Tech Support banner

Status
Not open for further replies.
1 - 6 of 6 Posts

·
Registered
Joined
·
3 Posts
Discussion Starter #1
For the last two days I have been trying to fix my son's laptop. Something is preventing me from accessing the net and I usually get this error message: res:shdoclc.dll/dnserror.htm. I downloaded (from my laptop) Hijack This and KRC Hijack This Analyzer but haven't run these programms for fear of loosing important data.

As my son is going back to University on Monday, I would really appreciate any help in getting the computer up and running again.

Here is my Hijack This log file:

Logfile of HijackThis v1.99.1
Scan saved at 3:27:15 PM, on 9/3/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\new log\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=searchfavweb&c=1c02&lc=0409
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
O2 - BHO: &EliteSideBar - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - C:\WINDOWS\EliteSideBar\EliteSideBar 08.dll
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\eliteugh32.exe
O4 - HKLM\..\Run: [etbrun] C:\windows\system32\eliteidh32.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKLM\..\Run: [Windows Update Manager] C:\WINDOWS\wuamgid.exe
O4 - HKLM\..\Run: [4k7Fhts1O] C:\WINDOWS\kkvbrq.exe
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MskDetct.exe /startup
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [Obbwhzv] C:\Program Files\Fyzc\Tttmzjf.exe
O4 - HKLM\..\Run: [MSN Messenger] msnmsgr.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [HELPER] C:\WINDOWS\System32\canada.exe -N
O4 - HKLM\..\Run: [Gentle Windows Loader] win32twain.exe
O4 - HKLM\..\Run: [gah95on6] C:\WINDOWS\System32\gah95on6.exe
O4 - HKLM\..\Run: [FireWire Service] nvscv32.exe
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ASDPLUGIN] C:\WINDOWS\System32\canada.exe -N
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\RunServices: [MSN Messenger] msnmsgr.exe
O4 - HKLM\..\RunServices: [FireWire Service] nvscv32.exe
O4 - HKLM\..\RunServices: [Windows Update Manager] C:\WINDOWS\wuamgid.exe
O4 - HKLM\..\RunServices: [Gentle Windows Loader] win32twain.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Advisor - {B3153D7C-CB38-48B1-8582-F7E85ADFBCC5} - C:\Program Files\COMPAQ\Compaq Advisor\bin\rbaLauncher.exe (file missing) (HKCU)
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\cslsp.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\Toolbar\toolbar.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee SpamKiller Server (MskService) - Networks Associates Technology. Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: WebSeach Toolbar support NT service (TBPSSvc) - Unknown owner - C:\PROGRA~1\Toolbar\TBPSSvc.exe
O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe
 

·
TSF Security Team, Emeritus
Joined
·
26,363 Posts
Hello and Welcome to TSF!

Please subscribe to this thread to get immediate notification of fixes as soon as they are posted.


= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


Please download these additional files/programs. Do not run them untill instructed to do so.
Unless otherwise stated, they should be stored in same directory as the HiJackThis program.

CleanUp! - Install.

KillBox v2.0.0.175.zip

LQfix.zip

Ewido Security Suite
  • Install Ewido Security Suite
  • When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu
  • Double-click the icon on Desktop to launch Ewido
You will need to update Ewido to the latest definition files.
  • On the left hand side of the main screen click update.
  • Then click on Start Update.
The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update Ewido
When you have finished updating, EXIT Ewido.



Download Lavasoft's Ad-Aware & it's recently updated plug-in - VX2 Cleaner

Install both using the default options & then update Ad-Aware with the latest definitions.
Click on Add-ons in the lefthand column & select - VX2 Cleaner V2.0
Click Run Tool >> "OK"
If something is found, click "Clean" as in the directions given.
Click "Close", and exit Ad-Aware.


'UNPLUG'/DISCONNECT YOUR COMPUTER FROM THE INTERNET WHEN YOU HAVE FINISHED DOWNLOADING


This webpage would not be available when you're carrying out the fix. Please save the following instructions in Notepad. I have customed my instructions on the assumption that you are using Notepad. It may lead to some confusion should you choose to do otherwise.

If there's anything that you don't understand, kindly ask your questions before proceeding with the fixes. There should not be any opened browsers when you are carrying out the procedures below.


IT IS IMPORTANT THAT YOU DON'T MISS A STEP & PERFORM EVERYTHING IN THE RIGHT ORDER.


= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


Launch KillBox.exe & select the following options:
  • delete on Reboot
  • end Explorer shell while killing file
  • unregister dlll before deleting * if it's not grayed out
Select all the filenames below & then right-click & select Copy
  • C:\Program Files\Common Files\WinTools\WToolsS.exe
    C:\windows\system32\eliteugh32.exe
    C:\windows\system32\eliteidh32.exe
    C:\WINDOWS\wuamgid.exe
    C:\WINDOWS\kkvbrq.exe
    C:\WINDOWS\System32\msnmsgr.exe
    C:\WINDOWS\System32\canada.exe
    C:\WINDOWS\System32\gah95on6.exe
* Go to the File menu, and choose Paste from Clipboard
* Click on the dropdown menu next to Full Path of File to Delete field.
* Verify that the filenames you pasted are found there
* Click the RED X button.
* Click Yes at the Delete on Reboot prompt.
* Click Yes at the 'Pending Operations prompt'.

If you received a message such as: "PendingFileRenameOperations registry data has been removed by external process", you have to restart Windows manually .
If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, download and run missingfilesetup.exe. Then try Killbox again.
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


Next, please reboot your computer in SafeMode by doing the following:

1. Restart your computer
2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3. Instead of Windows loading as normal, a menu should appear
4. Select the first option, to run Windows in Safe Mode.


= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


Uninstall the following programs, if present, using Control Panel->Add/Remove Programs:
  • Elite Toolbar
    Elite SideBar
    Toolbar - My toolbar
    Media Access
    ISTSvc
    WinTools
    180Solutions
    Internet Optimizer
    altnet
    SideFind
    TBPS
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


Double click on LQFix.zip & Run LQFix.bat


= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


Click Start->Run - type SERVICES.MSC & then click on the OK button
  • Locate the service - WebSeach Toolbar support NT service (TBPSSvc)
  • Double-click on it to open the Properties dialog.
    • Stop the service by using the Stop button.
    • Change the Startup type to Disabled & then click on the OK button
Then start HiJackThis & go to Config>Misc.Tools...> Delete an NT service...
  • In the popup box that appears, type in TBPSSvc & then click on the OK button
Repeat the above steps for the following services :-
  • WinTools for IE service (WinToolsSvc)
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


Run a scan with HiJackThis & select/tick the following & click "Fix checked" :

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
O2 - BHO: &EliteSideBar - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - C:\WINDOWS\EliteSideBar\EliteSideBar 08.dll
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\eliteugh32.exe
O4 - HKLM\..\Run: [etbrun] C:\windows\system32\eliteidh32.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKLM\..\Run: [Windows Update Manager] C:\WINDOWS\wuamgid.exe
O4 - HKLM\..\Run: [4k7Fhts1O] C:\WINDOWS\kkvbrq.exe
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [Obbwhzv] C:\Program Files\Fyzc\Tttmzjf.exe
O4 - HKLM\..\Run: [MSN Messenger] msnmsgr.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [HELPER] C:\WINDOWS\System32\canada.exe -N
O4 - HKLM\..\Run: [Gentle Windows Loader] win32twain.exe
O4 - HKLM\..\Run: [gah95on6] C:\WINDOWS\System32\gah95on6.exe
O4 - HKLM\..\Run: [FireWire Service] nvscv32.exe
O4 - HKLM\..\Run: [ASDPLUGIN] C:\WINDOWS\System32\canada.exe -N
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\RunServices: [MSN Messenger] msnmsgr.exe
O4 - HKLM\..\RunServices: [FireWire Service] nvscv32.exe
O4 - HKLM\..\RunServices: [Windows Update Manager] C:\WINDOWS\wuamgid.exe
O4 - HKLM\..\RunServices: [Gentle Windows Loader] win32twain.exe
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\Toolbar\toolbar.dll
O23 - Service: WebSeach Toolbar support NT service (TBPSSvc) - Unknown owner - C:\PROGRA~1\Toolbar\TBPSSvc.exe
O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe



= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


If you have not done so already, please enable the viewing of Hidden files
From Windows Explorer, go to Tools>Folder Options> View tab.
  • Tick - Show hidden files and folder
  • Untick - Hide file extensions for known types
  • Untick - Hide protected operating system files
Click Yes to confirm & then click OK

Locate and delete the following folders, if present:
  • C:\Program Files\SideFind\
    c:\program files\Toolbar\
    C:\Program Files\Common Files\WinTools\
    C:\WINDOWS\EliteToolBar\
    C:\WINDOWS\EliteSideBar\
    C:\Program Files\Media Access\
    C:\Program Files\ISTsvc\
    C:\Program Files\Fyzc\
    C:\Program Files\Internet Optimizer\
    c:\program files\altnet\
Search for & delete ... using Start> Search... the following files:
  • win32twain.exe
    nvscv32.exe
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


Run Cleanup! using the following configuration:

1. Click Options...
2. Set the slider to Standard CleanUp!
3. Uncheck the following:
  • Delete Newsgroup cache
    [*]Delete Newsgroup Subscriptions
    [*]Scan local drives for temporary files
4. Click OK
5. Press the CleanUp! button to start the program. Reboot/logoff when prompted.
* CleanUp! will not create any backups!!


= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


Launch Ad-Aware & click on the Start button
Select "Perform smart system scan" and click Next.
Once the scan finishes, click "Next" again. Select all objects found (right click anywhere in the list of found objects and click "Select All Objects"). Click "Next" one more time, then "OK" to confirm the removal.

You will be prompted to set Ad-Aware to run on reboot, click "OK".


= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


Run Ewido with it's updated definitions:(...it's important that all windows must be closed)
  • Click Scanner
  • Click Complete System Scan to begin scanning.
  • Click OK when prompted to clean files
With the first file it prompts to clean, select the option:
  • "Perform action on all infections"
  • .Choose clean and click OK.
Once finished, click the Save report button & save the report to your desktop

** Ewido scan would require at least an hour. I suggest that you go grab a cup of coffee & do something else while you wait for it to complete.


= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


REBOOT TO NORMAL MODE


As you reboot, Ad-Aware will start up
Click on "Start", then "Next". Follow the steps above if anything is found, or click "Finish", then exit Ad-Aware.


= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


Perform an online scan with Internet Explorer with Panda ActiveScan
  1. Click [Scan your PC] & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
  2. Click [Scan Now]
  3. Enter your e-mail address & click [Scan Now] ...begins downloading 8 MB Panda's ActiveX controls
Begin the scan by selecting My Computer
  • If it finds any malware, it will offer you a report.
  • Click on see report. Then click Save report
Post the contents of the report in your next reply

*You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
*Turn off the real time scanner of any existing antivirus program while performing the online scan



= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


Download Trend Micro™ Anti-Spyware (by clicking the "Scan and Clean your PC" button).
  • Double-click the tmas-web-scan.exe icon
  • It will say "Loading TrendMicro definitions".
  • Click "Start Scan"
After it's done scanning, click "Scan Results"
  • Make sure all items found have a check next to them, then click "Clean Threats Now".
  • Click Exit.
Reboot your computer. I then need you to repeat the same procedure above again... using the TrendMicro tool. I need the log from the second scan/clean...NOT the first...as this will contain what’s left in the system.

In place of the TrendMicro icon will be a text file called "Antispyware.log", please double-click that log and copy the entire contents and paste them here.


= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


In your next post, please include fresh logs from:
  • HiJackThis log
    [*] Online Scan
    [*] Ewido
    [*] TrendMicro's AntiSpyware log
Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now
 

·
Registered
Joined
·
3 Posts
Discussion Starter #3
sUBs said:
Hello and Welcome to TSF!

Please subscribe to this thread to get immediate notification of fixes as soon as they are posted.


= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


Please download these additional files/programs. Do not run them untill instructed to do so.
Unless otherwise stated, they should be stored in same directory as the HiJackThis program.

CleanUp! - Install.

KillBox v2.0.0.175.zip

LQfix.zip

Ewido Security Suite
  • Install Ewido Security Suite
  • When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu
  • Double-click the icon on Desktop to launch Ewido
You will need to update Ewido to the latest definition files.
  • On the left hand side of the main screen click update.
  • Then click on Start Update.
The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update Ewido
When you have finished updating, EXIT Ewido.



Download Lavasoft's Ad-Aware & it's recently updated plug-in - VX2 Cleaner

Install both using the default options & then update Ad-Aware with the latest definitions.
Click on Add-ons in the lefthand column & select - VX2 Cleaner V2.0
Click Run Tool >> "OK"
If something is found, click "Clean" as in the directions given.
Click "Close", and exit Ad-Aware.


'UNPLUG'/DISCONNECT YOUR COMPUTER FROM THE INTERNET WHEN YOU HAVE FINISHED DOWNLOADING


This webpage would not be available when you're carrying out the fix. Please save the following instructions in Notepad. I have customed my instructions on the assumption that you are using Notepad. It may lead to some confusion should you choose to do otherwise.

If there's anything that you don't understand, kindly ask your questions before proceeding with the fixes. There should not be any opened browsers when you are carrying out the procedures below.


IT IS IMPORTANT THAT YOU DON'T MISS A STEP & PERFORM EVERYTHING IN THE RIGHT ORDER.


= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


Launch KillBox.exe & select the following options:
  • delete on Reboot
  • end Explorer shell while killing file
  • unregister dlll before deleting * if it's not grayed out
Select all the filenames below & then right-click & select Copy
  • C:\Program Files\Common Files\WinTools\WToolsS.exe
    C:\windows\system32\eliteugh32.exe
    C:\windows\system32\eliteidh32.exe
    C:\WINDOWS\wuamgid.exe
    C:\WINDOWS\kkvbrq.exe
    C:\WINDOWS\System32\msnmsgr.exe
    C:\WINDOWS\System32\canada.exe
    C:\WINDOWS\System32\gah95on6.exe
* Go to the File menu, and choose Paste from Clipboard
* Click on the dropdown menu next to Full Path of File to Delete field.
* Verify that the filenames you pasted are found there
* Click the RED X button.
* Click Yes at the Delete on Reboot prompt.
* Click Yes at the 'Pending Operations prompt'.


= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


Next, please reboot your computer in SafeMode by doing the following:

1. Restart your computer
2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3. Instead of Windows loading as normal, a menu should appear
4. Select the first option, to run Windows in Safe Mode.


= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


Uninstall the following programs, if present, using Control Panel->Add/Remove Programs:
  • Elite Toolbar
    Elite SideBar
    Toolbar - My toolbar
    Media Access
    ISTSvc
    WinTools
    180Solutions
    Internet Optimizer
    altnet
    SideFind
    TBPS
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


Double click on LQFix.zip & Run LQFix.bat


= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


Click Start->Run - type SERVICES.MSC & then click on the OK button
  • Locate the service - WebSeach Toolbar support NT service (TBPSSvc)
  • Double-click on it to open the Properties dialog.
    • Stop the service by using the Stop button.
    • Change the Startup type to Disabled & then click on the OK button
Then start HiJackThis & go to Config>Misc.Tools...> Delete an NT service...
  • In the popup box that appears, type in TBPSSvc & then click on the OK button
Repeat the above steps for the following services :-
  • WinTools for IE service (WinToolsSvc)
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


Run a scan with HiJackThis & select/tick the following & click "Fix checked" :

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
O2 - BHO: &EliteSideBar - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - C:\WINDOWS\EliteSideBar\EliteSideBar 08.dll
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\eliteugh32.exe
O4 - HKLM\..\Run: [etbrun] C:\windows\system32\eliteidh32.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKLM\..\Run: [Windows Update Manager] C:\WINDOWS\wuamgid.exe
O4 - HKLM\..\Run: [4k7Fhts1O] C:\WINDOWS\kkvbrq.exe
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [Obbwhzv] C:\Program Files\Fyzc\Tttmzjf.exe
O4 - HKLM\..\Run: [MSN Messenger] msnmsgr.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [HELPER] C:\WINDOWS\System32\canada.exe -N
O4 - HKLM\..\Run: [Gentle Windows Loader] win32twain.exe
O4 - HKLM\..\Run: [gah95on6] C:\WINDOWS\System32\gah95on6.exe
O4 - HKLM\..\Run: [FireWire Service] nvscv32.exe
O4 - HKLM\..\Run: [ASDPLUGIN] C:\WINDOWS\System32\canada.exe -N
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\RunServices: [MSN Messenger] msnmsgr.exe
O4 - HKLM\..\RunServices: [FireWire Service] nvscv32.exe
O4 - HKLM\..\RunServices: [Windows Update Manager] C:\WINDOWS\wuamgid.exe
O4 - HKLM\..\RunServices: [Gentle Windows Loader] win32twain.exe
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\Toolbar\toolbar.dll
O23 - Service: WebSeach Toolbar support NT service (TBPSSvc) - Unknown owner - C:\PROGRA~1\Toolbar\TBPSSvc.exe
O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe



= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


If you have not done so already, please enable the viewing of Hidden files
From Windows Explorer, go to Tools>Folder Options> View tab.
  • Tick - Show hidden files and folder
  • Untick - Hide file extensions for known types
  • Untick - Hide protected operating system files
Click Yes to confirm & then click OK

Locate and delete the following folders, if present:
  • C:\Program Files\SideFind\
    c:\program files\Toolbar\
    C:\Program Files\Common Files\WinTools\
    C:\WINDOWS\EliteToolBar\
    C:\WINDOWS\EliteSideBar\
    C:\Program Files\Media Access\
    C:\Program Files\ISTsvc\
    C:\Program Files\Fyzc\
    C:\Program Files\Internet Optimizer\
    c:\program files\altnet\
Search for & delete ... using Start> Search... the following files:
  • win32twain.exe
    nvscv32.exe
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


Run Cleanup! using the following configuration:

1. Click Options...
2. Set the slider to Standard CleanUp!
3. Uncheck the following:
  • Delete Newsgroup cache
    [*]Delete Newsgroup Subscriptions
    [*]Scan local drives for temporary files
4. Click OK
5. Press the CleanUp! button to start the program. Reboot/logoff when prompted.
* CleanUp! will not create any backups!!


= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


Launch Ad-Aware & click on the Start button
Select "Perform smart system scan" and click Next.
Once the scan finishes, click "Next" again. Select all objects found (right click anywhere in the list of found objects and click "Select All Objects"). Click "Next" one more time, then "OK" to confirm the removal.

You will be prompted to set Ad-Aware to run on reboot, click "OK".


= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


Run Ewido with it's updated definitions:(...it's important that all windows must be closed)
  • Click Scanner
  • Click Complete System Scan to begin scanning.
  • Click OK when prompted to clean files
With the first file it prompts to clean, select the option:
  • "Perform action on all infections"
  • .Choose clean and click OK.
Once finished, click the Save report button & save the report to your desktop

** Ewido scan would require at least an hour. I suggest that you go grab a cup of coffee & do something else while you wait for it to complete.


= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


REBOOT TO NORMAL MODE


As you reboot, Ad-Aware will start up
Click on "Start", then "Next". Follow the steps above if anything is found, or click "Finish", then exit Ad-Aware.


= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


Perform an online scan with Internet Explorer with Panda ActiveScan
  1. Click [Scan your PC] & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
  2. Click [Scan Now]
  3. Enter your e-mail address & click [Scan Now] ...begins downloading 8 MB Panda's ActiveX controls
Begin the scan by selecting My Computer
  • If it finds any malware, it will offer you a report.
  • Click on see report. Then click Save report
Post the contents of the report in your next reply

*You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
*Turn off the real time scanner of any existing antivirus program while performing the online scan



= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


Download Trend Micro™ Anti-Spyware (by clicking the "Scan and Clean your PC" button).
  • Double-click the tmas-web-scan.exe icon
  • It will say "Loading TrendMicro definitions".
  • Click "Start Scan"
After it's done scanning, click "Scan Results"
  • Make sure all items found have a check next to them, then click "Clean Threats Now".
  • Click Exit.
Reboot your computer. I then need you to repeat the same procedure above again... using the TrendMicro tool. I need the log from the second scan/clean...NOT the first...as this will contain what’s left in the system.

In place of the TrendMicro icon will be a text file called "Antispyware.log", please double-click that log and copy the entire contents and paste them here.


= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


In your next post, please include fresh logs from:
  • HiJackThis log
    [*] Online Scan
    [*] Ewido
    [*] TrendMicro's AntiSpyware log
Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now
Thanks for your suggestions. As I can't access the Internet on the hijacked laptop, I downloaded the suggested programms to my personal laptop and copied the files. However, how can I update Ewido and Ad-Aware when the infected laptop always goes to:
res:shdoclc.dll/dnserror.htm and does not let me access the net through windows explorer?
Thanks
 

·
Registered
Joined
·
3 Posts
Discussion Starter #5
Sorry for taking a while before writing back. I followed your suggestions as best as I could. It took quite a while but your help resulted in the laptop working well again. I worked on it all night since my son had to leave in the morning (taking the fixed laptop along). I was a bit rushed and failed to save the HiJack This log file. I will add the log files that I did manage to copy. I had problems with the TrendMicro Tool but everything else worked out fine. Thanks again for your help!!!!! I really appreciate it!!!!
Please let me know if there is anything else that needs to be done, and I will forward this info to my son. Merci!!!

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 1:00:06 AM, 9/5/2005
+ Report-Checksum: A5E000AB

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{3646C2BD-3554-49CA-8125-44DEEFB881DE} -> Spyware.Altnet : Cleaned without backup
HKLM\SOFTWARE\Classes\CLSID\{3f4d4f88-0198-4921-b630-957f3eb814e0} -> Spyware.Altnet : Cleaned without backup
HKLM\SOFTWARE\Classes\Common.Buttons -> Spyware.WebSearch : Cleaned without backup
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Spyware.WebSearch : Cleaned without backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned without backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt -> Spyware.InternetOptimizer : Cleaned without backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer -> Spyware.MidAddle : Cleaned without backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\0 -> Spyware.MidAddle : Cleaned without backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\0\Controls -> Spyware.MidAddle : Cleaned without backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\0\Controls\0 -> Spyware.MidAddle : Cleaned without backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\0\Controls\1 -> Spyware.MidAddle : Cleaned without backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\0\Controls\2 -> Spyware.MidAddle : Cleaned without backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\1 -> Spyware.MidAddle : Cleaned without backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\1\Controls -> Spyware.MidAddle : Cleaned without backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\10 -> Spyware.MidAddle : Cleaned without backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\10\Controls -> Spyware.MidAddle : Cleaned without backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\10\Controls\0 -> Spyware.MidAddle : Cleaned without backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\10\Controls\1 -> Spyware.MidAddle : Cleaned without backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\11 -> Spyware.MidAddle : Cleaned without backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\11\Controls -> Spyware.MidAddle : Cleaned without backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\11\Controls\0 -> Spyware.MidAddle : Cleaned without backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\11\Controls\1 -> Spyware.MidAddle : Cleaned without backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\11\Controls\2 -> Spyware.MidAddle : Cleaned without backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\2 -> Spyware.MidAddle : Cleaned without backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\2\Controls -> Spyware.MidAddle : Cleaned without backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\2\Controls\0 -> Spyware.MidAddle : Cleaned without backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\2\Controls\1 -> Spyware.MidAddle : Cleaned without backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\2\Controls\2 -> Spyware.MidAddle : Cleaned without backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\3 -> Spyware.MidAddle : Cleaned without backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\3\Controls -> Spyware.MidAddle : Cleaned without backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\3\Controls\0 -> Spyware.MidAddle : Cleaned without backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\3\Controls\1 -> Spyware.MidAddle : Cleaned without backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\4 -> Spyware.MidAddle : Cleaned without backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\4\Controls -> Spyware.MidAddle : Cleaned without backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\4\Controls\0 -> Spyware.MidAddle : Cleaned without backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\4\Controls\1 -> Spyware.MidAddle : Cleaned without backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\5 -> Spyware.MidAddle : Cleaned without backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\5\Controls -> Spyware.MidAddle : Cleaned without backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\5\Controls\0 -> Spyware.MidAddle : Cleaned without backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\5\Controls\1 -> Spyware.MidAddle : Cleaned without backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\6 -> Spyware.MidAddle : Cleaned without backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\6\Controls -> Spyware.MidAddle : Cleaned without backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\6\Controls\0 -> Spyware.MidAddle : Cleaned without backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\6\Controls\1 -> Spyware.MidAddle : Cleaned without backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\7 -> Spyware.MidAddle : Cleaned without backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\7\Controls -> Spyware.MidAddle : Cleaned without backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\7\Controls\0 -> Spyware.MidAddle : Cleaned without backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\7\Controls\1 -> Spyware.MidAddle : Cleaned without backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\7\Controls\2 -> Spyware.MidAddle : Cleaned without backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\8 -> Spyware.MidAddle : Cleaned without backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\8\Controls -> Spyware.MidAddle : Cleaned without backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\8\Controls\0 -> Spyware.MidAddle : Cleaned without backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\8\Controls\1 -> Spyware.MidAddle : Cleaned without backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\9 -> Spyware.MidAddle : Cleaned without backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\9\Controls -> Spyware.MidAddle : Cleaned without backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\9\Controls\0 -> Spyware.MidAddle : Cleaned without backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\9\Controls\1 -> Spyware.MidAddle : Cleaned without backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\A -> Spyware.MidAddle : Cleaned without backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\A\Controls -> Spyware.MidAddle : Cleaned without backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\B -> Spyware.MidAddle : Cleaned without backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\B\Controls -> Spyware.MidAddle : Cleaned without backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\B\Controls\0 -> Spyware.MidAddle : Cleaned without backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\B\Controls\1 -> Spyware.MidAddle : Cleaned without backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\C -> Spyware.MidAddle : Cleaned without backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\C\Controls -> Spyware.MidAddle : Cleaned without backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\C\Controls\0 -> Spyware.MidAddle : Cleaned without backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\D -> Spyware.MidAddle : Cleaned without backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\D\Controls -> Spyware.MidAddle : Cleaned without backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\D\Controls\0 -> Spyware.MidAddle : Cleaned without backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\D\Controls\1 -> Spyware.MidAddle : Cleaned without backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\E -> Spyware.MidAddle : Cleaned without backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\E\Controls -> Spyware.MidAddle : Cleaned without backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\E\Controls\0 -> Spyware.MidAddle : Cleaned without backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\E\Controls\1 -> Spyware.MidAddle : Cleaned without backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\F -> Spyware.MidAddle : Cleaned without backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\F\Controls -> Spyware.MidAddle : Cleaned without backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\F\Controls\0 -> Spyware.MidAddle : Cleaned without backup
HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\F\Controls\1 -> Spyware.MidAddle : Cleaned without backup
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Explorer Bars\{8CBA1B49-8144-4721-A7B1-64C578C9EED7} -> Spyware.SideFind : Cleaned without backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt -> Spyware.InternetOptimizer : Cleaned without backup
HKU\.DEFAULT\Software\salm -> Spyware.180Solutions : Cleaned without backup
HKU\S-1-5-21-1071787919-4261448454-2159764795-1006\Software\Microsoft\Internet Explorer\Explorer Bars\{8CBA1B49-8144-4721-A7B1-64C578C9EED7} -> Spyware.SideFind : Cleaned without backup
HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Explorer Bars\{8CBA1B49-8144-4721-A7B1-64C578C9EED7} -> Spyware.SideFind : Cleaned without backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt -> Spyware.InternetOptimizer : Cleaned without backup
HKU\S-1-5-18\Software\salm -> Spyware.180Solutions : Cleaned without backup
C:\1.exe -> Trojan.LowZones.d : Cleaned without backup
C:\Documents and Settings\Marc\Application Data\othb.exe -> Spyware.PurityScan : Cleaned without backup
C:\Documents and Settings\Marc\bootsys32.exe -> Spyware.WinAD : Cleaned without backup
C:\Documents and Settings\Marc\fx.exe -> Worm.Bropia.q : Cleaned without backup
C:\Documents and Settings\Marc\x.exe -> Worm.Bropia.s : Cleaned without backup
C:\Program Files\Common Files\kmqz\kmqza.exe -> TrojanDownloader.TSUpdate.l : Cleaned without backup
C:\Program Files\Common Files\kmqz\kmqzl.exe -> TrojanDownloader.TSUpdate.j : Cleaned without backup
C:\Program Files\Common Files\kmqz\kmqzm.exe -> TrojanDownloader.TSUpdate.k : Cleaned without backup
C:\Program Files\Common Files\kmqz\kmqzp.exe -> Spyware.Xupiter : Cleaned without backup
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP1\A0000001.exe -> Spyware.WebSearch : Cleaned without backup
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP1\A0000002.exe -> Spyware.Wintools : Cleaned without backup
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP1\A0000016.exe -> Spyware.WebSearch : Cleaned without backup
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP1\A0000019.exe -> Spyware.Wintools : Cleaned without backup
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP1\A0001059.exe -> Spyware.WebSearch : Cleaned without backup
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP1\A0001063.exe -> Spyware.Wintools : Cleaned without backup
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP1\A0001072.exe -> Spyware.WebSearch : Cleaned without backup
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP1\A0001073.exe -> Spyware.Wintools : Cleaned without backup
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP2\A0001091.exe -> Spyware.WebSearch : Cleaned without backup
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP2\A0001093.exe -> Spyware.Wintools : Cleaned without backup
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP2\A0002091.exe -> Spyware.WebSearch : Cleaned without backup
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP2\A0002093.exe -> Spyware.Wintools : Cleaned without backup
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP2\A0002104.exe -> TrojanDownloader.TSUpdate.l : Cleaned without backup
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP2\A0002105.exe -> TrojanDownloader.TSUpdate.j : Cleaned without backup
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP2\A0002106.exe -> TrojanDownloader.TSUpdate.k : Cleaned without backup
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP2\A0002107.exe -> Spyware.Xupiter : Cleaned without backup
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP2\A0003091.exe -> Spyware.WebSearch : Cleaned without backup
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP2\A0003092.exe -> Spyware.Wintools : Cleaned without backup
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP2\A0004092.exe -> Spyware.WebSearch : Cleaned without backup
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP2\A0004094.exe -> Spyware.Wintools : Cleaned without backup
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP2\A0005092.exe -> Spyware.WebSearch : Cleaned without backup
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP2\A0005094.exe -> Spyware.Wintools : Cleaned without backup
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP2\A0006091.exe -> Spyware.WebSearch : Cleaned without backup
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP2\A0006092.exe -> Spyware.Wintools : Cleaned without backup
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP2\A0006103.exe -> TrojanDownloader.Wintool.f : Cleaned without backup
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP2\A0006104.exe -> Heuristic.Win32.Morphine-Crypted : Cleaned without backup
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP2\A0006105.exe -> TrojanDownloader.IstBar.ij : Cleaned without backup
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP2\A0006106.exe -> Backdoor.Rbot : Cleaned without backup
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP2\A0006107.exe -> Dialer.Generic : Cleaned without backup
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP2\A0006108.exe -> Adware.SAHA : Cleaned without backup
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP2\A0006110.dll -> Spyware.WinAD : Cleaned without backup
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP2\A0006111.exe -> Spyware.MediaPass : Cleaned without backup
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP2\A0006112.exe -> Spyware.WinAD : Cleaned without backup
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP2\A0006113.exe -> TrojanDownloader.IstBar : Cleaned without backup
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP2\A0006114.exe -> Spyware.Wintools : Cleaned without backup
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP2\A0006115.dll -> Spyware.Wintol : Cleaned without backup
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP2\A0006121.dll -> Spyware.SideFind : Cleaned without backup
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP2\A0006122.dll -> Spyware.SideFind : Cleaned without backup
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP2\A0006123.exe -> Spyware.SideFind : Cleaned without backup
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP2\A0006124.exe -> Spyware.Hijacker.Generic : Cleaned without backup
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP2\A0006125.exe -> Spyware.Hijacker.Generic : Cleaned without backup
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP2\A0006126.exe -> Spyware.Hijacker.Generic : Cleaned without backup
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP2\A0006129.exe -> Spyware.Hijacker.Generic : Cleaned without backup
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP2\A0006130.exe -> Spyware.Hijacker.Generic : Cleaned without backup
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP2\A0006131.exe -> Spyware.Hijacker.Generic : Cleaned without backup
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP2\A0006132.exe -> Spyware.Hijacker.Generic : Cleaned without backup
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP2\A0006133.exe -> Spyware.Hijacker.Generic : Cleaned without backup
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP2\A0006134.exe -> Spyware.Hijacker.Generic : Cleaned without backup
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP2\A0006136.exe -> Spyware.Hijacker.Generic : Cleaned without backup
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP2\A0006137.exe -> Spyware.Hijacker.Generic : Cleaned without backup
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP2\A0006141.exe -> Spyware.Hijacker.Generic : Cleaned without backup
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP2\A0006142.exe -> Spyware.Hijacker.Generic : Cleaned without backup
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP2\A0006143.exe -> Spyware.Hijacker.Generic : Cleaned without backup
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP2\A0006144.exe -> Spyware.Hijacker.Generic : Cleaned without backup
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP2\A0006145.exe -> Spyware.Hijacker.Generic : Cleaned without backup
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP2\A0006146.exe -> Spyware.Hijacker.Generic : Cleaned without backup
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP2\A0006147.exe -> Spyware.Hijacker.Generic : Cleaned without backup
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP2\A0006148.exe -> Spyware.Hijacker.Generic : Cleaned without backup
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP2\A0006149.exe -> Spyware.Hijacker.Generic : Cleaned without backup
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP2\A0006150.exe -> Spyware.Hijacker.Generic : Cleaned without backup
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP2\A0006151.dll -> Spyware.EliteBar : Cleaned without backup
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP2\A0006152.dll -> Spyware.EliteBar : Cleaned without backup
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP2\A0006159.exe -> Spyware.PurityScan : Cleaned without backup
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP2\A0006162.exe -> Spyware.SideFind : Cleaned without backup
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP2\A0006197.exe -> Spyware.WebSearch : Cleaned without backup
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP2\A0006199.exe -> Spyware.Wintools : Cleaned without backup
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP2\A0006201.exe -> TrojanDownloader.IstBar.eo : Cleaned without backup
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP2\A0006203.exe -> Trojan.Small.cy : Cleaned without backup
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP2\A0006204.exe -> Backdoor.Agobot : Cleaned without backup
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP2\A0006206.exe -> Spyware.WebSearch : Cleaned without backup
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP2\A0006207.exe -> Spyware.IBIS : Cleaned without backup
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP2\A0007416.dll -> Spyware.WebSearch : Cleaned without backup
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP2\A0007417.exe -> Spyware.WebSearch : Cleaned without backup
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP2\A0007418.exe -> Spyware.WebSearch : Cleaned without backup
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP2\A0007419.dll -> Spyware.WebSearch : Cleaned without backup
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP2\A0007420.exe -> Spyware.180Solutions : Cleaned without backup
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP2\A0007422.exe -> Adware.SAHA : Cleaned without backup
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP2\A0007423.exe -> Spyware.WinAD : Cleaned without backup
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP2\A0007424.dll -> Adware.SAHA : Cleaned without backup
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP2\A0007425.exe -> Adware.SAHA : Cleaned without backup
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP2\A0007426.exe -> Spyware.DealHelper : Cleaned without backup
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP2\A0007428.exe -> Spyware.BargainBuddy : Cleaned without backup
C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP2\A0007429.exe -> Spyware.PurityScan : Cleaned without backup
C:\verysexy.pif/mxa.exe -> Worm.Bropia.r : Cleaned without backup
C:\verysexy.pif/mx.exe -> Backdoor.Rbot.lv : Cleaned without backup
C:\WINDOWS\1880500.exe -> Spyware.Hijacker.Generic : Cleaned without backup
C:\WINDOWS\4.html -> Spyware.Linker : Cleaned without backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\istactivex.dll -> TrojanDownloader.IstBar : Cleaned without backup
C:\WINDOWS\Downloaded Program Files\ISTactivex.dll -> TrojanDownloader.IstBar.hg : Cleaned without backup
C:\WINDOWS\gfgf2.exe -> TrojanDownloader.IstBar : Cleaned without backup
C:\WINDOWS\ss.exe -> Trojan.LowZones.d : Cleaned without backup
C:\WINDOWS\system32\nvscv32.exe -> Backdoor.Rbot : Cleaned without backup


::Report End

Activescan log
Incident Status Location

Adware:Adware/PurityScan No disinfected C:\WINDOWS\System32\efawkj.dll
Adware:adware/sqwire No disinfected C:\WINDOWS\SYSTEM32\tsuninst.exe
Spyware:spyware/istbar No disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\istactivex.inf
Dialer:dialer.xe No disinfected C:\DOCUMENTS AND SETTINGS\MARC\START MENU\Click Me.lnk
Adware:adware/p2pnetworking No disinfected C:\WINDOWS\SYSTEM32\P2P Networking
Adware:adware/elitebar No disinfected C:\DOCUMENTS AND SETTINGS\MARC\FAVORITES\Casino & Carrers
Adware:adware/cws No disinfected C:\DOCUMENTS AND SETTINGS\MARC\FAVORITES\Fun & Games
Adware:adware/wintools No disinfected Windows Registry
Possible Virus. No disinfected C:\chegfie5s44.exe
Possible Virus. No disinfected C:\Program Files\UWGoLAN\UWGo.exe
Spyware:Spyware/ISTBar No disinfected C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP2\A0002108.exe
Adware:Adware/WinTools No disinfected C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP2\A0006118.cfg
Possible Virus. No disinfected C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP2\A0006127.exe
Possible Virus. No disinfected C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP2\A0006128.exe
Possible Virus. No disinfected C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP2\A0006135.exe
Possible Virus. No disinfected C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP2\A0006138.exe
Possible Virus. No disinfected C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP2\A0006139.exe
Possible Virus. No disinfected C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP2\A0006140.exe
Virus:Trj/Lowzones.EU Disinfected C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP2\A0007432.exe
Adware:Adware/PurityScan No disinfected C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP2\A0007433.exe
Adware:Adware/WinAD No disinfected C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP2\A0007434.exe
Virus:W32/Bropia.AG.worm Disinfected C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP2\A0007435.exe
Adware:Adware/SideFind No disinfected C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP2\A0007437.exe
Adware:Adware/SideFind No disinfected C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP2\A0007438.exe
Adware:Adware/SideFind No disinfected C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP2\A0007439.exe
Adware:Adware/SideFind No disinfected C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP2\A0007440.exe
Virus:Trj/Multidropper.TA Disinfected C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP2\A0007441.pif
Adware:Adware/StartPage.DD No disinfected C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP2\A0007442.exe
Spyware:Spyware/ISTBar No disinfected C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP2\A0007443.exe
Virus:Trj/Lowzones.CZ Disinfected C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP2\A0007444.exe
Virus:W32/Gaobot.FBY.worm Disinfected C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP2\A0007445.exe
Adware:Adware/Sqwire No disinfected C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP3\A0007506.dll
Adware:Adware/P2PNetworking No disinfected C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP3\A0007520.DLL
Adware:Adware/P2PNetworking No disinfected C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP3\A0007521.DLL
Adware:Adware/P2PNetworking No disinfected C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP3\A0007522.DLL
Adware:Adware/P2PNetworking No disinfected C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP3\A0007523.DLL
Adware:Adware/P2PNetworking No disinfected C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP3\A0007524.DLL
Adware:Adware/P2PNetworking No disinfected C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP3\A0007525.DLL
Adware:Adware/P2PNetworking No disinfected C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP3\A0007526.DLL
Adware:Adware/P2PNetworking No disinfected C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP3\A0007527.DLL
Adware:Adware/P2PNetworking No disinfected C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP3\A0007528.DLL
Adware:Adware/P2PNetworking No disinfected C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP3\A0007529.DLL
Adware:Adware/P2PNetworking No disinfected C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP3\A0007530.DLL
Adware:Adware/P2PNetworking No disinfected C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP3\A0007531.DLL
Adware:Adware/P2PNetworking No disinfected C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP3\A0007532.DLL
Adware:Adware/P2PNetworking No disinfected C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP3\A0007533.DLL
Adware:Adware/P2PNetworking No disinfected C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP3\A0007534.DLL
Adware:Adware/P2PNetworking No disinfected C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP3\A0007535.DLL
Adware:Adware/P2PNetworking No disinfected C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP3\A0007536.DLL
Adware:Adware/P2PNetworking No disinfected C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP3\A0007537.DLL
Adware:Adware/P2PNetworking No disinfected C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP3\A0007538.DLL
Adware:Adware/P2PNetworking No disinfected C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP3\A0007539.DLL
Adware:Adware/P2PNetworking No disinfected C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP3\A0007540.DLL
Adware:Adware/P2PNetworking No disinfected C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP3\A0007541.DLL
Adware:Adware/P2PNetworking No disinfected C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP3\A0007542.DLL
Adware:Adware/P2PNetworking No disinfected C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP3\A0007543.DLL
Adware:Adware/P2PNetworking No disinfected C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP3\A0007544.DLL
Adware:Adware/P2PNetworking No disinfected C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP3\A0007545.DLL
Spyware:Spyware/ISTBar No disinfected C:\WINDOWS\1.html
Adware:Adware/WUpd No disinfected C:\WINDOWS\2.html
Adware:Adware/MediaTickets No disinfected C:\WINDOWS\3.html
Spyware:Spyware/ISTBar No disinfected C:\WINDOWS\Downloaded Program Files\istactivex.inf
Possible Virus. No disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\JHS9JQSF\protector[1].exe
Possible Virus. No disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\SV7UQUNL\protector[1].exe
Adware:Adware/PurityScan No disinfected C:\WINDOWS\system32\efawkj.dll
Adware:Adware/PurityScan No disinfected C:\WINDOWS\system32\??ool32.exe
 

·
TSF Security Manager, Emeritus
Joined
·
42,837 Posts
Hello Mathis,

There's a bit more to do here. You can pass these instructions to your son. :smile:

Reboot into Safe Mode.

Copy the file names below to the clipboard by highlighting them and pressing Ctrl-C:

C:\WINDOWS\System32\efawkj.dll
C:\WINDOWS\SYSTEM32\tsuninst.exe
C:\WINDOWS\DOWNLOADED PROGRAM FILES\istactivex.inf
C:\DOCUMENTS AND SETTINGS\MARC\START MENU\Click Me.lnk
C:\WINDOWS\SYSTEM32\P2P Networking
C:\WINDOWS\system32\??ool32.exe


Start KillBox.
Go to the File menu, and choose Paste from Clipboard.
Verify that you've done this properly by clicking the dropdown-arrow next to the Full Path of File to Delete field. The filenames you pasted will be found in there.
Select/tick the following:
* Delete on Reboot
* End Explorer Shell While Killing File
* Unregister.dll Before Deleting" if it's not grayed out.
Click the RED X button.

Click [Yes] at the 'Delete on Reboot' prompt. Click [No] at the Pending Operations prompt.

Delete the following Files/Folders if they still exist.

C:\DOCUMENTS AND SETTINGS\MARC\FAVORITES\Casino & Carrers
C:\DOCUMENTS AND SETTINGS\MARC\FAVORITES\Fun & Games
C:\WINDOWS\SYSTEM32\P2P Networking

Reboot into Normal Mode.

Upload this file C:\chegfie5s44.exe to http://virusscan.jotti.org/ and submit it. Wait for the analysis and post it here.

Run another scan with Panda and get those results back to us along with another HijackThis log.
 
1 - 6 of 6 Posts
Status
Not open for further replies.
Top