Jump to content


- - - - -

More win32 problems


  • Please log in to reply
48 replies to this topic

#41 tektok3

tektok3

    Journeyman

  • Members
  • PipPip
  • 36 posts

Posted 05 September 2005 - 10:46 PM

C:\WINDOWS\system32\msyl32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\netbo32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\netbx32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\netgp.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\netlc.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\netrd.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\ntcu32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\ntet.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\ntii.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\ntil.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\ntji32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ntju.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ntlb32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\ntmb32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\ntok32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\ntos32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\ntpu.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\nttk32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\nttl.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sdkcj32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\sdkgc32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\sdkio.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\sdkjp32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\sdkln32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\sdktp.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\sysft.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\sysfu32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\sysgh32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\sysji.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\syskq.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\sysle32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\sysls.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\sysrq32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\sysup.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\syswd.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\syswx32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\winca32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\winep32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\winfk.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\winha32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\winhb32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\winhw.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\winpd.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\winsz.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\winwe.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\sysym32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\test:fdsypa -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\test:yuhthu -> Trojan.Agent.em : Cleaned with backup
C:\WINDOWS\tgrgq.txt:khzpqe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\tgrgq.txt:tcilzv -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\tmdmi.txt:mmxlrv -> Trojan.Agent.em : Cleaned with backup
C:\WINDOWS\tmsok.dat:fjjwrj -> Trojan.Agent.em : Cleaned with backup
C:\WINDOWS\tmsok.dat:lhvpjm -> Trojan.Agent.em : Cleaned with backup
C:\WINDOWS\tnpoz.log:tdhcjk -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\tnpoz.log:uphisn -> Trojan.Agent.em : Cleaned with backup
C:\WINDOWS\tnpoz.log:yhlvvd -> Trojan.Agent.em : Cleaned with backup
C:\WINDOWS\toooq.dat:fkuvny -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\tsclh.dat:fnpyly -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\tsclh.dat:lwuvyw -> Trojan.Agent.em : Cleaned with backup
C:\WINDOWS\tsoc.log:ruagbe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ttcgf.txt:ltmldc -> Trojan.Agent.em : Cleaned with backup
C:\WINDOWS\ttsko.dat:dwebtz -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ttsko.dat:mpanmx -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ttsko.dat:rhebxo -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ulhkp.log:qutotn -> Trojan.Agent.em : Cleaned with backup
C:\WINDOWS\ulhkp.log:rrmneo -> Trojan.Agent.em : Cleaned with backup
C:\WINDOWS\unnns.dat:alesnk -> Trojan.Agent.em : Cleaned with backup
C:\WINDOWS\UPGRADE.TXT:ilpadp -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\UPGRADE.TXT:ksxtyz -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\UPGRADE.TXT:pwlooh -> Trojan.Agent.em : Cleaned with backup
C:\WINDOWS\UPGRADE.TXT:usfvwk -> Trojan.Agent.em : Cleaned with backup
C:\WINDOWS\uvjfd.log:ixebqr -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\uypll.txt:mcrtub -> Trojan.Agent.em : Cleaned with backup
C:\WINDOWS\vb.ini:nttnbk -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\vb.ini:tlxxhn -> Trojan.Agent.em : Cleaned with backup
C:\WINDOWS\vb.ini:vvmglf -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\vbaddin.ini:jvmbvp -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\vbaddin.ini:wcbywm -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\vcgsm.log:ntpazn -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\vdjcf.txt:lcpwyw -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\vdjcf.txt:lmqljx -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\vdjcf.txt:onsyye -> Trojan.Agent.em : Cleaned with backup
C:\WINDOWS\vdjcf.txt:vwnadp -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\viassary-hp.reg:fbxevs -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\viassary-hp.reg:pnkygu -> Trojan.Agent.em : Cleaned with backup
C:\WINDOWS\vmuninst.log:ccnryh -> Trojan.Agent.em : Cleaned with backup
C:\WINDOWS\vmuninst.log:hokdth -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\vmuninst.log:tafxdi -> Trojan.Agent.em : Cleaned with backup
C:\WINDOWS\vmuninst.log:yhqllt -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\wbgxy.txt:cldoho -> Trojan.Agent.em : Cleaned with backup
C:\WINDOWS\wbgxy.txt:houdae -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\whtmx.txt:fghxzp -> Trojan.Agent.em : Cleaned with backup
C:\WINDOWS\whtmx.txt:kflibk -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\wiaservc.log:dhhlyt -> Trojan.Agent.em : Cleaned with backup
C:\WINDOWS\wiaservc.log:iwyext -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\wiaservc.log:vlvujy -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\wifme.dat:vgdodu -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\win.ini:yzsctr -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\winap32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\winfw.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\winhn32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\winmp32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\winnt.bmp:ovdfku -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\winnt.bmp:xergwe -> Trojan.Agent.em : Cleaned with backup
