Malware Removal

Old August 29th, 2006, 02:14 PM
Xa4
New Member
Join Date: Aug 2006
Posts: 12
Trojan.Dialer.Premium and Trojan.Downloader.Agent.XXX

I've gotten a virus or spyware recently which Bitdefender 9 detects and tries to move to quarantine and sometimes succeeds or fails. But even if it does manage to move it, the files are right back. When I try to manually delete them and right-click and then delete it says the files do not "exist". Ad-Aware simply gets stuck when it tries to scan the folder with the infected files in it. Deleting them in Safe Mode works, but as soon as I reconnect to the internet the files and Bitdefenders error messages are back within a few minutes.
I should also add that under my connections screen there is a new connection which it attempts to dial with called "Enter" and it dials to the number "5".

Anyway I found this site by typing the files' names in Google and finding a topic with a person who seems to have the same problem.

Heres my log from HijackThis:
Logfile of HijackThis v1.99.1
Scan saved at 15:12:37, on 29-8-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.bitdefender.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Utulities\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [BDMCon] "C:\Utulities\BitDefender9\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Utulities\BitDefender9\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\Utulities\BitDefender9\bdswitch.exe"
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\UTULIT~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Utulities\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Utulities\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{766CA2CE-7A55-4116-A222-80000A8D2C2D}: NameServer =
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: winccf32 - C:\WINDOWS\SYSTEM32\winccf32.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Utulities\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Last edited by Xa4; August 29th, 2006 at 02:27 PM.
Old August 30th, 2006, 05:56 PM
dahli's Avatar
dahli
CTH Subscriber
Join Date: Oct 2004
Location: in a van down by the river
Posts: 5,335
Hello and welcome to CTH,

Download the trial version of Ewido Security Suite from here and install it.

After installation, double-click the icon on your Desktop to launch Ewido.

On the top of the main screen click Shield. Then click the word active to change it to inactive.

You will need to also update Ewido to the latest definition files. On the top of the main screen click Update. Then click on Start Update. The update will start and a progress bar will show the updates being installed. If you have problems with the updater, you can use this link to manually update Ewido.

Now close Ewido (don't scan just yet).

Reboot into Safe Mode. At startup tap F8 and select Safe Mode (see here).

Make sure all windows are closed and run Ewido. Click Scanner, then click on the Scan tab. Click Complete System Scan to begin scanning. When the scan is complete click Recommended Action and change it to Quarantine. Then click Apply all actions.

Once the scan has finished, click the Save report button, then click Save Report As. This will create a text file. Make sure you know where to find this file again.

Then reboot back to Normal Mode. Run a new scan with HijackThis and post that and the Ewido log back here please.
Old August 30th, 2006, 07:04 PM
Xa4
New Member
Join Date: Aug 2006
Posts: 12
Thanks for helping me.

Anyway I've done all that and here are the logs.

The Hijackthis log.
Logfile of HijackThis v1.99.1
Scan saved at 20:06:59, on 30-8-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Utulities\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Utulities\ewido anti-spyware 4.0\ewido.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.bitdefender.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Utulities\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [BDMCon] "C:\Utulities\BitDefender9\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Utulities\BitDefender9\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\Utulities\BitDefender9\bdswitch.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Utulities\ewido anti-spyware 4.0\ewido.exe" /minimized
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\UTULIT~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Utulities\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Utulities\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: winccf32 - C:\WINDOWS\SYSTEM32\winccf32.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Utulities\ewido anti-spyware 4.0\guard.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Utulities\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
And heres the log from Ewido.
ewido anti-spyware - Scan Report

+ Created at: 20:04:13 30-8-2006

+ Scan result:

C:\Documents and Settings\XA4\Local Settings\Temporary Internet Files\Content.IE5\CZA1EH2N\srvwac[1].exe -> Dialer.PlayGames.l : No action taken.
C:\WINDOWS\Temp\win116.tmp.exe -> Dialer.PlayGames.l : No action taken.
C:\Documents and Settings\XA4\Local Settings\Temporary Internet Files\Content.IE5\O327M389\L2[1].exe -> Downloader.Small.dod : No action taken.
C:\WINDOWS\Temp\winA.tmp.exe -> Downloader.Small.dod : No action taken.
C:\WINDOWS\Temp\idd118.tmp.exe -> Trojan.Dialer.qy : No action taken.
C:\WINDOWS\Temp\idd2B.tmp.exe -> Trojan.Dialer.qy : No action taken.
C:\WINDOWS\Temp\idd44.tmp.exe -> Trojan.Dialer.qy : No action taken.
C:\WINDOWS\Temp\idd5D.tmp.exe -> Trojan.Dialer.qy : No action taken.
C:\WINDOWS\Temp\idd5F.tmp.exe -> Trojan.Dialer.qy : No action taken.
C:\WINDOWS\Temp\idd63.tmp.exe -> Trojan.Dialer.qy : No action taken.
C:\WINDOWS\Temp\idd69.tmp.exe -> Trojan.Dialer.qy : No action taken.
C:\WINDOWS\Temp\idd75.tmp.exe -> Trojan.Dialer.qy : No action taken.
C:\WINDOWS\Temp\idd96.tmp.exe -> Trojan.Dialer.qy : No action taken.
C:\WINDOWS\Temp\iddA0.tmp.exe -> Trojan.Dialer.qy : No action taken.
C:\WINDOWS\Temp\iddA8.tmp.exe -> Trojan.Dialer.qy : No action taken.
C:\WINDOWS\Temp\iddAF.tmp.exe -> Trojan.Dialer.qy : No action taken.
C:\WINDOWS\Temp\iddCA.tmp.exe -> Trojan.Dialer.qy : No action taken.
C:\WINDOWS\Temp\iddE.tmp.exe -> Trojan.Dialer.qy : No action taken.
C:\WINDOWS\Temp\iddE2.tmp.exe -> Trojan.Dialer.qy : No action taken.
C:\WINDOWS\Temp\iddF.tmp.exe -> Trojan.Dialer.qy : No action taken.
C:\WINDOWS\Temp\iddFD.tmp.exe -> Trojan.Dialer.qy : No action taken.
C:\Documents and Settings\XA4\Local Settings\Temporary Internet Files\Content.IE5\GF4JQFY5\srvmwa[1].exe -> Trojan.Pakes : No action taken.
C:\Documents and Settings\XA4\Local Settings\Temporary Internet Files\Content.IE5\GF4JQFY5\srvsud[1].exe -> Trojan.Pakes : No action taken.
C:\WINDOWS\Temp\win5C.tmp.exe -> Trojan.Pakes : No action taken.
C:\WINDOWS\Temp\winD.tmp.exe -> Trojan.Pakes : No action taken.

::Report end
Old August 30th, 2006, 08:38 PM
dahli's Avatar
dahli
CTH Subscriber
Join Date: Oct 2004
Location: in a van down by the river
Posts: 5,335
Go Here and download ATF cleaner. Click on the downloaded file to run it, and select "Select All", then click Empty Selected (and close ATF).

If you have them, also click on Firefox/Opera at the top and repeat the steps (and close ATF). Firefox/Opera will need to be closed first for the cleaning to be effective.

Disable your antivirus program and go here (http://www.bitdefender.com/scan8/ie.html) and run an online scan with BitDefender (you will need to use Internet Explorer for this scan). When the ActiveX Control has loaded, click on "Click here to scan" and grab a coffee.

When BitDefender completes the scan, select the "Detected Problems" tab. Click on "Click here to export scan". Save the file as an HTML to your Desktop. Then click on the saved file and allow it to open with your browser. Go to Edit - Select All then copy/paste that log back here. Post back and let us know what it found (post the log).
Old August 30th, 2006, 10:30 PM
Xa4
New Member
Join Date: Aug 2006
Posts: 12
Heres the log:
Though I must add that I could not use ATF cleaner with Firefox because it showed up greyed out. So for Firefox I used Firefox's own 'Clear private data' with everything selected.


BitDefender Online Scanner

Scan report generated at: Wed, Aug 30, 2006 - 23:34:29

Scan path: A:\;C:\;D:\;E:\;








Boot Sectors




Packed Files



Identified Viruses


Infected Files


Suspect Files






Deleted Files


Engines Info

Virus Definitions


Engine build

AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)

Scan plugins


Archive plugins


Unpack plugins


E-mail plugins


System plugins


Scan Settings

First Action


Second Action




Enable Warnings


Scanned Extensions


Exclude Extensions

Scan Emails


Scan Archives


Scan Packed


Scan Files


Scan Boot


Scanned File



Infected with: Trojan.Dialer.Premium


Disinfection failed




Infected with: Trojan.Dialer.Premium


Disinfection failed




Infected with: Trojan.Dialer.Premium


Disinfection failed




Infected with: Trojan.Downloader.Agent.XXX


Disinfection failed




Infected with: Trojan.Downloader.Agent.XXX


Disinfection failed



Old August 31st, 2006, 07:52 AM
dahli's Avatar
dahli
CTH Subscriber
Join Date: Oct 2004
Location: in a van down by the river
Posts: 5,335
Please run another Ewido scan and post the results. How is your system running now?
Old August 31st, 2006, 06:22 PM
Xa4
New Member
Join Date: Aug 2006
Posts: 12
I did another scan but it's still not gone.

ewido anti-spyware - Scan Report

+ Created at: 19:26:19 31-8-2006

+ Scan result:

C:\WINDOWS\Temp\idd11E.tmp.exe -> Trojan.Dialer.qy : No action taken.
C:\WINDOWS\Temp\idd123.tmp.exe -> Trojan.Dialer.qy : No action taken.
C:\WINDOWS\Temp\idd125.tmp.exe -> Trojan.Dialer.qy : No action taken.
C:\WINDOWS\Temp\idd138.tmp.exe -> Trojan.Dialer.qy : No action taken.
C:\WINDOWS\Temp\idd13F.tmp.exe -> Trojan.Dialer.qy : No action taken.
C:\WINDOWS\Temp\idd140.tmp.exe -> Trojan.Dialer.qy : No action taken.
C:\WINDOWS\Temp\idd14C.tmp.exe -> Trojan.Dialer.qy : No action taken.
C:\WINDOWS\Temp\idd14E.tmp.exe -> Trojan.Dialer.qy : No action taken.
C:\WINDOWS\Temp\idd158.tmp.exe -> Trojan.Dialer.qy : No action taken.
C:\WINDOWS\Temp\idd161.tmp.exe -> Trojan.Dialer.qy : No action taken.
C:\WINDOWS\Temp\idd16F.tmp.exe -> Trojan.Dialer.qy : No action taken.
C:\WINDOWS\Temp\idd4.tmp.exe -> Trojan.Dialer.qy : No action taken.

::Report end
Old August 31st, 2006, 08:58 PM
dahli's Avatar
dahli
CTH Subscriber
Join Date: Oct 2004
Location: in a van down by the river
Posts: 5,335
Download Killbox from http://www.cybertechhelp.com/downloa...pocket-killbox, unzip the file to your Desktop and have it ready to use.

Run Killbox and select the below files (including filepath) with your mouse, rightclick and choose Copy. Insert your mouse pointer within the box entitled "Full Filepath of File to Delete", rightclick again and choose File > Paste from Clipboard. All the files should now appear in the box (click on the Tab and check to make sure that only the files I have identified as malware and marked for deletion are there). If each file exists, it will appear in blue under that window when you click on it. Click on Delete on Reboot. You will get a message saying "File with be deleted on next reboot, click "Yes". Process and Reboot now?" Click "Yes" to reboot.


Reboot and run Ewido to verify that they did delete.
Old August 31st, 2006, 09:18 PM
Xa4
New Member
Join Date: Aug 2006
Posts: 12
Non of the files you named are still in that folder. Infact I get the feeling those files keep making new versions or copies of themselves, cause each time I emptied my Temp folder (I can delete the files in safe mode) New files with a slightly different name will appear within a few minutes even in Safe mode.

Each time I check my temp folder there are a few files more, I haven't deleted them today and my guess there are between 100-200 files now with nearly the same name.

At the moment I am typing this there is:
1 folder named "tmp00002541"
1 MS-DOS-batchfiles named winA.tmp
100-200 win(insert letter or number).tmp
3 idd(insert letter or number.tmp.exe files which all try to dial every now and then but I keep denying them internet access when Bitdefender asks.
5 win(insert letter or number.tmp.exe files

The names of the .exe files are:

Last edited by Xa4; August 31st, 2006 at 09:32 PM.
Old September 3rd, 2006, 03:25 AM
dahli's Avatar
dahli
CTH Subscriber
Join Date: Oct 2004
Location: in a van down by the river
Posts: 5,335
download SmitfraudFix.zip from here

Unzip it to your desktop and doubleclick on smitfraudfix.cmd.

Choose Option 1 and hit Enter to generate a report about the infected files. Please save the Log (it will save to C:\rapport.txt) and post it here.
Old September 3rd, 2006, 10:54 AM
Xa4
New Member
Join Date: Aug 2006
Posts: 12
Heres the rapport:

SmitFraudFix v2.83

Scan done at 11:58:55,01, zo 03-09-2006
Run from C:\Documents and Settings\XA4\Bureaublad\SmitfraudFix
OS: Microsoft Windows XP [versie 5.1.2600] - Windows_NT
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\XA4\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\XA4\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"FriendlyName"="Mijn huidige introductiepagina"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End
Old September 4th, 2006, 02:59 AM
dahli's Avatar
dahli
CTH Subscriber
Join Date: Oct 2004
Location: in a van down by the river
Posts: 5,335
Boot into Safe Mode (see here) and doubleclick on smitfraudfix.cmd again.

Choose Option 2 and hit Enter to delete the files responsible for the infection.

Disk Cleanup will run

Answer the question: Voulez-vous nettoyer le registre? (Do you want to clean your registry ?) o/n with O (oui -> yes) and hit Enter

The fix will stop if wininet.dll is infected. If so, answer the question: Corriger le fichier infecté? (Do you want to fix the infected file ?) o/n with O (oui -> yes) and hit Enter

A second report will be generated, please save it and type q and hit Enter to exit the program.
Old September 5th, 2006, 03:55 PM
Xa4
New Member
Join Date: Aug 2006
Posts: 12
Heres the rapport.

SmitFraudFix v2.83

Scan done at 16:57:45,81, di 05-09-2006
Run from C:\Documents and Settings\XA4\Bureaublad\SmitfraudFix
OS: Microsoft Windows XP [versie 5.1.2600] - Windows_NT
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End
Old September 8th, 2006, 03:59 PM
dahli's Avatar
dahli
CTH Subscriber
Join Date: Oct 2004
Location: in a van down by the river
Posts: 5,335
Run Ewido again and post the log.
Old September 8th, 2006, 09:01 PM
Xa4
New Member
Join Date: Aug 2006
Posts: 12
Heres the Ewido log, it simply keeps coming back, files get created in the Windows/Temp folder even in safe mode. My guess is Ewido does remove the trojans but something keeps re-installing them. It happened after I opened an .exe (which I don't have anymore). My guess is that .exe installed something that keeps installing these files in the Temp folder. Is there anyway I can find out what's creating them?

ewido anti-spyware - Scan Report

+ Created at: 22:04:13 8-9-2006

+ Scan result:

C:\Documents and Settings\XA4\Local Settings\Temporary Internet Files\Content.IE5\GF4JQFY5\srvoxg[1].exe -> Dialer.PlayGames.l : Cleaned with backup (quarantined).
C:\Documents and Settings\XA4\Local Settings\Temporary Internet Files\Content.IE5\GF4JQFY5\srvpzh[1].exe -> Dialer.PlayGames.l : Cleaned with backup (quarantined).
C:\Documents and Settings\XA4\Local Settings\Temporary Internet Files\Content.IE5\O327M389\srvtjk[1].exe -> Dialer.PlayGames.l : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\win14C.tmp.exe -> Dialer.PlayGames.l : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\win7.tmp.exe -> Dialer.PlayGames.l : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\winA.tmp.exe -> Dialer.PlayGames.l : Cleaned with backup (quarantined).
:mozilla.29:C:\Documents and Settings\XA4\Application Data\Mozilla\Firefox\Profiles\hjnp1ovv.default\coo kies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\XA4\Local Settings\Temporary Internet Files\Content.IE5\O327M389\srvzak[1].exe -> Trojan.Pakes : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\winB.tmp.exe -> Trojan.Pakes : Cleaned with backup (quarantined).

::Report end
