\WINDOWS\jrkms.txt:qvhepd
Removed Stream! C:\WINDOWS\jumcl.dat:thyxma
Removed Stream! C:\WINDOWS\jwymg.txt:hvepew
Removed Stream! C:\WINDOWS\jwymg.txt:jvzjjo
Removed Stream! C:\WINDOWS\jwymg.txt:urpuzf
Removed Stream! C:\WINDOWS\KB816486.LOG:eyplby
Removed Stream! C:\WINDOWS\KB816486.LOG:romehz
Removed Stream! C:\WINDOWS\KB823182.log:bosxmq
Removed Stream! C:\WINDOWS\KB824105.LOG:jyhkwu
Removed Stream! C:\WINDOWS\KB824105.LOG:ssqcnq
Removed Stream! C:\WINDOWS\KB824105.LOG:xrhzva
Removed Stream! C:\WINDOWS\KB824146.LOG:medrni
Removed Stream! C:\WINDOWS\KB824146.LOG:upkcga
Removed Stream! C:\WINDOWS\KB825119.LOG:ltjpqa
Removed Stream! C:\WINDOWS\KB826939.LOG:bzapqw
Removed Stream! C:\WINDOWS\KB826939.LOG:civapd
Removed Stream! C:\WINDOWS\KB826939.LOG:psseql
Removed Stream! C:\WINDOWS\KB826942.log:ffvwps
Removed Stream! C:\WINDOWS\KB826959.log:fkacsq
Removed Stream! C:\WINDOWS\KB826959.log:wyghbz
Removed Stream! C:\WINDOWS\KB828035.LOG:iskjsv
Removed Stream! C:\WINDOWS\KB828035.LOG:masuth
Removed Stream! C:\WINDOWS\KB828035.LOG:uanfrn
Removed Stream! C:\WINDOWS\KB828741.log:xxocju
Removed Stream! C:\WINDOWS\KB834030.log:hmbdtu
Removed Stream! C:\WINDOWS\KB834030.log:hyzvdb
Removed Stream! C:\WINDOWS\KB835732.log:ciaqod
Removed Stream! C:\WINDOWS\klvbo.log:romehz
Removed Stream! C:\WINDOWS\knkuq.dat:dpefzx
Removed Stream! C:\WINDOWS\knkuq.dat:hyyplf
Removed Stream! C:\WINDOWS\kpwsj.txt:upvzfl
Removed Stream! C:\WINDOWS\krdwt.log:tagwpg
Removed Stream! C:\WINDOWS\kvvjc.dat:bzujpp
Removed Stream! C:\WINDOWS\lgglm.txt:figktg
Removed Stream! C:\WINDOWS\Libsti.ini:xjrxvi
Removed Stream! C:\WINDOWS\llnxh.dat:lbzbri
Removed Stream! C:\WINDOWS\mbnfw.txt:wtqhfj
Removed Stream! C:\WINDOWS\mdm.ini:glyqng
Removed Stream! C:\WINDOWS\mdons.log:pujuit
Removed Stream! C:\WINDOWS\MedCtrOC.log:ecjols
Removed Stream! C:\WINDOWS\MedCtrOC.log:rmlupi
Removed Stream! C:\WINDOWS\mhidg.dat:hnncdq
Removed Stream! C:\WINDOWS\mhidg.dat:ymjvqr
Removed Stream! C:\WINDOWS\miivi.dat:kauazd
Removed Stream! C:\WINDOWS\mqllr.txt:rnbakb
Removed Stream! C:\WINDOWS\mqllr.txt:wdcufd
Removed Stream! C:\WINDOWS\mqtjq.log:raumzh
Removed Stream! C:\WINDOWS\mqtjq.log:zniirf
Removed Stream! C:\WINDOWS\MSMQINST.LOG:ecuegz
Removed Stream! C:\WINDOWS\mtehc.log:dhlikr
Removed Stream! C:\WINDOWS\mtjjl.log:wdfjab
Removed Stream! C:\WINDOWS\mvcar.log:alzahj
Removed Stream! C:\WINDOWS\mvcar.log:bojwbb
Removed Stream! C:\WINDOWS\mynus.log:pwyodm
Removed Stream! C:\WINDOWS\mznmr.dat:cieghc
Removed Stream! C:\WINDOWS\mznmr.dat:mnhqip
Removed Stream! C:\WINDOWS\nbltf.dat:tpbjvm
Removed Stream! C:\WINDOWS\NETFXOCM.LOG:cbxfnt
Removed Stream! C:\WINDOWS\nhpoo.txt:uiwljn
Removed Stream! C:\WINDOWS\NSREX.INI:jwcxkp
Removed Stream! C:\WINDOWS\NSREX.INI:ucqkqe
Removed Stream! C:\WINDOWS\nvigt.log:uiguaw
Removed Stream! C:\WINDOWS\nzniv.txt:xazyem
Removed Stream! C:\WINDOWS\n_aibjfu.log:kgwepr
Removed Stream! C:\WINDOWS\n_aibjfu.log:njyzuy
Removed Stream! C:\WINDOWS\n_akupej.txt:qlmdvo
Removed Stream! C:\WINDOWS\n_akupej.txt:rjqcoo
Removed Stream! C:\WINDOWS\n_ayzbql.txt:fjrmwj
Removed Stream! C:\WINDOWS\n_ayzbql.txt:wpowsa
Removed Stream! C:\WINDOWS\n_bixoej.log:jvnwhi
Removed Stream! C:\WINDOWS\n_bixoej.log:xkbsqt
Removed Stream! C:\WINDOWS\n_bumriv.txt:dzsgdg
Removed Stream! C:\WINDOWS\n_bycyhq.txt:vasfqs
Removed Stream! C:\WINDOWS\n_cgvpts.txt:dprewh
Removed Stream! C:\WINDOWS\n_ckbmqy.dat:obcklv
Removed Stream! C:\WINDOWS\n_ctxgab.log:oiuosu
Removed Stream! C:\WINDOWS\n_czqufz.dat:hjmcme
Removed Stream! C:\WINDOWS\n_czqufz.dat:kjjjqi
Removed Stream! C:\WINDOWS\n_ddieiw.txt:otqjxz
Removed Stream! C:\WINDOWS\n_diwojp.dat:ltbzz
Removed Stream! C:\WINDOWS\n_diwojp.dat:ztioab
Removed Stream! C:\WINDOWS\n_djovvd.log:vkmumv
Removed Stream! C:\WINDOWS\n_dpjgwf.dat:frflhg
Removed Stream! C:\WINDOWS\n_drhzis.log:nlfhgf
Removed Stream! C:\WINDOWS\n_dtgisy.dat:pryrjq
Removed Stream! C:\WINDOWS\n_dwogll.log:qzvxvg
Removed Stream! C:\WINDOWS\n_dylmmm.txt:cklzeq
Removed Stream! C:\WINDOWS\n_dylmmm.txt:isrwda
Removed Stream! C:\WINDOWS\n_dylmmm.txt:jdenlz
Removed Stream! C:\WINDOWS\n_dylmmm.txt:rygyiw
Removed Stream! C:\WINDOWS\n_edubrp.txt:yhlivz
Removed Stream! C:\WINDOWS\n_eeqpwb.log:ycfykl
Removed Stream! C:\WINDOWS\n_eesmtm.dat:atbjxd
Removed Stream! C:\WINDOWS\n_emvcuw.log:ctlntn
Removed Stream! C:\WINDOWS\n_emvcuw.log:qidvyj
Removed Stream! C:\WINDOWS\n_ewhvce.dat:jjwbsl
Removed Stream! C:\WINDOWS\n_exupdr.log:jzqlcg
Removed Stream! C:\WINDOWS\n_exupdr.log:ptvjsi
Removed Stream! C:\WINDOWS\n_ezbrsj.txt:bjhgmw
Removed Stream! C:\WINDOWS\n_fbqqvi.dat:urdhvw
Removed Stream! C:\WINDOWS\n_fjagqe.dat:bonvxq
Removed Stream! C:\WINDOWS\n_fjagqe.dat:utdtwx
Removed Stream! C:\WINDOWS\n_fjagqe.dat:vlqcja
Removed Stream! C:\WINDOWS\n_fjqcjg.txt:msnmqg
Removed Stream! C:\WINDOWS\n_flzopl.txt:ldquym
Removed Stream! C:\WINDOWS\n_flzopl.txt:zbfcwh
Removed Stream! C:\WINDOWS\n_fmpevh.txt:oljhdk
Removed Stream! C:\WINDOWS\n_fsfmym.dat:dvbwtd
Removed Stream! C:\WINDOWS\n_fsfmym.dat:qhjsfs
Removed Stream! C:\WINDOWS\n_fsfmym.dat:svsral
Removed Stream! C:\WINDOWS\n_fvbwgz.dat:phliaj
Removed Stream! C:\WINDOWS\n_fxccri.log:jibxhc
Removed Stream! C:\WINDOWS\n_fyymid.log:azwnvt