C:\WINDOWS\winnt256.bmp:uisdjd -> Trojan.Agent.em : Cleaned with backup
C:\WINDOWS\winnt256.bmp:xjmlrp -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\winnt256.bmp:zvocrj -> Trojan.Agent.em : Cleaned with backup
C:\WINDOWS\WINNT32.LOG:awklly -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\WINNT32.LOG:ktcrvu -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\winto.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\wmsetup.log:eyvbml -> Trojan.Agent.em : Cleaned with backup
C:\WINDOWS\wmsetup10.log:svgqlu -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\wmsetup10.log:txlwub -> Trojan.Agent.em : Cleaned with backup
C:\WINDOWS\WMSysPr9.prx:supqgg -> Trojan.Agent.em : Cleaned with backup
C:\WINDOWS\WMSysPr9.prx:ufetoe -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\WMSysPrx.prx:wznggv -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\WMSysPrx.prx:wzxnkl -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\wntlq.txt:vangzk -> Trojan.Agent.em : Cleaned with backup
C:\WINDOWS\wqkmg.log:bdvkko -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\wqkmg.log:jeronl -> Trojan.Agent.em : Cleaned with backup
C:\WINDOWS\wsdu.log:lxebod -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\wsdu.log:nyvmnl -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\wsdu.log:yrvtqr -> Trojan.Agent.em : Cleaned with backup
C:\WINDOWS\wzklj.txt:ywxcjw -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\xhguk.txt:pkvxad -> Trojan.Agent.em : Cleaned with backup
C:\WINDOWS\xkhgh.dat:hzlfpt -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\xkhgh.dat:ibmboz -> Trojan.Agent.em : Cleaned with backup
C:\WINDOWS\xpsp1hfm.log:ddhazl -> Trojan.Agent.em : Cleaned with backup
C:\WINDOWS\xpsp1hfm.log:hkocuo -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\xtfmg.log:abehic -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ybipy.dat:fkocvq -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\yebzn.txt:ddfcvq -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\yebzn.txt:yboghv -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\ygxds.dat:rbgljf -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ygxds.dat:uahkhw -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\yhyuu.log:sabpvw -> Trojan.Agent.em : Cleaned with backup
C:\WINDOWS\ykibo.txt:isngkt -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ykibo.txt:zvqncp -> Trojan.Agent.em : Cleaned with backup
C:\WINDOWS\yutqz.txt:schjsu -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\yutqz.txt:upwryc -> Trojan.Agent.em : Cleaned with backup
C:\WINDOWS\yutqz.txt:vehjrf -> Trojan.Agent.em : Cleaned with backup
C:\WINDOWS\Zapotec.bmp:mpowan -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\Zapotec.bmp:rnisxr -> Trojan.Agent.em : Cleaned with backup
C:\WINDOWS\zdkvt.log:kbtuxg -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\zdkvt.log:zurxvv -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\zfqbr.log:qvldtp -> Trojan.Agent.em : Cleaned with backup
C:\WINDOWS\zigai.txt:zftoqh -> Trojan.Agent.em : Cleaned with backup
C:\WINDOWS\zlipv.log:kobfzc -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\znycu.txt:bvwjva -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\znycu.txt:xdgutg -> Trojan.Agent.em : Cleaned with backup
C:\WINDOWS\_default.pif:ghyqx -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default.pif:nlfhk -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:adttrr -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:awhdvc -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:betxlx -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:bfcwhe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:bnctqt -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:bymwvs -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:cunjeb -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:deuxme -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:dhbqhe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:dhdzir -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:dooqpd -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:dveryr -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:eibswl -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:epyrey -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:fnwfdu -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:fxaigz -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:fzlygk -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:gmnopv -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:hxlglx -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:icryc -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:ifhqlt -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:ikanph -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:ikywej -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:imzcnx -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:jyqntb -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:jyuqbp -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:kljrju -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:kndkns -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:kzmfvv -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:lgjlfu -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:mjuaag -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:mlvtit -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:mohyvy -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:nuvrb -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:oeabrn -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:pjeksy -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:qsfqkz -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:qxxirz -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:rcqyen -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:rfqgex -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:sgawnd -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:sxripm -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:tovzlw -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:txllna -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:ugvcbg -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:uklooq -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:uwolbn -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:vgzhhi -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:vivfkc -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:wvwwst -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:xaedam -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:xagng -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:xopkfe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:xqiwgj -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:xytnij -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:yfgbkm -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:yoykx -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:zegtjf -> TrojanDownloader.Agent.bq : Cleaned with backup


