Jump to content

Hijackthis log

GOnoles

By GOnoles
in Resolved Malware Removal Logs

 Share

Recommended Posts

GOnoles

GOnoles

Posted
Posted

Logfile of HijackThis v1.99.1

Scan saved at 11:56:11 AM, on 12/19/2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\AOL\1134920938\ee\aolsoftware.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

C:\WINDOWS\System32\CTsvcCDA.EXE

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Norton AntiVirus\SAVScan.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Microsoft AntiSpyware\gcasServ.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\devldr32.exe

C:\PROGRA~1\AWS\WEATHE~1\Weather.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe

C:\Program Files\America Online 9.0a\aoltray.exe

C:\WINDOWS\wanmpsvc.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

C:\Program Files\Webshots\webshots.scr

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\NETGEAR\WG311TSU\Utility\Gear311T.exe

C:\Program Files\AIM95\aim.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\DOCUME~1\Becca\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.baylor.edu

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\llhrt.dll/sp.html#37049

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\llhrt.dll/sp.html#37049

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\llhrt.dll/sp.html#37049

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\llhrt.dll/sp.html#37049

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1134920938\ee\AOLSoftware.exe

O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1

O4 - HKCU\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe

O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe

O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe

O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe

O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?

O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540012} (CInstall Class) - http://www.funnytaf.com/fun/installer/Install.cab

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab

O23 - Service: Workstation NetLogon Service ( 11F

Link to post
Share on other sites
Danny

Danny

Posted
Posted

Please download the Suspicious File Packer from here:

http://www.safer-networking.org/files/sfp.zip

Unzip it to the desktop and run it.

Paste the following list of bad files into the Suspicious File Packer window:

C:\WINDOWS\llhrt.dll

C:\WINDOWS\system32\addxd.exe

Allow SFP to pack the files. This will generate a CAB archive on your desktop. Please email the files to danny[AT]malwarebytes[DOT]org. (replace [AT] with @ and [DOT] with .)

Danny

=======

Hi,

You have an About:Blank CWS Infection. Please follow the following directions carefully because this is a tough infection to remove.

The Fix:

Step#1:Getting Ready

(the reason Wordpad was chosen is that Notepad is sometimes deleted by this variant)

Please save these instructions to WordPad so that you have them accessible while following the steps. You also may want to print out these directions as the Internet will not be available.

After downloading the tools, you must disconnect from the internet totally, because staying connected while fixing will prevent the fix from working. Also please keep Internet Explorer and Outlook Express closed throughout as opening either will reinstall the infection.

To replace Internet Explorer to use during this fix, please use Internet Explorer once to download and install FireFox, to be used as your alternate browser throughout this fix.

Close Outlook Express and Internet Explorer for the duration of this fix

Read through all the instructions so that you can ask any questions now, before you disconnect from the Internet.

Please start by downloading the tools you will need to clean this infection with FireFox. If you have a problem or question with any please continue to follow the list step by step to the end and ask the questions when you are asked to reply. Just be sure to let us know what the problem was when you finally reply.

Step#2:Show All Hidden Files Very Important

Please download and open the following zip file. Double-click on the file inside the zip and when it asks you if you would like to merge the file into your registry, please answer yes. This will make sure all files are visible on your computer.

http://www.davehigham.zen.co.uk/downloads/xphidden.zip

Step#3:Download CWShredder Do Not Use Yet

1. Please Download the most recent version of CWShredder, from CWSInstall.exe

2. Check for Updates but please Do NOT use it yet

Step#4:Download About Buster Do Not Use Yet

1. Please download About:Buster from here: http://www.malwarebytes.biz/AboutBuster5.zip.

2. Once it is downloaded extract it to c:\aboutbuster.

3. Check to make sure it is up-to-date. Please Do NOT use it yet

Step#5:Download Registrar Lite Do Not Use Yet

Another program to download is Registrar Lite for use later: Please download Registrar Lite and install it to C:\Program Files\RegLite\ . This is a registry editor that is very easy to use. Caution should be exercised when editing the registry as it is very easy to render a Computer unbootable by deleting the wrong key

Step#6:Download Ewido Security Suite Only For Windows 2000 and XP Do Not Use Yet

  • Download and install Ewido security suite
  • Right Click on the “E” icon in your taskbar and open Ewido Security Suite then click “update” to get the most recent definitions for it to use.
  • When it prompts you to update, click the OK button.
  • download the updates and when they are finished installing, close the window
  • Please Do Not Use It Yet

Step#6:Download A Registry File to Remove Registry Entries Do Not Use Yet

  • Please download the following zip file to your desktop:
    HSfix
  • Double Click on HSfix.zip and it will unzip to a new folder it makes on your desktop, called HSfix
  • Do Not Use It Yet

Please disconnect from the Internet

Step#7:Stop The Running Processes

Press control-alt-delete to get into the task manager and end the following processes if they exist:

llhrt.dll

addxd.exe

Step9:

I now need you to delete the following files:

C:\WINDOWS\llhrt.dll

C:\WINDOWS\system32\addxd.exe

If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. if it is uncheck it and try again.

Step#10:Cleaning With HijackThis

Then close all programs and windows and run hijackthis. Put a checkmark next to each of these entries and click 'fix checked' button when ready (some may be gone after uninstalling some programs):

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\llhrt.dll/sp.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\llhrt.dll/sp.html#37049

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\llhrt.dll/sp.html#37049

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\llhrt.dll/sp.html#37049

O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540012} (CInstall Class) - http://www.funnytaf.com/fun/installer/Install.cab

O23 - Service: Workstation NetLogon Service ( 11F

Link to post
Share on other sites
GOnoles

GOnoles

Posted
  • Author
Posted

OK, here's my new HJT log and the Ewido report. After I ran AboutBuster it said "No Ads Found" or something along those lines. Also, when I went to open the running processes, the task manager came up but it cut off the top part where you can click on the running processes tab....so I couldn't stop those 2 processes from running, if they were. Also, I had trouble locating these 2 files: C:\WINDOWS\llhrt.dll, and C:\WINDOWS\system32\addxd.exe....I tried every way I knew to find them but still didn't find them. Other than those problems, everything else worked fine, thanks!

Logfile of HijackThis v1.99.1

Scan saved at 11:30:20 AM, on 12/21/2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Microsoft AntiSpyware\gcasServ.exe

C:\PROGRA~1\AWS\WEATHE~1\Weather.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

C:\Program Files\America Online 9.0a\aoltray.exe

C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe

C:\WINDOWS\system32\devldr32.exe

C:\WINDOWS\System32\CTsvcCDA.EXE

C:\Program Files\ewido\security suite\ewidoctrl.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Norton AntiVirus\SAVScan.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

C:\Program Files\Webshots\webshots.scr

C:\WINDOWS\wanmpsvc.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\NETGEAR\WG311TSU\Utility\Gear311T.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Microsoft AntiSpyware\GIANTAntiSpywareUpdater.exe

C:\DOCUME~1\Becca\LOCALS~1\Temp\Temporary Directory 4 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.baylor.edu

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"

O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1

O4 - HKCU\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe

O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe

O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe

O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe

O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?

O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab

O23 - Service: .NET Framework Service (.NET Connection Service) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)

O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE

O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

---------------------------------------------------------

ewido anti-malware - Scan report

---------------------------------------------------------

+ Created on: 11:12:33 AM, 12/21/2005

+ Report-Checksum: F26380C2

+ Scan result:

HKLM\SOFTWARE\Classes\ADP.UrlCatcher -> Spyware.BargainBuddy : Error during cleaning

HKLM\SOFTWARE\Classes\ADP.UrlCatcher\CLSID -> Spyware.BargainBuddy : Error during cleaning

HKLM\SOFTWARE\Classes\ADP.UrlCatcher.1 -> Spyware.BargainBuddy : Error during cleaning

HKLM\SOFTWARE\Classes\CLSID\{09248DC7-285D-A208-7675-8D1BAC7208C9} -> Spyware.CoolWebSearch : Cleaned with backup

HKLM\SOFTWARE\Classes\CLSID\{1674BCBE-46DE-7BAB-FBFA-CA15D9FEB632} -> Spyware.CoolWebSearch : Cleaned with backup

HKLM\SOFTWARE\Classes\CLSID\{18BDB348-E8B0-D5A4-55F2-74FD4CB49A69} -> Spyware.CoolWebSearch : Cleaned with backup

HKLM\SOFTWARE\Classes\CLSID\{2621D1BF-0A92-2D9C-E595-02A9C3F76F46} -> Spyware.CoolWebSearch : Cleaned with backup

HKLM\SOFTWARE\Classes\CLSID\{3BAA3AE9-9C0B-E08A-A982-9818F457337E} -> Spyware.CoolWebSearch : Cleaned with backup

HKLM\SOFTWARE\Classes\CLSID\{44A4F449-ADED-A513-8AE7-5A3DDF205F49} -> Spyware.CoolWebSearch : Cleaned with backup

HKLM\SOFTWARE\Classes\CLSID\{47DA2122-90A1-597C-94D7-20963F392761} -> Spyware.CoolWebSearch : Cleaned with backup

HKLM\SOFTWARE\Classes\CLSID\{4822A81B-A35C-81CA-4B1E-595C44DF3F5E} -> Spyware.CoolWebSearch : Cleaned with backup

HKLM\SOFTWARE\Classes\CLSID\{A4405AD1-A13C-E10B-4B57-D5092B102F2B} -> Spyware.CoolWebSearch : Cleaned with backup

HKLM\SOFTWARE\Classes\CLSID\{B26E0DA6-7964-2B58-9B4B-94CBAA3AFF83} -> Spyware.CoolWebSearch : Cleaned with backup

HKLM\SOFTWARE\Classes\CLSID\{BD757058-7180-2CE5-E5B6-8C70AEF236CC} -> Spyware.CoolWebSearch : Cleaned with backup

HKLM\SOFTWARE\Classes\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC} -> Spyware.CoolWebSearch : Cleaned with backup

HKLM\SOFTWARE\Classes\CLSID\{F52B4B29-EAA0-A4B2-3FF3-0A8EE5DB6566} -> Spyware.CoolWebSearch : Cleaned with backup

HKLM\SOFTWARE\Classes\CLSID\{FBC662AC-AA0D-1389-1431-40872CBDACA2} -> Spyware.CoolWebSearch : Cleaned with backup

HKLM\SOFTWARE\Classes\CLSID\{FF9A5C46-DA40-2321-E19B-261681A78BB1} -> Spyware.CoolWebSearch : Cleaned with backup

HKLM\SOFTWARE\Classes\Interface\{930A2B79-855E-4A18-80BB-4C0595B40798} -> Spyware.CometCursor : Cleaned with backup

HKLM\SOFTWARE\Classes\Interface\{9603A736-05B9-4D78-BDD5-BDCB0914E522} -> Spyware.WurldMedia : Cleaned with backup

HKLM\SOFTWARE\Classes\Interface\{BC12B055-C9F5-407D-9B66-1851973F32AF} -> Spyware.WurldMedia : Cleaned with backup

HKLM\SOFTWARE\Classes\Interface\{E61A0304-C605-441F-BD57-2833B65A69F1} -> Spyware.CometCursor : Cleaned with backup

HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Spyware.WebSearch : Cleaned with backup

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\AUI -> Spyware.WebSearch : Cleaned with backup

HKU\S-1-5-21-3990708003-1238661117-741939197-1006\Software\Support Software -> Spyware.NetworkEssentials : Cleaned with backup

HKU\S-1-5-21-3990708003-1238661117-741939197-1006\Software\Support Software\Params -> Spyware.NetworkEssentials : Cleaned with backup

C:\Documents and Settings\Becca\.jpi_cache\jar\1.0\ar3.jar-13e49ae9-64b46ab6.zip/Gummy.class -> Trojan.Java.Femad : Cleaned with backup

:mozilla.7:C:\Documents and Settings\Becca\Application Data\Mozilla\Firefox\Profiles\nd3ihl0e.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup

:mozilla.8:C:\Documents and Settings\Becca\Application Data\Mozilla\Firefox\Profiles\nd3ihl0e.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup

:mozilla.12:C:\Documents and Settings\Becca\Application Data\Mozilla\Firefox\Profiles\nd3ihl0e.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup

:mozilla.13:C:\Documents and Settings\Becca\Application Data\Mozilla\Firefox\Profiles\nd3ihl0e.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup

:mozilla.14:C:\Documents and Settings\Becca\Application Data\Mozilla\Firefox\Profiles\nd3ihl0e.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup

:mozilla.15:C:\Documents and Settings\Becca\Application Data\Mozilla\Firefox\Profiles\nd3ihl0e.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup

:mozilla.16:C:\Documents and Settings\Becca\Application Data\Mozilla\Firefox\Profiles\nd3ihl0e.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup

:mozilla.17:C:\Documents and Settings\Becca\Application Data\Mozilla\Firefox\Profiles\nd3ihl0e.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup

:mozilla.18:C:\Documents and Settings\Becca\Application Data\Mozilla\Firefox\Profiles\nd3ihl0e.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup

:mozilla.19:C:\Documents and Settings\Becca\Application Data\Mozilla\Firefox\Profiles\nd3ihl0e.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup

:mozilla.20:C:\Documents and Settings\Becca\Application Data\Mozilla\Firefox\Profiles\nd3ihl0e.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup

:mozilla.21:C:\Documents and Settings\Becca\Application Data\Mozilla\Firefox\Profiles\nd3ihl0e.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup

C:\Documents and Settings\Becca\Cookies\becca@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup

C:\Documents and Settings\Becca\Cookies\becca@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup

C:\Documents and Settings\Becca\Cookies\becca@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup

C:\Documents and Settings\Becca\Cookies\becca@ads.pointroll[2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup

C:\Documents and Settings\Becca\Cookies\becca@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup

C:\Documents and Settings\Becca\Cookies\becca@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup

C:\Documents and Settings\Becca\Cookies\becca@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup

C:\Documents and Settings\Becca\Cookies\becca@burstnet[3].txt -> Spyware.Cookie.Burstnet : Cleaned with backup

C:\Documents and Settings\Becca\Cookies\becca@casalemedia[2].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup

C:\Documents and Settings\Becca\Cookies\becca@centrport[1].txt -> Spyware.Cookie.Centrport : Cleaned with backup

C:\Documents and Settings\Becca\Cookies\becca@citi.bridgetrack[1].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup

C:\Documents and Settings\Becca\Cookies\becca@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup

C:\Documents and Settings\Becca\Cookies\becca@doubleclick[2].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup

C:\Documents and Settings\Becca\Cookies\becca@ehg-bestbuy.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup

C:\Documents and Settings\Becca\Cookies\becca@ehg-fandango.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup

C:\Documents and Settings\Becca\Cookies\becca@entrepreneur.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup

C:\Documents and Settings\Becca\Cookies\becca@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup

C:\Documents and Settings\Becca\Cookies\becca@hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup

C:\Documents and Settings\Becca\Cookies\becca@linksynergy[2].txt -> Spyware.Cookie.Linksynergy : Cleaned with backup

C:\Documents and Settings\Becca\Cookies\becca@media.fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup

C:\Documents and Settings\Becca\Cookies\becca@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup

C:\Documents and Settings\Becca\Cookies\becca@microsofteup.112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup

C:\Documents and Settings\Becca\Cookies\becca@msnportal.112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup

C:\Documents and Settings\Becca\Cookies\becca@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup

C:\Documents and Settings\Becca\Cookies\becca@stat.onestat[2].txt -> Spyware.Cookie.Onestat : Cleaned with backup

C:\Documents and Settings\Becca\Cookies\becca@statcounter[1].txt -> Spyware.Cookie.Statcounter : Cleaned with backup

C:\Documents and Settings\Becca\Cookies\becca@statse.webtrendslive[1].txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup

C:\Documents and Settings\Becca\Cookies\becca@tradedoubler[2].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup

C:\Documents and Settings\Becca\Cookies\becca@trafficmp[2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup

C:\Documents and Settings\Becca\Cookies\becca@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup

C:\Documents and Settings\Becca\Cookies\becca@valueclick[1].txt -> Spyware.Cookie.Valueclick : Cleaned with backup

C:\Documents and Settings\Becca\Cookies\becca@www.burstbeacon[2].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup

C:\Documents and Settings\Becca\Cookies\becca@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup

C:\Program Files\Mozilla Firefox\plugins\NPMySrWB.dll -> Spyware.MyWebSearch : Cleaned with backup

C:\Program Files\MyWebSearchWB\bar\1.bin\NPMYSRWB.DLL -> Spyware.MyWebSearch : Cleaned with backup

C:\Program Files\MyWebSearchWB\bar\1.bin\W6PLUGIN.DLL -> Spyware.MyWebSearch : Cleaned with backup

C:\Program Files\Screensavers.com\Installer\bin\ScreensaversInst.dll -> Spyware.Comet : Cleaned with backup

C:\Program Files\WhistleSoftware\WselServices\ImcWselParser.dll -> Spyware.Whistle : Cleaned with backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1192\A0156352.ini:ukgdh -> Downloader.Agent.bq : Cleaned with backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1192\A0156352.ini:yyleh -> Downloader.Agent.bc : Cleaned with backup

C:\WINDOWS\002366_.tmp:ksega -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\002366_.tmp:qojar -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\002366_.tmp:uikay -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\002366_.tmp:ukyva -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\004422_.tmp:iszps -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\004554_.tmp:czlci -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\ABDHNNOJ.ini:tmskk -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\ABDHNNOJ.ini:yqyej -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\ac3api.ini:iwhsw -> Downloader.Agent.bc : Cleaned with backup

C:\WINDOWS\adovqdex.exe.tmp:dneot -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\adovqdex.exe.tmp:jfdwg -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\adovqdex.exe.tmp:lydqm -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\adovqdex.exe.tmp:xknlu -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\adovqdex.exe.tmp:xlbnw -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\adovqdex.exe.tmp:zwndg -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\aqadcup.rcf:avvsf -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\aqadcup.rcf:uxynp -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\atid.ini:ukgdh -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\atid.ini:yyleh -> Downloader.Agent.bc : Cleaned with backup

C:\WINDOWS\b2_t_NATIONWIDE%2C+THE+FASTEST+GROWING+AGE+GROUP+IS+COMPOSED+OF&944.xml:envug -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\Belt.ini:spstb -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\Belt.ini:wvwvk -> Downloader.Agent.bc : Cleaned with backup

C:\WINDOWS\Belt.ini:xmnfq -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\Blue Lace 16.bmp:jzoxd -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\Blue Lace 16.bmp:oohzp -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\Blue Lace 16.bmp:uhogc -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\Blue Lace 16.bmp:wrbym -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\Blue Lace 16.bmp:znwdy -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\BOOTSTAT.DAT:lxycb -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\BOOTSTAT.DAT:szrsv -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\BOOTSTAT.DAT:ulaqb -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\Capture:ktnyu -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\chrnw.txt:dbulr -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\city_var.ini:jgrnj -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\city_var.ini:kozwm -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\city_var.ini:vtbml -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\CLOCK.AVI:equxw -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\Coffee Bean.bmp:fmmjx -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\Coffee Bean.bmp:okqsm -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\CONTROL.INI:tazjq -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\CONTROL.INI:tlmfw -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\DELLWP.BMP:awriw -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\DELLWP.BMP:dahgz -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\DELLWP.BMP:emxkr -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\DELLWP.BMP:pcwsp -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\DELLWP.BMP:pxlgp -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\DELLWP.BMP:zmbdj -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\DESKTOP.INI:pegvd -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\DESKTOP.INI:qjwja -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\DESKTOP.INI:qzimf -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\DirectTVIcon.ico:lsgst -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\DirectTVIcon.ico:wnpxl -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\Downloaded Program Files\flash.inf -> Adware.BetterInternet : Cleaned with backup

C:\WINDOWS\earnmoney.ico:arxrl -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\earnmoney.ico:novza -> Downloader.Agent.bc : Cleaned with backup

C:\WINDOWS\earnmoney.ico:tatwc -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\earnmoney.ico:vjwjj -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\earnmoney.ico:zlvbn -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\EXPLORER.SCF:jotni -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\EXPLORER.SCF:skxvq -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\FeatherTexture.bmp:bpyts -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\FeatherTexture.bmp:evcsi -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\FeatherTexture.bmp:fkhcf -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\FeatherTexture.bmp:howzp -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\FeatherTexture.bmp:kunyy -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\FeatherTexture.bmp:rbsee -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\FeatherTexture.bmp:zkaem -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\fiz0:txwpk -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\fiz10:aupym -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\fiz10:efstf -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\fiz10:qduhv -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\fiz10:yumit -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\fiz11:ddifm -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\fiz11:gdipq -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\fiz11:keguj -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\fiz11:kykqx -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\fiz11:mtqln -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\fiz11:ptmgq -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\fiz11:xdkeu -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\fiz12:fwvas -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\fiz13:uqxye -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\fiz14:qqrxr -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\fiz14:vwqqv -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\fiz14:xdtky -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\fiz15:ghena -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\fiz15:lldig -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\fiz16:dlifq -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\fiz16:ncxwm -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\fiz17:bwxzr -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\fiz17:hgdeb -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\fiz17:ienwq -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\fiz17:pdpwd -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\fiz17:xvuwj -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\fiz18:vznjt -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\fiz19:jxdwj -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\fiz19:txigk -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\fiz2:ernba -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\fiz20:kjusz -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\fiz3:iubuc -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\fiz3:rjhyx -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\fiz4:djqlb -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\fiz4:omlym -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\fiz4:psaqi -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\fiz4:qbkwc -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\fiz4:ydbhi -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\fiz5:afspa -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\fiz5:cfitl -> Downloader.Agent.bc : Cleaned with backup

C:\WINDOWS\fiz7:hydqc -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\fiz8:hvsmv -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\fiz8:ptyuw -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\fiz9:hgaot -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\fiz9:vkylv -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\fsjyk.txt:olbdx -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\fsjyk.txt:unmpl -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\fsjyk.txt:xehty -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\glrds.txt:mfdrw -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\glrds.txt:nzldh -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\glrds.txt:ofrai -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\Gone Fishing.bmp:blkyu -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\Gone Fishing.bmp:qacys -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\Gone Fishing.bmp:sagbz -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\Gone Fishing.bmp:skvsq -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\Gone Fishing.bmp:tcnhy -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\Gone Fishing.bmp:ypcja -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\gp.ico:kpwxs -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\Greenstone.bmp:dxppm -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\Greenstone.bmp:ihjnt -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\Greenstone.bmp:qkpfi -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\Greenstone.bmp:voytx -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\Greenstone.bmp:xpqhh -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\gtigx.txt:ikgbv -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\hoktv.txt:bqncx -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\hoktv.txt:dlycm -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\hoktv.txt:jisvw -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\InfModM.ini:cloaf -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\ISSM0064.DAT:wpkwl -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\itofqxiv.exe.tmp:wowyb -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\itofqxiv.exe.tmp:xetow -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\itofqxiv.exe.tmp:yexit -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\jawa32.dat:lqfrx -> Downloader.Agent.bc : Cleaned with backup

C:\WINDOWS\jawa32.dat:uxxvg -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\jawa32e.bin:jcweo -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\jawa32e.bin:jwidc -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\jawa32e.bin:nmjys -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\jawa32e.bin:qkzhq -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\jawa32e.bin:sgulc -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\jawa32e.bin:vahoq -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\jvqxd.txt:nnely -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\khtzi.txt:fhqre -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\landing.html:ayeky -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\landing.html:bgmar -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\landing.html:lqjlw -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\landing.html:tjwor -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\log1.txt:pkqjy -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\log1.txt:xcmbi -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\log2.txt:tdgmj -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\log2.txt:zbdee -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\log4.txt:iitja -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\log4.txt:nbmbo -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\log5.txt:cbpee -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\log5.txt:dedpj -> Downloader.Agent.bc : Cleaned with backup

C:\WINDOWS\log5.txt:hdneh -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\log5.txt:iuqkh -> Downloader.Agent.bc : Cleaned with backup

C:\WINDOWS\log6.txt:elzhf -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\log6.txt:yskae -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\log7.txt:ahplh -> Downloader.Agent.bc : Cleaned with backup

C:\WINDOWS\log7.txt:ckfuv -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\Lycos\ss_IGN1_setup.exe -> Spyware.Sidesearch.d : Cleaned with backup

C:\WINDOWS\mjal.exe.tmp:kcgxa -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\morphexe.INI:ifqdz -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\morphexe.INI:snmho -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\morphexe.INI:ycptk -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\mozver.dat:cuwdd -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\mozver.dat:jrrcn -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\mozver.dat:laade -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\mozver.dat:lrpnw -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\msbbau.dat:adzoq -> Downloader.Agent.bc : Cleaned with backup

C:\WINDOWS\MSDFMAP.INI:lxmiy -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\mslog.tmp:jzmrt -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\mslog.tmp:wqnpm -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\msview.ini:gembw -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\msview.ini:jnqtc -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\msview.ini:lscvk -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\msview.ini:mvhwz -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\msview.ini:qxjqg -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\name_gender.ini:shbov -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\name_var.ini:lfczm -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\name_var.ini:semnx -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\name_var.ini:wssgs -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\netflix.ico:eyuqv -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\netscape.ico:btkpf -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\netscape.ico:bzubd -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\netscape.ico:maste -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\nsreg.dat:dmeaj -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\nsreg.dat:jxpls -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\nsreg.dat:riycg -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\nsreg.dat:utpkh -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\nsreg.dat:vbtlc -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\nsreg.dat:yywzv -> Downloader.Agent.bc : Cleaned with backup

C:\WINDOWS\ODBC.INI:iftra -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\ODBC.INI:oaohp -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\ODBC.INI:ujbvc -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\ODBCINST.INI:mffzs -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\ODBCINST.INI:temmy -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\OpPrintServer.INI:actly -> Downloader.Agent.bc : Cleaned with backup

C:\WINDOWS\OpPrintServer.INI:gnpuz -> Downloader.Agent.bc : Cleaned with backup

C:\WINDOWS\OpPrintServer.INI:gtbnh -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\OpPrintServer.INI:pmkdl -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\orun32.ini:ucqad -> Downloader.Agent.bc : Cleaned with backup

C:\WINDOWS\orun32.isu:dbajv -> Downloader.Agent.bc : Cleaned with backup

C:\WINDOWS\orun32.isu:mnvmc -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\orun32.isu:myzyh -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\oxztz.txt:cdmqm -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\oxztz.txt:ouenn -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\phone_var.ini:snnwh -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\phone_var.ini:stwex -> Downloader.Agent.bc : Cleaned with backup

C:\WINDOWS\phone_var.ini:tuigc -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\Prairie Wind.bmp:gebez -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\Prairie Wind.bmp:jpaev -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\pss\system.ini.backup:zxjep -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\pss\win.ini.backup:aknqk -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\pss\win.ini.backup:komoe -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\qujgs.txt:imprd -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\readme.ico:bdobf -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\readme.ico:njlqb -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\readme.ico:pgrxw -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\readme.ico:zblwv -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\REGLOCS.OLD:bxovm -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\REGLOCS.OLD:stsmg -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\REGLOCS.OLD:vibam -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\Rhododendron.bmp:xiobn -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\Rhododendron.bmp:xworc -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\Rhododendron.bmp:yrjoy -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\ridgzuh.exe.tmp:ncmbn -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\ridgzuh.exe.tmp:tnakz -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\ridgzuh.exe.tmp:wbghr -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\River Sumida.bmp:mnrwn -> Downloader.Agent.bc : Cleaned with backup

C:\WINDOWS\River Sumida.bmp:xgiwx -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\River Sumida.bmp:xyswt -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\River Sumida.bmp:ymtiv -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\Santa Fe Stucco.bmp:fbdgu -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\Santa Fe Stucco.bmp:kuwgr -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\Santa Fe Stucco.bmp:nachu -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\Santa Fe Stucco.bmp:unndm -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\Santa Fe Stucco.bmp:wgbck -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\SBWIN.INI:cchfw -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\SBWIN.INI:ykwjx -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\SchedLgU.Txt:arglr -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\SchedLgU.Txt:cbtsk -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\SchedLgU.Txt:feyck -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\SchedLgU.Txt:fwzko -> Downloader.Agent.bc : Cleaned with backup

C:\WINDOWS\screengenie.scr:apbgk -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\screengenie.scr:etogk -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\screengenie.scr:fooyy -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\screengenie.scr:npkjq -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\screengenie.scr:qepuk -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\screengenie.xml:iprcy -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\screengenie.xml:jejpu -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\screengenie.xml:klqbb -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\screengenie.xml:wmpyw -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\screengenie.xml:zjzbb -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\setupapi.log.0.old:hvzyh -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\setupapi.log.0.old:qyccl -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\shop.ico:cdmjo -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\shop.ico:gdoqb -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\smscfg.ini:ckiov -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\smscfg.ini:clvzr -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\smscfg.ini:vcmuh -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\states.ini:lywrl -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\Sti_Trace.log:sxltn -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\SYSTEM32\bH.dll -> Spyware.BargainBuddy : Cleaned with backup

C:\WINDOWS\SYSTEM32\bi2.exe_/bi.dll -> Spyware.BiSpy : Cleaned with backup

C:\WINDOWS\SYSTEM32\bi2.exe_/biprep.exe -> Trojan.Bispy.B : Cleaned with backup

C:\WINDOWS\SYSTEM32\bi2.exe_/bi.dll -> Spyware.BiSpy : Cleaned with backup

C:\WINDOWS\SYSTEM32\bi2.exe_/biprep.exe -> Trojan.Bispy.B : Cleaned with backup

C:\WINDOWS\SYSTEM32\BO2802040113.dll -> Spyware.BargainBuddy : Cleaned with backup