Removed Stream! C:\WINDOWS\n_fyymid.log:kvcwcn
Removed Stream! C:\WINDOWS\n_fyymid.log:vhtkar
Removed Stream! C:\WINDOWS\n_gfdcyt.log:fuwyqz
Removed Stream! C:\WINDOWS\n_gfdcyt.log:mrqtmu
Removed Stream! C:\WINDOWS\n_gfdcyt.log:xbeyvl
Removed Stream! C:\WINDOWS\n_gfdcyt.log:xsuozb
Removed Stream! C:\WINDOWS\n_gihbub.dat:rvkhyb
Removed Stream! C:\WINDOWS\n_gmrzly.log:biudbf
Removed Stream! C:\WINDOWS\n_godtcg.dat:bffbtl
Removed Stream! C:\WINDOWS\n_godtcg.dat:nilxub
Removed Stream! C:\WINDOWS\n_godtcg.dat:qmkljd
Removed Stream! C:\WINDOWS\n_godtcg.dat:vwvcwy
Removed Stream! C:\WINDOWS\n_gvevvp.log:ilxyvo
Removed Stream! C:\WINDOWS\n_gvevvp.log:ujeidp
Removed Stream! C:\WINDOWS\n_gzglow.dat:bpnruo
Removed Stream! C:\WINDOWS\n_hbmpfq.log:bmpmpy
Removed Stream! C:\WINDOWS\n_hcxpig.txt:nxnpyi
Removed Stream! C:\WINDOWS\n_hcxpig.txt:upgeoz
Removed Stream! C:\WINDOWS\n_heopgm.txt:esigof
Removed Stream! C:\WINDOWS\n_heopgm.txt:gjedxm
Removed Stream! C:\WINDOWS\n_heopgm.txt:xvhlsk
Removed Stream! C:\WINDOWS\n_hgnjkk.txt:czjqfr
Removed Stream! C:\WINDOWS\n_hgnjkk.txt:roevhi
Removed Stream! C:\WINDOWS\n_hnbazj.dat:khsxkw
Removed Stream! C:\WINDOWS\n_hnbazj.dat:wttlih
Removed Stream! C:\WINDOWS\n_hnbazj.dat:yjoiro
Removed Stream! C:\WINDOWS\n_hqajes.txt:yqssup
Removed Stream! C:\WINDOWS\n_hqclab.log:pumqkr
Removed Stream! C:\WINDOWS\n_hqclab.log:uabwzt
Removed Stream! C:\WINDOWS\n_hryjwg.txt:qrlxoz
Removed Stream! C:\WINDOWS\n_hryjwg.txt:zgnatp
Removed Stream! C:\WINDOWS\n_hvmdxb.log:nuljpl
Removed Stream! C:\WINDOWS\n_hxejso.txt:bzisit
Removed Stream! C:\WINDOWS\n_hxejso.txt:ptvjsi
Removed Stream! C:\WINDOWS\n_inbcpj.txt:gnjxqw
Removed Stream! C:\WINDOWS\n_ixhiky.txt:mjlqza
Removed Stream! C:\WINDOWS\n_izuwib.txt:qahmby
Removed Stream! C:\WINDOWS\n_jackos.txt:rhnrfr
Removed Stream! C:\WINDOWS\n_jackos.txt:romqfj
Removed Stream! C:\WINDOWS\n_jezwyd.txt:xymkgx
Removed Stream! C:\WINDOWS\n_jjnjgm.log:jhevht
Removed Stream! C:\WINDOWS\n_jmwehb.dat:ymdnvb
Removed Stream! C:\WINDOWS\n_jqnpdl.log:izpudk
Removed Stream! C:\WINDOWS\n_jsaizc.txt:saiafu
Removed Stream! C:\WINDOWS\n_jscqfn.txt:llgzjx
Removed Stream! C:\WINDOWS\n_kbfszb.log:nqgbhy
Removed Stream! C:\WINDOWS\n_kdimvn.dat:rfdhhe
Removed Stream! C:\WINDOWS\n_kzcuuv.log:yrjmet
Removed Stream! C:\WINDOWS\n_kzcuuv.log:zbgyxt
Removed Stream! C:\WINDOWS\n_lbeucp.log:cggsdr
Removed Stream! C:\WINDOWS\n_lcjkmq.dat:qsbzgw
Removed Stream! C:\WINDOWS\n_lcjkmq.dat:sbzere
Removed Stream! C:\WINDOWS\n_lfjrst.log:uhzxfc
Removed Stream! C:\WINDOWS\n_lqoukw.dat:wtwayb
Removed Stream! C:\WINDOWS\n_mdqvvz.dat:didjlq
Removed Stream! C:\WINDOWS\n_mhqotl.txt:ezpmss
Removed Stream! C:\WINDOWS\n_mhqotl.txt:wjvpns
Removed Stream! C:\WINDOWS\n_mkwrzy.dat:huztuo
Removed Stream! C:\WINDOWS\n_mnxdvk.txt:ojouhd
Removed Stream! C:\WINDOWS\n_mrxblp.log:zvryxz
Removed Stream! C:\WINDOWS\n_mvdkza.log:lollee
Removed Stream! C:\WINDOWS\n_mvdkza.log:zjbubf
Removed Stream! C:\WINDOWS\n_mvqjod.log:yuqqgq
Removed Stream! C:\WINDOWS\n_mzdgbv.log:qvjvab
Removed Stream! C:\WINDOWS\n_mzdgbv.log:srfmax
Removed Stream! C:\WINDOWS\n_neicrw.txt:rkuaep
Removed Stream! C:\WINDOWS\n_nynphf.txt:txqqtn
Removed Stream! C:\WINDOWS\n_nyrhtm.txt:awvoae
Removed Stream! C:\WINDOWS\n_oafjpk.log:ytsvna
Removed Stream! C:\WINDOWS\n_obzjzv.log:clmfys
Removed Stream! C:\WINDOWS\n_oeftef.dat:spftup
Removed Stream! C:\WINDOWS\n_opgshq.txt:irwvjy
Removed Stream! C:\WINDOWS\n_opgshq.txt:nbslzz
Removed Stream! C:\WINDOWS\n_oqntbv.log:umxssc
Removed Stream! C:\WINDOWS\n_oyayxx.txt:fccqbb
Removed Stream! C:\WINDOWS\n_oyayxx.txt:wugjvq
Removed Stream! C:\WINDOWS\n_pcmypj.dat:ovyppt
Removed Stream! C:\WINDOWS\n_pdqlft.log:gszqlq
Removed Stream! C:\WINDOWS\n_pdqlft.log:xmrqst
Removed Stream! C:\WINDOWS\n_pikenq.txt:rrihuo
Removed Stream! C:\WINDOWS\n_pikenq.txt:zdgung
Removed Stream! C:\WINDOWS\n_pnarrx.log:feroob
Removed Stream! C:\WINDOWS\n_psgvvd.dat:cktuoy
Removed Stream! C:\WINDOWS\n_psgvvd.dat:rwqzhq
Removed Stream! C:\WINDOWS\n_pxmtuw.txt:mtsliv
Removed Stream! C:\WINDOWS\n_pxyaps.log:kxjnba
Removed Stream! C:\WINDOWS\n_qdtngb.txt:uchutj
Removed Stream! C:\WINDOWS\n_qdtngb.txt:wawbpl
Removed Stream! C:\WINDOWS\n_qefmvc.log:mlefkl
Removed Stream! C:\WINDOWS\n_qifawq.dat:ptposw
Removed Stream! C:\WINDOWS\n_qnfkub.dat:ubzpmg
Removed Stream! C:\WINDOWS\n_qqdqso.txt:ncsugr
Removed Stream! C:\WINDOWS\n_qznuov.dat:qiobli
Removed Stream! C:\WINDOWS\n_rchssv.dat:kydxzy
Removed Stream! C:\WINDOWS\n_rfichp.txt:jbghft
Removed Stream! C:\WINDOWS\n_rhcpny.log:adniod
Removed Stream! C:\WINDOWS\n_rnpmke.log:yixdzo
Removed Stream! C:\WINDOWS\n_rsnfsk.log:fbvvkr
Removed Stream! C:\WINDOWS\n_rxqjui.dat:ckrjfw
Removed Stream! C:\WINDOWS\n_rxqjui.dat:dzjwhy
Removed Stream! C:\WINDOWS\n_rzlroj.txt:wuuyve
Removed Stream! C:\WINDOWS\n_sdmueq.dat:ukjohg
Removed Stream! C:\WINDOWS\n_sdmueq.dat:xboamt
Removed Stream! C:\WINDOWS\n_sesrri.dat:puedqo
Removed Stream! C:\WINDOWS\n_sffrjq.txt:msbxlq
Removed Stream! C:\WINDOWS\n_sjrqlx.log:otupes
Removed Stream! C:\WINDOWS\n_sjxtiv.log:wfxzoi
Removed Stream! C:\WINDOWS\n_sjxtiv.log:zlvajj
Removed Stream! C:\WINDOWS\n_smdcar.log:fbbujj
Removed Stream! C:\WINDOWS\n_sruygq.dat:gteuyv
Removed Stream! C:\WINDOWS\n_sszsdb.dat:xcuall
Removed Stream! C:\WINDOWS\n_stsscc.log:wueiid
Removed Stream! C:\WINDOWS\n_suaskk.txt:pbghcs
Removed Stream! C:\WINDOWS\n_svxcpc.dat:pvwnko
Removed Stream! C:\WINDOWS\n_sxrkmg.txt:ibrnwd
Removed Stream! C:\WINDOWS\n_szwzlr.txt:ynawch
Removed Stream! C:\WINDOWS\n_thpypj.txt:qgtbws
Removed Stream! C:\WINDOWS\n_tuvdgs.log:ipnnyz
Removed Stream! C:\WINDOWS\n_txmywk.log:ppuiww
Removed Stream! C:\WINDOWS\n_ufegwn.dat:aqfasj
Removed Stream! C:\WINDOWS\n_uipseo.log:ipnnyz
Removed Stream! C:\WINDOWS\n_ujdspg.txt:xenmin
Removed Stream! C:\WINDOWS\n_upaehr.dat:bilcsc
Removed Stream! C:\WINDOWS\n_uqbhke.log:pffrkp
Removed Stream! C:\WINDOWS\n_uwxrtk.dat:gsipun
Removed Stream! C:\WINDOWS\n_uwxrtk.dat:nukcqd
Removed Stream! C:\WINDOWS\n_uwxrtk.dat:rtjhpf
Removed Stream! C:\WINDOWS\n_vehxer.log:mjovpp
Removed Stream! C:\WINDOWS\n_vehxer.log:ytauox
Removed Stream! C:\WINDOWS\n_vehxer.log:znifzt
Removed Stream! C:\WINDOWS\n_vkcorm.log:ktjshx
Removed Stream! C:\WINDOWS\n_vpmmra.txt:cvnsms
Removed Stream! C:\WINDOWS\n_vppcyb.dat:ceszjk
Removed Stream! C:\WINDOWS\n_vqaawr.txt:xlrflj
Removed Stream! C:\WINDOWS\n_wgclhk.log:uvffgc
Removed Stream! C:\WINDOWS\n_wkteug.dat:ufkfdm
Removed Stream! C:\WINDOWS\n_wmuiuy.txt:hepytp
Removed Stream! C:\WINDOWS\n_wxpmdd.txt:mcdtla
Removed Stream! C:\WINDOWS\n_wyrsos.dat:huvxma
Removed Stream! C:\WINDOWS\n_wyynba.log:fdogfk
Removed Stream! C:\WINDOWS\n_wyynba.log:uifzwx
Removed Stream! C:\WINDOWS\n_xbmrmf.dat:shiask
Removed Stream! C:\WINDOWS\n_xnrskg.log:zfaenr
Removed Stream! C:\WINDOWS\n_xxylle.dat:vqncmf
Removed Stream! C:\WINDOWS\n_xxylle.dat:yxodwf
Removed Stream! C:\WINDOWS\n_yawozo.txt:sxsjpc
Removed Stream! C:\WINDOWS\n_ybmezc.dat:ccztuj
Removed Stream! C:\WINDOWS\n_ycqync.dat:sfnykg
Removed Stream! C:\WINDOWS\n_yeenvm.txt:kylwjm
Removed Stream! C:\WINDOWS\n_ygfwmh.log:opzjhk
Removed Stream! C:\WINDOWS\n_yknrvg.log:hqroju
Removed Stream! C:\WINDOWS\n_ymylij.dat:hnhixn
Removed Stream! C:\WINDOWS\n_yokgdu.dat:iskacc
Removed Stream! C:\WINDOWS\n_ypdzgc.log:dhrrgt
Removed Stream! C:\WINDOWS\n_yqcyzu.dat:dfpqoy
Removed Stream! C:\WINDOWS\n_zatduv.log:ttvlyp
Removed Stream! C:\WINDOWS\n_zcvlya.dat:mugqaz
Removed Stream! C:\WINDOWS\n_zjimhb.log:rsxiph
Removed Stream! C:\WINDOWS\n_zjimhb.log:wfhdij
Removed Stream! C:\WINDOWS\n_ztrqbp.log:zqzyju
Removed Stream! C:\WINDOWS\n_zvdppp.log:ksporr
Removed Stream! C:\WINDOWS\n_zwbmtw.txt:auhitm
Removed Stream! C:\WINDOWS\n_zwbmtw.txt:etuonv
Removed Stream! C:\WINDOWS\n_zwbmtw.txt:ogsjdt
Removed Stream! C:\WINDOWS\oaqev.log:vwaxtk
Removed Stream! C:\WINDOWS\obwvx.txt:zjnixm
Removed Stream! C:\WINDOWS\OCMSN.LOG:hhkofw
Removed Stream! C:\WINDOWS\ODBC.INI:duqhf
Removed Stream! C:\WINDOWS\ODBCINST.INI:lvkapy
Removed Stream! C:\WINDOWS\olids.log:odwsox
Removed Stream! C:\WINDOWS\orhmb.txt:gdoyii
Removed Stream! C:\WINDOWS\orhmb.txt:wpvldt
Removed Stream! C:\WINDOWS\ornsc.log:aurdoc
Removed Stream! C:\WINDOWS\ORUN32.INI:khqqoz
Removed Stream! C:\WINDOWS\ORUN32.INI:ogqfpk
Removed Stream! C:\WINDOWS\ORUN32.ISU:pyyrpy
Removed Stream! C:\WINDOWS\ORUN32.ISU:qrjsha
Removed Stream! C:\WINDOWS\ORUN32.ISU:sujqin
Removed Stream! C:\WINDOWS\ORUN32.ISU:vcibee
Removed Stream! C:\WINDOWS\ORUN32.ISU:yywvjh
Removed Stream! C:\WINDOWS\ozbgl.log:jkuxbc
Removed Stream! C:\WINDOWS\piogo.log:dwnbea
Removed Stream! C:\WINDOWS\Prairie Wind.bmp:jydikk
Removed Stream! C:\WINDOWS\ptqld.txt:ompmin
Removed Stream! C:\WINDOWS\Q327979.LOG:wbifrb
Removed Stream! C:\WINDOWS\Q329112.LOG:hzrwra
Removed Stream! C:\WINDOWS\Q329623.LOG:hjfnnt
Removed Stream! C:\WINDOWS\Q329623.LOG:xaxroj
Removed Stream! C:\WINDOWS\Q329909.LOG:wcslsp
Removed Stream! C:\WINDOWS\Q329909.LOG:xwwxod
Removed Stream! C:\WINDOWS\Q810565.LOG:ddfwxh
Removed Stream! C:\WINDOWS\Q810565.LOG:fazhhf
Removed Stream! C:\WINDOWS\Q810565.LOG:voyrpq
Removed Stream! C:\WINDOWS\Q811789.LOG:aoldxy
Removed Stream! C:\WINDOWS\q812415.log:anozhs
Removed Stream! C:\WINDOWS\q812415.log:fencna
Removed Stream! C:\WINDOWS\q812415.log:odlquz
Removed Stream! C:\WINDOWS\Q813862.LOG:cztcuh
Removed Stream! C:\WINDOWS\Q816981.LOG:aqxbes
Removed Stream! C:\WINDOWS\Q819696.LOG:rgylhx
Removed Stream! C:\WINDOWS\Q828026.LOG:trpgyv
Removed Stream! C:\WINDOWS\qhdgn.dat:fvmkub
Removed Stream! C:\WINDOWS\qikuz.log:uvhtsv
Removed Stream! C:\WINDOWS\qnhua.log:eawurc
Removed Stream! C:\WINDOWS\qnhua.log:uduaqo
Removed Stream! C:\WINDOWS\qqcrv.txt:meenkz
Removed Stream! C:\WINDOWS\qrtpx.dat:fprlic
Removed Stream! C:\WINDOWS\qxajj.dat:ecvnuu
Removed Stream! C:\WINDOWS\REGLOCS.OLD:cztcuh
Removed Stream! C:\WINDOWS\REGLOCS.OLD:pediwz
Removed Stream! C:\WINDOWS\REGLOCS.OLD:xbpate
Removed Stream! C:\WINDOWS\REGLOCS.OLD:yhbmzy
Removed Stream! C:\WINDOWS\REGLOCS.OLD:zghuri
Removed Stream! C:\WINDOWS\REGOPT.LOG:oupuxv
Removed Stream! C:\WINDOWS\REGOPT.LOG:xxfsfq
Removed Stream! C:\WINDOWS\revis.log:soiqbx
Removed Stream! C:\WINDOWS\Rhododendron.bmp:ainfvl
Removed Stream! C:\WINDOWS\Rhododendron.bmp:zvaeti
Removed Stream! C:\WINDOWS\River Sumida.bmp:bmcltr
Removed Stream! C:\WINDOWS\River Sumida.bmp:bpoyef
Removed Stream! C:\WINDOWS\River Sumida.bmp:hizfbi
Removed Stream! C:\WINDOWS\River Sumida.bmp:iyqdcl
Removed Stream! C:\WINDOWS\River Sumida.bmp:ylicdd
Removed Stream! C:\WINDOWS\rngmv.dat:tnuqob
Removed Stream! C:\WINDOWS\rngmv.dat:tqzdyq
Removed Stream! C:\WINDOWS\Santa Fe Stucco.bmp:rmbiyo
Removed Stream! C:\WINDOWS\sessmgr.setup.log:ldhkll
Removed Stream! C:\WINDOWS\SETUPACT.LOG:awqvew
Removed Stream! C:\WINDOWS\SETUPACT.LOG:jetnaq
Removed Stream! C:\WINDOWS\SETUPAPI.LOG:edunsl
Removed Stream! C:\WINDOWS\SETUPAPI.LOG:fsdtxs
Removed Stream! C:\WINDOWS\SETUPERR.LOG:xubqu
Removed Stream! C:\WINDOWS\SETUPLOG.TXT:fohrcy
Removed Stream! C:\WINDOWS\sffvu.txt:zeywhe
Removed Stream! C:\WINDOWS\sigyt.log:ctjbhq
Removed Stream! C:\WINDOWS\sigyt.log:mgrqoc
Removed Stream! C:\WINDOWS\sjuyy.log:qugmle
Removed Stream! C:\WINDOWS\sklfi.txt:odxdpf
Removed Stream! C:\WINDOWS\skvnc.dat:gfjxdm
Removed Stream! C:\WINDOWS\slajn.txt:exfeaq
Removed Stream! C:\WINDOWS\slajn.txt:vzjmve
Removed Stream! C:\WINDOWS\smscfg.ini:evyhup
Removed Stream! C:\WINDOWS\smscfg.ini:gehqjq
Removed Stream! C:\WINDOWS\snenn.txt:gatzxp
Removed Stream! C:\WINDOWS\snenn.txt:zgucfx
Removed Stream! C:\WINDOWS\snqdt.txt:nwwmrj
Removed Stream! C:\WINDOWS\snqdt.txt:uzkxpb
Removed Stream! C:\WINDOWS\Soap Bubbles.bmp:icjoec
Removed Stream! C:\WINDOWS\Soap Bubbles.bmp:wxxrus
Removed Stream! C:\WINDOWS\sqivt.txt:kakzlq
Removed Stream! C:\WINDOWS\sqivt.txt:nvuldc
Removed Stream! C:\WINDOWS\sqivt.txt:zfawls
Removed Stream! C:\WINDOWS\Sti_Trace.log:pyqwwd
Removed Stream! C:\WINDOWS\Sti_Trace.log:xnrmoz
Removed Stream! C:\WINDOWS\suspo.dat:dzynha
Removed Stream! C:\WINDOWS\suspo.dat:hizfbi
Removed Stream! C:\WINDOWS\svdqm.dat:rfsbfc
Removed Stream! C:\WINDOWS\svdqm.dat:xgijst
Removed Stream! C:\WINDOWS\sxkfn.txt:fsnqlv
Removed Stream! C:\WINDOWS\sxkfn.txt:hracrn
Removed Stream! C:\WINDOWS\sxkfn.txt:xyhfnv
Removed Stream! C:\WINDOWS\SYSTEM.INI:qyakhg
Removed Stream! C:\WINDOWS\SYSTEM.INI:vpviih
Removed Stream! C:\WINDOWS\T30DebugLogFile.txt:jdqwri
Removed Stream! C:\WINDOWS\T30DebugLogFile.txt:yojuuf
Removed Stream! C:\WINDOWS\T30DebugLogFile.txt:ytgvny
Removed Stream! C:\WINDOWS\taiyt.dat:quqahi
Removed Stream! C:\WINDOWS\tmupdate.ini:ghmtle
Removed Stream! C:\WINDOWS\tnpgm.txt:sedvst
Removed Stream! C:\WINDOWS\TSC.ini:mpuhsz
Removed Stream! C:\WINDOWS\TSC.ini:seugbp
Removed Stream! C:\WINDOWS\ujath.dat:kgcfkf
Removed Stream! C:\WINDOWS\uryoc.dat:chnsmq
Removed Stream! C:\WINDOWS\uryoc.dat:iolpam
Removed Stream! C:\WINDOWS\utetb.txt:odhoni
Removed Stream! C:\WINDOWS\uzegb.dat:gezbpk
Removed Stream! C:\WINDOWS\uzegb.dat:mlxreg
Removed Stream! C:\WINDOWS\vavkh.log:vigxhs
Removed Stream! C:\WINDOWS\VB.INI:bimgbl
Removed Stream! C:\WINDOWS\VB.INI:tbtaob
Removed Stream! C:\WINDOWS\VBADDIN.INI:flqwyq
Removed Stream! C:\WINDOWS\VBADDIN.INI:lfnlvz
Removed Stream! C:\WINDOWS\vuanl.log:dfsjgy
Removed Stream! C:\WINDOWS\vvhuq.log:emojhi
Removed Stream! C:\WINDOWS\vvkeh.dat:vglwaj
Removed Stream! C:\WINDOWS\vyaqj.dat:cupowo
Removed Stream! C:\WINDOWS\vyaqj.dat:rpduai
Removed Stream! C:\WINDOWS\vyaqj.dat:rueyss
Removed Stream! C:\WINDOWS\vymit.log:esmzxx
Removed Stream! C:\WINDOWS\wfxzo.log:mlepky
Removed Stream! C:\WINDOWS\wfzrj.txt:wbpozh
Removed Stream! C:\WINDOWS\WIASERVC.LOG:pqxahu
Removed Stream! C:\WINDOWS\Windows Update.log:gaqvlt
Removed Stream! C:\WINDOWS\Windows Update.log:lxsmfw
Removed Stream! C:\WINDOWS\Windows Update.log:srxjmz
Removed Stream! C:\WINDOWS\wininit.ini:zaaane
Removed Stream! C:\WINDOWS\WINNT.BMP:asbwnp
Removed Stream! C:\WINDOWS\WINNT.BMP:hyxkoj
Removed Stream! C:\WINDOWS\WINNT.BMP:penpwm
Removed Stream! C:\WINDOWS\WINNT256.BMP:pasael
Removed Stream! C:\WINDOWS\WINNT256.BMP:xchifj
Removed Stream! C:\WINDOWS\WINNT256.BMP:zdlmqe
Removed Stream! C:\WINDOWS\wizmq.dat:pgirlo
Removed Stream! C:\WINDOWS\wmsetup.log:ifgvqw
Removed Stream! C:\WINDOWS\WMSysPr9.prx:gaewpk
Removed Stream! C:\WINDOWS\WMSysPr9.prx:gcqjpk
Removed Stream! C:\WINDOWS\WMSysPr9.prx:yiozbi
Removed Stream! C:\WINDOWS\WMSysPrx.prx:djqupo
Removed Stream! C:\WINDOWS\WMSysPrx.prx:ezrznt
Removed Stream! C:\WINDOWS\WMSysPrx.prx:ihbxnz
Removed Stream! C:\WINDOWS\wnnmf.txt:iwkbcw
Removed Stream! C:\WINDOWS\wnnmf.txt:qiheds
Removed Stream! C:\WINDOWS\wnnmf.txt:zspjrv
Removed Stream! C:\WINDOWS\wrdja.txt:czglgd
Removed Stream! C:\WINDOWS\wzdtv.dat:vzrrao
Removed Stream! C:\WINDOWS\xcqxh.dat:fhzvwr
Removed Stream! C:\WINDOWS\xhvau.log:bvgebl
Removed Stream! C:\WINDOWS\XPSP1HFM.LOG:dmepjb
Removed Stream! C:\WINDOWS\XPSP1HFM.LOG:sufmwm
Removed Stream! C:\WINDOWS\XPSP1HFM.LOG:yjgsby
Removed Stream! C:\WINDOWS\xqwmh.log:lxdxay
Removed Stream! C:\WINDOWS\xwvmz.txt:okbnmb
Removed Stream! C:\WINDOWS\xwvmz.txt:wmxudm
Removed Stream! C:\WINDOWS\xwwxo.dat:psjddz
Removed Stream! C:\WINDOWS\yitdz.log:glusgm
Removed Stream! C:\WINDOWS\yitdz.log:hfhnii
Removed Stream! C:\WINDOWS\yitdz.log:jkyxvj
Removed Stream! C:\WINDOWS\ymhdr.txt:ioaaqm
Removed Stream! C:\WINDOWS\yrndw.log:ldgmjc
Removed Stream! C:\WINDOWS\yvzev.txt:tpdtmy
Removed Stream! C:\WINDOWS\Zapotec.bmp:lxdxay
Removed Stream! C:\WINDOWS\Zapotec.bmp:oqiasm
Removed Stream! C:\WINDOWS\zdwmw.dat:pgvrqu
Removed Stream! C:\WINDOWS\zjpyj.dat:bljkxt
Removed Stream! C:\WINDOWS\zjpyj.dat:keujkp
Removed Stream! C:\WINDOWS\zjpyj.dat:pshjiu
