|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
Thread Tools |
12-16-2007, 08:37 AM
|
#1 (permalink) |
|
Registered User
Join Date: Nov 2004
Posts: 36
OS: Win98/Me/XP
|
Lots of system alerts and somthing has taken control over Internet Explorer
Hi,
My son's computer is infected with something. Windows XP SP2, IE7. System alerts pop up all the time and it's hard to use Internet Explorer. Unwanted pop-ups and frequent window focus changes. I wasn't able to scan computer with Panda due to the IE difficulties. Here's the log: Deckard's System Scanner v20071014.68 Run by Per Andréasson on 2007-12-16 16:19:28 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 27: 2007-12-16 15:19:33 UTC - RP121 - Deckard's System Scanner Restore Point 26: 2007-12-13 15:59:26 UTC - RP120 - Software Distribution Service 3.0 25: 2007-12-05 17:36:17 UTC - RP119 - System Checkpoint 24: 2007-12-04 16:09:37 UTC - RP118 - System Checkpoint 23: 2007-12-02 12:47:56 UTC - RP117 - System Checkpoint -- First Restore Point -- 1: 2007-09-08 16  27 UTC - RP95 - System CheckpointBacked up registry hives. Performed disk cleanup. -- HijackThis (run as Per Andréasson.exe) -------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:20:40, on 2007-12-16 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\CTHELPER.EXE C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\AntiSpyGolden 5.1\AntiSpyGolden 5.1.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe C:\Documents and Settings\Per Andréasson\Desktop\dss.exe C:\Program Files\Windows Live Toolbar\msn_sl.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Per Andréasson.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: OFK System - {29B1EDC5-5BF3-468F-B8E5-6B27090CEF0A} - C:\WINDOWS\blopenvtlv.dll O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: The retnsrp - {5FCD26F2-55C1-40F3-838A-FB4FD8833A53} - C:\WINDOWS\retnsrp.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\RunOnce: [MyWebSearch bar Uninstall] rundll32 C:\PROGRA~1\UNINST~1.DLL,O -2 O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Windows Skrivbordssökning.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Öppna på ny flik i bakgrunden - res://C:\Program Files\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/229?93d20b0447a54b488fcf20f75d4b33b4 O8 - Extra context menu item: Öppna på ny flik i förgrunden - res://C:\Program Files\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/230?93d20b0447a54b488fcf20f75d4b33b4 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...1.0.0.15-3.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game10.zylom.com/activex/zylomgamesplayer.cab O21 - SSODL: leorop - {55178F9C-EDA8-4483-9538-2B9991FF9729} - C:\WINDOWS\leorop.dll O21 - SSODL: nopzet - {DA1B85CC-350A-4D39-91E3-FF75B29F0C90} - C:\WINDOWS\nopzet.dll O22 - SharedTaskScheduler: boardwalk - {75a65a53-15c9-4a0c-bb40-a7ca8b24f544} - C:\WINDOWS\system32\ugbtna.dll O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- End of file - 7526 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R0 fasttx2k - c:\windows\system32\drivers\fasttx2k.sys <Not Verified; Promise Technology, Inc.; Promise FastTrak Series Driver> R2 ANIO (ANIO Service) - c:\windows\system32\anio.sys <Not Verified; Alpha Networks Inc.; ANIO (NT5) Driver> R3 emupia (E-mu Plug-in Architecture Driver) - c:\windows\system32\drivers\emupia2k.sys <Not Verified; Creative Technology Ltd; E-mu Plug-In Architecture> S3 bDMusicb - c:\docume~1\perand~1\locals~1\temp\bdmusicb.sys (file missing) S3 ctdvda2k (Creative DVD-Audio Device Driver) - c:\windows\system32\drivers\ctdvda2k.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- S2 ANIWZCSdService (ANIWZCSd Service) - c:\program files\ani\aniwzcs2 service\aniwzcsds.exe <Not Verified; Alpha Networks Inc.; ANIWZCS2 Service Launcher (NT)> -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Scheduled Tasks ------------------------------------------------------------- 2007-12-16 15:28:00 256 --a------ C:\WINDOWS\Tasks\Kontrollera uppdateringar för Windows Live Toolbar.job 2007-11-02 15:00:15 426 --a------ C:\WINDOWS\Tasks\Norton Security Scan.job -- Files created between 2007-11-16 and 2007-12-16 ----------------------------- 2007-12-16 16:20:30 0 d-------- C:\Program Files\Trend Micro 2007-12-16 15:45:37 118784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL <Not Verified; Microsoft Corporation; MSSTDFMT Object Library> 2007-12-16 15:45:37 0 d-------- C:\Program Files\SpywareBlaster 2007-12-16 15:12:45 0 d-------- C:\WINDOWS\system32\ActiveScan 2007-12-16 15:12:42 0 d-------- C:\WINDOWS\LastGood 2007-12-16 14:50:57 381012 --a------ C:\Program Files\Uninstall Fun Web Products.dll <Not Verified; MyWebSearch.com; My Web Search Bar for Internet Explorer, FireFox, Netscape, email clients, and messenger clients> 2007-12-10 13:23:35 167936 --a------ C:\WINDOWS\retnsrp.dll <Not Verified; ; retnsrp Module> 2007-12-10 13:23:35 192512 --a------ C:\WINDOWS\nopzet.dll <Not Verified; ; nopzet> 2007-12-10 13:23:35 208896 --a------ C:\WINDOWS\leorop.dll 2007-12-10 13:23:35 77824 --a------ C:\WINDOWS\jokvip.exe 2007-12-10 13:23:35 249856 --a------ C:\WINDOWS\blopenvtlv.dll <Not Verified; ; blopenvtlv> 2007-12-10 13:23:00 0 d-------- C:\Program Files\RichVideoCodec -- Find3M Report --------------------------------------------------------------- 2007-12-16 15 42 0 d-------- C:\Program Files\AntiSpyGolden 5.12007-12-16 14:50:53 0 d-------- C:\Program Files\MSN Messenger 2007-12-16 13:48:46 15 --a------ C:\WINDOWS\system32\ANIWZCSUSERNAME{3923375C-9876-4295-B23A-37B0137988D3} 2007-12-14 16:44:07 288 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000000-00000000-0000000E-00001102-00000002-80661102}.dat 2007-12-14 16:44:07 288 --a------ C:\WINDOWS\system32\DVCState-{00000000-00000000-0000000E-00001102-00000002-80661102}.dat 2007-12-11 20:30:14 0 d-------- C:\Program Files\EA GAMES 2007-12-02 15:30:51 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll 2007-12-02 08:14:22 0 d-------- C:\Program Files\LEGO Media 2007-12-02 08:14:21 0 d--h----- C:\Program Files\InstallShield Installation Information 2007-11-30 19:12:07 0 d-------- C:\Program Files\Windows Live Toolbar 2007-11-12 16:23:36 0 d-------- C:\Program Files\AntiVirGear 3.8 2007-11-12 16:22:02 0 d-------- C:\Program Files\Norton Security Scan 2007-11-01 12:30:57 0 d-------- C:\Program Files\GTA2 2007-10-25 14:19:13 0 d-------- C:\Program Files\Video Add-on 2007-10-19 14:57:06 0 d-------- C:\Program Files\Ground Control II 2007-10-15 15:03:46 12800 --a-s---- C:\WINDOWS\system32\ugbtna.dll -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{29B1EDC5-5BF3-468F-B8E5-6B27090CEF0A}] 2007-12-10 10:19 249856 --a------ C:\WINDOWS\blopenvtlv.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2002-06-18 11:44 C:\WINDOWS\SOUNDMAN.EXE] "CTHelper"="CTHELPER.EXE" [2003-08-28 09:45 C:\WINDOWS\system32\CTHELPER.EXE] "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00] "Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 01:00] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-01-15 18:28] "D-Link AirPlus XtremeG"="C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe" [2006-06-16 09:24] "ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2006-06-01 15:59] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-05 18:53] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 13:00] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce] "MyWebSearch bar Uninstall"=rundll32 C:\PROGRA~1\UNINST~1.DLL,O -2 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Windows Skrivbordss”kning.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2006-03-26 21:44:08] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableTaskMgr"=1 (0x1) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{75a65a53-15c9-4a0c-bb40-a7ca8b24f544}"= C:\WINDOWS\system32\ugbtna.dll [2007-10-15 15:03 12800] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-03-13 12:11 233472] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "leorop"= {55178F9C-EDA8-4483-9538-2B9991FF9729} - C:\WINDOWS\leorop.dll [2007-12-10 10:19 208896] "nopzet"= {DA1B85CC-350A-4D39-91E3-FF75B29F0C90} - C:\WINDOWS\nopzet.dll [2007-12-10 10:19 192512] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56a4bd39-d94e-11db-ac1c-806d6172696f}] AutoRun\command- D:\Autorun.exe -- End of Deckard's System Scanner: finished at 2007-12-16 16:21:05 ------------ Thanks in advance! Tomas |
|
     |
|
12-18-2007, 07:41 PM
|
#2 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 26,749
OS: 2000 Pro; XP Pro; XP Home
|
Re: Lots of system alerts and somthing has taken control over Internet Explorer
Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.
Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence. --------------------------------------------------------------------------------------------- Please download SmitfraudFix (by S!Ri) to your Desktop. --------------------------------------------------------------------------------------------- Restart your computer and boot into Safe Mode by tapping the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Login on your usual account. Make sure to close any open browsers. --------------------------------------------------------------------------------------------- Double-click on SmitfraudFix.exe to start the tool. Select option #2 - Clean by typing 2 and press Enter. Wait for the tool to complete and disk cleanup to finish. You will be prompted : " Registry cleaning - Do you want to clean the registry?" answer Yes by typing Y and hit Enter. The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question " Replace infected file?" by typing Y and hit Enter. A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot into Normal Windows. The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: (C:\rapport.txt) or partition where your operating system is installed. Please post that log along with all others requested in your next reply. --------------------------------------------------------------------------------------------- Next go to Control Panel click Display>Desktop>Customize Desktop>Web> Now, Uncheck Everything and delete if present:
--------------------------------------------------------------------------------------------- Double-click on SmitfraudFix.exe to start the tool. Select option #3 - Delete Trusted zone by typing 3 and press Enter Answer Yes to the question "Restore Trusted Zone ?" by typing Y and hit Enter. Note, if you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection. --------------------------------------------------------------------------------------------- Run a new HijackThis scan. Save the log file and post it here. --------------------------------------------------------------------------------------------- Then post the following logs in your next reply... C:\rapport.txt (log from the tool) Hijackthis log
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you.  Please do not ask for help via Private Message. |
|
|
|
|
12-19-2007, 02:01 PM
|
#3 (permalink) |
|
Registered User
Join Date: Nov 2004
Posts: 36
OS: Win98/Me/XP
|
Re: Lots of system alerts and somthing has taken control over Internet Explorer
Everything went fine by your excellent instructions.
I run SpyWareBlaster and have re-installed the protection. I'm not running IE-SPYAD, though. On IE-SPYAD's download page it said that it was compatible with IE 6, but I couldn't find anything about IE 7, so I didn't install it. Do you know if IE-SPYAD works with IE 7 as well? Here's a new log: Deckard's System Scanner v20071014.68 Run by Per Andréasson on 2007-12-19 21:48:53 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- HijackThis (run as Per Andréasson.exe) -------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:48:57, on 2007-12-19 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\CTHELPER.EXE C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe C:\Documents and Settings\Per Andréasson\Desktop\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\PERAND~1.EXE O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Windows Skrivbordssökning.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Öppna på ny flik i bakgrunden - res://C:\Program Files\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/229?93d20b0447a54b488fcf20f75d4b33b4 O8 - Extra context menu item: Öppna på ny flik i förgrunden - res://C:\Program Files\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/230?93d20b0447a54b488fcf20f75d4b33b4 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...1.0.0.15-3.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game10.zylom.com/activex/zylomgamesplayer.cab O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- End of file - 6169 bytes -- Files created between 2007-11-19 and 2007-12-19 ----------------------------- 2007-12-19 21:18:13 0 d-------- C:\WINDOWS\LastGood 2007-12-19 20:25:04 552 --a------ C:\WINDOWS\system32\d3d8caps.dat 2007-12-19 20:17:12 1160 --a------ C:\WINDOWS\system32\tmp.reg 2007-12-16 16:20:30 0 d-------- C:\Program Files\Trend Micro 2007-12-16 15:45:37 118784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL <Not Verified; Microsoft Corporation; MSSTDFMT Object Library> 2007-12-16 15:45:37 0 d-------- C:\Program Files\SpywareBlaster 2007-12-16 15:12:45 0 d-------- C:\WINDOWS\system32\ActiveScan -- Find3M Report --------------------------------------------------------------- 2007-12-19 20:35:41 15 --a------ C:\WINDOWS\system32\ANIWZCSUSERNAME{3923375C-9876-4295-B23A-37B0137988D3} 2007-12-19 20:13:02 288 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000000-00000000-0000000E-00001102-00000002-80661102}.dat 2007-12-19 20:13:02 288 --a------ C:\WINDOWS\system32\DVCState-{00000000-00000000-0000000E-00001102-00000002-80661102}.dat 2007-12-19 20 32 0 d-------- C:\Program Files\MyWebSearch2007-12-19 20 32 0 d-------- C:\Program Files\MSN Messenger2007-12-16 15 42 0 d-------- C:\Program Files\AntiSpyGolden 5.12007-12-11 20:30:14 0 d-------- C:\Program Files\EA GAMES 2007-12-02 15:30:51 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll 2007-12-02 08:14:22 0 d-------- C:\Program Files\LEGO Media 2007-12-02 08:14:21 0 d--h----- C:\Program Files\InstallShield Installation Information 2007-11-30 19:12:07 0 d-------- C:\Program Files\Windows Live Toolbar 2007-11-12 16:22:02 0 d-------- C:\Program Files\Norton Security Scan 2007-11-01 12:30:57 0 d-------- C:\Program Files\GTA2 2007-10-19 14:57:06 0 d-------- C:\Program Files\Ground Control II -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2002-06-18 11:44 C:\WINDOWS\SOUNDMAN.EXE] "CTHelper"="CTHELPER.EXE" [2003-08-28 09:45 C:\WINDOWS\system32\CTHELPER.EXE] "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00] "Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 01:00] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-01-15 18:28] "D-Link AirPlus XtremeG"="C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe" [2006-06-16 09:24] "ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2006-06-01 15:59] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-05 18:53] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 13:00] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Windows Skrivbordss”kning.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2006-03-26 21:44:08] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-03-13 12:11 233472] -- End of Deckard's System Scanner: finished at 2007-12-19 21:49:15 ------------ Thanks, Tomas |
|
|
|
|
12-19-2007, 02:04 PM
|
#4 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 26,749
OS: 2000 Pro; XP Pro; XP Home
|
Re: Lots of system alerts and somthing has taken control over Internet Explorer
Hi Tomas -
IE-Spyad does also work with IE 7. <edit> though the instructions are quite different now.... There's an instructional here: http://www.techsupportforum.com/cont...ticles/63.html </edit> Do you have the log from SmitfraudFix? It should be located at C:\rapport.txt
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Please do not ask for help via Private Message. Last edited by tetonbob : 12-19-2007 at 02:06 PM. |
|
|
|
|
12-20-2007, 12:34 PM
|
#5 (permalink) |
|
Registered User
Join Date: Nov 2004
Posts: 36
OS: Win98/Me/XP
|
Re: Lots of system alerts and somthing has taken control over Internet Explorer
Yes, of course! My mistake.
rapport.txt is hereby attached. SmitFraudFix v2.273 Scan done at 20:17:04,48, 2007-12-19 Run from C:\Documents and Settings\Per Andr‚asson\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{75a65a53-15c9-4a0c-bb40-a7ca8b24f544}"="boardwalk" [HKEY_CLASSES_ROOT\CLSID\{75a65a53-15c9-4a0c-bb40-a7ca8b24f544}\InProcServer32] @="C:\WINDOWS\system32\ugbtna.dll" [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{75a65a53-15c9-4a0c-bb40-a7ca8b24f544}\InProcServer32] @="C:\WINDOWS\system32\ugbtna.dll" »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix S!Ri's WS2Fix: LSP not Found. »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri C:\WINDOWS\system32\ugbtna.dll -> Hoax.Win32.Renos.gen.o C:\WINDOWS\system32\ugbtna.dll -> Deleted »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files C:\WINDOWS\blopenv???.dll Deleted C:\WINDOWS\jokvip.exe Deleted C:\WINDOWS\leorop.dll Deleted Deleting [HKEY_CLASSES_ROOT\CLSID\{55178F9C-EDA8-4483-9538-2B9991FF9729}] C:\WINDOWS\nopzet.dll Deleted Deleting [HKEY_CLASSES_ROOT\CLSID\{DA1B85CC-350A-4D39-91E3-FF75B29F0C90}] C:\WINDOWS\retnsrp.dll Deleted C:\DOCUME~1\PERAND~1\Desktop\Error Cleaner.url Deleted C:\DOCUME~1\PERAND~1\Desktop\Privacy Protector.url Deleted C:\DOCUME~1\PERAND~1\Desktop\Spyware?Malware Protection.url Deleted C:\DOCUME~1\PERAND~1\FAVORI~1\Online Security Test.url Deleted C:\DOCUME~1\PERAND~1\FAVORI~1\Error Cleaner.url Deleted C:\DOCUME~1\PERAND~1\FAVORI~1\Privacy Protector.url Deleted C:\DOCUME~1\PERAND~1\FAVORI~1\Spyware?Malware Protection.url Deleted C:\Program Files\AntiVirGear 3.8\ Deleted C:\Program Files\RichVideoCodec\ Deleted C:\Program Files\Video Add-on\ Deleted »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CCS\Services\Tcpip\..\{3923375C-9876-4295-B23A-37B0137988D3}: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{3923375C-9876-4295-B23A-37B0137988D3}: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CS2\Services\Tcpip\..\{3923375C-9876-4295-B23A-37B0137988D3}: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End Best regards, Tomas Last edited by tetonbob : 12-20-2007 at 12:39 PM. |
|
|
|
|
12-20-2007, 12:42 PM
|
#6 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 26,749
OS: 2000 Pro; XP Pro; XP Home
|
Re: Lots of system alerts and somthing has taken control over Internet Explorer
Great...
Delete this folder: C:\Program Files\AntiSpyGolden 5.1 Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update. Updating Java:
--------------------------------------------------------------------------------------------- Please run this online scan to help look for remnants. First, Go to Start>Control Panel>Add/Remove Programs and remove Kaspersky online scanner if present prior to downloading the most up-to-date one. Next, establish an internet connection & perform an online scan using Internet Explorer at Kaspersky Online Scanner Answer Yes, when prompted to install an ActiveX component.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%. --------------------------------------------------------------------------------------------- Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here. --------------------------------------------------------------------------------------------- How is your system behaving?
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Please do not ask for help via Private Message. |
|
|
|
|
12-27-2007, 10:52 AM
|
#7 (permalink) |
|
Registered User
Join Date: Nov 2004
Posts: 36
OS: Win98/Me/XP
|
Re: Lots of system alerts and somthing has taken control over Internet Explorer
Hi, My system is behaving better and better. No more unwanted pop-ups and system alerts. Maybe a bit to slow but that may have other causes. Here,s the log from Kaspersky followed by the log from HijackThis. I'm very greatful for this help! Best regards, Tomas ----------- ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Tuesday, December 25, 2007 12:14:27 AM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 24/12/2007 Kaspersky Anti-Virus database records: 493184 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ E:\ Scan Statistics: Total number of scanned objects: 96902 Number of viruses found: 32 Number of infected objects: 150 Number of suspicious objects: 0 Duration of the scan process: 00:52:03 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Per Andréasson\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Per Andréasson\Desktop\hotbar.exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.180Solutions.bj skipped C:\Documents and Settings\Per Andréasson\Desktop\hotbar.exe/stream/data0025/data0013/data0005 Infected: not-a-virus:AdWare.Win32.Shopper.l skipped C:\Documents and Settings\Per Andréasson\Desktop\hotbar.exe/stream/data0025/data0013 Infected: not-a-virus:AdWare.Win32.Shopper.l skipped C:\Documents and Settings\Per Andréasson\Desktop\hotbar.exe/stream/data0025 Infected: not-a-virus:AdWare.Win32.Shopper.l skipped C:\Documents and Settings\Per Andréasson\Desktop\hotbar.exe/stream Infected: not-a-virus:AdWare.Win32.Shopper.l skipped C:\Documents and Settings\Per Andréasson\Desktop\hotbar.exe NSIS: infected - 5 skipped C:\Documents and Settings\Per Andréasson\Desktop\setup.exe/stream/data0006 Infected: Trojan-Downloader.Win32.Zlob.dww skipped C:\Documents and Settings\Per Andréasson\Desktop\setup.exe/stream Infected: Trojan-Downloader.Win32.Zlob.dww skipped C:\Documents and Settings\Per Andréasson\Desktop\setup.exe NSIS: infected - 2 skipped C:\Documents and Settings\Per Andréasson\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\Documents and Settings\Per Andréasson\Desktop\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\Documents and Settings\Per Andréasson\Desktop\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\Documents and Settings\Per Andréasson\Desktop\SmitfraudFix.exe RarSFX: infected - 2 skipped C:\Documents and Settings\Per Andréasson\Desktop\VideoAccessCodecInstall.exe/stream/Script Infected: Trojan-Downloader.Win32.Zlob.fjh skipped C:\Documents and Settings\Per Andréasson\Desktop\VideoAccessCodecInstall.exe/stream/data0004 Infected: Trojan-Downloader.Win32.Zlob.fdl skipped C:\Documents and Settings\Per Andréasson\Desktop\VideoAccessCodecInstall.exe/stream Infected: Trojan-Downloader.Win32.Zlob.fdl skipped C:\Documents and Settings\Per Andréasson\Desktop\VideoAccessCodecInstall.exe NSIS: infected - 3 skipped C:\Documents and Settings\Per Andréasson\Local Settings\Application Data\Microsoft\Desktop Search\Applications\RSApp\GatherLogs\MyIndex\MyIndex.65.Crwl Object is locked skipped C:\Documents and Settings\Per Andréasson\Local Settings\Application Data\Microsoft\Desktop Search\Applications\RSApp\GatherLogs\MyIndex\MyIndex.65.gthr Object is locked skipped C:\Documents and Settings\Per Andréasson\Local Settings\Application Data\Microsoft\Desktop Search\Applications\RSApp\Projects\MyIndex\Build\Indexer\CiFiles\0001000E.ci Object is locked skipped C:\Documents and Settings\Per Andréasson\Local Settings\Application Data\Microsoft\Desktop Search\Applications\RSApp\Projects\MyIndex\Build\Indexer\CiFiles\CiPT0000.000 Object is locked skipped C:\Documents and Settings\Per Andréasson\Local Settings\Application Data\Microsoft\Desktop Search\Applications\RSApp\Projects\MyIndex\Build\Indexer\CiFiles\INDEX.000 Object is locked skipped C:\Documents and Settings\Per Andréasson\Local Settings\Application Data\Microsoft\Desktop Search\Applications\RSApp\Projects\MyIndex\Build\Indexer\NlFiles\CiST0000.000 Object is locked skipped C:\Documents and Settings\Per Andréasson\Local Settings\Application Data\Microsoft\Desktop Search\Applications\RSApp\Projects\MyIndex\Build\Indexer\NlFiles\DocId.Map Object is locked skipped C:\Documents and Settings\Per Andréasson\Local Settings\Application Data\Microsoft\Desktop Search\Applications\RSApp\Projects\MyIndex\MyIndex.chk1.gthr Object is locked skipped C:\Documents and Settings\Per Andréasson\Local Settings\Application Data\Microsoft\Desktop Search\Applications\RSApp\Projects\MyIndex\MyIndex.chk2.gthr Object is locked skipped C:\Documents and Settings\Per Andréasson\Local Settings\Application Data\Microsoft\Desktop Search\Applications\RSApp\Projects\MyIndex\MyIndex.Ntfy131.gthr Object is locked skipped C:\Documents and Settings\Per Andréasson\Local Settings\Application Data\Microsoft\Desktop Search\Applications\RSApp\Properties\MSS.log Object is locked skipped C:\Documents and Settings\Per Andréasson\Local Settings\Application Data\Microsoft\Desktop Search\Applications\RSApp\Properties\MSStmp.log Object is locked skipped C:\Documents and Settings\Per Andréasson\Local Settings\Application Data\Microsoft\Desktop Search\Applications\RSApp\Properties\RSApp.edb Object is locked skipped C:\Documents and Settings\Per Andréasson\Local Settings\Application Data\Microsoft\Desktop Search\Applications\RSApp\Properties\tmp.edb Object is locked skipped C:\Documents and Settings\Per Andréasson\Local Settings\Application Data\Microsoft\Desktop Search\Logs\MAPI.txt Object is locked skipped C:\Documents and Settings\Per Andréasson\Local Settings\Application Data\Microsoft\Desktop Search\Temp\rssgthrsvc\Ntf1.tmp Object is locked skipped C:\Documents and Settings\Per Andréasson\Local Settings\Application Data\Microsoft\Desktop Search\Temp\rssgthrsvc\Ntf2.tmp Object is locked skipped C:\Documents and Settings\Per Andréasson\Local Settings\Application Data\Microsoft\Desktop Search\Temp\rssgthrsvc\Perflib_Perfdata_ac.dat Object is locked skipped C:\Documents and Settings\Per Andréasson\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Per Andréasson\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Per Andréasson\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Per Andréasson\Local Settings\Temp\BIT8.tmp Object is locked skipped C:\Documents and Settings\Per Andréasson\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped C:\Documents and Settings\Per Andréasson\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Per Andréasson\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Per Andréasson\ntuser.dat.LOG Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP109\A0030436.exe Infected: Trojan-Downloader.Win32.Zlob.dwu skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP109\A0030437.dll Infected: Trojan-Downloader.Win32.Zlob.dwk skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP109\A0030438.exe Infected: Trojan-Downloader.Win32.Zlob.dwl skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP109\A0030445.dll Infected: Trojan-Downloader.Win32.Zlob.dwk skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP109\A0030446.exe Infected: Trojan-Downloader.Win32.Zlob.dwu skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP109\A0030447.exe Infected: Trojan-Downloader.Win32.Zlob.dwl skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP109\A0030452.dll Infected: Trojan-Downloader.Win32.Zlob.dwk skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP109\A0030453.exe Infected: Trojan-Downloader.Win32.Zlob.dwu skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP109\A0030454.exe Infected: Trojan-Downloader.Win32.Zlob.dwl skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP109\A0030459.dll Infected: Trojan-Downloader.Win32.Zlob.dwk skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP109\A0030460.exe Infected: Trojan-Downloader.Win32.Zlob.dwu skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP109\A0030461.exe Infected: Trojan-Downloader.Win32.Zlob.dwl skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP109\A0030473.dll Infected: Trojan-Downloader.Win32.Zlob.dwk skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP109\A0030474.exe Infected: Trojan-Downloader.Win32.Zlob.dwu skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP109\A0030475.exe Infected: Trojan-Downloader.Win32.Zlob.dwl skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP109\A0030484.dll Infected: Trojan-Downloader.Win32.Zlob.dwk skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP109\A0030485.exe Infected: Trojan-Downloader.Win32.Zlob.dwu skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP109\A0030486.exe Infected: Trojan-Downloader.Win32.Zlob.dwl skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP109\A0030510.dll Infected: Trojan-Downloader.Win32.Zlob.dwk skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP109\A0030511.exe Infected: Trojan-Downloader.Win32.Zlob.dwu skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP109\A0030512.exe Infected: Trojan-Downloader.Win32.Zlob.dwl skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP109\A0030517.dll Infected: Trojan-Downloader.Win32.Zlob.dwk skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP109\A0030518.exe Infected: Trojan-Downloader.Win32.Zlob.dwu skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP109\A0030519.exe Infected: Trojan-Downloader.Win32.Zlob.dwl skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP109\A0030545.dll Infected: Trojan-Downloader.Win32.Zlob.dwk skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP109\A0030546.exe Infected: Trojan-Downloader.Win32.Zlob.dwu skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP109\A0030547.exe Infected: Trojan-Downloader.Win32.Zlob.dwl skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP109\A0030577.exe Infected: Trojan-Downloader.Win32.Zlob.dwu skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP109\A0030578.dll Infected: Trojan-Downloader.Win32.Zlob.dwk skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP109\A0030579.exe Infected: Trojan-Downloader.Win32.Zlob.dwl skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP109\A0030584.dll Infected: Trojan-Downloader.Win32.Zlob.dwk skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP109\A0030585.exe Infected: Trojan-Downloader.Win32.Zlob.dwu skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP109\A0030586.exe Infected: Trojan-Downloader.Win32.Zlob.dwl skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP109\A0030594.dll Infected: Trojan-Downloader.Win32.Zlob.dwk skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP109\A0030595.exe Infected: Trojan-Downloader.Win32.Zlob.dwu skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP109\A0030596.exe Infected: Trojan-Downloader.Win32.Zlob.dwl skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP110\A0030604.dll Infected: Trojan-Downloader.Win32.Zlob.dwk skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP110\A0030605.exe Infected: Trojan-Downloader.Win32.Zlob.dwu skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP110\A0030606.exe Infected: Trojan-Downloader.Win32.Zlob.dwl skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP110\A0030612.dll Infected: Trojan-Downloader.Win32.Zlob.dwk skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP110\A0030613.exe Infected: Trojan-Downloader.Win32.Zlob.dwu skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP110\A0030614.exe Infected: Trojan-Downloader.Win32.Zlob.dwl skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP110\A0030623.dll Infected: Trojan-Downloader.Win32.Zlob.dwk skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP110\A0030624.exe Infected: Trojan-Downloader.Win32.Zlob.dwu skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP110\A0030625.exe Infected: Trojan-Downloader.Win32.Zlob.dwl skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP111\A0031623.dll Infected: Trojan-Downloader.Win32.Zlob.dwk skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP111\A0031624.exe Infected: Trojan-Downloader.Win32.Zlob.dwu skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP111\A0031625.exe Infected: Trojan-Downloader.Win32.Zlob.dwl skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP111\A0031631.dll Infected: Trojan-Downloader.Win32.Zlob.dwk skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP111\A0031632.exe Infected: Trojan-Downloader.Win32.Zlob.dwu skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP111\A0031633.exe Infected: Trojan-Downloader.Win32.Zlob.dwl skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP112\A0031642.dll Infected: Trojan-Downloader.Win32.Zlob.dwk skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP112\A0031643.exe Infected: Trojan-Downloader.Win32.Zlob.dwu skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP112\A0031644.exe Infected: Trojan-Downloader.Win32.Zlob.dwl skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP112\A0031652.dll Infected: Trojan-Downloader.Win32.Zlob.dwk skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP112\A0031653.exe Infected: Trojan-Downloader.Win32.Zlob.dwu skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP112\A0031654.exe Infected: Trojan-Downloader.Win32.Zlob.dwl skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP112\A0031661.dll Infected: Trojan-Downloader.Win32.Zlob.dwk skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP112\A0031662.exe Infected: Trojan-Downloader.Win32.Zlob.dwu skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP112\A0031663.exe Infected: Trojan-Downloader.Win32.Zlob.dwl skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP112\A0031673.dll Infected: Trojan-Downloader.Win32.Zlob.dwk skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP112\A0031674.exe Infected: Trojan-Downloader.Win32.Zlob.dwu skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP112\A0031675.exe Infected: Trojan-Downloader.Win32.Zlob.dwl skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP112\A0031692.dll Infected: Trojan-Downloader.Win32.Zlob.dwk skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP112\A0031693.exe Infected: Trojan-Downloader.Win32.Zlob.dwu skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP112\A0031694.exe Infected: Trojan-Downloader.Win32.Zlob.dwl skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP112\A0031704.dll Infected: Trojan-Downloader.Win32.Zlob.dwk skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP112\A0031705.exe Infected: Trojan-Downloader.Win32.Zlob.dwu skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP112\A0031706.exe Infected: Trojan-Downloader.Win32.Zlob.dwl skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP112\A0031722.dll Infected: Trojan-Downloader.Win32.Zlob.dwk skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP112\A0031723.exe Infected: Trojan-Downloader.Win32.Zlob.dwu skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP112\A0031724.exe Infected: Trojan-Downloader.Win32.Zlob.dwl skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP112\A0031731.dll Infected: Trojan-Downloader.Win32.Zlob.dwk skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP112\A0031732.exe Infected: Trojan-Downloader.Win32.Zlob.dwu skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP112\A0031733.exe Infected: Trojan-Downloader.Win32.Zlob.dwl skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP112\A0031747.dll Infected: Trojan-Downloader.Win32.Zlob.dwk skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP112\A0031748.exe Infected: Trojan-Downloader.Win32.Zlob.dwu skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP112\A0031749.exe Infected: Trojan-Downloader.Win32.Zlob.dwl skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP112\A0031755.dll Infected: Trojan-Downloader.Win32.Zlob.dwk skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP112\A0031756.exe Infected: Trojan-Downloader.Win32.Zlob.dwu skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP112\A0031757.exe Infected: Trojan-Downloader.Win32.Zlob.dwl skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP112\A0031778.dll Infected: Trojan-Downloader.Win32.Zlob.dwk skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP112\A0031779.exe Infected: Trojan-Downloader.Win32.Zlob.dwu skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP112\A0031780.exe Infected: Trojan-Downloader.Win32.Zlob.dwl skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP112\A0031806.dll Infected: Trojan-Downloader.Win32.Zlob.dwk skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP112\A0031807.exe Infected: Trojan-Downloader.Win32.Zlob.dwu skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP112\A0031808.exe Infected: Trojan-Downloader.Win32.Zlob.dwl skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP113\A0031826.exe Infected: Trojan-Downloader.Win32.Zlob.dwn skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP113\A0031827.exe Infected: Trojan-Downloader.Win32.Zlob.dwm skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP113\A0031828.dll Infected: Trojan-Downloader.Win32.Zlob.dwk skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP113\A0031829.exe Infected: Trojan-Downloader.Win32.Zlob.dwt skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP113\A0031830.exe Infected: Trojan-Downloader.Win32.Zlob.dwi skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP113\A0031831.dll Infected: not-a-virus:AdWare.Win32.Agent.sj skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP113\A0031832.exe Infected: Trojan-Downloader.Win32.Zlob.dwu skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP120\A0034247.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP120\A0034248.scr Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP120\A0034249.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.at skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP120\A0034251.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP120\A0034252.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP120\A0034253.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.af skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP120\A0034254.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP120\A0034255.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP120\A0034256.SCR Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP120\A0034257.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP120\A0034258.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.a skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP120\A0034259.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.an skipped C:\System Volume Information\_restore{CB959ED4-FF24-4C9A-8A75-8F5D58753D5A}\RP120\A0034260.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.aq skipped C:\System Volume Information\_restore |