::Report End

#42 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 05 September 2005 - 11:05 PM

OK, thanks for your hard work tektok3

I edited some of your replies to shorten it down a bit
I get the picture where many reside

We're going to try and shorten these lists

But first
Can I have you do the following please

Download and Save Cleandesktop to your computer from this link: http://www.thespykil...leandesktop.exe and double click on the cleandesktop.exe
It will automatically extract to C:\desktopclean where it needs to be to run and will automatically run the cleandesktop.vbs script

If it doesn't open then go to c:\desktopclean and double click on the cleandesktop.vbs Do not run any other file from there please unless asked to

If you have script blocking enabled you will get a warning about a malicious script wanting to run. Please allow this script to run. It is not malicious.

If you get a message when you first run it "Can not find script file ........." 
Just doubleclick the cleandesktop.vbs script again you sometimes get that message when a script blocker blocks the script

It will then kill Explorer. You will lose your taskbar and desktop. It will repair the registry entries returning your normal desktop and context menu functions.

It will restart Explorer.

Once you have performed the cleanup, each of the other Users on the System needs to be signed in to clean up their desktop and regain the right click.

Include is another vbs to do this. It is named Other Profiles Regfix.vbs

Have each User sign in and run Other Profiles Regfix.vbs
Open C:\ (Go to Start>Run and type C: Press enter) and Open the c:\desktopclean folder. Double click on Other Profiles Regfix.vbs

Explorer will be ended and that user's active desktop registry entries will be repaired. Explorer will be restarted.

To restore the desktop to whatever picture you normally have right click on a blank part of desktop & select properties/desktop & select your prefered picture press apply & then ok to exit and then press F5

You will need to do this step for every user account

Afterwards, make sure you log off every other user but keep yourself logged on

==Download the Killbox by Option^Explicit. *In the event you already have Killbox, this is a new version that I need you to download.
* Save it to your desktop or a folder

Please Save these instructions too a Notepad file on the desktop for reference
Disconnect from the Internet

Do another scan with Hijackthis and put a check next to these entries:

O2 - BHO: (no name) - {A4D90779-6CB2-4752-83C2-A2AB4D9A672D} - (no file)
O2 - BHO: Class - {BD9CF1BA-C149-7FD6-0BF4-CE2A97CF0E4F} - C:\WINDOWS\sdklz32.dll (file missing)

O3 - Toolbar: (no name) - {64634180-B0EA-48B6-82B7-9620D33362C1} - (no file)

O9 - Extra button: Microsoft AntiSpyware helper - {D7811076-5F96-4C6C-B50E-1403311C1D3A} - C:\WINDOWS\System32\wldr.dll (file missing)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {D7811076-5F96-4C6C-B50E-1403311C1D3A} - C:\WINDOWS\System32\wldr.dll (file missing)

O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (file missing) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {D7811076-5F96-4C6C-B50E-1403311C1D3A} - C:\WINDOWS\System32\wldr.dll (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {D7811076-5F96-4C6C-B50E-1403311C1D3A} - C:\WINDOWS\System32\wldr.dll (file missing) (HKCU)


Fix the next ones too, if not set by yourself
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present


After you have ticked the above entries, close All other open windows, including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Run About:Buster again

Run Pocket KillBox.exe

In the killbox program, select the Delete on Reboot option.
Copy the file names below to the clipboard by highlighting them and pressing
Control + C

Killbox files to highlight between dotted lines
===================================================
C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\tvmcwrd.dll
C:\WINDOWS\SYSTEM32\fiz1
C:\WINDOWS\SYSTEM32\sdkdp32.exe
C:\WINDOWS\SYSTEM32\DRIVERS\csrss.exe
C:\WINDOWS\INF\alchem.inf
C:\WINDOWS\popup.html
C:\WINDOWS\Abi.html
C:\WINDOWS\Amu.html
C:\WINDOWS\Bft.html
C:\WINDOWS\Dsg.html
C:\WINDOWS\Fbc.html
C:\WINDOWS\Kkt.html
C:\WINDOWS\Laa.html
C:\WINDOWS\Tip.html
C:\WINDOWS\Mmm.html
C:\WINDOWS\Nng.html
C:\WINDOWS\popup.html
C:\WINDOWS\Rod.html
C:\WINDOWS\services.exe
C:\WINDOWS\system32\inetsrv\services.exe
C:\WINDOWS\system32\msfdje.gif
C:\WINDOWS\system32\pifn.dll
C:\WINDOWS\system32\wbem\svchost.exe


===================================================
*Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
*Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If your computer doesn't restart
Please Restart it now manually

Back in Windows

Can you do the following
Run Hijackthis again and post a new log

Also run WPFind.exe again, post the new log from it also
and the About:Buster log again

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#43 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 05 September 2005 - 11:08 PM

I probably won't see your updated logs until tomorrow
That's it for me for tonight
So do what you can from the above

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#44 tektok3

tektok3

    Journeyman

  • Members
  • PipPip
  • 36 posts

Posted 05 September 2005 - 11:11 PM

Thank you very much! I will not be home again until later tomorrow evening, so I will let you know thenhow it goes!

#45 tektok3

tektok3

    Journeyman

  • Members
  • PipPip
  • 36 posts

Posted 05 September 2005 - 11:50 PM

Here is my Hijackthis log:


Logfile of HijackThis v1.99.1
Scan saved at 12:48:04 AM, on 9/6/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Cox\Applications\app\Prism.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
c:\program files\cox\applications\app\CurtainsSysSvcNt.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\AOL\1124573388\ee\AOLHostManager.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Common Files\AOL\1124573388\ee\AOLServiceHost.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\Yahoo!\Messenger\yupdater.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\AOL\1124573388\ee\AOLServiceHost.exe
C:\Desktop\ARIEL\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\AUserInit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {A4D90779-6CB2-4752-83C2-A2AB4D9A672D} - (no file)
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {64634180-B0EA-48B6-82B7-9620D33362C1} - (no file)
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124573388\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe /background
O4 - HKCU\..\Run: [MoneyAgent] C:\Program Files\Microsoft Money\System\mnyexpr.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Startup: WKCALREM.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - https://fastconnectk...flowActiveX.CAB
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Curtains for Windows System Service (CurtainsSysSvc) - Authentium, Inc. - c:\program files\cox\applications\app\CurtainsSysSvcNt.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

#46 tektok3

tektok3

    Journeyman

  • Members
  • PipPip
  • 36 posts

Posted 06 September 2005 - 12:06 AM

Here's the WPFind log:

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

Windows OS and Versions
Product Name: Microsoft Windows XP Current Build: Service Pack 1 Current Build Number: 2600
Internet Explorer Version: 6.0.2800.1106

Checking Selected Standard Folders

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...
UPX! 4/26/2004 1:28:28 PM 3072 C:\WINDOWS\SYSTEM32\arpa.exe
UPX! 7/23/2004 1:32:52 PM 9728 C:\WINDOWS\SYSTEM32\authz.exe
PEC2 8/29/2002 6:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
PTech 4/29/2004 2:35:00 AM H 3066522 C:\WINDOWS\SYSTEM32\kyf.dat
UPX! 8/22/2001 6:00:00 PM 86030 C:\WINDOWS\SYSTEM32\msdjgk.dll
Umonitor 8/29/2002 6:00:00 AM 631808 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 8/29/2002 6:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...
aspack 12/10/2004 10:30:48 AM R 707176 C:\WINDOWS\SYSTEM32\drivers\css-dvp.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\HOSTS


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
8/4/2005 11:24:22 AM H 65680 C:\WINDOWS\MEMORY.DMP
9/5/2005 9:56:02 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini
9/5/2005 9:56:02 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\0XUZKDUF\desktop.ini
9/5/2005 9:56:02 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4LU78T6J\desktop.ini
9/5/2005 9:56:02 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\GLYRW1QF\desktop.ini
9/5/2005 9:56:02 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\WX2R0LAR\desktop.ini
9/6/2005 12:45:14 AM H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 8/29/2002 6:00:00 AM 66048 C:\WINDOWS\SYSTEM32\access.cpl
Realtek Semiconductor Corp. 2/17/2004 5:49:14 AM 14193152 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL
Microsoft Corporation 8/29/2002 6:00:00 AM 578560 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 8/29/2002 6:00:00 AM 129024 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/29/2002 6:00:00 AM 150016 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Intel Corporation 4/7/2003 8:14:30 AM 94208 C:\WINDOWS\SYSTEM32\igfxcpl.cpl
Ahead Software AG 5/26/2003 4:12:14 AM 57344 C:\WINDOWS\SYSTEM32\ImageDrive.cpl
Microsoft Corporation 8/29/2002 6:00:00 AM 292352 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/29/2002 6:00:00 AM 121856 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/29/2002 6:00:00 AM 65536 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems 10/11/2003 4:52:00 AM 53352 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 8/29/2002 6:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 8/29/2002 6:00:00 AM 559616 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/29/2002 6:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 8/29/2002 6:00:00 AM 256000 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
NVIDIA Corporation 8/19/2003 3:56:00 AM 143360 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl
Microsoft Corporation 8/29/2002 6:00:00 AM 36864 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/29/2002 6:00:00 AM 109056 C:\WINDOWS\SYSTEM32\powercfg.cpl
Apple Computer, Inc. 9/23/2004 6:57:40 PM 323072 C:\WINDOWS\SYSTEM32\QuickTime.cpl
Microsoft Corporation 8/29/2002 6:00:00 AM 268288 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/29/2002 6:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 8/29/2002 6:00:00 AM 90112 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 8/3/2004 2:03:24 PM 167704 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 8/29/2002 6:00:00 AM 66048 C:\WINDOWS\SYSTEM32\dllcache\access.cpl
Microsoft Corporation 8/29/2002 6:00:00 AM 578560 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl
Microsoft Corporation 8/29/2002 6:00:00 AM 129024 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl
Microsoft Corporation 8/29/2002 6:00:00 AM 150016 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl
Microsoft Corporation 8/29/2002 6:00:00 AM 292352 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl
Microsoft Corporation 8/29/2002 6:00:00 AM 121856 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl
Microsoft Corporation 8/29/2002 6:00:00 AM 65536 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl
Microsoft Corporation 8/29/2002 6:00:00 AM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 8/29/2002 6:00:00 AM 559616 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl
Microsoft Corporation 8/29/2002 6:00:00 AM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 8/29/2002 6:00:00 AM 256000 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl
Microsoft Corporation 8/29/2002 6:00:00 AM 36864 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl
Microsoft Corporation 8/29/2002 6:00:00 AM 109056 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl
Microsoft Corporation 8/29/2002 6:00:00 AM 147456 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl
Microsoft Corporation 8/29/2002 6:00:00 AM 268288 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl
Microsoft Corporation 8/29/2002 6:00:00 AM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 8/29/2002 6:00:00 AM 90112 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl
Realtek Semiconductor Corp. 2/17/2004 5:49:14 AM 14193152 C:\WINDOWS\SYSTEM32\DRVSTORE\Alcxwdm_cfb7d3fc0ab7f7a3133a6c25509eaf3479108975\ALSNDMGR.CPL
Intel Corporation 4/7/2003 8:14:30 AM 94208 C:\WINDOWS\SYSTEM32\ReinstallBackups\0003\DriverFiles\igfxcpl.cpl
Realtek Semiconductor Corp. 9/12/2003 8:24:20 PM 10435584 C:\WINDOWS\SYSTEM32\ReinstallBackups\0014\DriverFiles\ALSNDMGR.CPL

Checking Selected Startup Folders

Checking files in %ALLUSERSPROFILE%\Startup folder...
9/17/2004 10:28:00 PM 1562 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dataviz Messenger.lnk
10/11/2003 4:16:08 AM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini

Checking files in %ALLUSERSPROFILE%\Application Data folder...
10/10/2003 9:10:12 PM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini
10/11/2003 5:35:18 AM 534 C:\Documents and Settings\All Users\Application Data\hpzinstall.log

Checking files in %USERPROFILE%\Startup folder...
10/11/2003 4:16:08 AM HS 84 C:\Documents and Settings\Owner\Start Menu\Programs\Startup\desktop.ini
9/17/2004 11:14:26 PM 1315 C:\Documents and Settings\Owner\Start Menu\Programs\Startup\HotSync Manager.lnk
6/17/2004 12:21:22 AM 938 C:\Documents and Settings\Owner\Start Menu\Programs\Startup\WKCALREM.LNK

Checking files in %USERPROFILE%\Application Data folder...
10/10/2003 9:10:12 PM HS 62 C:\Documents and Settings\Owner\Application Data\desktop.ini
9/21/2004 9:27:20 PM 0 C:\Documents and Settings\Owner\Application Data\dm.ini
4/26/2005 11:02:10 PM 284 C:\Documents and Settings\Owner\Application Data\ViewerApp.dat

Checking Selected Registry Keys

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Yahoo! Mail
{5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A4D90779-6CB2-4752-83C2-A2AB4D9A672D}
=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
&Yahoo! Messenger = C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = &Yahoo! Companion : C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
{8E718888-423F-11D2-876E-00A0C9082467} = &Radio : C:\WINDOWS\System32\msdxm.ocx
{64634180-B0EA-48B6-82B7-9620D33362C1} = :

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\WINDOWS\System32\msjava.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
ButtonText = Messenger :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
ButtonText = Research :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
ButtonText = AIM : C:\Program Files\AIM\aim.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F4430FE8-2638-42e5-B849-800749B94EED}
ButtonText = PartyPoker.net : C:\Program Files\PartyPoker.net\partypokernet.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}
Search Band = %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
Media Band = %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
&Yahoo! Messenger = C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}
&Research = C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = &Yahoo! Companion : C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
NeroCheck C:\WINDOWS\system32\NeroCheck.exe
SSC_UserPrompt C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
iTunesHelper C:\Program Files\iTunes\iTunesHelper.exe
HostManager C:\Program Files\Common Files\AOL\1124573388\ee\AOLHostManager.exe
TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
MSMSGS C:\Program Files\Messenger\msmsgs.exe /background
MoneyAgent C:\Program Files\Microsoft Money\System\mnyexpr.exe
AIM C:\Program Files\AIM\aim.exe -cnetwait.odl
Yahoo! Pager C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
Key KY/Pkx,Rc
Hint rats
FileName0 C:\WINDOWS\System32\RSACi.rat

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\.Default
Allow_Unknowns 0
PleaseMom 1
Enabled 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\.Default\http://www.rsac.org/ratingsv01.html
l 0
n 0
s 0
v 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default
NumSys 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1
DisableTaskMgr 0


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop
NoComponents 0
NoAddingComponents 0
NoDeletingComponents 0
NoEditingComponents 0
NoHTMLWallPaper 0
NoChangingWallPaper 0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 255
_NoDriveTypeAutoRun 0
NoSaveSettings 0
NoThemesTab 0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
disableregistrytools 0
disabletaskmgr 0
NoColorChoice 0
NoSizeChoice 0
NoDispScrSavPage 0
NoDispCPL 0
NoVisualStyleChoice 0
NoDispSettingsPage 0
NoDispBackgroundPage 0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\System32\AUserInit.exe
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui
= igfxsrvc.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


Scan Complete
WinPFind v1.3.5 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 9/6/2005 1:01:28 AM

#47 tektok3

tektok3

    Journeyman

  • Members
  • PipPip
  • 36 posts

Posted 06 September 2005 - 12:10 AM

Here's my last AboutBuster Log:

AboutBuster 5.0 reference file 31
Scan started on [9/6/2005] at [1:06:10 AM]
------------------------------------------------
Removed Stream! C:\WINDOWS\KB828035.log:ptnaac
Removed Stream! C:\WINDOWS\KB828035.log:vkfltb
Removed Stream! C:\WINDOWS\Q327979.log:xwhnbf
Removed Stream! C:\WINDOWS\Q327979.log:yrecyp
Removed Stream! C:\WINDOWS\system.ini:ynupcv
Removed Stream! C:\WINDOWS\winnt.bmp:jdbjsj
Removed Stream! C:\WINDOWS\winnt.bmp:vpgpis
Removed Stream! C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:tpnpxv
Removed Stream! C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:umjxsi
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 1:07:05 AM

#48 tektok3

tektok3

    Journeyman

  • Members
  • PipPip
  • 36 posts

Posted 06 September 2005 - 08:12 PM

So what's the diagnosis? :blink:

#49 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 06 September 2005 - 10:30 PM

Sorry for the delay, my every day job keeps me off the forum

Let's do the following,,
As promised I want to make those lists you supplied shorter

Can you do this please
Print this out so you can follow along with these instructions
Or save this too a note pad file on the desktop

Normally I leave clearing your system restore folder till last, because the malware listing is so long can you do the following
You should disable system restore---restart your computer--enable system restore
This will clear all your restore points and ensure you don't restore any nasties
How to Disable and Re-enable System Restore feature

Once back in Windows and System Restore is reenabled
Access the quarantine area of Command Software anti-virus and delete the backups

Okay, now we reduced the list by a lot
Do the following
Open Ewido
From the main ewido screen, click on Update in the left menu, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful")
Close out Ewido for now, we'll need it later
If for some reason the Updater won't work can you manually download the
Updates from this link after you have Ewido installed
http://www.ewido.net...wnload/updates/

Restart into safe mode
Make sure you have windows set to show hidden files and folders
Navigate to this folder
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0 <delete this folder, it will be replaced

Stay in safe mode

==Open Windows CleanUp!>>START>>programs>>Cleanup!
Click on the CleanUp button, let it finish scanning for files
Don't restart or log off yet
Instead

Open Ewido Security Suite
Click on the Scanner button on the left menu
Click on the Settings button on the right
Select "Scan Every File"
OK it and then click on the "Complete System Scan"
*If Ewido finds something it will prompt you with "Infected Object found"
Ensure the following are Selected
*1. Perform Action = Remove
*2. Create Encrypted Backup in Quarantine (Recommended)
*3. Perform action with all infections
Then click OK
When Ewido has finished it's scan click the "Save Report" button
Save the report to desktop
Exit Ewido

NOTE: When Ewido is running do NOT open any other Windows
Let it do it's job

Again in safe mode
Run Pocket KillBox.exe

In the killbox program, select the Delete on Reboot option.
Copy the file names below to the clipboard by highlighting them and pressing
Control + C

Killbox files to highlight between dotted lines
===================================================
:C:\WINDOWS\SYSTEM32\arpa.exe
C:\WINDOWS\SYSTEM32\authz.exe
C:\WINDOWS\SYSTEM32\kyf.dat
C:\WINDOWS\SYSTEM32\msdjgk.dll


===================================================
*Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
*Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If your computer doesn't restart
Please Restart it now manually back to normal mode

Back in normal mode

Do the following
Run another Panda scan
=Save the report afterwards and post it back here
Also post the new report from Ewidos
Again, run hijackthis and post a fresh log

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here