Hey peepz,
hate to ask this from you, but i dont know what to delete, and what not... i really hate this, why do people even care to make this spyware [ah em!] ?!
Hope you can make something out of it....tnx guys
Logfile of HijackThis v1.98.2
Scan saved at 22:26:41, on 17-5-2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Please let me know the results of the validation tests.
Please delete your current version of Hijackthis as it is outdated
Download the HijackThis Self Extracting zip file from here</font color=blue> to your desktop.
Double click 'hijackthis_sfx.exe' and select "Unzip".
Open Windows Explorer (Windows + E Key on the keyboard.) and navigate to C:\Program Files\HijackThis
Take another scan.
Click the "Post Reply" button and post a new log in this thread and we'll be glad to assist you if we can.
I liked the first scan better Less spyware Well this is the new list...
Logfile of HijackThis v1.99.1
Scan saved at 15:59:55, on 18-5-2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Btw this is what i got from the Windows validation:
Thank you for comparing your anti-piracy features.
Your CD exhibits Microsoft’s anti-piracy features.
These features are designed to reduce counterfeiting, and their presence on your CD is a positive indicator of a genuine Microsoft Windows operating system. If you acquired your Microsoft Windows operating system as an individually boxed product, your box should contain a Certificate of Authenticity. For more information on the Certificate of Authenticity, locate your product on the How to Tell Windows Category Page.
Please print these instructions out or save them to notepad or as you'll be working in Safe Mode later without internet access. Read the instructions carefully and complete them in the order they're posted. Ask any questions before proceeding. The entire fix MUST be carried out in the same sitting for it to work.
If you want to keep MessengerPlus</font color=blue>> but didn't choose the option to refuse the advertising then please uninstall the copy you have then download it again, re-install it at the end of this fix and when you get to the Sponsor Agreement select the option which reads: I Refuse, do not install the sponsor Program.
Step 1
Download LSP Fix from here</font color=blue> and unzip into it's own folder. If the next step leaves you without a functioning internet connection, you will need to run this.
Step 2
You are running NewDotNet.
If you installed it on purpose, I strongly recommend that you get rid of it. If you didn't, then definitely get rid of it.... To do so, go here and follow the directions: http://www.newdotnet.com/#remove</font color=blue>
If you can not connect to the Internet after removing New.net, please run the LSP-Fix program I had you download earlier, and click on the finish button. Reboot and you should be able to get back on.
<font color=red>Note: Misuse of LSPFix can cause loss of internet connectivity. Do not use it if it is not required.</font color=red>
Step 3
<font color=red>*</font color=red> Enable the ”Show Hidden Files and Folders” option:
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select "Show hidden files and folders".
Uncheck: "Hide file extensions for known file types"
Uncheck: "Hide protected operating system files (recommended)"
Click Yes to confirm.
Click OK.
Step 4
Download and install About:Buster from here</font color=blue> to it's own directory (C:\About:Buster).
Open the program and click oK > Update > Check for Update.
Download Update (if available) and then close the program.
Step 5
Download CWShredder from here.</font color=blue>
Open CWShredder
Click on 'Check for Update' and download any new reference file.
Close the program, we'll use it later.
To get into the Windows XP Safe mode:
As the Computer is booting, start tapping the "F8 key" before WinXP starts loading, which should bring up the "Windows Advanced Options Menu".
Use your arrow keys to move to "Safe Mode without internet connection" and press your Enter key.
Step 7
<font color=red>*</font color=red>Open Hijackthis, take another scan and place a checkmark next to these entries.
This is an optional programme but I recommend fixing it as its not recommended and allegedly a rogue program:
<font color=blue>O4 - HKLM\..\Run: [Spyware Stormer] C:\Program Files\Spyware Stormer\SpywareStormer.Exe</font color=blue>
<font color=red>*</font color=red>Close all open Windows except Hijackthis and click on "fix Checked".
Step 8
Still in Highjackthis, Click Config | Misc Tools | Delete an NT Service Tab. In the dialogue box that opens enter 11Fßä.#·ºÄÖ`I in the slot and click OK.
Close HJT.
Step 9
<font color=red>*</font color=red>Still in Safe Mode, Open Windows Explorer, navigate to and delete the following Files if present:
If you decided to take my advice to remove Spywarestormer navigate to and delete this folder:
C:\Program Files\Spyware Stormer\ <<< folder
Step 10
Start About:Buster
Close ALL open windows - VERY important.
Click on 'Start' to begin the scan.
When the scan has finished let it scan again.
Save the report it produces to a notepad file for posting.
Exit About:Buster
Step 11
Close ANY OPEN WINDOWS
Open CWShredder
Click Fix,
Let it fix everything it finds.
Step 12
Click on Start | Run and type cleanmgr into the run box.
Make sure Temporary Files, Temporary Internet Files and Recycle Bin ONLY are checkmarked and click 'OK'.
Then click on Start |Run, and type %temp% and press the ok button.
This should open up the temp directory that your machine uses. Please delete all files that are found there.
Then reboot the machine into normal mode.
Step 13
Run an online virus scan at the following location making a note of the scan results.
<font color=red>*</font color=red>Reboot the Computer in normal mode, click the "Post Reply" button and post a new Hijackthis log, the About Buster log in this thread for further review and evaluation.
I did everything you told me, and it seems to have worked just fine. Thanks ! Only thing that didnt work was tje online virusscan link, i tried to scan trough the site but couldnt find the link. So no report from that. Here's the aboutbuster report:
Scanned at: 11:54:33 on: 19-5-2005
-- Scan 1 ---------------------------
About:Buster Version 4.0
Reference List : 26
Removed Data Streams:
C:\WINDOWS\ModemLog_Creatix V.9X DSP Data Fax Modem.txt:diunv
C:\WINDOWS\Prairie.bmp:rjmlh
C:\WINDOWS\yacs.log:ilqtb
Logfile of HijackThis v1.99.1
Scan saved at 17:27:25, on 20-5-2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Right click the DelDomains.inf file inside and click Install, making sure Internet
Explorer is closed. You won't see anything happen, it performs a silent process.
<font color=red>*</font color=red>Open Hijackthis, take another scan and place a checkmark next to these entries.
<font color=red>*</font color=red>Close all open Windows except Hijackthis and click on "fix Checked".
<font color=red>*</font color=red>Reboot the Computer in normal mode.
Note, if you use SpywareBlaster and/or IE/Spyads, it will be necessary to
re-install the protection both afford. For SpywareBlaster, run the program and
're-enable all protection'. For IE/Spyads, run the batch file and reinstall the protection.
Download and run MWavScan... It will produce a log in the lower right hand corner and you will need to use Ctrl-C to copy the bottom part of it that has the bad items and then paste it here for review....
It will suggest that you buy the product to fix what it finds, but that is not necessary... Just post the bad part of the scan and we will deal with it...
Click the "Post Reply" button and post a new Hijackthis log in this thread for further review and evaluation.
Object "AltNet Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "HyperBar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sh aredDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-dan.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sh aredDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-cht.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sh aredDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-fra.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sh aredDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-deu.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sh aredDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-ita.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sh aredDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-jpn.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sh aredDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-kor.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sh aredDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-nor.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sh aredDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-ptg.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sh aredDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-rus.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sh aredDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-esp.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sh aredDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-fin.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sh aredDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-ptb.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sh aredDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-chs.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sh aredDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-plk.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sh aredDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-csy.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sh aredDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-sky.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sh aredDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-slv.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sh aredDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-hun.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sh aredDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-tha.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sh aredDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-trk.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sh aredDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-ell.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sh aredDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-esl.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sh aredDlls" refers to invalid object "C:\Program Files\Ahead\Nero BackItUp\BackItUp-Chs.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sh aredDlls" refers to invalid object "C:\Program Files\Ahead\Nero BackItUp\BackItUp-Cht.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sh aredDlls" refers to invalid object "C:\Program Files\Ahead\Nero BackItUp\BackItUp-Deu.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sh aredDlls" refers to invalid object "C:\Program Files\Ahead\Nero BackItUp\BackItUp-Esp.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sh aredDlls" refers to invalid object "C:\Program Files\Ahead\Nero BackItUp\BackItUp-Fra.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sh aredDlls" refers to invalid object "C:\Program Files\Ahead\Nero BackItUp\BackItUp-Ita.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sh aredDlls" refers to invalid object "C:\Program Files\Ahead\Nero BackItUp\BackItUp-Jpn.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sh aredDlls" refers to invalid object "C:\Program Files\Ahead\Nero BackItUp\BackItUp-Kor.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sh aredDlls" refers to invalid object "C:\Program Files\Ahead\Nero BackItUp\BackItUp-Ptg.nls". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sh aredDlls" refers to invalid object "C:\Program Files\THQ\Dawn of War\daemonhuntersV05\Uninstall.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{83D4679F-B6D7-11D2-BF36-00C04FB90A03}" refers to invalid object "C:\PROGRA~1\MESSEN~1\rtcimsp.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{99180163-DA16-101A-935C-444553540000}" refers to invalid object "recncl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{ACE809FC-B722-4d6b-B406-3CC59657FC1A}" refers to invalid object "C:\Program Files\Moonlight Cordless\Moonlight-Elecard MPEG Player 3.0\MpgPlayer.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B0693766-5278-4ec6-B9E1-3CE40560EF5A}" refers to invalid object "CaPlgin.ax". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B295FE06-0FBF-4CAB-95B6-3FAA1B209C78}" refers to invalid object "C:\Program Files\Messenger Plus! 3\Plugins\ShortcutPlug.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BA964717-1108-4D15-9060-0E751B17458F}" refers to invalid object "C:\Program Files\Messenger Plus! 3\Plugins\ColorNick.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" refers to invalid object "C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\nl\msntb.dll". Action Taken: No Action Taken.
Entry "HKCR\ActMsg.Session" refers to invalid object "{3FA7DEB3-6438-101B-ACC1-00AA00423326}". Action Taken: No Action Taken.
Entry "HKCR\IEFlash.IEFlash" refers to invalid object "{E5A1691B-D188-4419-AD02-90002030B8EE}". Action Taken: No Action Taken.
Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken.
Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Entry "HKCR\Plenoptic.Plenoptic" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
Entry "HKCR\Plenoptic.Plenoptic.1" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr.1" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
Entry "HKCR\WMPShell.HWEventHandler" refers to invalid object "{9B186A8F-F520-4eeb-B553-118304AC46C5}". Action Taken: No Action Taken.
Entry "HKCR\WMPShell.HWEventHandler.1" refers to invalid object "{9B186A8F-F520-4eeb-B553-118304AC46C5}". Action Taken: No Action Taken.
Entry "HKCR\YBIOCtrl.CompanionBHO.4" refers to invalid object "{02478D38-C3F9-4efb-9B51-7695ECA05670}". Action Taken: No Action Taken.
File C:\WINDOWS\addaz32.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\addtq.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\addvk32.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\apiof32.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\apiqf32.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\apits32.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\atlbm32.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\atlbz.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\atlgy.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\atlpo32.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\atluw32.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\atlwx32.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\atlxc32.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\atlyy.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\crhp.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\crnk.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\d3ec32.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\d3fj.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\d3ix.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\d3yk.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\d3zx32.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\Dit.exe tagged as not-a-virus:BuggyProg.Win32.CustomIcons. No Action Taken.
File C:\WINDOWS\DitExp.exe tagged as not-a-virus:BuggyProg.Win32.CustomIcons. No Action Taken.
File C:\WINDOWS\donkg.dll tagged as "not-a-virus:AdWare.SearchPage". Action Taken: No Action Taken.
File C:\WINDOWS\ieib32.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\ieka.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\ieru.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\iplb.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\ipou.dll infected by "Trojan-Downloader.Win32.Agent.bc" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\ipyh.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\javafs32.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\javajl.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\javawl32.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\mfcdt.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\mfcgm.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\mfchk32.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\mfcyw.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\mscq32.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\NDNuninstall6_38.exe tagged as "not-a-virus:AdWare.NewDotNet". Action Taken: No Action Taken.
File C:\WINDOWS\netzi32.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\ntdl32.dll infected by "Trojan-Downloader.Win32.Agent.bc" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\ntdl32.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\ntfs.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\ntqc32.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\ntrj32.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\ntyz.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\n_cqxtcl.log infected by "Trojan-Downloader.Win32.Agent.bc" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\n_etmbda.dat infected by "Trojan-Downloader.Win32.Agent.bc" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\n_etsnfg.txt infected by "Trojan-Downloader.Win32.Agent.bc" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\n_fdpevd.log infected by "Trojan-Downloader.Win32.Agent.bc" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\n_fthhxa.dat infected by "Trojan-Downloader.Win32.Agent.bc" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\n_hcxckg.dat infected by "Trojan-Downloader.Win32.Agent.bc" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\n_iaslkh.log infected by "Trojan-Downloader.Win32.Agent.bc" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\n_jikhpz.log infected by "Trojan-Downloader.Win32.Agent.bc" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\n_jtlxbi.txt infected by "Trojan-Downloader.Win32.Agent.bc" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\n_mhsjgp.txt infected by "Trojan-Downloader.Win32.Agent.bc" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\n_mwifzv.dat infected by "Trojan-Downloader.Win32.Agent.bc" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\n_onhxcv.dat infected by "Trojan-Downloader.Win32.Agent.bc" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\n_sfbepq.txt infected by "Trojan-Downloader.Win32.Agent.bc" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\n_sfkeav.txt infected by "Trojan-Downloader.Win32.Agent.bc" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\n_uptkqn.txt infected by "Trojan-Downloader.Win32.Agent.bc" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\n_xngedf.txt infected by "Trojan-Downloader.Win32.Agent.bc" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\sdkzj.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\sysfu.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\sysfv.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\systt.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\uhbbo.dll tagged as "not-a-virus:AdWare.SearchPage". Action Taken: No Action Taken.
File C:\WINDOWS\wincn32.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\winre.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\winwg32.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\zdfjk.dll tagged as "not-a-virus:AdWare.SearchPage". Action Taken: No Action Taken.
File C:\WINDOWS\System32\addec32.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\addui.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\apiah32.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\apigd.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\apiis.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\apiyx32.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\appip32.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\appmd.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\atlmj.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\atlwb.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\atlyh.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\bjgcy.dll tagged as "not-a-virus:AdWare.SearchPage". Action Taken: No Action Taken.
File C:\WINDOWS\System32\crcd32.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\crxg.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\d3ie.dll infected by "Trojan-Downloader.Win32.Agent.bc" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\d3kn.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\gadjk.dll tagged as "not-a-virus:AdWare.SearchPage". Action Taken: No Action Taken.
File C:\WINDOWS\System32\iegt.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\ipgg32.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\ipux.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\javaie32.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\javauy.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\mfcjr32.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\mfckf.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\msbc32.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\msdb.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\msjv32.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\msmh32.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\msos.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\netal32.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\ntjd32.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\ntsv.dll infected by "Trojan-Downloader.Win32.Agent.bc" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\ntsv.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\nttn32.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\sdkbm.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\sdkqx32.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\sdkxf.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\sdkyd32.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\syslz.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\sysrm.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\winbk.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\winjz.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\winkx32.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\wintcpmod.exe infected by "Trojan.Win32.Pakes" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\winxi.exe infected by "Trojan.Win32.Agent.bi" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\yzjog.dll tagged as "not-a-virus:AdWare.SearchPage". Action Taken: No Action Taken.
File C:\DOCUME~1\Rudi\LOCALS~1\TEMPOR~1\Content.IE5\HWK 3D5OX\WarezP2P_DLC[1].exe tagged as "not-a-virus:AdWare.NewDotNet". Action Taken: No Action Taken.
Hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 17:15:03, on 22-5-2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Hijack this log
Less spyware 
Linear Mode