Removed Stream! C:\WINDOWS\zjqhx.log:hhnwke
Removed Stream! C:\WINDOWS\zobxw.txt:inucvx
Removed Stream! C:\WINDOWS\zobxw.txt:yleyio
Removed Stream! C:\WINDOWS\zrzzp.dat:htroke
Removed Stream! C:\WINDOWS\zrzzp.dat:vqawat
Removed Stream! C:\WINDOWS\zrzzp.dat:zjtloz
Removed Stream! C:\WINDOWS\zvaaf.txt:aiqyps
Removed Stream! C:\WINDOWS\zzjbv.dat:lijejc
Removed Stream! C:\WINDOWS\_DEFAULT.PIF:aanroc
Removed Stream! C:\WINDOWS\_DEFAULT.PIF:aapupj
------------------------------------------------
Removed File! : C:\Windows\addrz.exe
Removed File! : C:\Windows\aepyk.dat
Removed File! : C:\Windows\aiaey.dat
Removed File! : C:\Windows\appkm.exe
Removed File! : C:\Windows\appsv.exe
Removed File! : C:\Windows\aqnzg.dat
Removed File! : C:\Windows\ayaae.dat
Removed File! : C:\Windows\bgnpc.dat
Removed File! : C:\Windows\bshbi.dat
Removed File! : C:\Windows\cnaxy.dat
Removed File! : C:\Windows\codge.dat
Removed File! : C:\Windows\csrti.dat
Removed File! : C:\Windows\cwgha.dat
Removed File! : C:\Windows\cydjr.dat
Removed File! : C:\Windows\cyrsv.dat
Removed File! : C:\Windows\cztcu.dat
Removed File! : C:\Windows\d3vl.exe
Removed File! : C:\Windows\denvt.dat
Removed File! : C:\Windows\dhlik.dat
Removed File! : C:\Windows\dtjbf.dat
Removed File! : C:\Windows\durgc.dat
Removed File! : C:\Windows\dvbwt.dat
Removed File! : C:\Windows\dxyxc.dat
Removed File! : C:\Windows\dyqfq.dat
Removed File! : C:\Windows\edwll.dat
Removed File! : C:\Windows\eghtq.dat
Removed File! : C:\Windows\ejbbk.dat
Removed File! : C:\Windows\eoimp.dat
Removed File! : C:\Windows\epewy.dat
Removed File! : C:\Windows\eyryi.dat
Removed File! : C:\Windows\feczz.dat
Removed File! : C:\Windows\fgcuz.dat
Removed File! : C:\Windows\fqzjs.dat
Removed File! : C:\Windows\ftpjq.dat
Removed File! : C:\Windows\fxegh.dat
Removed File! : C:\Windows\fxleo.dat
Removed File! : C:\Windows\gbywn.dat
Removed File! : C:\Windows\gmpsw.dat
Removed File! : C:\Windows\gpqug.dat
Removed File! : C:\Windows\guhbd.dat
Removed File! : C:\Windows\gujut.dat
Removed File! : C:\Windows\gzwbn.dat
Removed File! : C:\Windows\hpxnj.dat
Removed File! : C:\Windows\ibozf.dat
Removed File! : C:\Windows\ibrld.dat
Removed File! : C:\Windows\ielb32.exe
Removed File! : C:\Windows\ipzn32.exe
Removed File! : C:\Windows\iqbvt.dat
Removed File! : C:\Windows\ishxw.dat
Removed File! : C:\Windows\iwybu.dat
Removed File! : C:\Windows\javahy.exe
Removed File! : C:\Windows\javakl32.exe
Removed File! : C:\Windows\jsgiq.dat
Removed File! : C:\Windows\jumcl.dat
Removed File! : C:\Windows\jzqzm.dat
Removed File! : C:\Windows\kerzd.dat
Removed File! : C:\Windows\khylp.dat
Removed File! : C:\Windows\kmdlz.dat
Removed File! : C:\Windows\knkuq.dat
Removed File! : C:\Windows\kvvjc.dat
Removed File! : C:\Windows\lgxiq.dat
Removed File! : C:\Windows\llnxh.dat
Removed File! : C:\Windows\lwfsh.dat
Removed File! : C:\Windows\lyjev.dat
Removed File! : C:\Windows\miivi.dat
Removed File! : C:\Windows\mznmr.dat
Removed File! : C:\Windows\nbltf.dat
Removed File! : C:\Windows\netng.exe
Removed File! : C:\Windows\nklys.dat
Removed File! : C:\Windows\nqnii.dat
Removed File! : C:\Windows\nrosf.dat
Removed File! : C:\Windows\ntef32.exe
Removed File! : C:\Windows\ntfc32.exe
Removed File! : C:\Windows\ntoh32.exe
Removed File! : C:\Windows\nuuly.dat
Removed File! : C:\Windows\oofde.dat
Removed File! : C:\Windows\owfsm.dat
Removed File! : C:\Windows\ozxir.dat
Removed File! : C:\Windows\pqeev.dat
Removed File! : C:\Windows\pvmac.dat
Removed File! : C:\Windows\pwort.dat
Removed File! : C:\Windows\pwosi.dat
Removed File! : C:\Windows\pztpg.dat
Removed File! : C:\Windows\qrcjs.dat
Removed File! : C:\Windows\qyomc.dat
Removed File! : C:\Windows\rbkjq.dat
Removed File! : C:\Windows\rkynz.dat
Removed File! : C:\Windows\saxlj.dat
Removed File! : C:\Windows\sbrhs.dat
Removed File! : C:\Windows\sdkac.exe
Removed File! : C:\Windows\sdkyt32.exe
Removed File! : C:\Windows\seynj.dat
Removed File! : C:\Windows\spvse.dll
Removed File! : C:\Windows\srfma.dat
Removed File! : C:\Windows\suspo.dat
Removed File! : C:\Windows\svdqm.dat
Removed File! : C:\Windows\swqjx.dat
Removed File! : C:\Windows\sysyx32.exe
Removed File! : C:\Windows\taihj.dat
Removed File! : C:\Windows\taiyt.dat
Removed File! : C:\Windows\tetjs.dat
Removed File! : C:\Windows\tnyoa.dat
Removed File! : C:\Windows\ujath.dat
Removed File! : C:\Windows\ukxpo.dat
Removed File! : C:\Windows\uryoc.dat
Removed File! : C:\Windows\uuapy.dat
Removed File! : C:\Windows\uzegb.dat
Removed File! : C:\Windows\vjbvw.dat
Removed File! : C:\Windows\vpwqy.dat
Removed File! : C:\Windows\vtzoe.dat
Removed File! : C:\Windows\vubgb.dat
Removed File! : C:\Windows\vvkeh.dat
Removed File! : C:\Windows\vyaqj.dat
Removed File! : C:\Windows\winox32.exe
Removed File! : C:\Windows\wizmq.dat
Removed File! : C:\Windows\wovtr.dat
Removed File! : C:\Windows\wujnh.dat
Removed File! : C:\Windows\wzdtv.dat
Removed File! : C:\Windows\xeetu.dat
Removed File! : C:\Windows\xlqtw.dat
Removed File! : C:\Windows\xqryb.dat
Removed File! : C:\Windows\xwwxo.dat
Removed File! : C:\Windows\xxfuc.dat
Removed File! : C:\Windows\yipaw.dat
Removed File! : C:\Windows\yuwzn.dat
Removed File! : C:\Windows\ziyjm.dat
Removed File! : C:\Windows\zjpyj.dat
Removed File! : C:\Windows\znifz.dat
Removed File! : C:\Windows\zrzzp.dat
Removed File! : C:\Windows\System32\aabcl.dat
Removed File! : C:\Windows\System32\aeupu.dat
Removed File! : C:\Windows\System32\apijs.exe
Removed File! : C:\Windows\System32\apimp.exe
Removed File! : C:\Windows\System32\asktf.dat
Removed File! : C:\Windows\System32\atlbg.exe
Removed File! : C:\Windows\System32\atliq.exe
Removed File! : C:\Windows\System32\atlxd32.exe
Removed File! : C:\Windows\System32\atlym.exe
Removed File! : C:\Windows\System32\aulkk.dat
Removed File! : C:\Windows\System32\bcshb.dat
Removed File! : C:\Windows\System32\bjgpn.dat
Removed File! : C:\Windows\System32\bkgid.dat
Removed File! : C:\Windows\System32\bkixt.dat
Removed File! : C:\Windows\System32\blbda.dat
Removed File! : C:\Windows\System32\bvyop.dat
Removed File! : C:\Windows\System32\cdstd.dat
Removed File! : C:\Windows\System32\cnwnr.dat
Removed File! : C:\Windows\System32\colda.dat
Removed File! : C:\Windows\System32\cqgja.dat
Removed File! : C:\Windows\System32\crof32.exe
Removed File! : C:\Windows\System32\daxsw.dat
Removed File! : C:\Windows\System32\dpfkl.dat
Removed File! : C:\Windows\System32\eeetm.dat
Removed File! : C:\Windows\System32\eimck.dat
Removed File! : C:\Windows\System32\erwym.dat
Removed File! : C:\Windows\System32\ezbjp.dat
Removed File! : C:\Windows\System32\fojwx.dat
Removed File! : C:\Windows\System32\frkgd.dat
Removed File! : C:\Windows\System32\fvajz.dat
Removed File! : C:\Windows\System32\fvmku.dat
Removed File! : C:\Windows\System32\gjqkn.dat
Removed File! : C:\Windows\System32\glaps.dat
Removed File! : C:\Windows\System32\gvtaf.dat
Removed File! : C:\Windows\System32\gwved.dat
Removed File! : C:\Windows\System32\hlcsc.dat
Removed File! : C:\Windows\System32\hukyg.dat
Removed File! : C:\Windows\System32\ihflq.dat
Removed File! : C:\Windows\System32\ipqz.exe
Removed File! : C:\Windows\System32\irpnp.dat
Removed File! : C:\Windows\System32\jgbwa.dat
Removed File! : C:\Windows\System32\jjprn.dat
Removed File! : C:\Windows\System32\jldem.dat
Removed File! : C:\Windows\System32\jnuqd.dat
Removed File! : C:\Windows\System32\juvar.dat
Removed File! : C:\Windows\System32\jvgka.dat
Removed File! : C:\Windows\System32\jysnm.dat
Removed File! : C:\Windows\System32\kaqrn.dat
Removed File! : C:\Windows\System32\kbouq.dat
Removed File! : C:\Windows\System32\kbydj.dat
Removed File! : C:\Windows\System32\kpeis.dat
Removed File! : C:\Windows\System32\ktjsh.dat
Removed File! : C:\Windows\System32\kvocg.dat
Removed File! : C:\Windows\System32\kxzes.dat
Removed File! : C:\Windows\System32\lmluh.dat
Removed File! : C:\Windows\System32\lpmzk.dat
Removed File! : C:\Windows\System32\mapif.dat
Removed File! : C:\Windows\System32\mdyml.dat
Removed File! : C:\Windows\System32\mgkof.dat
Removed File! : C:\Windows\System32\mketr.dat
Removed File! : C:\Windows\System32\mplbl.dat
Removed File! : C:\Windows\System32\mzgtl.dat
Removed File! : C:\Windows\System32\nslgz.dat
Removed File! : C:\Windows\System32\nvglq.dat
Removed File! : C:\Windows\System32\nvuld.dat
Removed File! : C:\Windows\System32\nwgqk.dat
Removed File! : C:\Windows\System32\ogudv.dat
Removed File! : C:\Windows\System32\okpmg.dat
Removed File! : C:\Windows\System32\orpjs.dat
Removed File! : C:\Windows\System32\owrls.dat
Removed File! : C:\Windows\System32\paoyx.dat
Removed File! : C:\Windows\System32\phlyx.dat
Removed File! : C:\Windows\System32\poxhg.dat
Removed File! : C:\Windows\System32\pxivk.dat
Removed File! : C:\Windows\System32\qdeou.dat
Removed File! : C:\Windows\System32\qjdib.dat
Removed File! : C:\Windows\System32\qlcoi.dat
Removed File! : C:\Windows\System32\qtqeq.dat
Removed File! : C:\Windows\System32\qugml.dat
Removed File! : C:\Windows\System32\rvptl.dat
Removed File! : C:\Windows\System32\rzgam.dat
Removed File! : C:\Windows\System32\shizh.dat
Removed File! : C:\Windows\System32\sivek.dat
Removed File! : C:\Windows\System32\slpqr.dat
Removed File! : C:\Windows\System32\srgij.dat
Removed File! : C:\Windows\System32\stdcw.dat
Removed File! : C:\Windows\System32\tajxa.dat
Removed File! : C:\Windows\System32\tbtao.dat
Removed File! : C:\Windows\System32\tfuiy.dat
Removed File! : C:\Windows\System32\ttyzy.dat
Removed File! : C:\Windows\System32\uecgx.dat
Removed File! : C:\Windows\System32\uqcev.dat
Removed File! : C:\Windows\System32\urlop.dat
Removed File! : C:\Windows\System32\uunab.dat
Removed File! : C:\Windows\System32\uvjup.dat
Removed File! : C:\Windows\System32\viunn.dat
Removed File! : C:\Windows\System32\vjiak.dat
Removed File! : C:\Windows\System32\wmzzr.dat
Removed File! : C:\Windows\System32\wqzpl.dat
Removed File! : C:\Windows\System32\xaxro.dat
Removed File! : C:\Windows\System32\xjwzq.dat
Removed File! : C:\Windows\System32\xpkpl.dat
Removed File! : C:\Windows\System32\xuiol.dat
Removed File! : C:\Windows\System32\yoatu.dat
Removed File! : C:\Windows\System32\zbsww.dat
Removed File! : C:\Windows\System32\zghur.dat
Removed File! : C:\Windows\System32\zjxjk.dat
Removed File! : C:\Windows\System32\zkgqk.dat
Removed File! : C:\Windows\System32\zknkl.dat
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 9:39:50 AM


==================


My ewido log:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 9:59:37 AM, 7/29/2005
+ Report-Checksum: 55A87E90

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{031788DE-6282-F9CD-262A-AA22CDA2B068} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{033935E4-A208-AB9E-DD2A-6A9B7E426D04} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{07FF232E-41D0-38A2-6073-6847AD3E6453} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{09098A2E-29B4-D7AC-C8EC-1C448EBA69E3} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0ADD4D53-B7DD-20F8-2AC9-AB9CB538A46F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0C016F66-0147-FD26-5123-5C470E6791DD} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1486290A-90C1-388F-ADC8-6BFAA6B057E8} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{15E6172A-5F7D-3085-1E94-14DA8D1A4479} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1DE20533-9118-BF9A-A6C6-F8E881A5FD4B} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1F6A3B74-3D40-4D48-4D55-E3A0A8029CC2} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{26F5CDB0-3ADD-70F3-F30F-8DD2B92D52FF} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2B5A2313-AE67-454E-9A8B-F74070E57F1B} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2CB60D9D-BA37-058C-7EA3-A52155F01235} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{33EBB320-A2D5-6FD7-6D31-BA458C872ABD} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3508830D-8A20-1C38-52A8-8DC8B11EE6F4} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3C2E0AC2-347B-07FF-761D-31083C460F98} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{43372D0D-6EAD-977A-99EE-8DFB043153ED} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{44A4F449-ADED-A513-8AE7-5A3DDF205F49} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4822A81B-A35C-81CA-4B1E-595C44DF3F5E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4904C579-9366-3B77-3148-9401DBD4A5AA} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{497AEAF3-0F8F-A4B6-48F2-A80144D90604} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{52CA0FCE-F9E0-2125-6CA6-2627141A47E9} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{595B569B-A80C-DEE4-5AE6-7AF21D2B6F17} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{5B9A8BE3-69A5-661B-3BB5-FA99E29D5453} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{5BCC3EE7-9153-E89F-6D4E-9B02B02B4E2E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{5F32646E-6D3E-257C-2369-EFD1A3A012F8} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{5F4B11A7-C0A8-0B95-8741-481C8B0029E3} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{676575DD-4D46-911D-8037-9B10D6EE8BB5} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{67C68C5F-44C8-5FF5-CE7D-54E907D6D21C} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6DDF3AF2-CB9D-199D-044C-9941E91E7CFF} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{71476230-0B89-E69D-D223-279F989C21BB} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{76518006-D7C5-4C71-68F4-DA79559FA482} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{786A41BB-009D-DD27-EA3E-15DCD01EC75C} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7FBC1A44-1179-6601-4CA4-F9E5BA9627AC} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8324D4AA-9FD0-5334-D040-C3B82F9A8957} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{88261A8F-96F3-66D7-0279-B1C677B30B41} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8F60435F-DF74-6308-E8CB-509D69906821} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{932ECF21-1DCB-F962-4C70-56830E2BD255} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9D7705A4-9543-9869-8249-F62AC961BDA5} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9E960055-CBAB-522C-F6D0-3C06FAA39285} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A45C982E-5E8A-94C9-33A0-1F6E1789AC7E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A9BB7C1A-E63B-E0A9-63EB-7124FA52D1B0} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{AEDEFEF1-3732-630E-951F-1CBF02877CF3} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B5872D9A-BAAF-EE65-E0A0-6D49EFD1D166} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B6E89CAB-169D-C0D8-F8D0-4EB58B02ABAB} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BB35FD19-38F4-89DC-FA76-BA6507A5C6D7} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BD757058-7180-2CE5-E5B6-8C70AEF236CC} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D377FF80-B093-7377-D7F1-2D8792CCF322} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D6C7DB36-C0AC-C91F-B408-61A55E5AB6C5} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D75897AF-4779-FE93-0121-038FA5AA18C4} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D85FBAA5-5F33-6173-D800-EFD4E38AE63E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{DB054D56-EEA3-C985-BEDB-3E646A49FA44} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{DC690906-09E2-710F-7C3B-F2F819B49B2A} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{DF7346F5-4EB1-7F19-9320-5E86CBCBDA80} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E1259401-E429-8855-B814-BD6EF247346C} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E8C74323-6EAC-41DF-4232-E6575DCCE375} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{EA8D7DFA-04BF-99E7-595C-535DC7F0EFBA} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{EAC3A0EF-0931-C087-DD54-10E2CE664097} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{ECEAF197-B6EF-9E38-0846-FF3BB03983AD} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{EE72D9B5-81C8-E738-8F1C-E3D4FED74E0D} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F065E398-2ACB-9034-8B2A-28A827FF521F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F7DFCD4F-46CD-BDA8-264C-0A68205F4979} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FA986CDE-0FA2-33A9-ECFD-8291DFA81985} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FF8DA190-3574-11D4-8068-0060082AE372} -> Spyware.BingoFun : Cleaned with backup
C:\Scan\backups\backup-20050419-135041-895.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP282\A0056733.ini:strsrw -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP282\A0056733.ini:tajrak -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP282\A0056734.INI:plapkn -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP282\A0056735.INI:gppuqz -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP282\A0056735.INI:mxruag -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP282\A0056736.ini:caqgvo -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP282\A0056736.ini:hqsdwe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP282\A0056736.ini:jxjqat -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP282\A0056736.ini:ldylxw -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP282\A0056736.ini:nyrbyy -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP282\A0056736.ini:qukwvv -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP282\A0056737.ini:xjrxvi -> Spyware.SearchPage : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP282\A0056737.ini:zwupts -> TrojanDownloader.Agent.oq : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP282\A0056739.INI:jwcxkp -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP282\A0056739.INI:lvldwn -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP282\A0056739.INI:ucqkqe -> Spyware.SearchPage : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP282\A0056740.INI:duqhf -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP282\A0056740.INI:gswhwv -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP282\A0056740.INI:sgxlux -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP282\A0056741.INI:cmyikz -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP282\A0056741.INI:iraslu -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP282\A0056742.INI:dkebma -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP282\A0056742.INI:khqqoz -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP282\A0056742.INI:rglvia -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP282\A0056742.INI:ykrjgk -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP282\A0056745.ini:docdgw -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP282\A0056745.ini:shaurg -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP282\A0056745.ini:vubgba -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP282\A0056746.ini:ghmtle -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP282\A0056746.ini:zwcotg -> TrojanDownloader.Agent.oq : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP282\A0056748.INI:bimgbl -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP282\A0056748.INI:tbtaob -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP282\A0056749.INI:azxtzr -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP282\A0056749.INI:flqwyq -> Spyware.SearchPage : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP282\A0056749.INI:lfnlvz -> Spyware.SearchPage : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP282\A0056750.ini:xbhyb -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP282\A0056750.ini:zaaane -> Spyware.SearchPage : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP282\A0056754.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP282\A0056755.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP282\A0056756.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP282\A0056757.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP282\A0056758.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP282\A0056759.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP282\A0056760.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP282\A0056761.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP282\A0056762.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP282\A0056764.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP282\A0056765.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP282\A0056766.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP282\A0056767.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP282\A0056768.dll -> Spyware.SearchPage : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP282\A0056769.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP282\A0056770.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP282\A0056771.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP282\A0056772.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP282\A0056773.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP282\A0056774.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP282\A0056775.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP282\A0056776.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP282\A0056777.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP282\A0056778.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addal.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\addbi32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\addeb.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\addee.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\addfn.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\addfp.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addgt32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\addgv32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\addhi.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\addhu.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\addjl.exe -> TrojanDownloader.Agent.oq : Cleaned with backup
C:\WINDOWS\addjs.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\addjy32.exe -> TrojanDownloader.Agent.oq : Cleaned with backup
C:\WINDOWS\addkn.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\addku32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\addll.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addmd32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\addmu32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addnh.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\addoj32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\addol.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\addpa.exe -> TrojanDownloader.Agent.oq : Cleaned with backup
C:\WINDOWS\addpm32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\addpt32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addqj.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\addsv.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addua.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\addxf.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\addxy.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addyt.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\addyu.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\addza.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addzr32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\adnio.txt:axgzuy -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\
Towel
Regular Member
 