C:\WINDOWS\SYSTEM32\iezset.exe -> Adware.eZula : Cleaned with backup

C:\WINDOWS\SYSTEM32\in6bMs.dll -> Dropper.Agent.of : Cleaned with backup

C:\WINDOWS\SYSTEM32\SHAgentNew.dll -> Spyware.BargainBuddy : Cleaned with backup

C:\WINDOWS\SYSTEM32\Xcite2.exe -> Spyware.F1Organizer : Cleaned with backup

C:\WINDOWS\syyiu.txt:zxisx -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\tcnvj.txt:jmmyb -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\tqzyf.txt:ddfdi -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\tqzyf.txt:xormn -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\upth.ini:gxowx -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\upth.ini:movgv -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\upth.ini:oeqwf -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\upth.ini:qoiki -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\usafi.txt:cwzhy -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\usafi.txt:ucwdo -> Downloader.Agent.bc : Cleaned with backup

C:\WINDOWS\VB.INI:gxowx -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\VBADDIN.INI:dfwiw -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\VBADDIN.INI:sijhi -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\vitrr.txt:fdzvk -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\vitrr.txt:wgakq -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\wgedit.ini:itmow -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\WIASERVC.LOG:ryaht -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\Winamp.ini:oiudd -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\winampa.ini:nevss -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\winampa.ini:wnufw -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\WindowsUpdate.log:bemrl -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\WindowsUpdate.log:hmqbt -> Downloader.Agent.bc : Cleaned with backup

C:\WINDOWS\WindowsUpdate.log:miecp -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\wininit.ini_:bemeh -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\wininit.ini_:jokkc -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\wininit.ini_:leqah -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\WINNT.BMP:ezoya -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\WINNT.BMP:fzpok -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\WINNT.BMP:lnien -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\WINNT.BMP:vppga -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\WINNT256.BMP:skwxp -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\wjmh.exe.tmp:pguyt -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\wjmh.exe.tmp:ushww -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\wjmh.exe.tmp:winom -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\wjmh.exe.tmp:ygqgh -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\wjmh.exe.tmp:yyylo -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\WMSysPr9.prx:yzrmn -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\WMSysPrx.prx:fsanr -> Downloader.Agent.bc : Cleaned with backup

C:\WINDOWS\WMSysPrx.prx:sbsmr -> Downloader.Agent.bc : Cleaned with backup

C:\WINDOWS\WMSysPrx.prx:sgckq -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\WMSysPrx.prx:sntmp -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\wzsp.exe.tmp:mkptl -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\wzsp.exe.tmp:vduqs -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\wzsp.exe.tmp:wsjjz -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\Zapotec.bmp:aigqq -> Downloader.Agent.bq : Cleaned with backup

C:\WINDOWS\Zapotec.bmp:jaowp -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\Zapotec.bmp:xdgde -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\zip_var.ini:qhfgw -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\znhbh.txt:hrhez -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\znhbh.txt:jpnki -> Trojan.Feat : Cleaned with backup

C:\WINDOWS\znhbh.txt:pwtqu -> Trojan.Feat : Cleaned with backup

::Report End

Link to post
Share on other sites
Danny

Danny

Posted
Posted

Hi,

It seems that everything worked! I hope you have had a great holiday!

-----------------

We have a couple of last steps to perform and then you're all set.

First, let's reset your hidden/system files and folders. System files are hidden for a reason and we don't want to have them openly available and susceptible to accidental deletion.

  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Under the Hidden files and folders heading UNSELECT Show hidden files and folders.
  • CHECK the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Click OK.

Next, let's clean your restore points and set a new one:

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous re1. Turn off System Restore.

On the Desktop, right-click My Computer.

Click Properties.

Click the System Restore tab.

Check Turn off System Restore.

Click Apply, and then click OK.

2. Restart your computer.

3. Turn ON System Restore.

On the Desktop, right-click My Computer.

Click Properties.

Click the System Restore tab.

UN-Check Turn off System Restore.

Click Apply, and then click OK.

System Restore will now be active again.

store points which are likely to be infected)

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:

  • SpywareBlaster to help prevent spyware from installing in the first place.
  • SpywareGuard to catch and block spyware before it can execute.
  • IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.

You should also have a good firewall. Here are 3 free ones available for personal use:

and a good antivirus (these are also free for personal use):

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

monthly. And to keep your system clean run these free malware scanners

weekly, and be aware of what emails you open and websites you visit.

To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?

Have a safe and happy computing day!

Danny :thumbsup:

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.