Agrarian,
Logs as requested..
a---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 00:27:33 13/07/2006
+ Scan result:
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP106\A0036432.exe -> Backdoor.Small : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Synacast\SynaLive\EvID4226Patch.exe -> Backdoor.Virkel.A : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP108\A0039275.exe -> Downloader.Adload.aq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP110\A0043620.exe -> Downloader.Adload.aq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP112\A0047797.exe -> Downloader.Adload.aq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP106\A0036023.exe -> Downloader.Small.cjk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP108\A0037519.exe -> Downloader.Small.cwo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP110\A0042050.exe -> Downloader.Small.cwo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP91\A0031289.exe -> Downloader.Small.cwo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP106\A0036436.exe -> Downloader.Small.dam : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP106\A0035959.exe -> Downloader.Small.dbx : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP108\A0037529.exe -> Downloader.Small.dbx : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP110\A0042060.exe -> Downloader.Small.dbx : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\bryybqtu.exe -> Downloader.Small.dbx : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\voblaizdupla.exe -> Downloader.Small.dsr : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP108\A0039273.dll -> Downloader.VB.aan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP108\A0039276.exe -> Downloader.VB.aan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP110\A0043618.dll -> Downloader.VB.aan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP110\A0043621.exe -> Downloader.VB.aan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP112\A0047783.dll -> Downloader.VB.aan : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\lhssisht.exe -> Downloader.VB.aan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP106\A0036419.exe -> Downloader.VB.aeq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP106\A0035937.exe -> Downloader.VB.afr : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP108\A0037528.exe -> Downloader.VB.afr : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP110\A0042059.exe -> Downloader.VB.afr : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\myraqugv.exe -> Downloader.VB.afr : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{3BF1F86F-B1A8-489B-8D8B-43781D51411F} -> Hijacker.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-2646752555-995690780-1244716356-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E9CCF15D-4C68-4B5A-9E9A-8E12E4BD39BD} -> Hijacker.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-2646752555-995690780-1244716356-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E52DEDBB-D168-4BDB-B229-C48160800E81} -> Hijacker.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-2646752555-995690780-1244716356-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E9CCF15D-4C68-4B5A-9E9A-8E12E4BD39BD} -> Hijacker.Generic : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\invsggwt.mlw -> Hijacker.Small.js : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\ojyfdsln.jcx -> Hijacker.Small.js : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\sjwqmqam.jys -> Hijacker.Small.js : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP106\A0036427.exe -> Logger.WinSpy.r : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP106\A0036429.exe -> Logger.WinSpy.r : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP106\A0036430.exe -> Logger.WinSpy.r : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP106\A0036433.exe -> Logger.WinSpy.r : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP106\A0036434.exe -> Logger.WinSpy.r : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP106\A0036435.exe -> Logger.WinSpy.r : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP104\A0035291.exe -> Not-A-Virus.Hoax.Win32.Renos.dk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP108\A0037527.exe -> Not-A-Virus.Hoax.Win32.Renos.dk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP110\A0042058.exe -> Not-A-Virus.Hoax.Win32.Renos.dk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP111\A0046548.exe -> Not-A-Virus.Hoax.Win32.Renos.dk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP72\A0023266.exe -> Not-A-Virus.Hoax.Win32.Renos.dk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP73\A0023283.exe -> Not-A-Virus.Hoax.Win32.Renos.dk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP76\A0023726.exe -> Not-A-Virus.Hoax.Win32.Renos.dk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP106\A0035936.exe -> Not-A-Virus.Hoax.Win32.Renos.dm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP106\A0036407.dll -> Not-A-Virus.Hoax.Win32.Renos.dm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP106\A0036413.dll -> Not-A-Virus.Hoax.Win32.Renos.dm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP106\A0036414.dll -> Not-A-Virus.Hoax.Win32.Renos.dm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP107\A0037484.exe -> Not-A-Virus.Hoax.Win32.Renos.dm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP108\A0037491.exe -> Not-A-Virus.Hoax.Win32.Renos.dm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP108\A0037515.dll -> Not-A-Virus.Hoax.Win32.Renos.dm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP108\A0037522.dll -> Not-A-Virus.Hoax.Win32.Renos.dm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP109\A0041642.exe -> Not-A-Virus.Hoax.Win32.Renos.dm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP110\A0041824.exe -> Not-A-Virus.Hoax.Win32.Renos.dm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP110\A0042046.dll -> Not-A-Virus.Hoax.Win32.Renos.dm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP110\A0042053.dll -> Not-A-Virus.Hoax.Win32.Renos.dm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP111\A0046495.exe -> Not-A-Virus.Hoax.Win32.Renos.dm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP111\A0046541.exe -> Not-A-Virus.Hoax.Win32.Renos.dm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP111\A0046549.dll -> Not-A-Virus.Hoax.Win32.Renos.dm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP112\A0047785.dll -> Not-A-Virus.Hoax.Win32.Renos.dm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP72\A0023252.exe -> Not-A-Virus.Hoax.Win32.Renos.dm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP72\A0023265.exe -> Not-A-Virus.Hoax.Win32.Renos.dm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP73\A0023280.exe -> Not-A-Virus.Hoax.Win32.Renos.dm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP73\A0023291.exe -> Not-A-Virus.Hoax.Win32.Renos.dm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP91\A0032356.exe -> Not-A-Virus.Hoax.Win32.Renos.dm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP108\A0039256.exe -> Not-A-Virus.Hoax.Win32.VB.l : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP108\A0039274.dll -> Not-A-Virus.Hoax.Win32.VB.l : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP110\A0043601.exe -> Not-A-Virus.Hoax.Win32.VB.l : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP110\A0043619.dll -> Not-A-Virus.Hoax.Win32.VB.l : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP112\A0047775.exe -> Not-A-Virus.Hoax.Win32.VB.l : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP112\A0047784.dll -> Not-A-Virus.Hoax.Win32.VB.l : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP106\A0035958.exe -> Proxy.Lager.aq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP108\A0037520.exe -> Proxy.Lager.aq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP108\A0037521.exe -> Proxy.Lager.aq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP110\A0042051.exe -> Proxy.Lager.aq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP110\A0042052.exe -> Proxy.Lager.aq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP112\A0047778.dll -> Proxy.Lager.aq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP106\A0036022.exe -> Proxy.Lager.az : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP91\A0031288.exe -> Proxy.Lager.az : Cleaned with backup (quarantined).
C:\WINDOWS\internt.exe -> Trojan.Dialer.eb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP108\A0039537.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP108\A0039568.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP108\A0039840.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP110\A0043882.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP110\A0043913.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP110\A0044185.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\atzrsijd.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\fjzarqqv.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\ioeihcxe.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\phqghume.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP106\A0036423.exe -> Trojan.WinSpy : Cleaned with backup (quarantined).
::Report end
Logfile of HijackThis v1.99.1
Scan saved at 01:44:14, on 13/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\blueyonder\PCguard\fws.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HiJackThis\HijackThis.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: PopKill Class - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\blueyonder\PCguard\pkR.dll
O2 - BHO: ZKBho Class - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\blueyonder\PCguard\FBHR.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - Startup: BitTorrent.lnk.disabled
O4 - Global Startup: blueyonder Instant Support Tool.lnk.disabled
O4 - Global Startup: Image Transfer.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk.disabled
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Google Search -
res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word -
res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links -
res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page -
res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List -
res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print -
res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview -
res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print -
res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Similar Pages -
res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English -
res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsupda ... 3393735765
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoftware.com/activescan ... asinst.cab
O18 - Protocol: intu-res - {9CE7D474-16F9-4889-9BB9-53E2008EAE8A} - C:\Program Files\Common Files\Intuit\intu-res.dll
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Radialpoint Service (FWS) - Radialpoint Inc. - C:\Program Files\blueyonder\PCguard\fws.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - C:\Program Files\Spyware Doctor\sdhelp.exe (file missing)
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
SmitFraudFix v2.69
Scan done at 22:22:34.00, 12/07/2006
Run from C:\Documents and Settings\Mark Swainson\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\WINDOWS\adware-sheriff-box.gif Deleted
C:\WINDOWS\adware-sheriff-header.gif Deleted
C:\WINDOWS\alexaie.dll Deleted
C:\WINDOWS\alxie328.dll Deleted
C:\WINDOWS\alxtb1.dll Deleted
C:\WINDOWS\antispylab-logo.gif Deleted
C:\WINDOWS\about_spyware_bg.gif Deleted
C:\WINDOWS\about_spyware_bottom.gif Deleted
C:\WINDOWS\as.gif Deleted
C:\WINDOWS\as_header.gif Deleted
C:\WINDOWS\bg.gif Deleted
C:\WINDOWS\blue-bg.gif Deleted
C:\WINDOWS\box_1.gif Deleted
C:\WINDOWS\box_2.gif Deleted
C:\WINDOWS\box_3.gif Deleted
C:\WINDOWS\BTGrab.dll Deleted
C:\WINDOWS\button_buynow.gif Deleted
C:\WINDOWS\button_freescan.gif Deleted
C:\WINDOWS\buy-now-btn.gif Deleted
C:\WINDOWS\close-bar.gif Deleted
C:\WINDOWS\corner-left.gif Deleted
C:\WINDOWS\corner-right.gif Deleted
C:\WINDOWS\dlmax.dll Deleted
C:\WINDOWS\download_box.gif Deleted
C:\WINDOWS\facts.gif Deleted
C:\WINDOWS\features.gif Deleted
C:\WINDOWS\footer.gif Deleted
C:\WINDOWS\footer_back.gif Deleted
C:\WINDOWS\footer_back.jpg Deleted
C:\WINDOWS\free-scan-btn.gif Deleted
C:\WINDOWS\h-line-gradient.gif Deleted
C:\WINDOWS\header_1.gif Deleted
C:\WINDOWS\header_2.gif Deleted
C:\WINDOWS\header_3.gif Deleted
C:\WINDOWS\header_4.gif Deleted
C:\WINDOWS\header-bg.gif Deleted
C:\WINDOWS\infected.gif Deleted
C:\WINDOWS\info.gif Deleted
C:\WINDOWS\main_back.gif Deleted
C:\WINDOWS\no-icon.gif Deleted
C:\WINDOWS\Pynix.dll Deleted
C:\WINDOWS\reg-freeze-box.gif Deleted
C:\WINDOWS\reg-freeze-header.gif Deleted
C:\WINDOWS\remove-spyware-btn.gif Deleted
C:\WINDOWS\rf.gif Deleted
C:\WINDOWS\rf_header.gif Deleted
C:\WINDOWS\scan_btn.gif Deleted
C:\WINDOWS\security-center-bg.gif Deleted
C:\WINDOWS\security-center-logo.gif Deleted
C:\WINDOWS\security_center_caption.gif Deleted
C:\WINDOWS\sep_hor.gif Deleted
C:\WINDOWS\sep_vert.gif Deleted
C:\WINDOWS\spacer.gif Deleted
C:\WINDOWS\spacer.gif' Deleted
C:\WINDOWS\spyware-detected.gif Deleted
C:\WINDOWS\spyware-sheriff-header.gif Deleted
C:\WINDOWS\spyware-sheriff-box.gif Deleted
C:\WINDOWS\star.gif Deleted
C:\WINDOWS\star-grey.gif Deleted
C:\WINDOWS\star_gray.gif Deleted
C:\WINDOWS\star_gray_small.gif Deleted
C:\WINDOWS\star_small.gif Deleted
C:\WINDOWS\true-stories.gif Deleted
C:\WINDOWS\ts.gif Deleted
C:\WINDOWS\ts_header.gif Deleted
C:\WINDOWS\susp.exe Deleted
C:\WINDOWS\v.gif Deleted
C:\WINDOWS\warning_icon.gif Deleted
C:\WINDOWS\warning-bar-ico.gif Deleted
C:\WINDOWS\win_logo.gif Deleted
C:\WINDOWS\win-sec-center-logo.gif Deleted
C:\WINDOWS\windows-compatible.gif Deleted
C:\WINDOWS\x.gif Deleted
C:\WINDOWS\yes-icon.gif Deleted
C:\WINDOWS\ZServ.dll Deleted
C:\WINDOWS\system32\a.exe Deleted
C:\WINDOWS\system32\alxres.dll Deleted
C:\WINDOWS\system32\bridge.dll Deleted
C:\WINDOWS\system32\CWS_iestart.exe Deleted
C:\WINDOWS\system32\dailytoolbar.dll Deleted
C:\WINDOWS\system32\jao.dll Deleted
C:\WINDOWS\system32\mirarsearch_toolbar.exe Deleted
C:\WINDOWS\system32\parad.raw.exe Deleted
C:\WINDOWS\system32\questmod.dll Deleted
C:\WINDOWS\system32\repigsp.exe Deleted
C:\WINDOWS\system32\runsrv32.dll Deleted
C:\WINDOWS\system32\runsrv32.exe Deleted
C:\WINDOWS\system32\taskdir.dll Deleted
C:\WINDOWS\system32\tcpservice2.exe Deleted
C:\WINDOWS\system32\thlwin32.dll Deleted
C:\WINDOWS\system32\txfdb32.dll Deleted
C:\WINDOWS\system32\udpmod.dll Deleted
C:\WINDOWS\system32\winapi32.dll Deleted
C:\WINDOWS\system32\winbl32.dll Deleted
C:\WINDOWS\system32\winflash.dll Deleted
C:\WINDOWS\system32\wstart.dll Deleted
C:\WINDOWS\system32\zlbw.dll Deleted
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Reboot
C:\WINDOWS\system32\winsrv32.exe Deleted
»»»»»»»»»»»»»»»»»»»»»»»» End
Incident Status Location
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Mark Swainson\Desktop\SmitfraudFix\SmitfraudFix\Process.exe
Virus:W32/Bagle.pwdzip Disinfected C:\Documents and Settings\Mark Swainson\Desktop\SmitfraudFix.zip
Potentially unwanted tool:Application/BrilliantDigital Not disinfected C:\Kazaa\KaZaA\bdcore.dll
Potentially unwanted tool:Application/BrilliantDigital Not disinfected C:\My Documents\FPH Files 29Nov05\Personal\Kazaa\bdcore_dll.vir
Potentially unwanted tool:Application/SpyFalcon Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ25.tmp
Potentially unwanted tool:Application/SpyFalcon Not disinfected C:\Program Files\Common Files\PestPatrol\Quarantine\ZQ26.tmp
Adware:Adware/IST.ISTBar Not disinfected C:\Program Files\Common Files\Totem Shared\Update\Distribution.dll.045
Adware:Adware/IST.ISTBar Not disinfected C:\Program Files\Common Files\Totem Shared\Update\Music.dll.022
Adware:Adware/IST.ISTBar Not disinfected C:\Program Files\Common Files\Totem Shared\Update\Windows.dll.072
Adware:Adware/IST.ISTBar Not disinfected C:\Program Files\Common Files\Totem Shared\Update\WindowsEx.dll.041
Adware:Adware/SecurityError Not disinfected C:\Program Files\HiJackThis\backups\backup-20060218-002706-506.dll
Hacktool:HackTool/EvID Not disinfected C:\Program Files\PPLive TV\SynaLiveSetup.exe[EvID4226Patch.exe]
Adware:Adware/SecurityError Not disinfected C:\Program Files\Security\hijackthis\backups\backup-20060217-214104-986.dll
Adware:Adware/SecurityError Not disinfected C:\Program Files\Security\hijackthis\backups\backup-20060217-214119-240.dll
Adware:Adware/SecurityError Not disinfected C:\Program Files\Security\hijackthis\backups\backup-20060217-214135-540.dll
Potentially unwanted tool:Application/Processor Not disinfected C:\Program Files\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Program Files\smitRem.exe[smitRem/Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Program Files\SpyAxeFix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Program Files\SpyAxeFix.exe[SpyAxeFix/Process.exe]
Dialer:Dialer.Gen Not disinfected C:\WINDOWS\switchagreement.txt
Potentially unwanted tool:Application/BrilliantDigital Not disinfected C:\WINDOWS\SYSTEM32\bde3d_refp4.dll
Thanks again.
Mark