Posts: 59
Joined: March 13th, 2005, 2:49 am

Unread postby tj416 » July 31st, 2005, 9:27 am

Hi Towel,

Open HijackThis, run a scan and check these items:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\spvse.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\spvse.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\spvse.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\spvse.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\spvse.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\spvse.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\spvse.dll/sp.html#28129

O2 - BHO: Class - {F27F1D27-3CF0-21F4-CC05-4594BE098CBB} - C:\WINDOWS\javaqa32.dll (file missing)

O4 - HKLM\..\Run: [addwb32.exe] C:\WINDOWS\system32\addwb32.exe
O4 - HKLM\..\Run: [crhq32.exe] C:\WINDOWS\system32\crhq32.exe
O4 - HKLM\..\Run: [appgk.exe] C:\WINDOWS\appgk.exe
O4 - HKLM\..\Run: [nethb32.exe] C:\WINDOWS\system32\nethb32.exe
O4 - HKLM\..\Run: [mfclu32.exe] C:\WINDOWS\mfclu32.exe
O4 - HKLM\..\Run: [winwa32.exe] C:\WINDOWS\system32\winwa32.exe
O4 - HKLM\..\Run: [sdkxj.exe] C:\WINDOWS\system32\sdkxj.exe
O4 - HKLM\..\Run: [winyl32.exe] C:\WINDOWS\winyl32.exe
O4 - HKLM\..\Run: [atlyz.exe] C:\WINDOWS\atlyz.exe
O4 - HKLM\..\Run: [ipdi.exe] C:\WINDOWS\system32\ipdi.exe


Now please close all windows and browsers, except HijackThis, and have HijackThis fix them by clicking on Fix Checked.

Then,reboot in Safe mode. To reboot in Safe mode:
Restart your computer and immediately begin tapping the F8 key on your keyboard. If done right a Windows Advanced Options menu will appear. Select the Safe Mode option and press Enter.

You will need to configure Windows XP to show all files and folders.
1. Open My Computer.
2.Select the Tools menu and click Folder Options.
3. Select the View Tab.
4.Under the Hidden files and folders heading select Show hidden files and folders.
5.Uncheck the Hide protected operating system files (recommended) option.
6.Click Yes to confirm.
7.Click OK.

Then, delete these files (if present):
C:\WINDOWS\spvse.dll
C:\WINDOWS\system32\addwb32.exe
C:\WINDOWS\system32\crhq32.exe
C:\WINDOWS\appgk.exe
C:\WINDOWS\system32\nethb32.exe
C:\WINDOWS\mfclu32.exe
C:\WINDOWS\system32\winwa32.exe
C:\WINDOWS\system32\sdkxj.exe
C:\WINDOWS\winyl32.exe
C:\WINDOWS\atlyz.exe
C:\WINDOWS\system32\ipdi.exe

Then, clean out temporary files:
  • Start | Run | type cleanmgr | OK
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Click "OK" to remove them.
  • Click "Yes" to confirm the deletion.


Then, reboot (in the normal mode) and post a new log in this thread.
User avatar
tj416
Regular Member
 
Posts: 40
Joined: March 5th, 2005, 8:47 pm

Unread postby Towel » August 1st, 2005, 12:48 pm

Here is my new log. Thanks for the help thus far. It's been really helpful.

Logfile of HijackThis v1.99.1
Scan saved at 9:49:38 AM, on 8/1/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Scan\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - c:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com/ho ... scan60.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/viru ... ebscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = monolithicpower.com
O17 - HKLM\Software\..\Telephony: DomainName = monolithicpower.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = monolithicpower.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = monolithicpower.com
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Towel
Regular Member
 
Posts: 59
Joined: March 13th, 2005, 2:49 am

Unread postby Nick-YF19 » August 14th, 2005, 4:30 am

Your log is clean, Glad we could be of assistance.

This topic is now closed. If you wish it
reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.


You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid,
working link to the closed topic is required along with the user name used.
If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
Nick-YF19
Admin/Teacher Emeritus
 
Posts: 4036
Joined: May 17th, 2005, 12:42 am
Location: California
Advertisement
Register to Remove


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 485 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware