Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

Trojan Virus/Spyware?

This is a discussion on Trojan Virus/Spyware? within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hi! [this is my first time here], I was looking for some lyrics one day when I suddenly got hit


 
 
Thread Tools Search this Thread
Old 03-29-2006, 07:47 PM   #1
Registered Member
 
Join Date: Mar 2006
Posts: 25
OS: Win XP



Hi! [this is my first time here],
I was looking for some lyrics one day when I suddenly got hit with a numerous amount of spyware. I tried to clean it up using the Webroot Spysweeper that I had but the spyware kept coming back. My wallpaper was changed black with white font: "Your computer is in Danger! Windows Security Center has detected spyware/adware...".

I have googled for this, searched on forums and I saw that many people use smitRem and Ewido. So I downloaded these programs but the problem is my computer won't run them. So I decided to come to you guys for help . Thanks in advance.

Here is my HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 9:14:42 PM, on 3/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\eMachines Bay Reader\shwiconem.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\documents and settings\miriam\local settings\temp\lM2QAoAK.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\2Wire\2PortalMon.exe
C:\Program Files\Common Files\AOL\1124989142\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1124989142\ee\AOLServiceHost.exe
C:\WINDOWS\plxaiqyA.exe
C:\WINDOWS\sysvx_.exe
C:\PROGRA~1\Yahoo!\browser\ybrowser.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\PROGRA~1\COMMON~1\SSEMBL~1\dvdplay.exe
C:\Documents and Settings\Miriam\Application Data\?ystem32\wuauclt.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\sysvx.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\shell386.exe
C:\Program Files\Norton AntiVirus\OPScan.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
N2 - Netscape 6: user_pref("browser.startup.homepage", "http://www.google.com"); (C:\Documents and Settings\Miriam\Application Data\Mozilla\Profiles\default\i78jbamz.slt\prefs.js)
N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Miriam\Application Data\Mozilla\Profiles\default\i78jbamz.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1e1b2879-88ff-11d3-8d96-d7acac95951a} - (no file)
O2 - BHO: (no name) - {2bc43670-c0bd-4794-bb11-f60f3e001dc5} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - blank (file missing)
O2 - BHO: winapi32.MyBHO - {86A0607D-6126-45AE-8A29-46C181AFF4D6} - C:\WINDOWS\system32\winapi32.dll
O2 - BHO: (no name) - {8702d9e1-890b-4bf2-a233-fa44e582b2de} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: (no name) - {9819c369-5f62-4d37-9a42-44043a742c1e} - (no file)
O2 - BHO: (no name) - {9EAC0102-5E61-2312-BC2D-000000000000} - (no file)
O2 - BHO: (no name) - {9EAC0102-5E61-2312-BC2D-4D54434D5443} - (no file)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - blank (file missing)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-716d74632608} - (no file)
O2 - BHO: (no name) - {d53b810f-6219-11d4-95b6-0040950375e7} - (no file)
O2 - BHO: (no name) - {dd6f50c0-9f8f-a41c-291e-7b3fb818ef18} - (no file)
O2 - BHO: IExplorerHelper Class - {E89097ED-3400-411D-9647-D368C3311C98} - C:\WINDOWS\system32\IeHelperExVSS.dll
O2 - BHO: (no name) - {f21bd77e-0cce-c6cd-4f85-aa3b7895988e} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O2 - BHO: (no name) - {ff731508-cd28-e0b0-3e85-0cf55fde9fba} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\eMachines Bay Reader\shwiconem.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [lM2QAoAK.exe] C:\documents and settings\miriam\local settings\temp\lM2QAoAK.exe
O4 - HKLM\..\Run: [476X3mX] shmpatui.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124989142\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [MAGIXautostart] D:\setup.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe"
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [Dynamic Desktop Media] C:\WINDOWS\system32\sysu.exe
O4 - HKLM\..\Run: [plxaiqyA] C:\WINDOWS\plxaiqyA.exe
O4 - HKLM\..\Run: [sysvx] C:\WINDOWS\sysvx_.exe
O4 - HKLM\..\Run: [gmt] C:\WINDOWS\system32\gmt.exe
O4 - HKLM\..\Run: [cme] C:\WINDOWS\system32\cme.exe
O4 - HKLM\..\Run: [cmeupd] C:\WINDOWS\system32\cmeupd.exe
O4 - HKLM\..\Run: [Cydoor] C:\WINDOWS\system32\cd_load.exe
O4 - HKLM\..\Run: [gator] C:\WINDOWS\system32\gator.exe
O4 - HKLM\..\Run: [cmesys] C:\WINDOWS\system32\cmesys.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Lwp7RgbsV] shupdmod.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [Key] C:\DOCUME~1\Miriam\LOCALS~1\Temp\4C.tmp
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [WinMedia] C:\DOCUME~1\Miriam\LOCALS~1\Temp\26.tmp3584.exe
O4 - HKCU\..\Run: [Us] "C:\PROGRA~1\COMMON~1\SSEMBL~1\dvdplay.exe" -vt yazr
O4 - HKCU\..\Run: [Fzn] C:\Documents and Settings\Miriam\Application Data\?ystem32\wuauclt.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: wupdmgr.exe
O8 - Extra context menu item: &Search - http://bar.mytotalsearch.com/menusea...p=VSXXXXXX46US
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - blank (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10...I.cab34120.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?Link...04&clcid=0x409
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10...y.cab32846.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10...t.cab32846.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/def...jolauncher.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab34246.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/gold/default/gf.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10...y.cab35645.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://antu.popcap.com/games/popcaploader_v5.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (ZPA_Backgammon Object) - http://zone.msn.com/bingame/zpagames...n.cab36385.cab
O18 - Protocol: bw+0 - {F39B77EB-7E8E-4C0A-9BFF-9440C16E88A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {F39B77EB-7E8E-4C0A-9BFF-9440C16E88A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {F39B77EB-7E8E-4C0A-9BFF-9440C16E88A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {F39B77EB-7E8E-4C0A-9BFF-9440C16E88A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {F39B77EB-7E8E-4C0A-9BFF-9440C16E88A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {F39B77EB-7E8E-4C0A-9BFF-9440C16E88A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {F39B77EB-7E8E-4C0A-9BFF-9440C16E88A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {F39B77EB-7E8E-4C0A-9BFF-9440C16E88A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {F39B77EB-7E8E-4C0A-9BFF-9440C16E88A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {F39B77EB-7E8E-4C0A-9BFF-9440C16E88A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {F39B77EB-7E8E-4C0A-9BFF-9440C16E88A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {F39B77EB-7E8E-4C0A-9BFF-9440C16E88A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {F39B77EB-7E8E-4C0A-9BFF-9440C16E88A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {F39B77EB-7E8E-4C0A-9BFF-9440C16E88A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {F39B77EB-7E8E-4C0A-9BFF-9440C16E88A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {F39B77EB-7E8E-4C0A-9BFF-9440C16E88A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {F39B77EB-7E8E-4C0A-9BFF-9440C16E88A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {F39B77EB-7E8E-4C0A-9BFF-9440C16E88A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {F39B77EB-7E8E-4C0A-9BFF-9440C16E88A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {F39B77EB-7E8E-4C0A-9BFF-9440C16E88A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {F39B77EB-7E8E-4C0A-9BFF-9440C16E88A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {F39B77EB-7E8E-4C0A-9BFF-9440C16E88A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {F39B77EB-7E8E-4C0A-9BFF-9440C16E88A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {F39B77EB-7E8E-4C0A-9BFF-9440C16E88A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {F39B77EB-7E8E-4C0A-9BFF-9440C16E88A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {F39B77EB-7E8E-4C0A-9BFF-9440C16E88A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {F39B77EB-7E8E-4C0A-9BFF-9440C16E88A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {F39B77EB-7E8E-4C0A-9BFF-9440C16E88A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {F39B77EB-7E8E-4C0A-9BFF-9440C16E88A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {F39B77EB-7E8E-4C0A-9BFF-9440C16E88A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {F39B77EB-7E8E-4C0A-9BFF-9440C16E88A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {F39B77EB-7E8E-4C0A-9BFF-9440C16E88A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {F39B77EB-7E8E-4C0A-9BFF-9440C16E88A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {F39B77EB-7E8E-4C0A-9BFF-9440C16E88A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {F39B77EB-7E8E-4C0A-9BFF-9440C16E88A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {F39B77EB-7E8E-4C0A-9BFF-9440C16E88A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {F39B77EB-7E8E-4C0A-9BFF-9440C16E88A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {F39B77EB-7E8E-4C0A-9BFF-9440C16E88A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {F39B77EB-7E8E-4C0A-9BFF-9440C16E88A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {F39B77EB-7E8E-4C0A-9BFF-9440C16E88A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {F39B77EB-7E8E-4C0A-9BFF-9440C16E88A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {F39B77EB-7E8E-4C0A-9BFF-9440C16E88A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {F39B77EB-7E8E-4C0A-9BFF-9440C16E88A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {F39B77EB-7E8E-4C0A-9BFF-9440C16E88A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {F39B77EB-7E8E-4C0A-9BFF-9440C16E88A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {F39B77EB-7E8E-4C0A-9BFF-9440C16E88A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {F39B77EB-7E8E-4C0A-9BFF-9440C16E88A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {F39B77EB-7E8E-4C0A-9BFF-9440C16E88A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {F39B77EB-7E8E-4C0A-9BFF-9440C16E88A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {F39B77EB-7E8E-4C0A-9BFF-9440C16E88A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {F39B77EB-7E8E-4C0A-9BFF-9440C16E88A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {F39B77EB-7E8E-4C0A-9BFF-9440C16E88A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {F39B77EB-7E8E-4C0A-9BFF-9440C16E88A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {F39B77EB-7E8E-4C0A-9BFF-9440C16E88A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {F39B77EB-7E8E-4C0A-9BFF-9440C16E88A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {F39B77EB-7E8E-4C0A-9BFF-9440C16E88A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {F39B77EB-7E8E-4C0A-9BFF-9440C16E88A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {F39B77EB-7E8E-4C0A-9BFF-9440C16E88A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {F39B77EB-7E8E-4C0A-9BFF-9440C16E88A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {F39B77EB-7E8E-4C0A-9BFF-9440C16E88A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {F39B77EB-7E8E-4C0A-9BFF-9440C16E88A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {F39B77EB-7E8E-4C0A-9BFF-9440C16E88A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {F39B77EB-7E8E-4C0A-9BFF-9440C16E88A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {F39B77EB-7E8E-4C0A-9BFF-9440C16E88A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {F39B77EB-7E8E-4C0A-9BFF-9440C16E88A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {F39B77EB-7E8E-4C0A-9BFF-9440C16E88A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {F39B77EB-7E8E-4C0A-9BFF-9440C16E88A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {F39B77EB-7E8E-4C0A-9BFF-9440C16E88A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {F39B77EB-7E8E-4C0A-9BFF-9440C16E88A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {F39B77EB-7E8E-4C0A-9BFF-9440C16E88A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {F39B77EB-7E8E-4C0A-9BFF-9440C16E88A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {F39B77EB-7E8E-4C0A-9BFF-9440C16E88A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {F39B77EB-7E8E-4C0A-9BFF-9440C16E88A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {F39B77EB-7E8E-4C0A-9BFF-9440C16E88A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {F39B77EB-7E8E-4C0A-9BFF-9440C16E88A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {F39B77EB-7E8E-4C0A-9BFF-9440C16E88A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {F39B77EB-7E8E-4C0A-9BFF-9440C16E88A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: avpe32 - C:\WINDOWS\SYSTEM32\avpe32.dll
O20 - Winlogon Notify: msupdate - C:\WINDOWS\SYSTEM32\msupdate32.dll
O20 - Winlogon Notify: SensSrv - C:\WINDOWS\SYSTEM32\senssrv.dll
O20 - Winlogon Notify: ur32megareg - C:\Documents and Settings\All Users\Documents\Settings\ur32mega.dll
O21 - SSODL: SysTray.Exgl - {636821FC-6F5C-2f1b-B164-E67214F678E2} - C:\WINDOWS\system32\mhipbnhh.dll
O21 - SSODL: AOL Explorer - {B58ECC0D-04B2-CF16-741F-3E41E7FA47DD} - c:\program files\common files\aol\1124989142\ee\services\browser\ver1_1_1042\wceuzcx32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TWlyaWFt\command.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

__________________
UNREAL is offline  
Old 03-30-2006, 07:35 AM   #2
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
tetonbob's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 50,008
OS: XP Pro; XP Home; Win7 x86 & x64


Quote:
I saw that many people use smitRem and Ewido. So I downloaded these programs but the problem is my computer won't run them.
What happens when you try to run Ewido? Any NT-based system (win2k or XP) should be able to run Ewido.

Please follow MicroBell's 5 Step process outlined here

Then, once you've done that to help clean up some of the easier to remove junk, do this:

Create an uninstall list:
  • Open HiJackThis
  • Click on the configure button on the bottom right
  • Click on the tab "Misc Tools"
  • Click on the Box that says "Open Uninstall Manager"
  • Click on the button "Save list"
  • Copy and past the List from the notepad file into your post

Download & install - HaxFix.EXE.
During installation, please select these options:
  • Create a desktop icon
  • Launch HaxFix
When Haxfix starts, a red DOS window will open.
Select the option to - Make logfile - Type 1 & press`Enter'.
Haxfix will produce a log for you to post back here.

__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

tetonbob is offline  
Old 04-01-2006, 12:11 PM   #3
Registered Member
 
Join Date: Mar 2006
Posts: 25
OS: Win XP


I haven't even gone through all your instructions and already encountered some problems.

I started with MicroBell's 5 Step Process. First I went to go download Ad-Aware SE Personal Edition, but when I clicked on the link to download it my browser freezes. So I decide to try the CWShredder but when I click on Run.. nothing happens so I can't install the program [this is what I meant about Ewido and smitRem.. I click on Run and nothing happens]. I already had Spybot Search & Destroy so I restart my computer in Safe Mode and I scan and started to delete the problems. In the middle of deleting I get a dialog box saying "encountered a problem and needs to be shut down."

So then I decide to go on to step 2. Unfortunately, NONE of the online viruses work.. I keep getting dialog boxes that say "Windows has blocked this software because it can't verify the publisher." And some of them say an ActiveX control window is suppose to open.. but it doesn't.

So then I try to open Control Panel to delete some malware. But it doesn't open and Spybot detects a bunch of changes and asks me to verify them. And.. that's where I had to stop. My computer froze and I had to shut it down. This is quite frustrating.

And.. thank you for replying.
__________________
UNREAL is offline  
Old 04-01-2006, 06:07 PM   #4
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
tetonbob's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 50,008
OS: XP Pro; XP Home; Win7 x86 & x64


Frankly, you might be better off doing a repair install or format and clean install if your system is so messed up it won't run anti-spyware apps in safe mode.

Let's see if we can shake loose some of the junk, but you should back up any valued data NOW.

Sounds like you have Spybot's TeaTimer enabled. The first thing we need to do is disable it for now.

While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.
  • Open Spybot Search & Destroy.
  • In the Mode menu click "Advanced mode" if not already selected.
  • Choose "Yes" at the Warning prompt.
  • Expand the "Tools" menu.
  • Click "Resident".
  • Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
  • In the File menu click "Exit" to exit Spybot Search & Destroy.

Go to Start>Run and type cleanmgr then press enter.Select Drive C. When the cleanup tool is ready, make sure Downloaded Program Files, Temporary Internet Files and Temporary Files are checked, then click OK.

---------------------------------------------------------------------------------------------

Run a scan in HijackThis. Check each of the following and hit 'Fix checked' if they still exist (make sure not to miss any):

---------------------------------------------------------------------------------------------

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O2 - BHO: (no name) - {1e1b2879-88ff-11d3-8d96-d7acac95951a} - (no file)
O2 - BHO: (no name) - {2bc43670-c0bd-4794-bb11-f60f3e001dc5} - (no file)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - blank (file missing)
O2 - BHO: winapi32.MyBHO - {86A0607D-6126-45AE-8A29-46C181AFF4D6} - C:\WINDOWS\system32\winapi32.dll
O2 - BHO: (no name) - {8702d9e1-890b-4bf2-a233-fa44e582b2de} - (no file)
O2 - BHO: (no name) - {9819c369-5f62-4d37-9a42-44043a742c1e} - (no file)
O2 - BHO: (no name) - {9EAC0102-5E61-2312-BC2D-000000000000} - (no file)
O2 - BHO: (no name) - {9EAC0102-5E61-2312-BC2D-4D54434D5443} - (no file)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - blank (file missing)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-716d74632608} - (no file)
O2 - BHO: (no name) - {d53b810f-6219-11d4-95b6-0040950375e7} - (no file)
O2 - BHO: (no name) - {dd6f50c0-9f8f-a41c-291e-7b3fb818ef18} - (no file)
O2 - BHO: IExplorerHelper Class - {E89097ED-3400-411D-9647-D368C3311C98} - C:\WINDOWS\system32\IeHelperExVSS.dll
O2 - BHO: (no name) - {f21bd77e-0cce-c6cd-4f85-aa3b7895988e} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O2 - BHO: (no name) - {ff731508-cd28-e0b0-3e85-0cf55fde9fba} - (no file)
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [lM2QAoAK.exe] C:\documents and settings\miriam\local settings\temp\lM2QAoAK.exe
O4 - HKLM\..\Run: [476X3mX] shmpatui.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Dynamic Desktop Media] C:\WINDOWS\system32\sysu.exe
O4 - HKLM\..\Run: [plxaiqyA] C:\WINDOWS\plxaiqyA.exe
O4 - HKLM\..\Run: [sysvx] C:\WINDOWS\sysvx_.exe
O4 - HKLM\..\Run: [gmt] C:\WINDOWS\system32\gmt.exe
O4 - HKLM\..\Run: [cme] C:\WINDOWS\system32\cme.exe
O4 - HKLM\..\Run: [cmeupd] C:\WINDOWS\system32\cmeupd.exe
O4 - HKLM\..\Run: [Cydoor] C:\WINDOWS\system32\cd_load.exe
O4 - HKLM\..\Run: [gator] C:\WINDOWS\system32\gator.exe
O4 - HKLM\..\Run: [cmesys] C:\WINDOWS\system32\cmesys.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
O4 - HKCU\..\Run: [Lwp7RgbsV] shupdmod.exe
O4 - HKCU\..\Run: [Key] C:\DOCUME~1\Miriam\LOCALS~1\Temp\4C.tmp
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [WinMedia] C:\DOCUME~1\Miriam\LOCALS~1\Temp\26.tmp3584.exe
O4 - HKCU\..\Run: [Us] "C:\PROGRA~1\COMMON~1\SSEMBL~1\dvdplay.exe" -vt yazr
O4 - HKCU\..\Run: [Fzn] C:\Documents and Settings\Miriam\Application Data\?ystem32\wuauclt.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: wupdmgr.exe
O8 - Extra context menu item: &Search - http://bar.mytotalsearch.com/menusea...p=VSXXXXXX46US
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - blank (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10...I.cab34120.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?Link...04&clcid=0x409
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10...y.cab32846.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10...t.cab32846.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/def...jolauncher.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab34246.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/gold/default/gf.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10...y.cab35645.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://antu.popcap.com/games/popcaploader_v5.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (ZPA_Backgammon Object) - http://zone.msn.com/bingame/zpagames...n.cab36385.cab

All O18 entries like this, except the first one

O18 - Protocol: bw+0s - {F39B77EB-7E8E-4C0A-9BFF-9440C16E88A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O20 - Winlogon Notify: avpe32 - C:\WINDOWS\SYSTEM32\avpe32.dll
O20 - Winlogon Notify: msupdate - C:\WINDOWS\SYSTEM32\msupdate32.dll
O20 - Winlogon Notify: SensSrv - C:\WINDOWS\SYSTEM32\senssrv.dll
O20 - Winlogon Notify: ur32megareg - C:\Documents and Settings\All Users\Documents\Settings\ur32mega.dll
O21 - SSODL: SysTray.Exgl - {636821FC-6F5C-2f1b-B164-E67214F678E2} - C:\WINDOWS\system32\mhipbnhh.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TWlyaWFt\command.exe (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe


---------------------------------------------------------------------------------------------


Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Make sure to close any open browsers.

---------------------------------------------------------------------------------------------

Click Start->Run - type SERVICES.MSC & then click on the OK button
  1. Locate the service - Network Monitor
  2. Double-click on it to open the Properties dialog.
    • Under the General tab, note down the name of "Service name". We shall need it later.
    • Stop the service by using the Stop button.
    • Change the Startup type to Disabled & then click on the OK button
  3. Then start HiJackThis & go to Config>Misc.Tools...> Delete an NT service...
  4. In the popup box that appears, type in "Service name" & then click on the OK button
Repeat steps 1-4 for the following services :-
  • Command Service

---------------------------------------------------------------------------------------------


Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading, select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Also make sure there is no checkmark beside Hide file extensions for known file types
* Click Yes to confirm and then click OK.


Delete the following if they exist:

C:\WINDOWS\system32\winapi32.dll
C:\WINDOWS\system32\IeHelperExVSS.dll
C:\WINDOWS\system32\sysu.exe
C:\WINDOWS\plxaiqyA.exe
C:\WINDOWS\sysvx_.exe
C:\WINDOWS\system32\gmt.exe
C:\WINDOWS\system32\cme.exe
C:\WINDOWS\system32\cmeupd.exe
C:\WINDOWS\system32\cd_load.exe
C:\WINDOWS\system32\gator.exe
C:\WINDOWS\system32\cmesys.exe
C:\Windows\xpupdate.exe
C:\Program Files\Common Files\SSEMBL~1
C:\Documents and Settings\Miriam\Application Data\?ystem32<<<The ? can be any character, but may be an S
C:\WINDOWS\SYSTEM32\avpe32.dll
C:\WINDOWS\SYSTEM32\msupdate32.dll
C:\WINDOWS\SYSTEM32\senssrv.dll
C:\Documents and Settings\All Users\Documents\Settings\ur32mega.dll
C:\WINDOWS\system32\mhipbnhh.dll
C:\WINDOWS\TWlyaWFt
C:\Program Files\Network Monitor


---------------------------------------------------------------------------------------------

Restart in normal mode......and see if you have any control over your browser/downloads now. If so, perform an online scan here:

Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Locate the Scan Settings button & configure to:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK & have it scan My Computer
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan

---------------------------------------------------

In any case, post a new HJT log. Let me know what problems you encounter.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

tetonbob is offline  
Old 04-03-2006, 05:11 PM   #5
Registered Member
 
Join Date: Mar 2006
Posts: 25
OS: Win XP


This time I got all the way past deleting the stuff found on HJT (1 or 2 things weren't found that were on the list).

But when I started the computer in Safe Mode and ran SERVICES.MSC, Network Monitor and Command Service weren't on the list.

Here's the HJT log after deleting the problems:

Logfile of HijackThis v1.99.1
Scan saved at 7:02:59 PM, on 4/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\eMachines Bay Reader\shwiconem.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\2Wire\2PortalMon.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
C:\Program Files\Common Files\AOL\1124989142\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1124989142\ee\AOLServiceHost.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\PROGRA~1\Yahoo!\browser\ybrowser.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
N2 - Netscape 6: user_pref("browser.startup.homepage", "http://www.google.com"); (C:\Documents and Settings\Miriam\Application Data\Mozilla\Profiles\default\i78jbamz.slt\prefs.js)
N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Miriam\Application Data\Mozilla\Profiles\default\i78jbamz.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\eMachines Bay Reader\shwiconem.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124989142\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [MAGIXautostart] D:\setup.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe"
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [Personal AntiSpy keylogger] C:\WINDOWS\system32\systemwb.dll
O4 - HKLM\..\Run: [Transponder] C:\WINDOWS\system32\susp.exe
O4 - HKLM\..\Run: [DailyToolbar] C:\WINDOWS\system32\dailytoolbar.dll
O4 - HKLM\..\Run: [Adware.Srv32] C:\WINDOWS\system32\runsrv32.exe
O4 - HKLM\..\Run: [Alexa] C:\WINDOWS\system32\alxres.dll
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [WinMedia] C:\DOCUME~1\Miriam\LOCALS~1\Temp\26.tmp3584.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: bw+0 - {F39B77EB-7E8E-4C0A-9BFF-9440C16E88A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: ur32megareg - C:\Documents and Settings\All Users\Documents\Settings\ur32mega.dll
O21 - SSODL: AOL Explorer - {B58ECC0D-04B2-CF16-741F-3E41E7FA47DD} - c:\program files\common files\aol\1124989142\ee\services\browser\ver1_1_1042\wceuzcx32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
__________________
UNREAL is offline  
Old 04-03-2006, 09:26 PM   #6
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
tetonbob's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 50,008
OS: XP Pro; XP Home; Win7 x86 & x64


OK, we made some progress. I would think you should be able to run some tools now.

I would still require an online scan at the end of this fix... This will provide us with many details of what's on your system.

First, do this - , and report what problems you encounter, including any error messages.


Before begining the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. If you encounter any problems along the way, make note of it, and move on to the next step. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.


---------------------------------------------------------------------------------------------


Download Ewido Security Suite
  • Install Ewido Security Suite
  • When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu
  • Double-click the icon on Desktop to launch Ewido
You will need to update Ewido to the latest definition files.
  • On the left hand side of the main screen click update.
  • Then click on Start Update.
The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update Ewido
When you have finished updating, EXIT Ewido.

---------------------------------------------------------------------------------------------


Download and install CleanUp!
NOTE: Do NOT run this program if you have XP Professional 64 bit edition. If you're unsure please do not run it! If you don't already know, you're probably not using XP64. Download & run this tool to find out for sure.....

http://www.kellys-korner-xp.com/regs...p_whichcpu.exe




Run a scan in HijackThis. Check each of the following and hit 'Fix checked' if they still exist (make sure not to miss any):


O4 - HKLM\..\Run: [Personal AntiSpy keylogger] C:\WINDOWS\system32\systemwb.dll
O4 - HKLM\..\Run: [Transponder] C:\WINDOWS\system32\susp.exe
O4 - HKLM\..\Run: [DailyToolbar] C:\WINDOWS\system32\dailytoolbar.dll
O4 - HKLM\..\Run: [Adware.Srv32] C:\WINDOWS\system32\runsrv32.exe
O4 - HKLM\..\Run: [Alexa] C:\WINDOWS\system32\alxres.dll
O4 - HKCU\..\Run: [WinMedia] C:\DOCUME~1\Miriam\LOCALS~1\Temp\26.tmp3584.exe
O20 - Winlogon Notify: ur32megareg - C:\Documents and Settings\All Users\Documents\Settings\ur32mega.dll



---------------------------------------------------------------------------------------------

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files (if present)
  • Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.

It may ask you to log-off/reboot at the end, if it does please do so.

Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Make sure to close any open browsers.

---------------------------------------------------------------------------------------------

Run Ewido with it's updated definitions:(...it's important that all windows must be closed)
  • Click Scanner
  • Click Complete System Scan to begin scanning.
  • Click OK when prompted to clean files
With the first file it prompts to clean, select the option:
  • "Perform action on all infections"
  • Choose clean and click OK.
Once finished, click the Save report button & save the report to your desktop

** Ewido scan would require at least an hour.

---------------------------------------------------------------------------------------------

Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading, select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Also make sure there is no checkmark beside Hide file extensions for known file types
* Click Yes to confirm and then click OK.


Delete the following if they exist:

C:\WINDOWS\system32\systemwb.dll
C:\WINDOWS\system32\susp.exe
C:\WINDOWS\system32\dailytoolbar.dll
C:\WINDOWS\system32\runsrv32.exe
C:\WINDOWS\system32\alxres.dll
C:\Documents and Settings\All Users\Documents\Settings\ur32mega.dll



---------------------------------------------------------------------------------------------

Restart in normal mode.


Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Locate the Scan Settings button & configure to:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK & have it scan My Computer
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan

---------------------------------------------------

Run a new HijackThis scan. Save the log file and post it here.

---------------------------------------------------------------------------------------------

Please return with results from:

Ewido
Kaspersky
HJT
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

tetonbob is offline  
Old 04-04-2006, 09:57 PM   #7
Registered Member
 
Join Date: Mar 2006
Posts: 25
OS: Win XP


No error messages Everything seems to be better now.

Here are the results:

Ewido:
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 9:36:02 PM, 4/4/2006
+ Report-Checksum: 5D79503

+ Scan result:

:mozilla.7:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\5m6p8vwe.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\eGames\BlastThru\Game\bt.exe -> Dropper.Agent.zc : Cleaned with backup
C:\HJT\backups\backup-20060403-182938-221.dll -> Trojan.Small : Cleaned with backup
C:\HJT\backups\backup-20060403-182938-363-wupdmgr.exe -> Downloader.Small.ckc : Cleaned with backup
C:\HJT\backups\backup-20060403-182938-512.dll -> Downloader.VB.ur : Cleaned with backup
C:\HJT\backups\backup-20060403-182942-130.dll -> Not-A-Virus.Downloader.Win32.PopCap.a : Cleaned with backup
C:\krw1dn.exe -> Downloader.Agent.afi : Cleaned with backup
C:\NNSCAA638.EXE -> Adware.NewDotNet : Cleaned with backup
C:\Program Files\2Wire\mikyla32.dll -> Trojan.Zapchast : Cleaned with backup
C:\Program Files\AOL\AOL Toolbar 2.0\tyzl9.dll -> Trojan.Small : Cleaned with backup
C:\Program Files\Common Files\AOL\1124989142\ee\services\browser\ver1_1_1042\wceuzcx32.dll -> Trojan.Small : Cleaned with backup
C:\Program Files\Common Files\AOL\1124989142\ee\services\browser\ver1_1_1042\yqchr3.dll -> Proxy.Agent.jm : Cleaned with backup
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.dll -> Trojan.Sinowal.b : Cleaned with backup
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe -> Trojan.Sinowal.b : Cleaned with backup
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll -> Trojan.Sinowal.b : Cleaned with backup
C:\Program Files\Common Files\VCClient\SS1001.exe -> Dropper.Small.qn : Cleaned with backup
C:\Program Files\Common Files\аssembly\dvdplay.exe -> Downloader.PurityScan.w : Cleaned with backup
C:\Program Files\eGames\MahJongg Game of Four Winds Demo\mahjongg.exe -> Dropper.Agent.zc : Cleaned with backup
C:\Program Files\eGames\MahJongg Master 2 Demo\egames.exe -> Dropper.Agent.zc : Cleaned with backup
C:\Program Files\Yazzle Sudoku\Sudoku.exe -> Dropper.VB.kk : Cleaned with backup
C:\visfx500.exe -> Dropper.Agent.aie : Cleaned with backup
C:\WINDOWS\avalon_4.txt -> Trojan.Agent.fs : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.Downloader.Win32.PopCap.a : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\UWFX5_0001_N66M1101NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.f : Cleaned with backup
C:\WINDOWS\drsmartload95a.exe -> Downloader.Adload.af : Cleaned with backup
C:\WINDOWS\eee2.exe -> Adware.MediaMotor : Cleaned with backup
C:\WINDOWS\file1.exe -> Backdoor.Haxdoor.hr : Cleaned with backup
C:\WINDOWS\file2.exe -> Dropper.Agent.ali : Cleaned with backup
C:\WINDOWS\keyboard5.exe -> Downloader.VB.zl : Cleaned with backup
C:\WINDOWS\kl1.exe -> Trojan.Sinowal.b : Cleaned with backup
C:\WINDOWS\loadadv728.exe -> Downloader.Small.ckj : Cleaned with backup
C:\WINDOWS\mmx111.exe -> Downloader.VB.sh : Cleaned with backup
C:\WINDOWS\mousepad5.exe -> Hijacker.VB.ly : Cleaned with backup
C:\WINDOWS\ms1.exe -> Downloader.Tiny.al : Cleaned with backup
C:\WINDOWS\newname5.exe -> Downloader.Adload.ae : Cleaned with backup
C:\WINDOWS\osaupd.exe -> Downloader.Small.ckc : Cleaned with backup
C:\WINDOWS\pi1_34.exe -> Downloader.Small.bue : Cleaned with backup
C:\WINDOWS\pms111x.exe -> Downloader.VB.tw : Cleaned with backup
C:\WINDOWS\seli.exe/eee2.exe -> Adware.MediaMotor : Cleaned with backup
C:\WINDOWS\SYSC00.exe -> Trojan.VB.tg : Cleaned with backup
C:\WINDOWS\system\svchost.dll -> Backdoor.Agent.iw : Cleaned with backup
C:\WINDOWS\system32\ad.html -> Hijacker.Agent.e : Cleaned with backup
C:\WINDOWS\system32\anbgjjec.exe -> Proxy.Wopla.t : Cleaned with backup
C:\WINDOWS\system32\child.dll_tobedeleted -> Downloader.Small.bug : Cleaned with backup
C:\WINDOWS\system32\comdlg64.dll -> Rootkit.Agent.bk : Cleaned with backup
C:\WINDOWS\system32\dcom_14.dll -> Backdoor.Agent.uu : Cleaned with backup
C:\WINDOWS\system32\dlh9jkdq2.exe -> Not-A-Virus.Hoax.Win32.Renos.bt : Cleaned with backup
C:\WINDOWS\system32\dlh9jkdq5.exe -> Downloader.Small.cnz : Cleaned with backup
C:\WINDOWS\system32\dlh9jkdq6.exe -> Downloader.Tibs.dl : Cleaned with backup
C:\WINDOWS\system32\dlh9jkdq7.exe -> Downloader.Tibs.dm : Cleaned with backup
C:\WINDOWS\system32\faotvpap7.exe -> Trojan.Runner.h : Cleaned with backup
C:\WINDOWS\system32\intxt.exe -> Adware.CashDeluxe : Cleaned with backup
C:\WINDOWS\system32\loader.exe -> Downloader.Small.cob : Cleaned with backup
C:\WINDOWS\system32\mhipbnhh.dll -> Proxy.Wopla.q : Cleaned with backup
C:\WINDOWS\system32\msupdate32.dll_tobedeleted -> Backdoor.Delf.aml : Cleaned with backup
C:\WINDOWS\system32\mswinf32.dll -> Not-A-Virus.Hoax.Win32.VB.j : Cleaned with backup
C:\WINDOWS\system32\mswinf32.exe -> Not-A-Virus.Hoax.Win32.VB.j : Cleaned with backup
C:\WINDOWS\system32\nobamloa.exe -> Proxy.Wopla.t : Cleaned with backup
C:\WINDOWS\system32\senssrv.dll -> Downloader.Agent.afl : Cleaned with backup
C:\WINDOWS\system32\shell386.exe -> Downloader.VB.ur : Cleaned with backup
C:\WINDOWS\system32\slk8x2peu.exe -> Adware.Suggestor : Cleaned with backup
C:\WINDOWS\system32\taskdir.dll -> Proxy.Lager.aq : Cleaned with backup
C:\WINDOWS\system32\vc.dll -> Proxy.Agent.df : Cleaned with backup
C:\WINDOWS\system32\w9seq.dll -> Adware.Suggestor : Cleaned with backup
C:\WINDOWS\system32\winapi32.dll -> Downloader.VB.ur : Cleaned with backup
C:\WINDOWS\sysvx_.exe -> Trojan.Small : Cleaned with backup
C:\WINDOWS\toolbar.exe -> Downloader.Adload.w : Cleaned with backup
C:\WINDOWS\TWlyaWFt\asappsrv.dll -> Adware.CommAd : Cleaned with backup
C:\WINDOWS\unin101.exe -> Trojan.VB.tg : Cleaned with backup
C:\WINDOWS\uni_eh.exe -> Trojan.VB.tg : Cleaned with backup
C:\WINDOWS\wallpap.exe -> Hijacker.Agent.gp : Cleaned with backup
C:\WINDOWS\webhdll.dll_tobedeleted -> Adware.WebHancer : Cleaned with backup
C:\WINDOWS\wupdmgr.exe -> Downloader.Small.ckc : Cleaned with backup
C:\WINDOWS\xpupdate.exe -> Not-A-Virus.Hoax.Win32.Renos.bt : Cleaned with backup


::Report End

Kaspersky:
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Tuesday, April 04, 2006 23:36:30
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 5/04/2006
Kaspersky Anti-Virus database records: 186289
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan Statistics:
Total number of scanned objects: 101198
Number of viruses found: 135
Number of infected objects: 515
Number of suspicious objects: 10
Duration of the scan process: 5218 sec

Infected Object Name - Virus Name
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer3.zip/install.exe Suspicious: Password-protected-EXE
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer3.zip Suspicious: Password-protected-EXE
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC20.zip/mkcbcjla.exe Suspicious: Password-protected-EXE
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC20.zip Suspicious: Password-protected-EXE
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC21.zip/kanlcnok.exe Suspicious: Password-protected-EXE
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC21.zip Suspicious: Password-protected-EXE
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC22.zip/aoeieplm.exe Suspicious: Password-protected-EXE
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC22.zip Suspicious: Password-protected-EXE
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC7.zip/svchost.exe Suspicious: Password-protected-EXE
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC7.zip Suspicious: Password-protected-EXE
C:\Documents and Settings\Miriam\My Documents\My Music\MA MUSiC\01 - macsn formatter.zip/YSB_toolBar.exe/stream Infected: Trojan-Downloader.Win32.IstBar.no
C:\Documents and Settings\Miriam\My Documents\My Music\MA MUSiC\01 - macsn formatter.zip/YSB_toolBar.exe Infected: Trojan-Downloader.Win32.IstBar.no
C:\Documents and Settings\Miriam\My Documents\My Music\MA MUSiC\01 - macsn formatter.zip Infected: Trojan-Downloader.Win32.IstBar.no
C:\Program Files\Microsoft AntiSpyware\Quarantine\1F58ADC1-E762-4D9C-AC3E-308524\46E1335B-0A35-4CB7-AE58-DE8E59 Infected: not-a-virus:AdWare.Win32.MyWebSearch
C:\Program Files\Microsoft AntiSpyware\Quarantine\1F58ADC1-E762-4D9C-AC3E-308524\560F35A6-A8A5-4F40-B238-E81B32 Infected: not-a-virus:AdWare.Win32.MyWebSearch
C:\Program Files\Microsoft AntiSpyware\Quarantine\1F58ADC1-E762-4D9C-AC3E-308524\89A178D6-C04E-4404-A07A-F87AB7 Infected: not-a-virus:AdWare.Win32.MyWebSearch
C:\Program Files\Microsoft AntiSpyware\Quarantine\1F58ADC1-E762-4D9C-AC3E-308524\C7A89FAA-7CFC-429F-8040-2986E1 Infected: not-a-virus:AdWare.Win32.MyWebSearch
C:\Program Files\Microsoft AntiSpyware\Quarantine\1F58ADC1-E762-4D9C-AC3E-308524\DBFA62A3-763A-4D05-B296-7EB13B Infected: not-a-virus:AdWare.Win32.MyWebSearch.y
C:\Program Files\Microsoft AntiSpyware\Quarantine\3A49A6EC-6FE6-4A1D-A7AC-FD887B\CB73E158-3339-4F86-9090-F21C9F/data0002 Infected: not-a-virus:AdWare.Win32.WinFetcher.d
C:\Program Files\Microsoft AntiSpyware\Quarantine\3A49A6EC-6FE6-4A1D-A7AC-FD887B\CB73E158-3339-4F86-9090-F21C9F/data0004/data0002 Infected: not-a-virus:AdWare.Win32.WinFetcher.e
C:\Program Files\Microsoft AntiSpyware\Quarantine\3A49A6EC-6FE6-4A1D-A7AC-FD887B\CB73E158-3339-4F86-9090-F21C9F/data0004 Infected: not-a-virus:AdWare.Win32.WinFetcher.e
C:\Program Files\Microsoft AntiSpyware\Quarantine\3A49A6EC-6FE6-4A1D-A7AC-FD887B\CB73E158-3339-4F86-9090-F21C9F Infected: not-a-virus:AdWare.Win32.WinFetcher.e
C:\Program Files\Netscape\Netscape Browser\NSUninst.exe/data0003 Infected: not-a-virus:RiskTool.Win32.PsKill.n
C:\Program Files\Netscape\Netscape Browser\NSUninst.exe Infected: not-a-virus:RiskTool.Win32.PsKill.n
C:\Program Files\Norton AntiVirus\Quarantine\014853D8 Infected: not-a-virus:AdWare.Win32.Midadle.b
C:\Program Files\Norton AntiVirus\Quarantine\02A16A48 Infected: not-a-virus:AdWare.Win32.Midadle.e
C:\Program Files\Norton AntiVirus\Quarantine\03505A69 Infected: not-a-virus:AdWare.Win32.Midadle.e
C:\Program Files\Norton AntiVirus\Quarantine\03C03068 Infected: not-a-virus:AdWare.Win32.Midadle.e
C:\Program Files\Norton AntiVirus\Quarantine\03CC6074.exe Infected: Email-Worm.Win32.VB.an
C:\Program Files\Norton AntiVirus\Quarantine\046F13C0.exe Infected: Email-Worm.Win32.VB.an
C:\Program Files\Norton AntiVirus\Quarantine\05786716 Infected: Trojan-Downloader.Win32.VB.em
C:\Program Files\Norton AntiVirus\Quarantine\06614F79 Infected: Backdoor.Win32.VB.oq
C:\Program Files\Norton AntiVirus\Quarantine\07DE1C87 Infected: not-a-virus:AdWare.Win32.Midadle.c
C:\Program Files\Norton AntiVirus\Quarantine\08287117 Infected: not-a-virus:AdWare.Win32.Midadle.e
C:\Program Files\Norton AntiVirus\Quarantine\082B1B13 Infected: Trojan-Downloader.Win32.VB.em
C:\Program Files\Norton AntiVirus\Quarantine\082E450F Infected: Trojan-Downloader.Win32.VB.em
C:\Program Files\Norton AntiVirus\Quarantine\0844128E Infected: not-a-virus:AdWare.Win32.Midadle.c
C:\Program Files\Norton AntiVirus\Quarantine\086925D4 Infected: not-a-virus:AdWare.Win32.Midadle.b
C:\Program Files\Norton AntiVirus\Quarantine\090D5CA1 Infected: not-a-virus:AdWare.Win32.Midadle.c
C:\Program Files\Norton AntiVirus\Quarantine\094425FA Infected: Trojan-Downloader.Win32.VB.em
C:\Program Files\Norton AntiVirus\Quarantine\09F66CAC.tmp Infected: Trojan-Dropper.Win32.Small.ahg
C:\Program Files\Norton AntiVirus\Quarantine\0ABE676F Infected: not-a-virus:AdWare.Win32.Midadle.e
C:\Program Files\Norton AntiVirus\Quarantine\0AE00264 Infected: not-a-virus:AdWare.Win32.Midadle.e
C:\Program Files\Norton AntiVirus\Quarantine\0ECA5ED9 Infected: not-a-virus:AdWare.Win32.Midadle.c
C:\Program Files\Norton AntiVirus\Quarantine\0F784EF9 Infected: not-a-virus:AdWare.Win32.Midadle.e
C:\Program Files\Norton AntiVirus\Quarantine\0F8977D0 Infected: not-a-virus:AdWare.Win32.Midadle.c
C:\Program Files\Norton AntiVirus\Quarantine\10C94628.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\11F10B78 Infected: not-a-virus:AdWare.Win32.Wintol.l
C:\Program Files\Norton AntiVirus\Quarantine\12005460 Infected: not-a-virus:AdWare.Win32.Midadle.e
C:\Program Files\Norton AntiVirus\Quarantine\136E5886 Infected: not-a-virus:AdWare.Win32.Midadle.e
C:\Program Files\Norton AntiVirus\Quarantine\13D44E8D Infected: not-a-virus:AdWare.Win32.Midadle.e
C:\Program Files\Norton AntiVirus\Quarantine\15355131 Infected: not-a-virus:AdWare.Win32.Midadle.c
C:\Program Files\Norton AntiVirus\Quarantine\16A949CB Infected: not-a-virus:AdWare.Win32.Midadle.c
C:\Program Files\Norton AntiVirus\Quarantine\16C60A69 Infected: not-a-virus:AdWare.Win32.Midadle.c
C:\Program Files\Norton AntiVirus\Quarantine\17A11A17 Infected: not-a-virus:AdWare.Win32.Midadle.d
C:\Program Files\Norton AntiVirus\Quarantine\17C65A61 Infected: not-a-virus:AdWare.Win32.Midadle.e
C:\Program Files\Norton AntiVirus\Quarantine\18C52A59 Infected: not-a-virus:AdWare.Win32.Midadle.c
C:\Program Files\Norton AntiVirus\Quarantine\19C47A51 Infected: not-a-virus:AdWare.Win32.Midadle.e
C:\Program Files\Norton AntiVirus\Quarantine\1AF25369 Infected: not-a-virus:AdWare.Win32.Midadle.c
C:\Program Files\Norton AntiVirus\Quarantine\1BA1438A Infected: not-a-virus:AdWare.Win32.Midadle.e
C:\Program Files\Norton AntiVirus\Quarantine\1DCA1BC7 Infected: not-a-virus:AdWare.Win32.Midadle.c
C:\Program Files\Norton AntiVirus\Quarantine\1EFE1484 Infected: not-a-virus:AdWare.Win32.Midadle.b
C:\Program Files\Norton AntiVirus\Quarantine\1F640A8C Infected: not-a-virus:AdWare.Win32.Midadle.c
C:\Program Files\Norton AntiVirus\Quarantine\1FBF5A20 Infected: not-a-virus:AdWare.Win32.Midadle.e
C:\Program Files\Norton AntiVirus\Quarantine\1FCA0093 Infected: not-a-virus:AdWare.Win32.Midadle.c
C:\Program Files\Norton AntiVirus\Quarantine\20BE2A18 Infected: not-a-virus:AdWare.Win32.Midadle.e
C:\Program Files\Norton AntiVirus\Quarantine\215E45C2 Infected: not-a-virus:AdWare.Win32.Midadle.b
C:\Program Files\Norton AntiVirus\Quarantine\21BD7A10 Infected: not-a-virus:AdWare.Win32.Midadle.c
C:\Program Files\Norton AntiVirus\Quarantine\22843140 Infected: Trojan-Downloader.Win32.VB.em
C:\Program Files\Norton AntiVirus\Quarantine\22BD4A07 Infected: not-a-virus:AdWare.Win32.Midadle.e
C:\Program Files\Norton AntiVirus\Quarantine\23BC19FF Infected: not-a-virus:AdWare.Win32.Midadle.e
C:\Program Files\Norton AntiVirus\Quarantine\24EA6DC3 Infected: not-a-virus:AdWare.Win32.Midadle.c
C:\Program Files\Norton AntiVirus\Quarantine\25645CC9 Infected: not-a-virus:AdWare.Win32.Midadle.e
C:\Program Files\Norton AntiVirus\Quarantine\264376A7 Infected: not-a-virus:AdWare.Win32.Midadle.b
C:\Program Files\Norton AntiVirus\Quarantine\271B47FA Infected: not-a-virus:AdWare.Win32.Midadle.e
C:\Program Files\Norton AntiVirus\Quarantine\27C9381B Infected: not-a-virus:AdWare.Win32.Midadle.c
C:\Program Files\Norton AntiVirus\Quarantine\27F25589 Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\2993632F Infected: not-a-virus:AdWare.Win32.Midadle.e
C:\Program Files\Norton AntiVirus\Quarantine\29DD4CEB Infected: Trojan-Downloader.Win32.VB.em
C:\Program Files\Norton AntiVirus\Quarantine\2A8F5083 Infected: not-a-virus:AdWare.Win32.Midadle.b
C:\Program Files\Norton AntiVirus\Quarantine\2AF5468A Infected: not-a-virus:AdWare.Win32.Midadle.c
C:\Program Files\Norton AntiVirus\Quarantine\2B5B3C92 Infected: not-a-virus:AdWare.Win32.Midadle.b
C:\Program Files\Norton AntiVirus\Quarantine\2C0A3FBF Infected: not-a-virus:AdWare.Win32.Midadle.b
C:\Program Files\Norton AntiVirus\Quarantine\2D863A53 Infected: not-a-virus:AdWare.Win32.Midadle.e
C:\Program Files\Norton AntiVirus\Quarantine\2DC3766D Infected: Trojan-Downloader.Win32.VB.em
C:\Program Files\Norton AntiVirus\Quarantine\301064C3 Infected: not-a-virus:AdWare.Win32.BetterInternet
C:\Program Files\Norton AntiVirus\Quarantine\304637F0 Infected: not-a-virus:AdWare.Win32.BetterInternet
C:\Program Files\Norton AntiVirus\Quarantine\30B3352A Infected: not-a-virus:AdWare.Win32.Midadle.c
C:\Program Files\Norton AntiVirus\Quarantine\332A11BB Infected: not-a-virus:AdWare.Win32.Midadle.e
C:\Program Files\Norton AntiVirus\Quarantine\33433C8B Infected: not-a-virus:AdWare.Win32.Midadle.b
C:\Program Files\Norton AntiVirus\Quarantine\33F22CAC Infected: not-a-virus:AdWare.Win32.Midadle.b
C:\Program Files\Norton AntiVirus\Quarantine\35E64CDA.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\361F0C81 Infected: not-a-virus:AdWare.Win32.Midadle.b
C:\Program Files\Norton AntiVirus\Quarantine\36850289 Infected: not-a-virus:AdWare.Win32.Midadle.b
C:\Program Files\Norton AntiVirus\Quarantine\36EB7890 Infected: not-a-virus:AdWare.Win32.Midadle.c
C:\Program Files\Norton AntiVirus\Quarantine\37C31C16.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\37D40726 Infected: not-a-virus:AdWare.Win32.Midadle.e
C:\Program Files\Norton AntiVirus\Quarantine\39AE2EE4 Infected: not-a-virus:AdWare.Win32.Midadle.c
C:\Program Files\Norton AntiVirus\Quarantine\3A4B63B6 Infected: not-a-virus:AdWare.Win32.Midadle.b
C:\Program Files\Norton AntiVirus\Quarantine\3BA020C2/data0001.cab/VVSN.exe Infected: not-a-virus:AdWare.Win32.SaveNow.z
C:\Program Files\Norton AntiVirus\Quarantine\3BA020C2/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.z
C:\Program Files\Norton AntiVirus\Quarantine\3BA020C2 Infected: not-a-virus:AdWare.Win32.SaveNow.z
C:\Program Files\Norton AntiVirus\Quarantine\3C0616C9 Infected: not-a-virus:AdWare.Win32.BetterInternet
C:\Program Files\Norton AntiVirus\Quarantine\3CEA4ACE Infected: Trojan-Downloader.Win32.VB.em
C:\Program Files\Norton AntiVirus\Quarantine\3EF45922 Infected: not-a-virus:AdWare.Win32.Midadle.e
C:\Program Files\Norton AntiVirus\Quarantine\3F071913 Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\3F6B311C Infected: not-a-virus:AdWare.Win32.Midadle.b
C:\Program Files\Norton AntiVirus\Quarantine\401A213C Infected: not-a-virus:AdWare.Win32.Midadle.e
C:\Program Files\Norton AntiVirus\Quarantine\416B35B2 Infected: not-a-virus:AdWare.Win32.Midadle.c
C:\Program Files\Norton AntiVirus\Quarantine\42153E88 Infected: not-a-virus:AdWare.Win32.Midadle.b
C:\Program Files\Norton AntiVirus\Quarantine\427C348F Infected: not-a-virus:AdWare.Win32.Midadle.e
C:\Program Files\Norton AntiVirus\Quarantine\43CA4F85 Infected: not-a-virus:AdWare.Win32.Midadle.e
C:\Program Files\Norton AntiVirus\Quarantine\43CD7981 Infected: not-a-virus:AdWare.Win32.Midadle.e
C:\Program Files\Norton AntiVirus\Quarantine\43D0237E Infected: not-a-virus:AdWare.Win32.Midadle.b
C:\Program Files\Norton AntiVirus\Quarantine\43DD4B6F Infected: Trojan-Downloader.Win32.VB.em
C:\Program Files\Norton AntiVirus\Quarantine\43E1756C Infected: Trojan-Downloader.Win32.VB.em
C:\Program Files\Norton AntiVirus\Quarantine\43E41F68 Infected: not-a-virus:AdWare.Win32.BiSpy.t
C:\Program Files\Norton AntiVirus\Quarantine\43E74964 Infected: Trojan-Downloader.Win32.VB.em
C:\Program Files\Norton AntiVirus\Quarantine\45D72374 Infected: not-a-virus:AdWare.Win32.Midadle.c
C:\Program Files\Norton AntiVirus\Quarantine\46142B1E Infected: not-a-virus:AdWare.Win32.Midadle.c
C:\Program Files\Norton AntiVirus\Quarantine\462A64A5.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\4653273E.exe Infected: Trojan.Win32.Crypt.e
C:\Program Files\Norton AntiVirus\Quarantine\48473F19.exe Infected: Trojan.Win32.Crypt.e
C:\Program Files\Norton AntiVirus\Quarantine\49116A3A.exe Infected: Trojan.Win32.Crypt.e
C:\Program Files\Norton AntiVirus\Quarantine\4ACF4097 Infected: Trojan-Downloader.Win32.VB.em
C:\Program Files\Norton AntiVirus\Quarantine\4C292D78 Infected: Trojan-Downloader.Win32.VB.em
C:\Program Files\Norton AntiVirus\Quarantine\4C4215CD Infected: not-a-virus:AdWare.Win32.Midadle.e
C:\Program Files\Norton AntiVirus\Quarantine\4D347D1A Infected: not-a-virus:AdWare.Win32.Midadle.c
C:\Program Files\Norton AntiVirus\Quarantine\4DA67A86 Infected: not-a-virus:AdWare.Win32.Midadle.e
C:\Program Files\Norton AntiVirus\Quarantine\4E0C708E Infected: not-a-virus:AdWare.Win32.Midadle.e
C:\Program Files\Norton AntiVirus\Quarantine\4F587ACF Infected: not-a-virus:AdWare.Win32.BlazeFind.b
C:\Program Files\Norton AntiVirus\Quarantine\511C5959 Infected: Trojan-Downloader.Win32.VB.em
C:\Program Files\Norton AntiVirus\Quarantine\51D93C18 Infected: Trojan-Downloader.Win32.VB.em
C:\Program Files\Norton AntiVirus\Quarantine\51FF1805 Infected: not-a-virus:AdWare.Win32.Midadle.b
C:\Program Files\Norton AntiVirus\Quarantine\52DD48E0 Infected: Trojan-Downloader.Win32.VB.em
C:\Program Files\Norton AntiVirus\Quarantine\544D27D2 Infected: not-a-virus:AdWare.Win32.Midadle.c
C:\Program Files\Norton AntiVirus\Quarantine\54554F16 Infected: not-a-virus:AdWare.Win32.Midadle.c
C:\Program Files\Norton AntiVirus\Quarantine\548767AF Infected: not-a-virus:AdWare.Win32.Midadle.c
C:\Program Files\Norton AntiVirus\Quarantine\548A11AB Infected: not-a-virus:AdWare.Win32.Midadle.c
C:\Program Files\Norton AntiVirus\Quarantine\548D3BA8 Infected: not-a-virus:AdWare.Win32.Midadle.b
C:\Program Files\Norton AntiVirus\Quarantine\549065A4 Infected: not-a-virus:AdWare.Win32.Midadle.c
C:\Program Files\Norton AntiVirus\Quarantine\54940FA0 Infected: not-a-virus:AdWare.Win32.Midadle.e
C:\Program Files\Norton AntiVirus\Quarantine\5497399D Infected: not-a-virus:AdWare.Win32.Midadle.e
C:\Program Files\Norton AntiVirus\Quarantine\549A6399 Infected: not-a-virus:AdWare.Win32.Midadle.c
C:\Program Files\Norton AntiVirus\Quarantine\549E0D96 Infected: not-a-virus:AdWare.Win32.Midadle.e
C:\Program Files\Norton AntiVirus\Quarantine\54A13792 Infected: not-a-virus:AdWare.Win32.Midadle.e
C:\Program Files\Norton AntiVirus\Quarantine\54A4618E Infected: not-a-virus:AdWare.Win32.Midadle.c
C:\Program Files\Norton AntiVirus\Quarantine\54A70B8B Infected: not-a-virus:AdWare.Win32.Midadle.b
C:\Program Files\Norton AntiVirus\Quarantine\54AB3587 Infected: not-a-virus:AdWare.Win32.Midadle.c
C:\Program Files\Norton AntiVirus\Quarantine\54AE5F84 Infected: not-a-virus:AdWare.Win32.Midadle.c
C:\Program Files\Norton AntiVirus\Quarantine\54B10980 Infected: not-a-virus:AdWare.Win32.Midadle.c
C:\Program Files\Norton AntiVirus\Quarantine\54B4337D Infected: not-a-virus:AdWare.Win32.Midadle.c
C:\Program Files\Norton AntiVirus\Quarantine\54B85D79 Infected: not-a-virus:AdWare.Win32.Midadle.c
C:\Program Files\Norton AntiVirus\Quarantine\54BB0775 Infected: not-a-virus:AdWare.Win32.Midadle.c
C:\Program Files\Norton AntiVirus\Quarantine\54BE3172 Infected: not-a-virus:AdWare.Win32.Midadle.c
C:\Program Files\Norton AntiVirus\Quarantine\54C15B6E Infected: not-a-virus:AdWare.Win32.Midadle.b
C:\Program Files\Norton AntiVirus\Quarantine\54C5056B Infected: not-a-virus:AdWare.Win32.Midadle.c
C:\Program Files\Norton AntiVirus\Quarantine\54C82F67 Infected: not-a-virus:AdWare.Win32.Midadle.e
C:\Program Files\Norton AntiVirus\Quarantine\54CB5963 Infected: Trojan-Dropper.Win32.Agent.ch
C:\Program Files\Norton AntiVirus\Quarantine\54CF0360 Infected: not-a-virus:AdWare.Win32.Midadle.e
C:\Program Files\Norton AntiVirus\Quarantine\54D22D5C Infected: not-a-virus:AdWare.Win32.Midadle.c
C:\Program Files\Norton AntiVirus\Quarantine\54D55759 Infected: not-a-virus:AdWare.Win32.Midadle.c
C:\Program Files\Norton AntiVirus\Quarantine\54D80155 Infected: not-a-virus:AdWare.Win32.Midadle.b
C:\Program Files\Norton AntiVirus\Quarantine\54DC2B51 Infected: not-a-virus:AdWare.Win32.Midadle.b
C:\Program Files\Norton AntiVirus\Quarantine\54DF554E Infected: not-a-virus:AdWare.Win32.Midadle.e
C:\Program Files\Norton AntiVirus\Quarantine\54E127A6 Infected: not-a-virus:AdWare.Win32.Midadle.c
C:\Program Files\Norton AntiVirus\Quarantine\54E22FF8 Infected: Trojan-Downloader.Win32.VB.em
C:\Program Files\Norton AntiVirus\Quarantine\54E27F4A Infected: not-a-virus:AdWare.Win32.Midadle.b
C:\Program Files\Norton AntiVirus\Quarantine\552E1AA7 Infected: not-a-virus:AdWare.Win32.Wintol.l
C:\Program Files\Norton AntiVirus\Quarantine\5575277A Infected: not-a-virus:AdWare.Win32.Midadle.c
C:\Program Files\Norton AntiVirus\Quarantine\55E17FF0 Infected: not-a-virus:AdWare.Win32.Wintol.l
C:\Program Files\Norton AntiVirus\Quarantine\560D05C3 Infected: not-a-virus:AdWare.Win32.Wintol.l
C:\Program Files\Norton AntiVirus\Quarantine\56561A4F Infected: Trojan-Downloader.Win32.Apropo.k
C:\Program Files\Norton AntiVirus\Quarantine\567E2651.exe Infected: Trojan.Win32.Qhost.bi
C:\Program Files\Norton AntiVirus\Quarantine\57467265 Infected: not-a-virus:AdWare.Win32.Midadle.e
C:\Program Files\Norton AntiVirus\Quarantine\57BA6977 Infected: not-a-virus:AdWare.Win32.Wintol.l
C:\Program Files\Norton AntiVirus\Quarantine\57C526CA Infected: not-a-virus:AdWare.Win32.Midadle.b
C:\Program Files\Norton AntiVirus\Quarantine\5845425D Infected: not-a-virus:AdWare.Win32.Midadle.c
C:\Program Files\Norton AntiVirus\Quarantine\586B0A5E Infected: not-a-virus:AdWare.Win32.Midadle.b
C:\Program Files\Norton AntiVirus\Quarantine\58FE4481 Infected: not-a-virus:AdWare.Win32.Midadle.b
C:\Program Files\Norton AntiVirus\Quarantine\59363685 Infected: not-a-virus:AdWare.Win32.Midadle.c
C:\Program Files\Norton AntiVirus\Quarantine\59441255 Infected: not-a-virus:AdWare.Win32.Midadle.c
C:\Program Files\Norton AntiVirus\Quarantine\59812645 Infected: not-a-virus:AdWare.Win32.Midadle.b
C:\Program Files\Norton AntiVirus\Quarantine\5A022294 Infected: not-a-virus:AdWare.Win32.Midadle.c
C:\Program Files\Norton AntiVirus\Quarantine\5A44624D Infected: not-a-virus:AdWare.Win32.Midadle.e
C:\Program Files\Norton AntiVirus\Quarantine\5B3C25C1 Infected: not-a-virus:AdWare.Win32.Midadle.e
C:\Program Files\Norton AntiVirus\Quarantine\5B752111 Infected: not-a-virus:AdWare.Win32.Midadle.e
C:\Program Files\Norton AntiVirus\Quarantine\5C42023C Infected: not-a-virus:AdWare.Win32.Midadle.b
C:\Program Files\Norton AntiVirus\Quarantine\5D454DEA Infected: Trojan-Downloader.Win32.VB.em
C:\Program Files\Norton AntiVirus\Quarantine\5D697816 Infected: not-a-virus:AdWare.Win32.Midadle.c
C:\Program Files\Norton AntiVirus\Quarantine\5D8C2511 Infected: not-a-virus:AdWare.Win32.Midadle.c
C:\Program Files\Norton AntiVirus\Quarantine\5E280C96 Infected: not-a-virus:AdWare.Win32.Midadle.c
C:\Program Files\Norton AntiVirus\Quarantine\5E40222C Infected: not-a-virus:AdWare.Win32.Midadle.b
C:\Program Files\Norton AntiVirus\Quarantine\5FDC2461 Infected: not-a-virus:AdWare.Win32.Midadle.e
C:\Program Files\Norton AntiVirus\Quarantine\601E167D Infected: not-a-virus:AdWare.Win32.Midadle.e
C:\Program Files\Norton AntiVirus\Quarantine\603F421C Infected: not-a-virus:AdWare.Win32.Midadle.e
C:\Program Files\Norton AntiVirus\Quarantine\60BE7A6C Infected: Trojan-Downloader.Win32.Briss.a
C:\Program Files\Norton AntiVirus\Quarantine\60C22468 Infected: Trojan-Downloader.Win32.VB.em
C:\Program Files\Norton AntiVirus\Quarantine\60C54E64 Infected: Trojan-Downloader.Win32.VB.em
C:\Program Files\Norton AntiVirus\Quarantine\60C87861 Infected: not-a-virus:AdWare.Win32.Wintol.l
C:\Program Files\Norton AntiVirus\Quarantine\61032409 Infected: not-a-virus:AdWare.Win32.Midadle.b
C:\Program Files\Norton AntiVirus\Quarantine\613E1214 Infected: not-a-virus:AdWare.Win32.Midadle.c
C:\Program Files\Norton AntiVirus\Quarantine\619723DD Infected: not-a-virus:AdWare.Win32.Midadle.b
C:\Program Files\Norton AntiVirus\Quarantine\622B23B1 Infected: not-a-virus:AdWare.Win32.Midadle.b
C:\Program Files\Norton AntiVirus\Quarantine\62333697 Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\623D620B Infected: not-a-virus:AdWare.Win32.Midadle.e
C:\Program Files\Norton AntiVirus\Quarantine\6295730D Infected: not-a-virus:AdWare.Win32.Midadle.e
C:\Program Files\Norton AntiVirus\Quarantine\62BF2385 Infected: not-a-virus:AdWare.Win32.Midadle.e
C:\Program Files\Norton AntiVirus\Quarantine\633C3203 Infected: not-a-virus:AdWare.Win32.Midadle.c
C:\Program Files\Norton AntiVirus\Quarantine\63E7232D Infected: not-a-virus:AdWare.Win32.Midadle.b
C:\Program Files\Norton AntiVirus\Quarantine\643B01FB Infected: not-a-virus:AdWare.Win32.Midadle.b
C:\Program Files\Norton AntiVirus\Quarantine\64937EEE Infected: not-a-virus:AdWare.Win32.Midadle.b
C:\Program Files\Norton AntiVirus\Quarantine\64A969F8 Infected: not-a-virus:AdWare.Win32.Midadle.e
C:\Program Files\Norton AntiVirus\Quarantine\64C67283 Infected: not-a-virus:AdWare.Win32.Midadle.e
C:\Program Files\Norton AntiVirus\Quarantine\652D688B Infected: not-a-virus:AdWare.Win32.Midadle.e
C:\Program Files\Norton AntiVirus\Quarantine\65935E93 Infected: not-a-virus:AdWare.Win32.Midadle.b
C:\Program Files\Norton AntiVirus\Quarantine\673E6879 Infected: not-a-virus:AdWare.Win32.Midadle.c
C:\Program Files\Norton AntiVirus\Quarantine\696D427B Infected: not-a-virus:AdWare.Win32.Wintol.l
C:\Program Files\Norton AntiVirus\Quarantine\69B64509 Infected: not-a-virus:AdWare.Win32.Midadle.b
C:\Program Files\Norton AntiVirus\Quarantine\6A500126 Infected: not-a-virus:AdWare.Win32.Midadle.e
C:\Program Files\Norton AntiVirus\Quarantine\6A561EB7.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\6BCD43CD/Beyond.class Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\6BCD43CD/web.exe/WISE0006.BIN Infected: Trojan.Win32.Revop.e
C:\Program Files\Norton AntiVirus\Quarantine\6BCD43CD/web.exe Infected: Trojan.Win32.Revop.e
C:\Program Files\Norton AntiVirus\Quarantine\6BCD43CD Infected: Trojan.Win32.Revop.e
C:\Program Files\Norton AntiVirus\Quarantine\6BD16DCA Infected: not-a-virus:AdWare.Win32.BetterInternet
C:\Program Files\Norton AntiVirus\Quarantine\6BE813B1 Infected: not-a-virus:AdWare.Win32.BetterInternet
C:\Program Files\Norton AntiVirus\Quarantine\6BEB3DAD Infected: not-a-virus:AdWare.Win32.BetterInternet
C:\Program Files\Norton AntiVirus\Quarantine\6BEE67A9 Infected: not-a-virus:AdWare.Win32.BetterInternet
C:\Program Files\Norton AntiVirus\Quarantine\6BF111A6 Infected: not-a-virus:AdWare.Win32.BetterInternet
C:\Program Files\Norton AntiVirus\Quarantine\6BF53BA2 Infected: Trojan-Downloader.Win32.VB.em
C:\Program Files\Norton AntiVirus\Quarantine\6BF8659F Infected: Trojan-Downloader.Win32.VB.em
C:\Program Files\Norton AntiVirus\Quarantine\6E5F3A75 Infected: not-a-virus:AdWare.Win32.Midadle.c
C:\Program Files\Norton AntiVirus\Quarantine\70433642 Infected: Trojan-Downloader.Win32.VB.em
C:\Program Files\Norton AntiVirus\Quarantine\70572E82 Infected: not-a-virus:AdWare.Win32.Midadle.c
C:\Program Files\Norton AntiVirus\Quarantine\70BC737F Infected: not-a-virus:AdWare.Win32.Midadle.e
C:\Program Files\Norton AntiVirus\Quarantine\70BD248A Infected: not-a-virus:AdWare.Win32.Midadle.c
C:\Program Files\Norton AntiVirus\Quarantine\71231A91 Infected: not-a-virus:AdWare.Win32.Midadle.c
C:\Program Files\Norton AntiVirus\Quarantine\757F0C70 Infected: not-a-virus:AdWare.Win32.Midadle.e
C:\Program Files\Norton AntiVirus\Quarantine\763E38CA Infected: not-a-virus:AdWare.Win32.BetterInternet
C:\Program Files\Norton AntiVirus\Quarantine\767975B7 Infected: not-a-virus:AdWare.Win32.Midadle.e
C:\Program Files\Norton AntiVirus\Quarantine\772765D8 Infected: not-a-virus:AdWare.Win32.Midadle.e
C:\Program Files\Norton AntiVirus\Quarantine\7A3921E9 Infected: Trojan-Downloader.Win32.VB.em
C:\Program Files\Norton AntiVirus\Quarantine\7AEA2FA5.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\7BE76A81 Infected: not-a-virus:AdWare.Win32.Midadle.b
C:\Program Files\Norton AntiVirus\Quarantine\7C4D6088 Infected: not-a-virus:AdWare.Win32.Midadle.e
C:\Program Files\Norton AntiVirus\Quarantine\7C9F5E6C Infected: not-a-virus:AdWare.Win32.Midadle.c
C:\Program Files\Norton AntiVirus\Quarantine\7CB35690 Infected: not-a-virus:AdWare.Win32.Midadle.c
C:\Program Files\Norton AntiVirus\Quarantine\7CE46810 Infected: not-a-virus:AdWare.Win32.Midadle.c
C:\Program Files\Norton AntiVirus\Quarantine\7FBE617D Infected: Trojan-Downloader.Win32.Adload.a
C:\Program Files\Norton AntiVirus\Quarantine\7FE925A0.exe/data0002/data0005 Infected: Trojan-Downloader.Win32.Agent.ac
C:\Program Files\Norton AntiVirus\Quarantine\7FE925A0.exe/data0002/data0006 Infected: Trojan-Downloader.Win32.Turown.h
C:\Program Files\Norton AntiVirus\Quarantine\7FE925A0.exe/data0002/data0008 Infected: Trojan-Downloader.Win32.Turown.g
C:\Program Files\Norton AntiVirus\Quarantine\7FE925A0.exe/data0002/data0012 Infected: Trojan-Downloader.Win32.VB.cw
C:\Program Files\Norton AntiVirus\Quarantine\7FE925A0.exe/data0002 Infected: Trojan-Downloader.Win32.VB.cw
C:\Program Files\Norton AntiVirus\Quarantine\7FE925A0.exe/data0016 Infected: Backdoor.Win32.Ruledor.e
C:\Program Files\Norton AntiVirus\Quarantine\7FE925A0.exe/data0017 Infected: Trojan-Downloader.Win32.Apropo.h
C:\Program Files\Norton AntiVirus\Quarantine\7FE925A0.exe/data0018 Infected: not-a-virus:AdWare.Win32.EZula
C:\Program Files\Norton AntiVirus\Quarantine\7FE925A0.exe/data0019 Infected: Trojan-Downloader.Win32.QDown.m
C:\Program Files\Norton AntiVirus\Quarantine\7FE925A0.exe/data0020 Infected: Trojan.Win32.Qhost.bi
C:\Program Files\Norton AntiVirus\Quarantine\7FE925A0.exe Infected: Trojan.Win32.Qhost.bi
C:\Program Files\Winamp\Skins\cOOl\hkitty_skin.exe/WISE0019.BIN Infected: not-a-virus:AdWare.Win32.180Solutions
C:\Program Files\Winamp\Skins\cOOl\hkitty_skin.exe/WISE0020.BIN/data0001.cab/VVSN.exe Infected: not-a-virus:AdWare.Win32.SaveNow.z
C:\Program Files\Winamp\Skins\cOOl\hkitty_skin.exe/WISE0020.BIN/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.z
C:\Program Files\Winamp\Skins\cOOl\hkitty_skin.exe/WISE0020.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.z
C:\Program Files\Winamp\Skins\cOOl\hkitty_skin.exe/WISE0021.BIN Infected: Backdoor.Win32.Ruledor.c
C:\Program Files\Winamp\Skins\cOOl\hkitty_skin.exe Infected: Backdoor.Win32.Ruledor.c
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP319\A0087170.dll Infected: Trojan-Downloader.Win32.IstBar.ms
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP319\A0087171.exe Infected: not-a-virus:AdWare.Win32.SurfAccuracy.d
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP319\A0087175.exe Infected: Trojan-Downloader.Win32.Dyfuca.ei
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP319\A0087176.dll Infected: Trojan-Downloader.Win32.Dyfuca.gen
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP319\A0087177.dll Infected: not-a-virus:AdWare.Win32.SideFind
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP319\A0087178.dll Infected: not-a-virus:AdWare.Win32.SideFind
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP319\A0087179.exe Infected: Trojan-Downloader.Win32.IstBar.jm
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP319\A0087180.exe Infected: not-a-virus:AdWare.Win32.PowerScan.d
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP319\A0087190.exe Infected: Trojan-Downloader.Win32.IstBar.gen
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP321\A0087514.exe Infected: Trojan-Downloader.Win32.IstBar.gen
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP321\A0087531.exe Infected: Trojan-Downloader.Win32.IstBar.ij
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP353\A0096509.ocx Infected: not-a-virus:AdWare.Win32.AzSearch.b
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP360\A0097939.exe Infected: Trojan-Downloader.Win32.VB.tw
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP360\A0097946.exe Infected: not-virus:Hoax.Win32.Renos.bk
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP360\A0099946.dll Infected: Trojan-Downloader.Win32.Dyfuca.gen
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP360\A0099951.exe Infected: Trojan.Win32.Inject.i
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP360\A0099954.exe Infected: not-virus:Hoax.Win32.Renos.bk
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP360\A0101947.exe Infected: Trojan-Downloader.Win32.Small.ckn
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP360\A0101948.exe Infected: Trojan-Downloader.Win32.Tiny.ap
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP360\A0101949.exe Infected: Trojan-Downloader.Win32.Small.skn
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP360\A0101951.exe Infected: not-virus:Hoax.Win32.Renos.bk
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP360\A0101954.exe Infected: Trojan-Clicker.Win32.Agent.fk
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP360\A0101955.exe Infected: Trojan-Dropper.Win32.Delf.th
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP360\A0101959.exe Infected: Trojan-Downloader.Win32.Small.cof
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP360\A0101960.exe Infected: Trojan.Win32.Inject.i
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP360\A0101962.exe Infected: Trojan-Downloader.Win32.Small.cof
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP360\A0101963.dll Infected: Rootkit.Win32.Agent.bk
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP360\A0101964.exe Infected: Email-Worm.Win32.Locksky.aj
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP360\A0101966.exe/data0002/data0006 Infected: Trojan-Dropper.Win32.VB.kk
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP360\A0101966.exe/data0002 Infected: Trojan-Dropper.Win32.VB.kk
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP360\A0101966.exe Infected: Trojan-Dropper.Win32.VB.kk
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP360\A0101967.exe Infected: Trojan-Downloader.Win32.Small.cpa
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP360\A0101969.exe Infected: Trojan-Dropper.Win32.VB.kk
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP360\A0101974.exe Infected: Trojan-Downloader.Win32.PurityScan.au
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP360\A0102951.exe Infected: Trojan-Downloader.Win32.Dyfuca.dp
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP360\A0102952.exe Infected: Trojan-Downloader.Win32.Dyfuca.ei
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP360\A0102953.exe Infected: Trojan-Downloader.Win32.Dyfuca.dp
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP360\A0102956.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP360\A0102958.dll Infected: not-a-virus:AdWare.Win32.WebHancer
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP360\A0102959.exe Infected: not-a-virus:AdWare.Win32.WebHancer
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP360\A0102960.exe/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP360\A0102960.exe/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer.381
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP360\A0102960.exe/data.rar/whSurvey.exe Infected: not-a-virus:AdWare.Win32.WebHancer.381
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP360\A0102960.exe/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP360\A0102960.exe/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP360\A0102960.exe/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer.381
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP360\A0102960.exe Infected: not-a-virus:AdWare.Win32.WebHancer.381
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP360\A0102961.exe Infected: not-a-virus:AdWare.Win32.WebHancer
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP360\A0102964.dll Infected: not-a-virus:AdWare.Win32.WebHancer
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP360\A0103948.exe Infected: not-virus:Hoax.Win32.Renos.bt
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP360\A0103949.exe Infected: Trojan-Downloader.Win32.Small.ckn
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP360\A0103950.exe Infected: Trojan-Downloader.Win32.Small.skn
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP360\A0103957.exe Infected: Trojan-Downloader.Win32.Small.cof
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP360\A0103958.exe Infected: Trojan-Dropper.Win32.Delf.th
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP360\A0103960.exe Infected: Trojan-Dropper.Win32.VB.kk
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP360\A0103961.exe Infected: Trojan-Downloader.Win32.Small.cof
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP360\A0103963.exe Infected: Trojan.Win32.Inject.i
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP360\A0103965.exe/data0002/data0006 Infected: Trojan-Dropper.Win32.VB.kk
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP360\A0103965.exe/data0002 Infected: Trojan-Dropper.Win32.VB.kk
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP360\A0103965.exe Infected: Trojan-Dropper.Win32.VB.kk
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP360\A0103969.exe Infected: not-virus:Hoax.Win32.Renos.bk
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP360\A0103972.exe Infected: Trojan-Downloader.Win32.Small.cpa
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP360\A0103974.dll Infected: Rootkit.Win32.Agent.bk
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP360\A0103975.exe Infected: Email-Worm.Win32.Locksky.aj
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP360\A0103977.exe Infected: Trojan-Downloader.Win32.PurityScan.w
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP360\A0103978.exe Infected: not-a-virus:AdWare.Win32.PurityScan.dq
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP360\A0104947.dll Infected: Backdoor.Win32.Agent.iw
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP360\A0104948.exe Infected: not-virus:Hoax.Win32.Renos.bt
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP360\A0104955.exe Infected: Trojan-Downloader.Win32.Small.ckn
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP360\A0104956.exe Infected: Trojan-Downloader.Win32.Small.skn
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP360\A0104957.exe/data0002/data0006 Infected: Trojan-Dropper.Win32.VB.kk
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP360\A0104957.exe/data0002 Infected: Trojan-Dropper.Win32.VB.kk
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP360\A0104957.exe Infected: Trojan-Dropper.Win32.VB.kk
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP360\A0104960.exe Infected: Trojan-Dropper.Win32.Delf.th
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP360\A0104963.exe Infected: Trojan-Dropper.Win32.Small.ann
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP360\A0104964.exe Infected: Email-Worm.Win32.Locksky.aj
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP360\A0104965.dll Infected: Packed.Win32.Tibs
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP360\A0104966.exe Infected: Trojan.Win32.Inject.i
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP360\A0104967.exe Infected: Email-Worm.Win32.Locksky.aj
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP360\A0104968.dll Infected: Rootkit.Win32.Agent.bk
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP360\A0104970.exe Infected: Trojan-Dropper.Win32.VB.kk
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP360\A0104975.exe Infected: Backdoor.Win32.Haxdoor.hg
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP360\A0104981.exe Infected: not-a-virus:AdWare.Win32.CommAd.a
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP360\A0104985.dll Infected: Rootkit.Win32.Agent.bk
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP360\A0104986.dll Infected: Backdoor.Win32.Agent.iw
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP360\A0105025.exe Infected: Trojan-Downloader.Win32.IstBar.ij
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP360\A0105026.exe Infected: Trojan-Downloader.Win32.IstBar.ij
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP360\A0105027.dll Infected: not-a-virus:AdWare.Win32.AzSearch.b
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP360\A0105028.ocx Infected: not-a-virus:AdWare.Win32.AzSearch.b
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP360\A0105029.exe Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP360\A0105031.exe Infected: not-a-virus:AdWare.Win32.SurfAccuracy.d
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP360\A0105035.exe Infected: Trojan-Downloader.Win32.Dyfuca.ei
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP360\A0105036.dll Infected: Trojan-Downloader.Win32.Dyfuca.dt
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP360\A0105037.dll Infected: Trojan-Downloader.Win32.Dyfuca.gen
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP360\A0105039.exe Infected: not-a-virus:AdWare.Win32.WebHancer
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP360\A0105041.exe Infected: not-a-virus:AdWare.Win32.WebHancer
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP360\A0105042.dll Infected: not-a-virus:AdWare.Win32.WebHancer
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP360\A0105043.exe/data.rar/WhAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP360\A0105043.exe/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP360\A0105043.exe/data.rar/WhSurvey.exe Infected: not-a-virus:AdWare.Win32.WebHancer
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP360\A0105043.exe/data.rar/Webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP360\A0105043.exe/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP360\A0105043.exe/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP360\A0105043.exe Infected: not-a-virus:AdWare.Win32.WebHancer
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP360\A0105046.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP360\A0105047.dll Infected: not-a-virus:AdWare.Win32.WebHancer
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP360\A0105057.dll Infected: Backdoor.Win32.Agent.iw
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP360\A0105094.dll Infected: Rootkit.Win32.Agent.bk
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP360\A0105095.dll Infected: Backdoor.Win32.Agent.iw
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP360\A0105132.exe Infected: not-virus:Hoax.Win32.VB.j
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP361\A0105134.exe Infected: not-virus:Hoax.Win32.VB.j
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP361\A0105146.dll Infected: Rootkit.Win32.Agent.bk
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP361\A0105147.dll Infected: Backdoor.Win32.Agent.iw
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP361\A0106145.dll Infected: Rootkit.Win32.Agent.bk
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP361\A0106146.dll Infected: Backdoor.Win32.Agent.iw
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP361\A0108149.dll Infected: Rootkit.Win32.Agent.bk
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP361\A0108190.dll Infected: Rootkit.Win32.Agent.bk
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP361\A0108225.exe Infected: not-virus:Hoax.Win32.VB.j
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP361\A0109224.exe Infected: not-virus:Hoax.Win32.VB.j
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP361\A0110223.exe Infected: not-virus:Hoax.Win32.VB.j
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP361\A0110255.exe Infected: Trojan-Downloader.Win32.VB.nw
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP361\A0110256.exe Infected: Trojan-Clicker.Win32.VB.ij
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP361\A0110257.exe Infected: Trojan-Clicker.Win32.VB.ij
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP361\A0110258.exe/data0002 Infected: Trojan-Clicker.Win32.Small.jf
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP361\A0110258.exe Infected: Trojan-Clicker.Win32.Small.jf
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP361\A0110265.exe Infected: Trojan-Clicker.Win32.VB.is
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP361\A0110266.dll Infected: Trojan-Clicker.Win32.Small.jf
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP361\A0110267.exe Infected: Trojan-Downloader.Win32.Dyfuca.ei
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP361\A0110268.ocx Infected: Trojan-Downloader.Win32.VB.ov
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP361\A0110272.exe Infected: Trojan.Win32.Inject.i
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP361\A0110273.dll Infected: Backdoor.Win32.Delf.aml
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP361\A0110275.DLL Infected: not-a-virus:AdWare.Win32.MyWay.f
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP361\A0110276.EXE Infected: not-a-virus:AdWare.Win32.MyWay.b
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP361\A0110279.exe Infected: not-a-virus:Monitor.Win32.NetMon.a
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP361\A0110280.exe Infected: not-a-virus:AdWare.Win32.NewDotNet
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP361\A0110281.exe Infected: not-a-virus:AdWare.Win32.NewDotNet
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP361\A0110282.dll Infected: not-a-virus:AdWare.Win32.NewDotNet
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP361\A0110285.exe Infected: Email-Worm.Win32.Locksky.aj
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP361\A0110287.exe/data0002/data0006 Infected: Trojan-Dropper.Win32.VB.kk
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP361\A0110287.exe/data0002 Infected: Trojan-Dropper.Win32.VB.kk
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP361\A0110287.exe Infected: Trojan-Dropper.Win32.VB.kk
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP361\A0110288.exe Infected: Backdoor.Win32.Agent.iw
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP361\A0110289.exe Infected: Trojan-Dropper.Win32.Small.ann
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP361\A0110290.exe Infected: Trojan-Dropper.Win32.Delf.th
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP361\A0110291.exe Infected: Trojan-Downloader.Win32.Small.skn
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP361\A0110292.exe Infected: Trojan-Downloader.Win32.Small.ckn
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP361\A0110293.exe Infected: Backdoor.Win32.Haxdoor.hg
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP361\A0110294.exe Infected: Trojan-Downloader.Win32.TSUpdate.o
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP361\A0110295.exe Infected: Trojan-Downloader.Win32.Small.buy
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP361\A0110296.exe Infected: Trojan.Win32.Dialer.ay
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP361\A0110297.exe Infected: Trojan.Win32.StartPage.adi
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP361\A0110300.exe Infected: Trojan-Downloader.Win32.Small.arj
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP361\A0110301.exe Infected: not-virus:Hoax.Win32.Renos.ca
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP361\A0110303.exe Infected: not-virus:Hoax.Win32.Renos.ca
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP361\A0110304.exe Infected: Trojan-Downloader.Win32.VB.zg
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP361\A0110305.exe Infected: Trojan-Proxy.Win32.Wopla.q
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP361\A0110306.exe Infected: Trojan-Proxy.Win32.Wopla.q
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP361\A0110307.exe Infected: Trojan-Proxy.Win32.Wopla.q
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP361\A0110310.dll Infected: Trojan-Downloader.Win32.Small.bug
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP361\A0110311.dll Infected: Trojan-Downloader.Win32.Agent.afl
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP361\A0110317.dll Infected: Rootkit.Win32.Agent.bk
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP361\A0112316.dll Infected: Rootkit.Win32.Agent.bk
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP361\A0113353.exe Infected: not-virus:Hoax.Win32.VB.j
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP362\A0113363.exe Infected: not-virus:Hoax.Win32.VB.j
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP362\A0113383.dll Infected: Rootkit.Win32.Agent.bk
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP362\A0113417.exe Infected: not-virus:Hoax.Win32.VB.j
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP362\A0113418.dll Infected: Trojan-Downloader.Win32.VB.ur
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP362\A0113419.dll Infected: Packed.Win32.Tibs
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP362\A0113421.exe Infected: not-virus:Hoax.Win32.Renos.bk
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP362\A0113726.exe/data0012 Infected: not-a-virus:RiskTool.Win32.PsKill.n
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP362\A0113726.exe Infected: not-a-virus:RiskTool.Win32.PsKill.n
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP362\A0113748.exe/stream Infected: Trojan-Downloader.Win32.IstBar.no
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP362\A0113748.exe Infected: Trojan-Downloader.Win32.IstBar.no
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP362\A0113756.exe/stream Infected: Trojan-Downloader.Win32.IstBar.no
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP362\A0113756.exe Infected: Trojan-Downloader.Win32.IstBar.no
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP362\A0113852.exe Infected: Trojan-Dropper.Win32.Agent.zc
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP362\A0113853.dll Infected: Packed.Win32.Tibs
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP362\A0113854.exe Infected: not-virus:Hoax.Win32.Renos.bk
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP362\A0113855.dll Infected: Trojan-Downloader.Win32.VB.ur
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP362\A0113856.dll Infected: not-a-virus:Downloader.Win32.PopCap.a
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP362\A0113857.exe Infected: Trojan-Downloader.Win32.Agent.agy
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP362\A0113858.EXE Infected: not-a-virus:AdWare.Win32.NewDotNet
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP362\A0113859.dll Infected: Trojan.Win32.Zapchast
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP362\A0113860.dll Infected: Trojan-Clicker.Win32.Agent.gm
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP362\A0113861.dll Infected: Trojan-Clicker.Win32.Agent.gm
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP362\A0113862.dll Infected: Trojan-Proxy.Win32.Agent.jm
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP362\A0113863.dll Infected: Trojan-PSW.Win32.Sinowal.b
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP362\A0113864.exe Infected: Trojan-PSW.Win32.Sinowal.b
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP362\A0113865.dll Infected: Trojan-PSW.Win32.Sinowal.b
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP362\A0113866.exe Infected: Trojan-Dropper.Win32.Small.qn
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP362\A0113867.exe Infected: Trojan-Downloader.Win32.PurityScan.w
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP362\A0113868.exe Infected: Trojan-Dropper.Win32.Agent.zc
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP362\A0113869.exe Infected: Trojan-Dropper.Win32.Agent.zc
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP362\A0113870.exe Infected: Trojan-Dropper.Win32.VB.kk
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP362\A0113871.exe Infected: Trojan-Dropper.Win32.Agent.aie
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP362\A0113872.exe Infected: Trojan-Downloader.Win32.Adload.af
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP362\A0113873.exe Infected: not-a-virus:AdWare.Win32.MediaMotor.k
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP362\A0113874.exe Infected: Backdoor.Win32.Haxdoor.hr
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP362\A0113875.exe Infected: Trojan-Dropper.Win32.Agent.ali
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP362\A0113876.exe Infected: Trojan-Downloader.Win32.VB.zl
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP362\A0113877.exe Infected: Trojan-PSW.Win32.Sinowal.b
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP362\A0113878.exe Infected: Trojan-Downloader.Win32.Small.ckj
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP362\A0113879.exe Infected: Trojan-Downloader.Win32.VB.sh
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP362\A0113880.exe Infected: Trojan-Clicker.Win32.VB.ly
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP362\A0113881.exe Infected: Trojan-Downloader.Win32.Tiny.al
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP362\A0113882.exe Infected: Trojan-Downloader.Win32.Adload.ae
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP362\A0113883.exe Infected: not-virus:Hoax.Win32.Renos.bk
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP362\A0113884.exe Infected: Trojan-Downloader.Win32.Small.cbd
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP362\A0113885.exe Infected: Trojan-Downloader.Win32.VB.tw
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP362\A0113886.exe/data.rar/eee2.exe Infected: not-a-virus:AdWare.Win32.MediaMotor.k
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP362\A0113886.exe/data.rar Infected: not-a-virus:AdWare.Win32.MediaMotor.k
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP362\A0113886.exe Infected: not-a-virus:AdWare.Win32.MediaMotor.k
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP362\A0113887.exe Infected: Trojan.Win32.VB.tg
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP362\A0113888.dll Infected: Backdoor.Win32.Agent.iw
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP362\A0113889.exe Infected: Trojan-Proxy.Win32.Wopla.t
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP362\A0113890.dll Infected: Rootkit.Win32.Agent.bk
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP362\A0113891.dll Infected: Backdoor.Win32.Agent.uu
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP362\A0113892.exe Infected: not-virus:Hoax.Win32.Renos.bt
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP362\A0113893.exe Infected: Trojan-Downloader.Win32.Small.cnz
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP362\A0113894.exe Infected: Trojan-Downloader.Win32.Tibs.dl
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP362\A0113895.exe Infected: Trojan-Downloader.Win32.Tibs.dm
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP362\A0113896.exe Infected: Trojan.Win32.Runner.h
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP362\A0113897.exe Infected: Trojan-Downloader.Win32.VB.ur
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP362\A0113898.exe Infected: Trojan-Downloader.Win32.Small.cob
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP362\A0113899.dll Infected: Trojan-Proxy.Win32.Wopla.q
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP362\A0113900.dll Infected: not-virus:Hoax.Win32.VB.j
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP362\A0113901.exe Infected: not-virus:Hoax.Win32.VB.j
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP362\A0113902.exe Infected: Trojan-Proxy.Win32.Wopla.t
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP362\A0113903.dll Infected: Trojan-Downloader.Win32.Agent.afl
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP362\A0113904.exe Infected: Trojan-Downloader.Win32.VB.xk
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP362\A0113905.exe Infected: not-a-virus:AdWare.Win32.Suggestor.o
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP362\A0113906.dll Infected: Trojan-Proxy.Win32.Lager.aq
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP362\A0113907.dll Infected: Trojan-Proxy.Win32.Agent.df
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP362\A0113908.dll Infected: not-a-virus:AdWare.Win32.Suggestor.o
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP362\A0113909.dll Infected: Trojan-Downloader.Win32.VB.ur
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP362\A0113910.exe Infected: Email-Worm.Win32.Locksky.aj
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP362\A0113911.exe Infected: Trojan-Downloader.Win32.Adload.w
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP362\A0113912.dll Infected: not-a-virus:AdWare.Win32.CommAd.a
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP362\A0113913.exe Infected: Trojan.Win32.VB.tg
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP362\A0113914.exe Infected: Trojan.Win32.VB.tg
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP362\A0113915.exe Infected: Trojan-Clicker.Win32.Agent.gp
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP362\A0113916.exe Infected: not-virus:Hoax.Win32.Renos.bk
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP362\A0113917.exe Infected: not-virus:Hoax.Win32.Renos.bt
C:\WINDOWS\file3.exe Infected: Packed.Win32.Tibs
C:\WINDOWS\pf78.exe/data0002 Infected: Trojan-Downloader.Win32.VB.tw
C:\WINDOWS\pf78.exe/data0003 Infected: Trojan.Win32.VB.tg
C:\WINDOWS\pf78.exe/data0006 Infected: Trojan.Win32.VB.tg
C:\WINDOWS\pf78.exe/data0007 Infected: Trojan.Win32.VB.tg
C:\WINDOWS\pf78.exe Infected: Trojan.Win32.VB.tg
C:\WINDOWS\sc.exe Infected: Packed.Win32.Tibs
C:\WINDOWS\SS1001.exe/data0010 Infected: Trojan-Dropper.Win32.Small.qn
C:\WINDOWS\SS1001.exe Infected: Trojan-Dropper.Win32.Small.qn
C:\WINDOWS\system32\cv3wanv28.exe Infected: not-a-virus:AdWare.Win32.Suggestor.o
C:\WINDOWS\system32\kernels8.exe Infected: Packed.Win32.Tibs
C:\WINDOWS\system32\parad.raw.exe Infected: Packed.Win32.Tibs
C:\WINDOWS\system32\taskdir.exe Infected: Packed.Win32.Tibs
C:\WINDOWS\woinstall.exe/WISE0001.BIN Infected: not-a-virus:AdWare.Win32.EZula.ak
C:\WINDOWS\woinstall.exe Infected: not-a-virus:AdWare.Win32.EZula.ak

Scan process completed.

HJT
Logfile of HijackThis v1.99.1
Scan saved at 11:49:26 PM, on 4/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\zHotkey.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\eMachines Bay Reader\shwiconem.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\2Wire\2PortalMon.exe
C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe
C:\Program Files\Common Files\AOL\1124989142\ee\AOLHostManager.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Common Files\AOL\1124989142\ee\AOLServiceHost.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
N2 - Netscape 6: user_pref("browser.startup.homepage", "http://www.google.com"); (C:\Documents and Settings\Miriam\Application Data\Mozilla\Profiles\default\i78jbamz.slt\prefs.js)
N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Miriam\Application Data\Mozilla\Profiles\default\i78jbamz.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\eMachines Bay Reader\shwiconem.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124989142\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [MAGIXautostart] D:\setup.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe"
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [WinMedia] C:\DOCUME~1\Miriam\LOCALS~1\Temp\26.tmp3584.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab
O18 - Protocol: bw+0 - {F39B77EB-7E8E-4C0A-9BFF-9440C16E88A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: ur32megareg - C:\Documents and Settings\All Users\Documents\Settings\ur32mega.dll
O21 - SSODL: AOL Explorer - {B58ECC0D-04B2-CF16-741F-3E41E7FA47DD} - c:\program files\common files\aol\1124989142\ee\services\browser\ver1_1_1042\wceuzcx32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
__________________
UNREAL is offline  
Old 04-04-2006, 10:20 PM   #8
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
tetonbob's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 50,008
OS: XP Pro; XP Home; Win7 x86 & x64


That's looking much better, but we still have some work to do.

Run a scan in HijackThis. Check each of the following and hit 'Fix checked' if they still exist (make sure not to miss any):

O4 - HKCU\..\Run: [WinMedia] C:\DOCUME~1\Miriam\LOCALS~1\Temp\26.tmp3584.exe
O20 - Winlogon Notify: ur32megareg - C:\Documents and Settings\All Users\Documents\Settings\ur32mega.dll


----------------------------------------------------------------------------------

Download Pocket Killbox and unzip the exe file to your desktop.

Launch KillBox.exe & select the following options:
  • delete on Reboot
  • All files (if available)
Use your mouse to select all the filenames highlighted in blue & then right-click & select Copy
  • C:\Documents and Settings\All Users\Documents\Settings\ur32mega.dll
    C:\WINDOWS\file3.exe
    C:\WINDOWS\pf78.exe
    C:\WINDOWS\sc.exe
    C:\WINDOWS\SS1001.exe
    C:\Program Files\Winamp\Skins\cOOl\hkitty_skin.exe
    C:\WINDOWS\system32\cv3wanv28.exe
    C:\WINDOWS\system32\kernels8.exe
    C:\WINDOWS\system32\parad.raw.exe
    C:\WINDOWS\system32\taskdir.exe
    C:\WINDOWS\woinstall.exe
    C:\DOCUME~1\Miriam\LOCALS~1\Temp\26.tmp3584.exe
    C:\Documents and Settings\Miriam\My Documents\My Music\MA MUSiC\01 - macsn formatter.zip
* Go to the File menu, and choose Paste from Clipboard
* Click the RED X button.
* Click Yes at the Delete on Reboot prompt.
* Click Yes at the 'Pending Operations prompt'.

Delete the contents of these folders:

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery
C:\Program Files\Norton AntiVirus\Quarantine
C:\Program Files\Microsoft AntiSpyware\Quarantine


---------------------------------------------------

Clear your IE cookies. Start>Settings>Control Panel>Internet Options>General tab>under Temporary files, click on Delete Cookies.

Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.

CLEAR & RESET SYSTEM RESTORE'S CACHE

Go to Start >> Run - type or copy/paste control sysdm.cpl,,4 & press Enter

* Tick on the checkbox - Turn off System Restore on all drives
* Click Apply

Turn it back 'On' by unticking the same checkbox & click Apply, and then OK

---------------------------------------------------------------------------------------------

Please download WebRoot SpySweeper from HERE (It's a 14 day trial):
  • Click the Download now link on the right to download the program.
  • Double-click the file to install it as follows:
    • Click "Next", read the agreement, Click "Next"
    • Choose "Custom" click "Next".
    • Leave the default installation directory as it is, then click "Next".
    • UNcheck "Run SpySweeper at Windows Startup" and "Add Sweep for Spyware to Windows Explorer Context Menu". Click "Next".
    • On the following screen you can leave the e-mail address field blank, if you wish. Click "Next".
    • Finally, click "Install"
  • Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed, disconnect from the internet.
  • Click Options on the left side.
  • Click the Sweep Options tab.
  • Under What to Sweep please put a check next to the following:
    • Sweep Memory
    • Sweep Registry
    • Sweep Cookies
    • Sweep All User Accounts
    • Enable Direct Disk Sweeping
    • Sweep Contents of Compressed Files
    • Sweep for Rootkits
    • Please UNCHECK Do not Sweep System Restore Folder.
  • Click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply.

---------------------------------------------------

Run a new HijackThis scan. Save the log file and post it here, along with the Panda results.

---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

tetonbob is offline  
Old 04-09-2006, 01:49 PM   #9
Registered Member
 
Join Date: Mar 2006
Posts: 25
OS: Win XP


I already have an older version of WebRoot SpySweeper and if I download the 14 day trial version, my old version is removed. So.. what should I do?
__________________
UNREAL is offline  
Old 04-09-2006, 02:16 PM   #10
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
tetonbob's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 50,008
OS: XP Pro; XP Home; Win7 x86 & x64


I don't see the older version is active. What version is it? Is it a paid version, or another trial?
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

tetonbob is offline  
Old 04-12-2006, 12:07 AM   #11
Registered Member
 
Join Date: Mar 2006
Posts: 25
OS: Win XP


It says it's version 3.2.0 and it's paid for.
Under options I had "Load at Windows Startup" unchecked.. maybe that's why it didn't show as active.
__________________
UNREAL is offline  
Old 04-12-2006, 07:13 AM   #12
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
tetonbob's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 50,008
OS: XP Pro; XP Home; Win7 x86 & x64


Truth be told, that version is very old, and not doing much to help you,especially if it's not set to run at startup. The new version is infinitely more advanced.

If you liked it enough to buy the old version, I'd recommend you use this new version. It's well worth the $.

It has the added capability of hunting rootkits, and has a pre-load file killing process.

If you're against that idea, pass on it, and run the online scan and a new HJT log.

The longer you wait to finish these tasks, the longer your system is still at risk.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

tetonbob is offline  
Old 04-14-2006, 01:39 PM   #13
Registered Member
 
Join Date: Mar 2006
Posts: 25
OS: Win XP


I skipped SpySweeper but here is my HJT log and Panda ActiveScan report.

Panda ActiveScan:

Incident Status Location

Adware:adware/superspider Not disinfected C:\WINDOWS\SYSTEM32\a.exe
Adware:adware/azesearch Not disinfected C:\WINDOWS\SYSTEM32\azebar.xml
Spyware:spyware/bridge Not disinfected C:\WINDOWS\SYSTEM32\bridge.dll
Adware:adware/cydoor Not disinfected C:\WINDOWS\SYSTEM32\cd_clint.dll
Spyware:spyware/dynadesk Not disinfected C:\WINDOWS\SYSTEM32\ddmp.dll
Adware:adware/adsmart Not disinfected C:\WINDOWS\SYSTEM32\dlh9jkdq1.exe
Potentially unwanted tool:application/mywebsearch Not disinfected C:\WINDOWS\SYSTEM32\f3PSSavr.scr
Adware:adware/cashdeluxe Not disinfected C:\WINDOWS\SYSTEM32\mswinup32.dll
Adware:adware/tubby Not disinfected C:\WINDOWS\SYSTEM32\mtc.dll
Adware:adware/admess Not disinfected C:\WINDOWS\SYSTEM32\tcpservice2.exe
Adware:adware/topspyware Not disinfected C:\WINDOWS\SYSTEM32\txfdb32.dll
Adware:adware/btgrab Not disinfected C:\WINDOWS\BTGrab.dll
Adware:adware/transponder Not disinfected C:\WINDOWS\dlmax.dll
Adware:adware/startpage.na Not disinfected C:\WINDOWS\dpe.dll
Adware:adware/dollarrevenue Not disinfected C:\WINDOWS\keyboard51.dat
Adware:adware/ieplugin Not disinfected C:\WINDOWS\kwv2.dat
Adware:adware/adwaresheriff Not disinfected C:\WINDOWS\security.html
Spyware:spyware/betterinet Not disinfected C:\WINDOWS\susp.exe
Adware:adware/cws.searchmeup Not disinfected C:\WINDOWS\uniq
Adware:adware/yazzlesudoku Not disinfected C:\Documents and Settings\Miriam\Start Menu\Programs\Yazzle Sudoku
Adware:adware/vaultsearch Not disinfected C:\PROGRAM FILES\COMMON FILES\VCClient
Adware:adware/commad Not disinfected C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\APPLICATION DATA\NetMon
Adware:adware/alexa-toolbar Not disinfected Windows Registry
Potentially unwanted tool:application/myway Not disinfected HKEY_CLASSES_ROOT\CLSID\{66FC8717-EFA7-4546-8C4A-E224F3A80C76}
Adware:adware/dyfuca Not disinfected Windows Registry
Potentially unwanted tool:application/altnet Not disinfected HKEY_CLASSES_ROOT\Interface\{CE9B37EC-D243-47A2-83DB-3A8350175193}
Adware:Adware/IST.ISTBar Not disinfected C:\!KillBox\01 - macsn formatter.zip[YSB_toolBar.exe]
Adware:Adware/Tibs Not disinfected C:\!KillBox\parad.raw.exe
Adware:Adware/Tibs Not disinfected C:\!KillBox\taskdir.exe
Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\Miriam\Application Data\?ystem32\wuauclt.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Miriam\Desktop\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Miriam\Desktop\smitRem.exe[Process.exe]
Spyware:Spyware/SurfSideKick Not disinfected C:\Program Files\Common Files\VCClient\VCClient.exe
Spyware:Spyware/SurfSideKick Not disinfected C:\Program Files\Common Files\VCClient\VCMain.exe
Spyware:Spyware/SurfSideKick Not disinfected C:\Program Files\Common Files\VCClient\VCUpdate.exe
Adware:Adware/PurityScan Not disinfected C:\Program Files\Yazzle Sudoku\uninstaller.exe
Spyware:Spyware/BetterInet Not disinfected C:\WINDOWS\inf\mmaker2.inf
Adware:Adware/Adsmart Not disinfected C:\WINDOWS\system32\dlh9jkdq1.exe
Potentially unwanted tool:Application/P2PNetworking Not disinfected C:\WINDOWS\system32\P2P Networking v125.cpl
Virus:W32/Locksky.CE.worm Not disinfected C:\WINDOWS\system32\sysvx.exe
Adware:Adware/CommAd Not disinfected C:\WINDOWS\TWlyaWFt\nq5VuqIQ.vbs
HJT:
Logfile of HijackThis v1.99.1
Scan saved at 3:33:43 PM, on 4/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\zHotkey.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\eMachines Bay Reader\shwiconem.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\2Wire\2PortalMon.exe
C:\Program Files\Common Files\AOL\1124989142\ee\AOLHostManager.exe
C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
C:\Program Files\Common Files\AOL\1124989142\ee\AOLServiceHost.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Common Files\AOL\1124989142\ee\AOLServiceHost.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
N2 - Netscape 6: user_pref("browser.startup.homepage", "http://www.google.com"); (C:\Documents and Settings\Miriam\Application Data\Mozilla\Profiles\default\i78jbamz.slt\prefs.js)
N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Miriam\Application Data\Mozilla\Profiles\default\i78jbamz.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\eMachines Bay Reader\shwiconem.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124989142\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [MAGIXautostart] D:\setup.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe"
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: bw+0 - {F39B77EB-7E8E-4C0A-9BFF-9440C16E88A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: ur32megareg - C:\Documents and Settings\All Users\Documents\Settings\ur32mega.dll (file missing)
O21 - SSODL: AOL Explorer - {B58ECC0D-04B2-CF16-741F-3E41E7FA47DD} - c:\program files\common files\aol\1124989142\ee\services\browser\ver1_1_1042\wceuzcx32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
__________________
UNREAL is offline  
Old 04-14-2006, 01:51 PM   #14
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
tetonbob's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 50,008
OS: XP Pro; XP Home; Win7 x86 & x64


OK, I asked for this earlier, but then you had some problems, so we moved on....but I need to see it now.

Create an uninstall list:
  • Open HiJackThis
  • Click on the configure button on the bottom right
  • Click on the tab "Misc Tools"
  • Click on the Box that says "Open Uninstall Manager"
  • Click on the button "Save list"
  • Copy and past the List from the notepad file into your post

In the meantime, I will be preparing a fix for you.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

tetonbob is offline  
Old 04-16-2006, 04:00 PM   #15
Registered Member
 
Join Date: Mar 2006
Posts: 25
OS: Win XP


HJT Uninstall List:
3D Groove Playback Engine
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 6.0
Adobe Stock Photos 1.0
America Online (Choose which version to remove)
American Idol Messenger
AOL Coach Version 1.0(Build:20030807.3)
AOL Explorer
AOL Instant Messenger
AOL Toolbar 2.0
BigFix
BitTorrent 3.4.2
Blast Thru
Blaze Media Pro
CC_ccStart
ccCommon
CCHelp
CCScore
Chuzzle Deluxe (remove only)
CleanUp!
CompuServe
Desktop Weather by The Weather Channel
eMachines Bay Reader
ESSAdpt
ESSANUP
ESSBrwr
ESSCAM
ESSCDBK
ESScore
ESSCT
ESSEMAIL
ESSgui
ESShelp
ESSini
ESSPCD
ESSSONIC
ESSvpaht
ESSvpot
ewido anti-malware
FinePixViewer Resource
FinePixViewer Ver.5.0
FUJIFILM USB Driver
GunboundWC
Hello Kitty In Pink
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 1.99.1
HLPCCTR
HLPIndex
HLPSFO
HP Memories Disc
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp psc 1200 series
hp psc 1200 series
ICQ
ImageMixer VCD2 LE for FinePix
InCD
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2
Java 2 Runtime Environment, SE v1.4.2_06
Kaspersky On-line Scanner
Kodak EasyShare software
KSU
Learn2 Player (Uninstall Only)
LimeWire
LimeWire 4.10.9
LiveReg (Symantec Corporation)
LiveUpdate 2.5 (Symantec Corporation)
LiveUpdate BVRP Software
Logitech Desktop Messenger
Logitech MouseWare 9.70
Logitech Resource Center
Macromedia Flash Player 8
Macromedia Shockwave Player
MAGIX Media Manager silver
MAGIX mp3 maker SE
MahJongg Game of Four Winds Demo
MahJongg Master 2 Demo
Mapedit
MapleStory
Microsoft .NET Framework 1.1
Microsoft AntiSpyware
Microsoft Data Access Components KB870669
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft Office XP Professional with FrontPage
Microsoft Office XP Web Components
Microsoft Picture It! Photo Premium 9
Microsoft Windows Journal Viewer
Microsoft Works 7.0
MJ 6.1
mobile PhoneTools
Moonlight MPEG-2 Decoder Pack
MSN Gaming Zone
MSN Messenger 6.2
MSN Toolbar
MSRedist
Multimedia Keyboard Driver
Nero Suite
Netscape 6 (6.2.1)
Netscape Browser (remove only)
Norton AntiVirus 2004
Norton AntiVirus 2004 (Symantec Corporation)
Norton AntiVirus Parent MSI
Norton AntiVirus SYMLT MSI
Norton WMI Update
Notifier
NVIDIA Drivers
OfotoXMI
OpenMG Limited Patch 4.1-05-13-31-01
OpenMG Secure Module 4.1.00
OTtBP
OTtBPSDK
Paint Shop Pro 7 ESD
Panda ActiveScan
PCDLNCH
PhotoFiltre
Pop-Up Stopper Free Edition
PowerDVD
QuickTime
RAW FILE CONVERTER LE
RealPlayer
Registry Mechanic 5.1
Roxio Easy Media Creator 8 Suite
Samsung Music Studio
SBC Yahoo! Applications
SBC Yahoo! DSL Activation
SBC Yahoo! DSL Home Networking Installer
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
SFR
SFR2
SoftV92 Data Fax Modem with SmartCP
SoftV92 Data Fax Modem with SmartCP
SonicStage 3.0
Spy Sweeper
Spybot - Search & Destroy 1.3
StepMania (remove only)
Symantec Script Blocking Installer
SymNet
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB910437)
VCAMCEN
Viewpoint Manager (Remove Only)
Viewpoint Media Player
VPRINTOL
Weather Services
Winamp (remove only)
WinAVIVideoConverter
Windows Backup Utility
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinMX
XviD 1.1 final uninstall
Yahoo! extras
Yahoo! Messenger
Yahoo! Toolbar
Yazzle Sudoku by OIN
YP-MT6
__________________
UNREAL is offline  
Old 04-16-2006, 08:31 PM   #16
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
tetonbob's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 50,008
OS: XP Pro; XP Home; Win7 x86 & x64


Before begining the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

1. Please download The Avenger to your Desktop. Don't do anything with it yet.

---------------------------------------------------------------------------------------------

Please disable Webroot SpySweeper, as it may hinder the removal of some entries. You can re-enable it after you're clean.

To disable SpySweeper Shields
  • Click Shields on the left.
  • Click Internet Explorer and uncheck all items.
  • Click Windows System and uncheck all items.
  • Click Startup Programs and uncheck all items.
  • Click Browser Add-Ons and uncheck all items.
  • Exit Spysweeper.

---------------------------------------------------------------------------------------------

Go to Start->Run and type in regedit and hit OK. Go to File->Export and save the registry somewhere as a backup. Close the Registry Editor now. Go to Start->Run and type in notepad and hit OK. Then copy and paste the following into Notepad:

REGEDIT4

[-HKEY_CLASSES_ROOT\CLSID\{66FC8717-EFA7-4546-8C4A-E224F3A80C76}]

[-HKEY_CLASSES_ROOT\Interface\{CE9B37EC-D243-47A2-83DB-3A8350175193}]


Save the file as "delete.reg". Make sure to save it with the quotes. Close Notepad. Double click on the delete.reg file and choose Yes to merge/add it to the registry. You may delete the file afterwards.

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) as they are outdated, and security risks:

J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
Java 2 Runtime Environment, SE v1.4.2
Java 2 Runtime Environment, SE v1.4.2_06
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Yazzle Sudoku by OIN<<<it's malware, and a likely entry point for infections.


---------------------------------------------------------------------------------------------

Leave J2SE Runtime Environment 5.0 Update 6 alone, as it is the most recent, most secure version of Java.

---------------------------------------------------------------------------------------------

Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading, select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Also make sure there is no checkmark beside Hide file extensions for known file types
* Click Yes to confirm and then click OK.

---------------------------------------------------------------------------------------------

Locate and delete this folder:

C:\Documents and Settings\Miriam\Application Data\?ystem32<<<the ? can be any character, but may appear to be an S. It's a cyrillic representation. The folder will likely be at the bottom of the Application Data folder


---------------------------------------------------------------------------------------------
  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Quote:
Files to Delete:
C:\WINDOWS\SYSTEM32\a.exe
C:\WINDOWS\SYSTEM32\azebar.xml
C:\WINDOWS\SYSTEM32\bridge.dll
C:\WINDOWS\SYSTEM32\cd_clint.dll
C:\WINDOWS\SYSTEM32\ddmp.dll
C:\WINDOWS\SYSTEM32\dlh9jkdq1.exe
C:\WINDOWS\SYSTEM32\f3PSSavr.scr
C:\WINDOWS\SYSTEM32\mswinup32.dll
C:\WINDOWS\SYSTEM32\mtc.dll
C:\WINDOWS\SYSTEM32\tcpservice2.exe
C:\WINDOWS\SYSTEM32\txfdb32.dll
C:\WINDOWS\BTGrab.dll
C:\WINDOWS\dlmax.dll
C:\WINDOWS\dpe.dll
C:\WINDOWS\keyboard51.dat
C:\WINDOWS\kwv2.dat
C:\WINDOWS\security.html
C:\WINDOWS\susp.exe
C:\WINDOWS\inf\mmaker2.inf
C:\WINDOWS\system32\dlh9jkdq1.exe
C:\WINDOWS\system32\P2P Networking v125.cpl
C:\WINDOWS\system32\sysvx.exe

Folders to Delete
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\APPLICATION DATA\NetMon
C:\WINDOWS\TWlyaWFt
C:\WINDOWS\uniq
C:\Documents and Settings\Miriam\Start Menu\Programs\Yazzle Sudoku
C:\!KillBox
C:\Program Files\Common Files\VCClient
C:\Program Files\Yazzle Sudoku
C:\Program Files\Viewpoint

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


Now, start The Avenger program by clicking on its icon on your desktop.
  • Under "Script file to execute" choose "Input Script Manually".
  • Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
  • Paste the text copied to clipboard into this window by pressing (Ctrl+V).
  • Click Done
  • Now click on the Green Light to begin execution of the script
  • Answer "Yes" twice when prompted.
The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
Please copy/paste the content of c:\avenger.txt into your reply along with a fresh HJT log .

Also, please run this online scan:

Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Locate the Scan Settings button & configure to:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK & have it scan My Computer
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan

---------------------------------------------------

So, please return with results from:

avenger.txt
HJT
Kaspersky
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

tetonbob is offline  
Old 04-22-2006, 09:55 PM   #17
Registered Member
 
Join Date: Mar 2006
Posts: 25
OS: Win XP


I appreciate this.

Avenger
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\ipxxblfo

*******************

Script file located at: lhmioffe

Could not open script file! Error

Could not open script file! Status: 0xc000003b Abort!


HJT
Logfile of HijackThis v1.99.1
Scan saved at 10:28:55 PM, on 4/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\eMachines Bay Reader\shwiconem.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\2Wire\2PortalMon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
C:\Program Files\Common Files\AOL\1124989142\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1124989142\ee\AOLServiceHost.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
N2 - Netscape 6: user_pref("browser.startup.homepage", "http://www.google.com"); (C:\Documents and Settings\Miriam\Application Data\Mozilla\Profiles\default\i78jbamz.slt\prefs.js)
N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Miriam\Application Data\Mozilla\Profiles\default\i78jbamz.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\eMachines Bay Reader\shwiconem.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124989142\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [MAGIXautostart] D:\setup.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe"
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: bw+0 - {F39B77EB-7E8E-4C0A-9BFF-9440C16E88A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: ur32megareg - C:\Documents and Settings\All Users\Documents\Settings\ur32mega.dll (file missing)
O21 - SSODL: AOL Explorer - {B58ECC0D-04B2-CF16-741F-3E41E7FA47DD} - c:\program files\common files\aol\1124989142\ee\services\browser\ver1_1_1042\wceuzcx32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE


Kaspersky
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Saturday, April 22, 2006 23:47:49
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 23/04/2006
Kaspersky Anti-Virus database records: 189524
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan Statistics:
Total number of scanned objects: 98442
Number of viruses found: 13
Number of infected objects: 28
Number of suspicious objects: 0
Duration of the scan process: 4207 sec

Infected Object Name - Virus Name
C:\!KillBox\01 - macsn formatter.zip/YSB_toolBar.exe/stream Infected: Trojan-Downloader.Win32.IstBar.no
C:\!KillBox\01 - macsn formatter.zip/YSB_toolBar.exe Infected: Trojan-Downloader.Win32.IstBar.no
C:\!KillBox\01 - macsn formatter.zip Infected: Trojan-Downloader.Win32.IstBar.no
C:\!KillBox\cv3wanv28.exe Infected: not-a-virus:AdWare.Win32.Suggestor.o
C:\!KillBox\file3.exe Infected: Packed.Win32.Tibs
C:\!KillBox\hkitty_skin.exe/WISE0019.BIN Infected: not-a-virus:AdWare.Win32.180Solutions
C:\!KillBox\hkitty_skin.exe/WISE0020.BIN/data0001.cab/VVSN.exe Infected: not-a-virus:AdWare.Win32.SaveNow.z
C:\!KillBox\hkitty_skin.exe/WISE0020.BIN/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.z
C:\!KillBox\hkitty_skin.exe/WISE0020.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.z
C:\!KillBox\hkitty_skin.exe/WISE0021.BIN Infected: Backdoor.Win32.Ruledor.c
C:\!KillBox\hkitty_skin.exe Infected: Backdoor.Win32.Ruledor.c
C:\!KillBox\kernels8.exe Infected: Packed.Win32.Tibs
C:\!KillBox\parad.raw.exe Infected: Packed.Win32.Tibs
C:\!KillBox\pf78.exe/data0002 Infected: Trojan-Downloader.Win32.VB.tw
C:\!KillBox\pf78.exe/data0003 Infected: Trojan.Win32.VB.tg
C:\!KillBox\pf78.exe/data0006 Infected: Trojan.Win32.VB.tg
C:\!KillBox\pf78.exe/data0007 Infected: Trojan.Win32.VB.tg
C:\!KillBox\pf78.exe Infected: Trojan.Win32.VB.tg
C:\!KillBox\sc.exe Infected: Packed.Win32.Tibs
C:\!KillBox\SS1001.exe/data0010 Infected: Trojan-Dropper.Win32.Small.qn
C:\!KillBox\SS1001.exe Infected: Trojan-Dropper.Win32.Small.qn
C:\!KillBox\taskdir.exe Infected: Packed.Win32.Tibs
C:\!KillBox\woinstall.exe/WISE0001.BIN Infected: not-a-virus:AdWare.Win32.EZula.ak
C:\!KillBox\woinstall.exe Infected: not-a-virus:AdWare.Win32.EZula.ak
C:\Program Files\Netscape\Netscape Browser\NSUninst.exe/data0003 Infected: not-a-virus:RiskTool.Win32.PsKill.n
C:\Program Files\Netscape\Netscape Browser\NSUninst.exe Infected: not-a-virus:RiskTool.Win32.PsKill.n
C:\WINDOWS\security.html Infected: not-virus:Hoax.Win32.Renos.ci
C:\WINDOWS\system32\sysvx.exe Infected: Trojan.Win32.Pakes

Scan process completed.
__________________
UNREAL is offline  
Old 04-23-2006, 07:07 AM   #18
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
tetonbob's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 50,008
OS: XP Pro; XP Home; Win7 x86 & x64


Please disable Webroot SpySweeper, as it may hinder the removal of some entries. You can re-enable it after you're clean.

To disable SpySweeper Shields
  • Click Shields on the left.
  • Click Internet Explorer and uncheck all items.
  • Click Windows System and uncheck all items.
  • Click Startup Programs and uncheck all items.
  • Click Browser Add-Ons and uncheck all items.
  • Exit Spysweeper.

Run a scan in HijackThis. Check each of the following and hit 'Fix checked' if they still exist (make sure not to miss any):

O20 - Winlogon Notify: ur32megareg - C:\Documents and Settings\All Users\Documents\Settings\ur32mega.dll (file missing)

---------------------------------------------------------------------------------------------

We'll need to run Avenger again, using this script.

Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Quote:
Files to Delete:
C:\WINDOWS\SYSTEM32\a.exe
C:\WINDOWS\SYSTEM32\azebar.xml
C:\WINDOWS\SYSTEM32\bridge.dll
C:\WINDOWS\SYSTEM32\cd_clint.dll
C:\WINDOWS\SYSTEM32\ddmp.dll
C:\WINDOWS\SYSTEM32\dlh9jkdq1.exe
C:\WINDOWS\SYSTEM32\f3PSSavr.scr
C:\WINDOWS\SYSTEM32\mswinup32.dll
C:\WINDOWS\SYSTEM32\mtc.dll
C:\WINDOWS\SYSTEM32\tcpservice2.exe
C:\WINDOWS\SYSTEM32\txfdb32.dll
C:\WINDOWS\BTGrab.dll
C:\WINDOWS\dlmax.dll
C:\WINDOWS\dpe.dll
C:\WINDOWS\keyboard51.dat
C:\WINDOWS\kwv2.dat
C:\WINDOWS\security.html
C:\WINDOWS\susp.exe
C:\WINDOWS\inf\mmaker2.inf
C:\WINDOWS\system32\dlh9jkdq1.exe
C:\WINDOWS\system32\P2P Networking v125.cpl
C:\WINDOWS\system32\sysvx.exe

Folders to Delete:
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\APPLICATION DATA\NetMon
C:\WINDOWS\TWlyaWFt
C:\WINDOWS\uniq
C:\Documents and Settings\Miriam\Start Menu\Programs\Yazzle Sudoku
C:\!KillBox
C:\Program Files\Common Files\VCClient
C:\Program Files\Yazzle Sudoku
C:\Program Files\Viewpoint

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


Now, start The Avenger program by clicking on its icon on your desktop.
  • Under "Script file to execute" choose "Input Script Manually".
  • Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
  • Paste the text copied to clipboard into this window by pressing (Ctrl+V).
  • Click Done
  • Now click on the Green Light to begin execution of the script
  • Answer "Yes" twice when prompted.
The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
Please copy/paste the content of c:\avenger.txt into your reply along with a fresh HJT log .


How is your system behaving now, please?
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

tetonbob is offline  
Old 04-29-2006, 02:00 PM   #19
Registered Member
 
Join Date: Mar 2006
Posts: 25
OS: Win XP


The system seems to be working perfectly and everything is running smoothly. Thank you =)

HJT
Logfile of HijackThis v1.99.1
Scan saved at 3:56:17 PM, on 4/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\eMachines Bay Reader\shwiconem.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\2Wire\2PortalMon.exe
C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
C:\Program Files\Common Files\AOL\1124989142\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1124989142\ee\AOLServiceHost.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
N2 - Netscape 6: user_pref("browser.startup.homepage", "http://www.google.com"); (C:\Documents and Settings\Miriam\Application Data\Mozilla\Profiles\default\i78jbamz.slt\prefs.js)
N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Miriam\Application Data\Mozilla\Profiles\default\i78jbamz.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\eMachines Bay Reader\shwiconem.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124989142\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [MAGIXautostart] D:\setup.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe"
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: bw+0 - {F39B77EB-7E8E-4C0A-9BFF-9440C16E88A4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O21 - SSODL: AOL Explorer - {B58ECC0D-04B2-CF16-741F-3E41E7FA47DD} - c:\program files\common files\aol\1124989142\ee\services\browser\ver1_1_1042\wceuzcx32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

Avenger
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\aujdidkl

*******************

Script file located at: \??\C:\Program Files\injptvnm.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\SYSTEM32\a.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\azebar.xml deleted successfully.
File C:\WINDOWS\SYSTEM32\bridge.dll deleted successfully.
File C:\WINDOWS\SYSTEM32\cd_clint.dll deleted successfully.
File C:\WINDOWS\SYSTEM32\ddmp.dll deleted successfully.
File C:\WINDOWS\SYSTEM32\dlh9jkdq1.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\f3PSSavr.scr deleted successfully.
File C:\WINDOWS\SYSTEM32\mswinup32.dll deleted successfully.
File C:\WINDOWS\SYSTEM32\mtc.dll deleted successfully.
File C:\WINDOWS\SYSTEM32\tcpservice2.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\txfdb32.dll deleted successfully.
File C:\WINDOWS\BTGrab.dll deleted successfully.
File C:\WINDOWS\dlmax.dll deleted successfully.
File C:\WINDOWS\dpe.dll deleted successfully.
File C:\WINDOWS\keyboard51.dat deleted successfully.
File C:\WINDOWS\kwv2.dat deleted successfully.
File C:\WINDOWS\security.html deleted successfully.
File C:\WINDOWS\susp.exe deleted successfully.
File C:\WINDOWS\inf\mmaker2.inf deleted successfully.


File C:\WINDOWS\system32\dlh9jkdq1.exe not found!
Deletion of file C:\WINDOWS\system32\dlh9jkdq1.exe failed!

Could not process line:
C:\WINDOWS\system32\dlh9jkdq1.exe
Status: 0xc0000034

File C:\WINDOWS\system32\P2P Networking v125.cpl deleted successfully.
File C:\WINDOWS\system32\sysvx.exe deleted successfully.
Folder C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\APPLICATION DATA\NetMon deleted successfully.
Folder C:\WINDOWS\TWlyaWFt deleted successfully.


Error: C:\WINDOWS\uniq is not a folder! It may instead be a file.
Deletion of folder C:\WINDOWS\uniq failed!

Could not process line:
C:\WINDOWS\uniq
Status: 0xc0000103



Folder C:\Documents and Settings\Miriam\Start Menu\Programs\Yazzle Sudoku not found!
Deletion of folder C:\Documents and Settings\Miriam\Start Menu\Programs\Yazzle Sudoku failed!

Could not process line:
C:\Documents and Settings\Miriam\Start Menu\Programs\Yazzle Sudoku
Status: 0xc0000034

Folder C:\!KillBox deleted successfully.
Folder C:\Program Files\Common Files\VCClient deleted successfully.


Folder C:\Program Files\Yazzle Sudoku not found!
Deletion of folder C:\Program Files\Yazzle Sudoku failed!

Could not process line:
C:\Program Files\Yazzle Sudoku
Status: 0xc0000034



Folder C:\Program Files\Viewpoint not found!
Deletion of folder C:\Program Files\Viewpoint failed!

Could not process line:
C:\Program Files\Viewpoint
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.
__________________
UNREAL is offline  
Old 04-30-2006, 10:20 AM   #20
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
tetonbob's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 50,008
OS: XP Pro; XP Home; Win7 x86 & x64


Please locate and delete this item:

C:\WINDOWS\uniq

Other than that.....

Well done. Your logs are clean. Any more issues? If not you should be good to go. We still have a few items to address.


Reset hidden/system files and folders
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Deselect the Show hidden files and folders option.
  • Select the Hide file extensions for known types option.
  • Select the Hide protected operating system files option.
  • Click Yes to confirm.
  • Click OK.

Create a new System Restore point
  • click Start >> Run - type SYSDM.CPL & press Enter
  • select the System Restore Tab
  • tick on the checkbox - "Turn off System Restore on all drives"
  • click Apply
  • then untick the same checkbox & click OK

Please ensure that you have already patched your system against the recent WMF exploit.
Go to this page to get the KB912919 patch.

Enable Windows Auto Update
  • Go to Start>Run - type wuaucpl.cpl
  • tick on the checkbox - "Keep my computer up to date"
  • Under settings, choose "Automatically download the updates, and install them on the schedule that I specify".
  • Click on "OK".

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:
  • SpywareBlaster to help prevent spyware from installing in the first place.
    • Install & update SpywareBlaster with the latest definitions.
      After you have updated, click the button - enable protection for all unprotected items
  • SpywareGuard to catch and block spyware before it can execute.
  • SPYBOT - SEARCH & DESTROY
    Download and install Spybot - Search & Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with the program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here
  • AD-AWARE
    Download and install Ad-Aware. You should use this program to scan your computer on a regular basis just as you would an antivirus software in conjunction with Spybot. A tutorial on installing & using this product can be found here
  • IE-SPYAD
    IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
    • Download IE-SpyAD - Extract the contents to a new folder
      From within the folder, double-click install.bat
      Select Option #2 - Install the new IE-SPYAD list.
      Then return to the main menu.
      Select option #4 - Add the old porn sites domain


  • MVPS HOST FILE
    The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer.
    • Download Host.zip to your desktop.
    • From your Desktop right-click (hosts.zip) and select:
      Extract All from the menu.
    • Click Next, click Next, select the option:
      "Show Extracted files", click Finish
    • This will open the newly created hosts folder on your Desktop.
    • Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine.


  • ANTIVIRUS SOFTWARE
    It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online antivirus scanners:

    Anti-Spyware Tutorial

    Here are two very good free Antivirus products which are available:
  • Avast!

  • AVG

  • Winpatrol - Download and install the free version of Winpatrol.
    A tutorial for this product is located here:
    Using Winpatrol to protect your computer from malicious software

If you do not have a firewall, here are 4 free ones available for personal use:


In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles
If you want to fight back the Malware Writers that have made your life a misery, please take a look here and read what you can do against it.

Please respond to this thread one more time so we can mark this thread as resolved.

__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

tetonbob is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2


All times are GMT -7. The time now is 11:08 AM.


Copyright 2001 - 2014, Tech Support Forum

Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts