Tech Support banner

Status
Not open for further replies.
1 - 20 of 20 Posts

·
Registered
Joined
·
559 Posts
Discussion Starter #1
Thanks to whoever decides to help me. downloading new tools... is not really an option... btw
-blitze

Logfile of HijackThis v1.99.1
Scan saved at 4:18:22 PM, on 8/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\NavNT\vptray.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\WLANSTA.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\system32\s4ksxg.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\xqihoaa.exe
C:\Program Files\Lexmark X125\LEX125SU.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\etb\pokapoka63.exe
C:\Program Files\AIM\aim.exe
C:\DOCUME~1\Kay\LOCALS~1\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.ezwebsearching.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.ezwebsearching.com/sp2.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
R3 - URLSearchHook: (no name) - _{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [WLANSTA.EXE] WLANSTA.EXE START
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [System service62] C:\WINDOWS\etb\pokapoka63.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\s4ksxg.exe reg_run
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitetpr32.exe
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [tzrafap] C:\WINDOWS\system32\xqihoaa.exe r
O4 - HKLM\..\Run: [System service63] C:\WINDOWS\etb\pokapoka63.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Lexmark X125 Settings Utility.lnk = C:\Program Files\Lexmark X125\LEX125SU.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: updater.lnk = C:\Program Files\Common Files\updater\wupdater.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxmk21762US
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.15.26/ttinst.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/gold/default/gf.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8E919D27-34F5-4E08-87ED-1D6E496146EA}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{D814E8EE-6437-4451-BF04-072B1B6B84E3}: NameServer = 192.168.0.1
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\SmFjawAA\command.exe (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
 

·
TSF Security Manager, Emeritus
Joined
·
52,197 Posts
You'll have to at least be able to download and carry tools from a clean system to the infected machine with a USB drive, or it will be next to impossible.
 

·
TSF Security Manager, Emeritus
Joined
·
52,197 Posts
Ok, Blitze, here's what we'll try first....this is a new approach, with fewer tools to download (be sure to get the latest version of AdawareSE, not just updated definitions for an existing version):

BEFORE BEGINNING, Please read completely through the instructions below and download the files from the links provided. You may want to save or print out these instructions for easier reference.

First, download Ewido Security Suite.

Next, download Lavasoft's Ad-Aware and the VX2 Cleaner Plug-in. Install Ad-Aware using the default options, then install vx2cleaner_inst.exe, taking all the defaults there as well.

Run Ad-Aware, update to the latest definitions, then click on Add-ons in the lefthand column. Select VX2 Cleaner V2.0 and click Run Tool. Click "OK", then, if something is found, click "Clean" as in the directions given. Click "Close", and exit Ad-Aware.

Reboot your PC and run Ad-Aware again. This time, click on the Start button in Ad-Aware, select "Perform smart system scan" and click Next. Once the scan finishes, click "Next" again. Select all objects found (right click anywhere in the list of found objects and click "Select All Objects"). Click "Next" one more time, then "OK" to confirm the removal.

You will be prompted to set Ad-Aware to run on reboot, click "OK". Exit Ad-Aware and restart your PC once again.

When Ad-Aware starts up, click on "Start", then "Next". Follow the steps above if anything is found, or click "Finish", then exit Ad-Aware.

For a final cleanup, please install and run Ewido.
  1. When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  2. When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  3. From the main ewido screen, click on update in the left menu, then click the Start update button.
  4. After the update finishes (the status bar at the bottom will display "Update successful")
  5. Click on the Scanner button in the left menu, then click on Complete System Scan. This scan can take quite a while to run.
  6. If ewido finds anything, it will pop up a notification. We have been finding some cases of false positives with the new version of Ewido, so we need to step through the fixes one-by-one. If Ewido finds something that you KNOW is legitimate (for example, parts of AVG Antivirus, pcAnywhere and the game "Risk" have been flagged), select "none" as the action. DO NOT check "Perform action with all infections". If you are unsure of an entry, select "none" for the time being. I'll see that in the log you will post later and let you know if ewido needs to be run again.
  7. When the scan finishes, click on "Save Report". This will create a text file. Make sure you know where to find this file again.
Please finish up by rebooting your system once more, and posting a new HijackThis log and the log from the Ewido scan.
 

·
TSF Security Manager, Emeritus
Joined
·
52,197 Posts
Blitze -

We suffered a database loss today, and our recent replies have been lost. If I recall, you were having issues running the scans in normal mode, and one of the scans (or both) were freezing on a file.

Try to run Adaware and Ewido in safe mode first now. If you can ID the file on which the scans are seizing up, post them here for analysis. Once you've tried that, post results along with a new HJT log so we can press on.
 

·
Registered
Joined
·
559 Posts
Discussion Starter #7
Ewido scan:

ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 5:15:47 PM, 9/3/2005
+ Report-Checksum: 51B7AFBD

+ Scan result:

HKLM\SOFTWARE\Altnet -> Spyware.Altnet : Error during cleaning
HKLM\SOFTWARE\Altnet\Dashboard -> Spyware.Altnet : Error during cleaning
HKLM\SOFTWARE\Altnet\Dashboard\Settings -> Spyware.Altnet : Error during cleaning
[768] VM_00E40000 -> Adware.BetterInternet : Error during cleaning
[868] C:\WINDOWS\system32\effmnu.exe -> Trojan.Agent.cp : Cleaned with backup
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ipdr.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\Documents and Settings\Jack\Cookies\[email protected][1].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\Jack\Cookies\[email protected][2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Jack\Cookies\[email protected][2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Jack\Cookies\[email protected][1].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Documents and Settings\Jack\Cookies\[email protected][1].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Jack\Cookies\[email protected][1].txt -> Spyware.Cookie.Shopathomeselect : Cleaned with backup
C:\Documents and Settings\Jack\Cookies\[email protected][1].txt -> Spyware.Cookie.Epilot : Cleaned with backup
C:\Documents and Settings\Jack\Local Settings\Temp\180SAAX.cab/clientax.dll -> Spyware.180Solutions : Cleaned with backup
C:\Documents and Settings\Jack\Local Settings\Temp\197404_2020_612_4260_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Jack\Local Settings\Temp\197450_2020_612_6048_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Jack\Local Settings\Temp\197816_2020_612_2436_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Jack\Local Settings\Temp\197886_2020_612_6116_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Jack\Local Settings\Temp\198966_2020_612_4892_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Jack\Local Settings\Temp\199030_2020_612_6120_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Jack\Local Settings\Temp\199234_2020_612_2400_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Jack\Local Settings\Temp\199812_2020_612_3876_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Jack\Local Settings\Temp\199868_2020_612_4176_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Jack\Local Settings\Temp\199956_2020_612_4776_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Jack\Local Settings\Temp\200646_2020_612_1400_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Jack\Local Settings\Temp\263350_2020_612_5264_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Jack\Local Settings\Temp\263438_2020_612_6072_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Jack\Local Settings\Temp\263598_2020_612_2100_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Jack\Local Settings\Temp\263996_2020_612_5808_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Jack\Local Settings\Temp\264400_2020_612_5336_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Jack\Local Settings\Temp\264754_2020_612_172_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Jack\Local Settings\Temp\265044_2020_612_4016_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Jack\Local Settings\Temp\328456_2020_612_3476_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Jack\Local Settings\Temp\328564_2020_612_4056_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Jack\Local Settings\Temp\329392_2020_612_1956_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Jack\Local Settings\Temp\329430_2020_612_5096_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Jack\Local Settings\Temp\331720_2020_612_1332_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Jack\Local Settings\Temp\394000_2020_612_5112_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Jack\Local Settings\Temp\459036_2020_612_3568_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Jack\Local Settings\Temp\590258_2020_612_4168_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Jack\Local Settings\Temp\655750_2020_612_4340_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Jack\Local Settings\Temp\655768_2020_612_2844_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Jack\Local Settings\Temp\657482_2020_612_1360_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Jack\Local Settings\Temp\659090_2020_612_1556_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Jack\Local Settings\Temp\723014_2020_612_3820_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Jack\Local Settings\Temp\DelAC.tmp -> TrojanDownloader.Small.asf : Cleaned with backup
C:\Documents and Settings\Jack\Local Settings\Temp\i6A.tmp -> Spyware.SurfSide : Cleaned with backup
C:\Documents and Settings\Jack\Local Settings\Temp\resB1.tmp -> Spyware.180Solutions : Cleaned with backup
C:\Documents and Settings\Jack\Local Settings\Temporary Internet Files\Content.IE5\7Q8W9Z3T\svcproc[1].exe -> Trojan.Stervis.d : Cleaned with backup
C:\Documents and Settings\Jack\Local Settings\Temporary Internet Files\Content.IE5\7Q8W9Z3T\website[1].ocx -> TrojanDownloader.Agent.ex : Cleaned with backup
C:\Documents and Settings\Jack\Local Settings\Temporary Internet Files\Content.IE5\O0PK15JM\ActiveX[1].ocx -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Jack\Local Settings\Temporary Internet Files\Content.IE5\Y3K8HA1R\Nail[1].exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\Jack\Local Settings\Temporary Internet Files\Content.IE5\Y3K8HA1R\pcs_0006[1].exe -> Spyware.Pacer : Cleaned with backup
C:\Documents and Settings\Jack\Local Settings\Temporary Internet Files\Content.IE5\Y3K8HA1R\Poller[1].exe -> Trojan.Agent.ay : Cleaned with backup
C:\Documents and Settings\Jack\Local Settings\Temporary Internet Files\Content.IE5\YJ8HOY4L\aurora[1].exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\Kay\Cookies\[email protected][1].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\Kay\Cookies\[email protected][1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Kay\Cookies\[email protected][2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Kay\Cookies\[email protected][2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Kay\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Kay\Cookies\[email protected][2].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Kay\Cookies\[email protected][2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Kay\Local Settings\Temp\Cookies\[email protected][2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Kay\Local Settings\Temp\Cookies\[email protected][2].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Documents and Settings\Kay\Local Settings\Temp\Del63.tmp -> Spyware.180Solutions : Cleaned with backup
C:\Documents and Settings\Kay\Local Settings\Temp\f898187.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\Documents and Settings\Kay\Local Settings\Temp\i67.tmp -> Spyware.SurfSide : Cleaned with backup
C:\Documents and Settings\Kay\Local Settings\Temp\temp.fr7373\MediaGateway.exe -> Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\Kay\Local Settings\Temp\tp7543.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\Documents and Settings\Kaylon\Cookies\[email protected][2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Kaylon\Cookies\[email protected][1].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\Kaylon\Cookies\[email protected][1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Kaylon\Cookies\[email protected][2].txt -> Spyware.Cookie.Clickhype : Cleaned with backup
C:\Documents and Settings\Kaylon\Cookies\[email protected][2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Kaylon\Cookies\[email protected][2].txt -> Spyware.Cookie.Bpath : Cleaned with backup
C:\Documents and Settings\Kaylon\Cookies\[email protected][2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Kaylon\Cookies\[email protected][1].txt -> Spyware.Cookie.Clickhype : Cleaned with backup
C:\Documents and Settings\Kaylon\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kaylon\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kaylon\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kaylon\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kaylon\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kaylon\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kaylon\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kaylon\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kaylon\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kaylon\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kaylon\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kaylon\Cookies\[email protected][1].txt -> Spyware.Cookie.Wegcash : Cleaned with backup
C:\Documents and Settings\Kaylon\Cookies\[email protected][1].txt -> Spyware.Cookie.Hypertracker : Cleaned with backup
C:\Documents and Settings\Kaylon\Cookies\[email protected][1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Kaylon\Cookies\[email protected][2].txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
C:\Documents and Settings\Kaylon\Cookies\[email protected][1].txt -> Spyware.Cookie.Wegcash : Cleaned with backup
C:\Documents and Settings\Kaylon\Cookies\[email protected][1].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Kaylon\Cookies\[email protected][2].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Kaylon\Cookies\[email protected][1].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Kaylon\Cookies\[email protected][1].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Kaylon\Cookies\[email protected][2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Kaylon\Local Settings\Temp\Cookies\[email protected][2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Kaylon\Local Settings\Temp\Del17B.tmp -> Spyware.180Solutions : Cleaned with backup
C:\Documents and Settings\Kaylon\Local Settings\Temp\f832937.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\Documents and Settings\Kaylon\Local Settings\Temp\i78.tmp -> Spyware.SurfSide : Cleaned with backup
C:\Documents and Settings\Kevin\Cookies\[email protected]2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Kevin\Cookies\[email protected][2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> Spyware.Cookie.Adorigin : Cleaned with backup
C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> Spyware.Cookie.Bpath : Cleaned with backup
C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Kevin\Cookies\[email protected][2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Kevin\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kevin\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kevin\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kevin\Cookies\[email protected][2].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Kevin\Cookies\[email protected][2].txt -> Spyware.Cookie.Wegcash : Cleaned with backup
C:\Documents and Settings\Kevin\Cookies\[email protected][2].txt -> Spyware.Cookie.Hypertracker : Cleaned with backup
C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> Spyware.Cookie.Internetfuel : Cleaned with backup
C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Documents and Settings\Kevin\Cookies\[email protected][2].txt -> Spyware.Cookie.Wegcash : Cleaned with backup
C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Kevin\Cookies\[email protected][2].txt -> Spyware.Cookie.Dbbsrv : Cleaned with backup
C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Kevin\Local Settings\Temp\Cookies\[email protected][2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Kevin\Local Settings\Temp\DelA3.tmp -> TrojanDownloader.Small.asf : Cleaned with backup
C:\Documents and Settings\Kevin\Local Settings\Temp\DelCF.tmp -> TrojanDownloader.Small.asf : Cleaned with backup
C:\Documents and Settings\Kevin\Local Settings\Temp\f495750.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\Documents and Settings\Kevin\Local Settings\Temp\iCD.tmp -> Spyware.SurfSide : Cleaned with backup
C:\Documents and Settings\Kevin\Local Settings\Temp\resA4.tmp -> Spyware.180Solutions : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt -> Spyware.Cookie.Epilot : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ODELSZ6J\proxy_inst[1].exe -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\UJQXAZ61\proxy_inst[1].exe -> Spyware.EliteBar : Cleaned with backup
C:\Program Files\AntWar_Setup-dm.exe -> Spyware.Trymedia : Cleaned with backup
C:\Program Files\Common Files\mc-110-12-0000079.exe -> TrojanDownloader.Agent.rv : Cleaned with backup
C:\Program Files\Common Files\system32.dll/Catcher.dll -> Spyware.Maxifiles : Error during cleaning
C:\Program Files\Common Files\system32.dll/gui.exe -> TrojanDownloader.Agent.rv : Error during cleaning
C:\Program Files\DNS\gui.exe -> TrojanDownloader.Agent.rv : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.X10 : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Clickagents : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Commission-junction : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Euniverseads : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Gator : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Qksrv : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][3].txt.bak -> Spyware.Cookie.Targetnet : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Gator : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\eabh.dll.bak -> Adware.eZula : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.180solutions : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.247realmedia : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.247realmedia : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Specificpop : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.X10 : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.X10 : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Bfast : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Bfast : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Clickagents : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Clickagents : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Commission-junction : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.180solutions : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Hitslink : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Coremetrics : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Euniverseads : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Euniverseads : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Gator : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Gator : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Linksynergy : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Pro-market : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Qksrv : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Qksrv : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Valuead : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Specificpop : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Targetnet : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Targetnet : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Coremetrics : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Gator : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.X10 : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.247realmedia : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Specificpop : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.X10 : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Bfast : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Clickagents : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.180solutions : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Gator : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Qksrv : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Targetnet : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Xxxtoolbar : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.247realmedia : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Specificpop : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Bfast : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Clickagents : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Commission-junction : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Coremetrics : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Gator : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Linksynergy : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Qksrv : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Valuead : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Specificpop : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Targetnet : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.bak -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Directnetadvertising : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\seng.dll.bak -> Adware.eZula : Cleaned with backup
C:\Program Files\Enigma Software Group\SpyHunter\Backup\wtvh.dll.bak -> Spyware.WildTangent : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\3EFA446B-B067-4EB5-BFDC-826904\5B7F8210-84D4-412E-B2F5-8C7CBC -> Trojan.Agent.db : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\5E8B1309-6CC2-4E15-A8D1-8DF770\5FBE8A53-D3FA-4A43-9614-E36B63 -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\7DF5EFC2-F32A-4B5B-B7DE-CC5554\CD024898-DF6D-41DB-AF53-95CE17 -> Spyware.Maxifiles : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\A7C1976D-0582-43B2-A499-8840AC\89F60CA4-4F1D-4E73-9503-DB055C -> Trojan.Agent.db : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\ECE6C746-0A98-4CF9-BA0F-6CF5FC\46E3FC89-5F0A-42D3-B890-2D38BB -> TrojanDropper.Agent.hl : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\ECE6C746-0A98-4CF9-BA0F-6CF5FC\638DA137-C11E-4BA5-92E6-B26E28 -> TrojanDropper.Small.qn : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\ECE6C746-0A98-4CF9-BA0F-6CF5FC\85745442-4B71-496C-9B2A-091768 -> TrojanDropper.Small.qn : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\ECE6C746-0A98-4CF9-BA0F-6CF5FC\886F2159-C2F8-4EFA-BAEC-4E56F0 -> TrojanDropper.Small.qn : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\ECE6C746-0A98-4CF9-BA0F-6CF5FC\D12FB26A-D1EA-4DC2-8CC8-58B2B7 -> TrojanDropper.Small.qn : Cleaned with backup
C:\WINDOWS\ckhyxjjx.exe -> TrojanDownloader.VB.do : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\SmileyCentralFWBInitialSetup1.0.0.8.exe -> TrojanDropper.FunWeb.a : Cleaned with backup
C:\WINDOWS\dsr.dll -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\dsr.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\WINDOWS\lrnw.exe -> TrojanDownloader.VB.do : Cleaned with backup
C:\WINDOWS\prelimhanse.exe -> Spyware.WebHancer : Cleaned with backup
C:\WINDOWS\system\ajxueit.exe -> TrojanDownloader.Small.ayh : Cleaned with backup
C:\WINDOWS\system32\aoder.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\WINDOWS\system32\cjakrk.exe -> Trojan.Agent.ay : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\01BUVEXY\proxy_inst[1].exe -> Spyware.EliteBar : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\01BUVEXY\proxy_inst[2].exe -> Spyware.EliteBar : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\7QRABU4W\proxy_inst[1].exe -> Spyware.EliteBar : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HRSBLV56\proxy_inst[1].exe -> Spyware.EliteBar : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HRSBLV56\proxy_inst[2].exe -> Spyware.EliteBar : Cleaned with backup
C:\WINDOWS\system32\effmnu.exe -> Trojan.Agent.ay : Cleaned with backup
C:\WINDOWS\system32\eliteart32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system32\elitedcp32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system32\elitednl32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system32\elitefeh32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system32\elitegvw32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system32\elitejjm32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system32\elitelvj32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system32\elitemwb32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system32\elitenpr32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system32\eliteonr32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system32\eliterct32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system32\eliterjc32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system32\elitesxf32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system32\elitetfj32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system32\elitetpr32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system32\eliteynf32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system32\kbqwg.dat -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\WINDOWS\system32\mrcdxno.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\WINDOWS\system32\MTE2ODM6ODoxNg.exe -> Spyware.ISearch : Cleaned with backup
C:\WINDOWS\system32\Pop1A.exe -> Spyware.WinAD : Cleaned with backup
C:\WINDOWS\system32\s4ksxg.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\WINDOWS\system32\skdffjg.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\WINDOWS\Temp\Cookies\[email protected][2].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\WINDOWS\xufitleuk.exe -> Adware.BetterInternet : Cleaned with backup


::Report End



HIJACK LOG
Logfile of HijackThis v1.99.1
Scan saved at 5:18:38 PM, on 9/3/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\WLANSTA.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\NavNT\rtvscan.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\kslamck.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Lexmark X125\LEX125SU.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\etb\pokapoka65.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Kay\LOCALS~1\Temp\Temporary Directory 7 for hijackthis.zip\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.ezwebsearching.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.ezwebsearching.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
R3 - URLSearchHook: (no name) - _{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [WLANSTA.EXE] WLANSTA.EXE START
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [System service62] C:\WINDOWS\etb\pokapoka63.exe
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [lsass] C:\windows\system32\eliteyuy32.exe
O4 - HKLM\..\Run: [System service65] C:\WINDOWS\etb\pokapoka65.exe
O4 - HKLM\..\Run: [ozomth] C:\WINDOWS\system32\kslamck.exe r
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Lexmark X125 Settings Utility.lnk = C:\Program Files\Lexmark X125\LEX125SU.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: updater.lnk = C:\Program Files\Common Files\updater\wupdater.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxmk21762US
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.15.26/ttinst.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/gold/default/gf.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8E919D27-34F5-4E08-87ED-1D6E496146EA}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{D814E8EE-6437-4451-BF04-072B1B6B84E3}: NameServer = 192.168.0.1
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\SmFjawAA\command.exe (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
 

·
Registered
Joined
·
6,574 Posts
Please confirm, did you download, install and run the VX2 Plugin.

Please download Ad-aware at http://www.lavasoftusa.com/ and install it if you don't have it already. Make sure it's the newest version and check for any updates before running it.

Also go to http://www.lavasoftusa.com/software/addons/vx2cleaner.shtml to download the plug-in for fixing VX2 variants. To run this tool, go into Ad-aware->Add-ons and select VX2 Cleaner. Then click Run Tool and OK to start it. If it's clean, it will say Status System Clean. Otherwise, you will have to click on the Clean button to remove the VX2 infection. Also make sure to customize the settings in Ad-aware at http://www.greyknight17.com/spyware.htm#adaware for better scan results. Run the scan and fix everything that it finds.

It's the Vx2 plugin that is the key here. It should remove the nail/websearch/epolvy junk.

Let us know.
 

·
TSF Security Manager, Emeritus
Joined
·
52,197 Posts
Blitze -

Nailfix alone will NOT cure these multiple infections....this system has several issues, and it appears as though we'll have to take the long approach.

Please download Ewido Security Suite at http://www.ewido.net/en/download/.

1. Install Ewido Security Suite.
2. When installing, under 'Additional Options' uncheck:
* Install background guard
* Install scan via context menu
3. Launch Ewido, there should be an icon on your desktop, double click it.
4. The program will now open to the main screen.
5. When you run Ewido for the first time, you will get a warning 'Database could not be found!'. Click OK. We will fix this in a moment.
6. You will need to update Ewido to the latest definition files.
* On the left hand side of the main screen click update.
* Then click on Start Update.
7. The update will start and a progress bar will show the updates being installed. The status bar at the bottom will display 'Update successful'.
8. Exit Ewido. DO NOT scan yet.

If you are having problems with the updater, you can go to http://www.ewido.net/en/download/updates/ to update manually.

Please download miekiemoes' LQfix batch here:
http://www.downloads.subratam.org/LQfix.zip
Unzip it to the desktop but do NOT run it yet.

Download Nailfix Utility at http://www.noidea.us/easyfile/file.php?download=20050711214630636 Save it to your desktop. Do NOT run it yet.

Download dsrfix.zip http://www.atribune.org/downloads/dsrfix.zip and save it to your desktop. Unzip the dsrfix.zip contents to your desktop. This will create a new folder on your desktop named dsrfix. Do NOT open that folder yet.

Download APT http://www.diamondcs.com.au/index.php?page=apt and unzip the contents to a new folder on your desktop.

* Open the folder you just created and click on apt.exe and search in the window for C:\WINDOWS\system32\kslamck.exe .
* Open your C:\Windows\system32 folder and search for kslamck.exe . Don't delete it yet, just leave the system32 folder open so you can see the bad file.
* In APT again, Select C:\WINDOWS\system32\kslamck.exe and Click Kill3.
* Then immediately delete kslamck.exe from your system32 folder.

Close APT.

Download CleanUp! http://cleanup.stevengould.org/ (Alternate Link if main link don't work - http://www.greyknight17.com/spy/CleanUp.exe ) and install it. Don't run it yet.

Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work.

Go to Start->Run and type in services.msc and hit OK. Then look for Command Service and double click on it. Click on the Stop button and under Startup type, choose Disabled.

Repeat these instuctions for System Startup Service

Next, Uninstall from Add/Remove Programs the following if present:

Viewpoint
Viewpoint Manager
MyWebSearch


Once in Safe Mode, run LQfix.bat

Next, double click on nailfix.exe.
Click 'Next' in the setup, then make sure 'Run Nailfix' is checked and click 'Finish'.
Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

CleanUp! deletes EVERYTHING out of your temp/temporary folders, it does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp!. Run CleanUp! and click on the Options button. Uncheck 'Scan local drives for temporary files'. Also uncheck those two Newsgroup entries if you don't want to delete them. Click OK and then click on the CleanUp! button. Let it run. After it's done, choose Yes to logoff.

Now open Ewido and do a scan on your system.

* Click on scanner
* Click on Complete System Scan and the scan will begin.
* NOTE: During some scans with Ewido it is finding cases of false positives.
o You will need to step through the process of cleaning files one-by-one.
o If Ewido detects a file you KNOW to be legitimate, select none as the action.
o Do NOT select 'Perform action on all infections'
o If you are unsure of any entry found, select none for now as the action.
* Once the scan has completed, there will be a button located on the bottom of the screen named Save report
* Click Save report.
* Save the report .txt file to your desktop or a location where you can find it easily.

Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.ezwebsearching.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.ezwebsearching.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
R3 - URLSearchHook: (no name) - _{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [System service62] C:\WINDOWS\etb\pokapoka63.exe
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [lsass] C:\windows\system32\eliteyuy32.exe
O4 - HKLM\..\Run: [System service65] C:\WINDOWS\etb\pokapoka65.exe
O4 - HKLM\..\Run: [ozomth] C:\WINDOWS\system32\kslamck.exe r
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: updater.lnk = C:\Program Files\Common Files\updater\wupdater.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusear...?p=ZNxmk21762US
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\SmFjawAA\command.exe (file missing)
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe


NOTE: The 04 entry O4 - HKLM\..\Run: [ozomth] C:\WINDOWS\system32\kslamck.exe r may have changed names if you have rebooted since posting the log; look for an entry with a similar format, that will always end in a single letter r.

Now open the folder dsrfix on your desktop.
* Double click on dsrfix.bat
* A window will pop up briefly then close, this is normal.

Locate and delete the following:

C:\WINDOWS\Nail.exe
C:\Program Files\Viewpoint
C:\WINDOWS\etb\pokapoka63.exe
C:\WINDOWS\dinst.exe
C:\windows\system32\eliteyuy32.exe
C:\WINDOWS\etb\pokapoka65.exe
C:\WINDOWS\system32\kslamck.exe r (or whatever the name may have changed to, as noted above).
C:\Program Files\MyWebSearch
C:\Program Files\Common Files\updater\wupdater.exe
C:\WINDOWS\SmFjawAA
C:\WINDOWS\svcproc.exe


Restart your computer.

Download FindIt's.zip http://forums.net-integration.net/index.php?act=Attach&type=post&id=142443 to your desktop.

1. Unzip/extract the files to a folder on your desktop.
2. Open the folder. Double click on FindIt's.bat and wait for Notepad to open a text file. It will take a while so please be patient... Note: If you are having problems using FindIt's.bat (16 bit error), copy autoexec.nt from the C:\WINDOWS\repair folder to C:\WINDOWS\system32 folder. Now try running FindIt's.bat.
3. Then post the FindIt's log here along with the logs for HijackThis and Ewido.
 

·
Registered
Joined
·
559 Posts
Discussion Starter #11
....i never said it'd fix all you're problems. However htis person has watied a while, so i thought fixing a few problems at a time would.. atleast show them we're getting somewhere. Also we already did the ewido suit :)
-blitze
 

·
TSF Security Manager, Emeritus
Joined
·
52,197 Posts
Just follow the fix I've posted, in the order in which I posted it. Obviously, ewido doesn't need to be downloaded again, but it does need to have it's definitions updated, and it does need to be run in the fix where it is placed.
 

·
Registered
Joined
·
559 Posts
Discussion Starter #14
The vx2 plugin worked this time around.. and it was ran. I will post another log from hijack this because a lot of the entries are gone now... thank you for helping teton!
-blitze
 

·
Registered
Joined
·
559 Posts
Discussion Starter #15
Logfile of HijackThis v1.99.1
Scan saved at 8:06:30 PM, on 9/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\NavNT\rtvscan.exe
C:\Program Files\NavNT\vptray.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\WLANSTA.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Lexmark X125\LEX125SU.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\AOL\1125950716\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1125950716\ee\AOLServiceHost.exe
C:\Program Files\Common Files\AOL\1125950716\ee\AOLServiceHost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\DOCUME~1\Kay\LOCALS~1\Temp\Temporary Directory 9 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.search345quest.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.search345quest.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.search345quest.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.search345quest.com/sp2.php
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [WLANSTA.EXE] WLANSTA.EXE START
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1125950716\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [lsass] C:\windows\system32\eliteyuy32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Lexmark X125 Settings Utility.lnk = C:\Program Files\Lexmark X125\LEX125SU.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.15.26/ttinst.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/gold/default/gf.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8E919D27-34F5-4E08-87ED-1D6E496146EA}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{D814E8EE-6437-4451-BF04-072B1B6B84E3}: NameServer = 192.168.0.1
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\SmFjawAA\command.exe (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
 

·
TSF Security Manager, Emeritus
Joined
·
52,197 Posts
Hi Blitze -

This is starting to look better. There are a couple entries which ewido and LQFix should have taken out, so if some of this seems repetitive, well, it is...:grin: Sorry I seemed to get bent out of shape there.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Before you do anything else, please create a folder for HijackThis and put it in a permanent folder (like C:\HJT) instead of the Temp folder. This is required because HijackThis will create backups and we don't want them to be deleted.

Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading, select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm and then click OK.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Please download miekiemoes' LQfix batch here:
http://www.downloads.subratam.org/LQfix.zip
Unzip it to the desktop but do NOT run it yet.

Update ewido's definitions again.

Run Ad-Aware, update to the latest definitions, then click on Add-ons in the lefthand column. Select VX2 Cleaner V2.0 and click Run Tool. Click "OK", then, if something is found, click "Clean" as in the directions given. Click "Close", and exit Ad-Aware.

Reboot your PC and run Ad-Aware again. This time, click on the Start button in Ad-Aware, select "Perform smart system scan" and click Next. Once the scan finishes, click "Next" again. Select all objects found (right click anywhere in the list of found objects and click "Select All Objects"). Click "Next" one more time, then "OK" to confirm the removal.

You will be prompted to set Ad-Aware to run on reboot, click "OK". Exit Ad-Aware and restart your PC once again.

When Ad-Aware starts up, click on "Start", then "Next". Follow the steps above if anything is found, or click "Finish", then exit Ad-Aware.

Click Start->Run - type SERVICES.MSC & then click on the OK button
  1. Locate the service - Command Service
  2. Double-click on it to open the Properties dialog.
    • Under the General tab, note down the name of "Service name". We shall need it later.
    • Stop the service by using the Stop button.
    • Change the Startup type to Disabled & then click on the OK button
  3. Then start HiJackThis & go to Config>Misc.Tools...> Delete an NT service...
  4. In the popup box that appears, type in "Service name" & then click on the OK button
Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Make sure to close any open browsers.

Run the LQFix.bat we downloaded.

Run Ewido again.
  • Click on the Scanner button in the left menu, then click on Complete System Scan. This scan can take quite a while to run.
  • If ewido finds anything, it will pop up a notification. We have been finding some cases of false positives with the new version of Ewido, so we need to step through the fixes one-by-one. If Ewido finds something that you KNOW is legitimate (for example, parts of AVG Antivirus, pcAnywhere and the game "Risk" have been flagged), select "none" as the action. DO NOT check "Perform action with all infections". If you are unsure of an entry, select "none" for the time being. I'll see that in the log you will post later and let you know if ewido needs to be run again.
  • When the scan finishes, click on "Save Report". This will create a text file. Make sure you know where to find this file again.
Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.search345quest.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.search345quest.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.search345quest.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.search345quest.com/sp2.php
R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
O4 - HKLM\..\Run: [lsass] C:\windows\system32\eliteyuy32.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\SmFjawAA\command.exe (file missing)



Delete the following Files/Folders (delete folders if no filename is specified) according to their directory (if none, just do a search for them) and delete them if they exist:

C:\windows\system32\eliteyuy32.exe
C:\WINDOWS\SmFjawAA


Restart and run a new HijackThis scan. Save the log file and post it here.

Perform an online scan with Internet Explorer with Panda ActiveScan - requires Internet Explorer

  1. Click on the Scan your PC button & a 'pop up' window shall appear. * ensure that your pop up blocker doesn't block it
  2. Click On 'Scan Now'
  3. Enter your e-mail address & click 'Scan Now' ...begins downloading Panda's ActiveX controls.- 8MB
  4. Begin the scan by selecting My Computer
    * You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
  5. If it finds any malware, it will offer you a report. Click on see report
  6. Then click Save report
  7. Post the contents of the report in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan

So I need you to bring back logs from:

Ewido
HJT
Panda ActiveScan
 

·
Registered
Joined
·
559 Posts
Discussion Starter #17
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 10:10:54 PM, 9/7/2005
+ Report-Checksum: 4D7308

+ Scan result:

:mozilla.18:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\niwg293v.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.19:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\niwg293v.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.20:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\niwg293v.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.21:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\niwg293v.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.25:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\niwg293v.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.39:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\niwg293v.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.46:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\niwg293v.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.53:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\niwg293v.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.55:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\niwg293v.default\cookies.txt -> Spyware.Cookie.Mediaplex : Ignored
:mozilla.59:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\niwg293v.default\cookies.txt -> Spyware.Cookie.Atdmt : Ignored
HKLM\SOFTWARE\Altnet -> Spyware.Altnet : Error during cleaning
HKLM\SOFTWARE\Altnet\Dashboard -> Spyware.Altnet : Error during cleaning
HKLM\SOFTWARE\Altnet\Dashboard\Settings -> Spyware.Altnet : Error during cleaning
:mozilla.16:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\niwg293v.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\niwg293v.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\niwg293v.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\niwg293v.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\niwg293v.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\niwg293v.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\niwg293v.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\niwg293v.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\niwg293v.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\niwg293v.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\niwg293v.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\niwg293v.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\niwg293v.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\niwg293v.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\niwg293v.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\niwg293v.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\niwg293v.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\niwg293v.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\niwg293v.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\niwg293v.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\niwg293v.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\niwg293v.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\niwg293v.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\niwg293v.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\niwg293v.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\niwg293v.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\niwg293v.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\niwg293v.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\niwg293v.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\niwg293v.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\niwg293v.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\niwg293v.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\niwg293v.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\niwg293v.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\niwg293v.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\niwg293v.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\niwg293v.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\niwg293v.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\niwg293v.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\niwg293v.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\niwg293v.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\niwg293v.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\niwg293v.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\niwg293v.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\niwg293v.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\niwg293v.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\niwg293v.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\niwg293v.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\niwg293v.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\niwg293v.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\niwg293v.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\niwg293v.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\niwg293v.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\niwg293v.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\niwg293v.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\niwg293v.default\cookies.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\niwg293v.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\niwg293v.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.133:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\niwg293v.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.134:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\niwg293v.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.135:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\niwg293v.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.202:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\niwg293v.default\cookies.txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
:mozilla.203:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\niwg293v.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.204:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\niwg293v.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.205:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\niwg293v.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.258:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\niwg293v.default\cookies.txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
:mozilla.264:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\niwg293v.default\cookies.txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
:mozilla.265:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\niwg293v.default\cookies.txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
:mozilla.280:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\niwg293v.default\cookies.txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
:mozilla.282:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\niwg293v.default\cookies.txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
:mozilla.285:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\niwg293v.default\cookies.txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
:mozilla.286:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\niwg293v.default\cookies.txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
:mozilla.287:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\niwg293v.default\cookies.txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
:mozilla.294:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\niwg293v.default\cookies.txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
:mozilla.342:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\niwg293v.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.343:C:\Documents and Settings\Kay\Application Data\Mozilla\Firefox\Profiles\niwg293v.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Kay\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Kay\Cookies\[email protected][2].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\Kay\Cookies\[email protected][1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Kay\Cookies\[email protected][2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Kay\Cookies\[email protected][2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Kay\Cookies\[email protected][2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Kay\Cookies\[email protected][2].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Documents and Settings\Kay\Cookies\[email protected][1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Kay\Cookies\[email protected][2].txt -> Spyware.Cookie.Valuead : Cleaned with backup
C:\Documents and Settings\Kay\Cookies\[email protected][1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Kay\Cookies\[email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Kay\Local Settings\Temp\Cookies\[email protected][1].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Kay\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\protector[1].exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Documents and Settings\Kay\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\protector[1].exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Documents and Settings\Kay\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\silent_setup[1].exe -> TrojanDropper.Agent.tv : Cleaned with backup
:mozilla.6:C:\Documents and Settings\Kaylon\Application Data\Mozilla\Firefox\Profiles\r0e42wjy.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Kaylon\Application Data\Mozilla\Firefox\Profiles\r0e42wjy.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Kaylon\Application Data\Mozilla\Firefox\Profiles\r0e42wjy.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Kaylon\Application Data\Mozilla\Firefox\Profiles\r0e42wjy.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Kaylon\Application Data\Mozilla\Firefox\Profiles\r0e42wjy.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Kaylon\Application Data\Mozilla\Firefox\Profiles\r0e42wjy.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Kaylon\Application Data\Mozilla\Firefox\Profiles\r0e42wjy.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Kaylon\Application Data\Mozilla\Firefox\Profiles\r0e42wjy.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Kaylon\Application Data\Mozilla\Firefox\Profiles\r0e42wjy.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Kaylon\Application Data\Mozilla\Firefox\Profiles\r0e42wjy.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Kaylon\Application Data\Mozilla\Firefox\Profiles\r0e42wjy.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Kaylon\Application Data\Mozilla\Firefox\Profiles\r0e42wjy.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Kaylon\Application Data\Mozilla\Firefox\Profiles\r0e42wjy.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Kaylon\Application Data\Mozilla\Firefox\Profiles\r0e42wjy.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Kaylon\Application Data\Mozilla\Firefox\Profiles\r0e42wjy.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Kaylon\Application Data\Mozilla\Firefox\Profiles\r0e42wjy.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Kaylon\Application Data\Mozilla\Firefox\Profiles\r0e42wjy.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Kaylon\Application Data\Mozilla\Firefox\Profiles\r0e42wjy.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Kaylon\Application Data\Mozilla\Firefox\Profiles\r0e42wjy.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Kaylon\Application Data\Mozilla\Firefox\Profiles\r0e42wjy.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Kaylon\Application Data\Mozilla\Firefox\Profiles\r0e42wjy.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Kaylon\Application Data\Mozilla\Firefox\Profiles\r0e42wjy.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Kaylon\Application Data\Mozilla\Firefox\Profiles\r0e42wjy.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Kaylon\Application Data\Mozilla\Firefox\Profiles\r0e42wjy.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Kaylon\Cookies\[email protected][1].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\Kaylon\Cookies\[email protected][3].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Kaylon\Cookies\[email protected][2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Kaylon\Cookies\[email protected][2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Kaylon\Cookies\[email protected][2].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Kaylon\Cookies\[email protected][1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Kaylon\Local Settings\Temporary Internet Files\Content.IE5\LA1U1M57\silent_setup[1].exe -> TrojanDropper.Agent.tv : Cleaned with backup
C:\Documents and Settings\Kaylon\Local Settings\Temporary Internet Files\Content.IE5\QKR4XKAO\protector[1].exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Documents and Settings\Kaylon\Local Settings\Temporary Internet Files\Content.IE5\QKR4XKAO\silent_setup[1].exe -> TrojanDropper.Agent.tv : Cleaned with backup
C:\Documents and Settings\Kaylon\Local Settings\Temporary Internet Files\Content.IE5\XERW6HN1\protector[1].exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Documents and Settings\Kevin\Cookies\[email protected][1].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\Kevin\Cookies\[email protected][2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Kevin\Cookies\[email protected][2].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\PB6AZ3YN\silent_setup[1].exe -> TrojanDropper.Agent.tv : Cleaned with backup
C:\Program Files\Common Files\system32.dll/Catcher.dll -> Spyware.Maxifiles : Error during cleaning
C:\Program Files\Common Files\system32.dll/gui.exe -> TrojanDownloader.Agent.rv : Error during cleaning
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\01BUVEXY\protector[1].exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\7QRABU4W\protector[1].exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\F780AK3D\protector[1].exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system32\csrss_log.dat -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system32\vgactl.cpl -> TrojanDownloader.Qoologic.ad : Cleaned with backup
C:\WINDOWS\system32\wuauclt.dll -> TrojanDownloader.Small : Cleaned with backup
C:\WINDOWS\xufitleuk.exe -> Adware.BetterInternet : Cleaned with backup


::Report End

=======

Logfile of HijackThis v1.99.1
Scan saved at 5:00:01 PM, on 9/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NavNT\vptray.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\WLANSTA.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Lexmark X125\LEX125SU.exe
C:\Program Files\Common Files\AOL\1125950716\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1125950716\ee\AOLServiceHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\AOL\1125950716\ee\AOLServiceHost.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.type2find.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.type2find.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.type2find.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.type2find.com/sp2.php
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [WLANSTA.EXE] WLANSTA.EXE START
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1125950716\ee\AOLHostManager.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Lexmark X125 Settings Utility.lnk = C:\Program Files\Lexmark X125\LEX125SU.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.15.26/ttinst.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/gold/default/gf.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8E919D27-34F5-4E08-87ED-1D6E496146EA}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{D814E8EE-6437-4451-BF04-072B1B6B84E3}: NameServer = 192.168.0.1
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
=======


The panda scan would go through.. half way or so and the window would just close. The trend micro scan found nothing..
-blitze
 

·
TSF Security Team, Emeritus
Joined
·
26,363 Posts
Ewido found some infected qoologic files. We'll need to run some extra scanners for this.

Download these files:

WinPfind.zip

TrackQoo.zip



Whilst in Normal Mode, Have HijackThis fix these:

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.type2find.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.type2find.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.type2find.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.type2find.com/sp2.php



Reboot to Safe Mode


Double-click WinPFind.zip & extract the contents to a new folder at Drive C.

1. From within that folder, double click WinPFind.exe
2. Click Start Scan
3. Once the Scan is complete, it will create a report in a text file
4. Go to the WinPFind folder & locate WinPFind.txt
5. Post the results in your next reply!

** This program will scan large amounts of files on your computer for known patterns so please be patient while it works as it can take a while, upwards to 30 minutes or more.


Reboot back to Normal Mode


If you're unable to do a Panda scan, Perform an online scan with Internet Explorer with Kaspersky WebScanner

Next Click on Launch Kaspersky Anti-Virus Web Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
    • In the scan settings make that the following are selected:
      • Scan using the following Anti-Virus database:
        • Standard
      • Scan Options:
        • Scan Archives
        • Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
Copy and paste that information in your next post.

* Turn off the real time scanner of any existing antivirus program while performing the online scan



Extract the contents of TrackQoo.zip & double-click on TrackQoo1.vbs. Wait a few seconds and a notepad page will pop up, Copy & Paste those results in your next reply.
* If your Antivirus has Script Blocking, you will get a Pop Up Windows asking you what to do. Allow this Entire Script to Run, its harmless!

In your next post, please include fresh logs from:
  • HiJackThis log
    [*] Online Scan
    [*] WinPfind
    [*] TrackQoo1.vbs
 

·
Registered
Joined
·
559 Posts
Discussion Starter #19
Logfile of HijackThis v1.99.1
Scan saved at 8:58:15 PM, on 9/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\WLANSTA.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Common Files\AOL\1125950716\ee\AOLHostManager.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Lexmark X125\LEX125SU.exe
C:\Program Files\Common Files\AOL\1125950716\ee\AOLServiceHost.exe
C:\HJT\HijackThis.exe
C:\Program Files\Common Files\AOL\1125950716\ee\AOLServiceHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.type2find.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.type2find.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.type2find.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.type2find.com/sp2.php
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [WLANSTA.EXE] WLANSTA.EXE START
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1125950716\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Lexmark X125 Settings Utility.lnk = C:\Program Files\Lexmark X125\LEX125SU.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.15.26/ttinst.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/gold/default/gf.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8E919D27-34F5-4E08-87ED-1D6E496146EA}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{D814E8EE-6437-4451-BF04-072B1B6B84E3}: NameServer = 192.168.0.1
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

=============

KASPERSKY ON-LINE SCANNER REPORT
Sunday, September 11, 2005 22:50:24
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 12/09/2005
Kaspersky Anti-Virus database records: 139964
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 99796
Number of viruses found: 14
Number of infected objects: 111
Number of suspicious objects: 2
Duration of the scan process: 3344 sec

Infected Object Name - Virus Name
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer.zip/install.exe Suspicious: Password-protected-EXE
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer.zip Suspicious: Password-protected-EXE
C:\Documents and Settings\Jack\Local Settings\Temp\131378_1997748544_1560_2376_63.41.tmp Infected: Trojan-Downloader.Win32.Agent.tv
C:\Documents and Settings\Jack\Local Settings\Temp\131378_1997748544_1560_2376_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a
C:\Documents and Settings\Jack\Local Settings\Temp\131398_600_1560_2380_63.41.tmp Infected: Trojan-Downloader.Win32.Agent.tv
C:\Documents and Settings\Jack\Local Settings\Temp\131398_600_1560_2380_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a
C:\Documents and Settings\Jack\Local Settings\Temp\524802_3124_3484_3180_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a
C:\Documents and Settings\Jack\Local Settings\Temporary Internet Files\Content.IE5\7Q8W9Z3T\sp2[1].htm Infected: Exploit.VBS.Phel.ap
C:\Documents and Settings\Jack\Local Settings\Temporary Internet Files\Content.IE5\O0PK15JM\protect[1].php/packed Infected: Trojan-Downloader.JS.Codebase.c
C:\Documents and Settings\Jack\Local Settings\Temporary Internet Files\Content.IE5\O0PK15JM\protect[1].php Infected: Trojan-Downloader.JS.Codebase.c
C:\Documents and Settings\Jack\Local Settings\Temporary Internet Files\Content.IE5\O0PK15JM\protect[2].htm Infected: Trojan-Downloader.JS.Codebase.c
C:\Documents and Settings\Jack\Local Settings\Temporary Internet Files\Content.IE5\Y3K8HA1R\count[1].htm Infected: Exploit.VBS.Phel.i
C:\Documents and Settings\Jack\Local Settings\Temporary Internet Files\Content.IE5\Y3K8HA1R\sp2[1].htm Infected: Exploit.VBS.Phel.ap
C:\Documents and Settings\Kay\Local Settings\Temp\131458_2848_1952_2840_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a
C:\Documents and Settings\Kay\Local Settings\Temp\131620_1800_436_1568_63.41.tmp Infected: Trojan-Downloader.Win32.Agent.tv
C:\Documents and Settings\Kay\Local Settings\Temp\132118_1800_436_2496_63.41.tmp Infected: Trojan-Downloader.Win32.Agent.tv
C:\Documents and Settings\Kay\Local Settings\Temp\132290_1800_436_228_63.41.tmp Infected: Trojan-Downloader.Win32.Agent.tv
C:\Documents and Settings\Kay\Local Settings\Temp\1573396_176_1748_2616_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a
C:\Documents and Settings\Kay\Local Settings\Temp\1901318_1800_436_2088_63.41.tmp Infected: Trojan-Downloader.Win32.Agent.tv
C:\Documents and Settings\Kay\Local Settings\Temp\196790_1364_3776_1716_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a
C:\Documents and Settings\Kay\Local Settings\Temp\196894_2560_472_2656_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a
C:\Documents and Settings\Kay\Local Settings\Temp\196954_3748_3520_3800_63.41.tmp Infected: Trojan-Downloader.Win32.Agent.tv
C:\Documents and Settings\Kay\Local Settings\Temp\196992_176_1748_932_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a
C:\Documents and Settings\Kay\Local Settings\Temp\197132_3748_3520_3848_63.41.tmp Infected: Trojan-Downloader.Win32.Agent.tv
C:\Documents and Settings\Kay\Local Settings\Temp\197184_3748_3520_3556_63.41.tmp Infected: Trojan-Downloader.Win32.Agent.tv
C:\Documents and Settings\Kay\Local Settings\Temp\197576_3520_3804_3500_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a
C:\Documents and Settings\Kay\Local Settings\Temp\2293930_1088_2460_1336_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a
C:\Documents and Settings\Kay\Local Settings\Temp\262242_2848_1952_1072_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a
C:\Documents and Settings\Kay\Local Settings\Temp\262338_3520_3804_656_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a
C:\Documents and Settings\Kay\Local Settings\Temp\262408_924_1412_3136_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a
C:\Documents and Settings\Kay\Local Settings\Temp\262444_3000_968_3260_63.41.tmp Infected: Trojan-Downloader.Win32.Agent.tv
C:\Documents and Settings\Kay\Local Settings\Temp\262538_924_1412_2300_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a
C:\Documents and Settings\Kay\Local Settings\Temp\262568_1276_472_300_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a
C:\Documents and Settings\Kay\Local Settings\Temp\262714_3748_3520_3220_63.41.tmp Infected: Trojan-Downloader.Win32.Agent.tv
C:\Documents and Settings\Kay\Local Settings\Temp\262818_3732_2028_3796_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a
C:\Documents and Settings\Kay\Local Settings\Temp\262932_1800_436_3896_63.41.tmp Infected: Trojan-Downloader.Win32.Agent.tv
C:\Documents and Settings\Kay\Local Settings\Temp\263068_3520_3804_2908_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a
C:\Documents and Settings\Kay\Local Settings\Temp\263088_1800_436_1720_63.41.tmp Infected: Trojan-Downloader.Win32.Agent.tv
C:\Documents and Settings\Kay\Local Settings\Temp\263386_1800_436_2104_63.41.tmp Infected: Trojan-Downloader.Win32.Agent.tv
C:\Documents and Settings\Kay\Local Settings\Temp\328124_1800_436_3176_63.41.tmp Infected: Trojan-Downloader.Win32.Agent.tv
C:\Documents and Settings\Kay\Local Settings\Temp\328230_2892_2816_2868_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a
C:\Documents and Settings\Kay\Local Settings\Temp\328342_2848_1952_564_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a
C:\Documents and Settings\Kay\Local Settings\Temp\393790_3740_3732_1312_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a
C:\Documents and Settings\Kay\Local Settings\Temp\394378_1800_436_3116_63.41.tmp Infected: Trojan-Downloader.Win32.Agent.tv
C:\Documents and Settings\Kay\Local Settings\Temp\458832_176_1748_4024_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a
C:\Documents and Settings\Kay\Local Settings\Temp\458906_3912_696_3424_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a
C:\Documents and Settings\Kay\Local Settings\Temp\459106_176_1748_3980_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a
C:\Documents and Settings\Kay\Local Settings\Temp\459324_1800_436_1348_63.41.tmp Infected: Trojan-Downloader.Win32.Agent.tv
C:\Documents and Settings\Kay\Local Settings\Temp\459520_1800_436_3092_63.41.tmp Infected: Trojan-Downloader.Win32.Agent.tv
C:\Documents and Settings\Kay\Local Settings\Temp\590028_3436_2876_3924_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a
C:\Documents and Settings\Kay\Local Settings\Temp\590234_176_1748_3992_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a
C:\Documents and Settings\Kay\Local Settings\Temp\65782_616_328_3824_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a
C:\Documents and Settings\Kay\Local Settings\Temp\66008_2848_1952_1500_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a
C:\Documents and Settings\Kay\Local Settings\Temp\66650_1800_436_2588_63.41.tmp Infected: Trojan-Downloader.Win32.Agent.tv
C:\Documents and Settings\Kay\Local Settings\Temp\66678_3520_3804_2552_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a
C:\Documents and Settings\Kay\Local Settings\Temp\66708_1800_436_3160_63.41.tmp Infected: Trojan-Downloader.Win32.Agent.tv
C:\Documents and Settings\Kay\Local Settings\Temp\917788_3192_2604_2664_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a
C:\Documents and Settings\Kay\Local Settings\Temp\917796_3748_3520_2256_63.41.tmp Infected: Trojan-Downloader.Win32.Agent.tv
C:\Documents and Settings\Kay\Local Settings\Temp\918254_3748_3520_2984_63.41.tmp Infected: Trojan-Downloader.Win32.Agent.tv
C:\Documents and Settings\Kaylon\Local Settings\Temp\328282_1428_400_3884_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a
C:\Documents and Settings\Kaylon\Local Settings\Temp\524842_2620_332_3372_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a
C:\Documents and Settings\Kaylon\Local Settings\Temp\65790_2312_1964_2668_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a
C:\Documents and Settings\Kaylon\Local Settings\Temp\852232_2620_332_3708_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a
C:\Documents and Settings\Kevin\Local Settings\Temp\1441968_1208_992_3880_62.41.tmp1 Infected: Trojan.Win32.EliteBar.a
C:\Documents and Settings\Kevin\Local Settings\Temp\2294418_3440_992_3372_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a
C:\Documents and Settings\Kevin\Local Settings\Temp\262344_2464_824_2668_62.41.tmp1 Infected: Trojan.Win32.EliteBar.a
C:\Documents and Settings\Kevin\Local Settings\Temp\262454_180_1792_256_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a
C:\Documents and Settings\Kevin\Local Settings\Temp\524746_3688_1856_1456_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a
C:\Documents and Settings\Kevin\Local Settings\Temp\589992_2692_1856_1052_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a
C:\Documents and Settings\Kevin\Local Settings\Temp\721056_1464_2180_1308_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a
C:\Documents and Settings\Kevin\Local Settings\Temp\721240_1464_2180_2564_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a
C:\Documents and Settings\Kevin\Local Settings\Temp\852174_2692_1856_2216_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a
C:\Documents and Settings\Kevin\Local Settings\Temp\917802_2464_824_3136_62.41.tmp1 Infected: Trojan.Win32.EliteBar.a
C:\System Volume Information\_restore{A5C80DEF-0E5A-41E4-A058-6E6A2A6D246A}\RP102\A0063758.dll Infected: Trojan.Win32.Agent.db
C:\System Volume Information\_restore{A5C80DEF-0E5A-41E4-A058-6E6A2A6D246A}\RP102\A0067797.dll Infected: Trojan.Win32.Agent.db
C:\System Volume Information\_restore{A5C80DEF-0E5A-41E4-A058-6E6A2A6D246A}\RP102\A0067843.dll Infected: Trojan.Win32.Agent.db
C:\System Volume Information\_restore{A5C80DEF-0E5A-41E4-A058-6E6A2A6D246A}\RP103\A0067852.dll Infected: Trojan.Win32.Agent.db
C:\System Volume Information\_restore{A5C80DEF-0E5A-41E4-A058-6E6A2A6D246A}\RP103\A0067872.dll Infected: Trojan.Win32.Agent.db
C:\System Volume Information\_restore{A5C80DEF-0E5A-41E4-A058-6E6A2A6D246A}\RP106\A0068195.dll Infected: Trojan.Win32.Agent.db
C:\System Volume Information\_restore{A5C80DEF-0E5A-41E4-A058-6E6A2A6D246A}\RP108\A0069462.dll Infected: Trojan.Win32.Agent.db
C:\System Volume Information\_restore{A5C80DEF-0E5A-41E4-A058-6E6A2A6D246A}\RP81\A0043694.exe/data0002 Infected: Trojan.Win32.Registrator.b
C:\System Volume Information\_restore{A5C80DEF-0E5A-41E4-A058-6E6A2A6D246A}\RP81\A0043694.exe/data0003 Infected: Trojan-Downloader.Win32.Small.ayh
C:\System Volume Information\_restore{A5C80DEF-0E5A-41E4-A058-6E6A2A6D246A}\RP81\A0043694.exe Infected: Trojan-Downloader.Win32.Small.ayh
C:\System Volume Information\_restore{A5C80DEF-0E5A-41E4-A058-6E6A2A6D246A}\RP81\A0044684.exe/data0002 Infected: Trojan.Win32.Registrator.b
C:\System Volume Information\_restore{A5C80DEF-0E5A-41E4-A058-6E6A2A6D246A}\RP81\A0044684.exe/data0003 Infected: Trojan-Downloader.Win32.Small.ayh
C:\System Volume Information\_restore{A5C80DEF-0E5A-41E4-A058-6E6A2A6D246A}\RP81\A0044684.exe Infected: Trojan-Downloader.Win32.Small.ayh
C:\System Volume Information\_restore{A5C80DEF-0E5A-41E4-A058-6E6A2A6D246A}\RP81\A0045678.exe/data0002 Infected: Trojan.Win32.Registrator.b
C:\System Volume Information\_restore{A5C80DEF-0E5A-41E4-A058-6E6A2A6D246A}\RP81\A0045678.exe/data0003 Infected: Trojan-Downloader.Win32.Small.ayh
C:\System Volume Information\_restore{A5C80DEF-0E5A-41E4-A058-6E6A2A6D246A}\RP81\A0045678.exe Infected: Trojan-Downloader.Win32.Small.ayh
C:\System Volume Information\_restore{A5C80DEF-0E5A-41E4-A058-6E6A2A6D246A}\RP82\A0047673.exe/data0002 Infected: Trojan.Win32.Registrator.b
C:\System Volume Information\_restore{A5C80DEF-0E5A-41E4-A058-6E6A2A6D246A}\RP82\A0047673.exe/data0003 Infected: Trojan-Downloader.Win32.Small.ayh
C:\System Volume Information\_restore{A5C80DEF-0E5A-41E4-A058-6E6A2A6D246A}\RP82\A0047673.exe Infected: Trojan-Downloader.Win32.Small.ayh
C:\System Volume Information\_restore{A5C80DEF-0E5A-41E4-A058-6E6A2A6D246A}\RP82\A0048674.exe/data0002 Infected: Trojan.Win32.Registrator.b
C:\System Volume Information\_restore{A5C80DEF-0E5A-41E4-A058-6E6A2A6D246A}\RP82\A0048674.exe/data0003 Infected: Trojan-Downloader.Win32.Small.ayh
C:\System Volume Information\_restore{A5C80DEF-0E5A-41E4-A058-6E6A2A6D246A}\RP82\A0048674.exe Infected: Trojan-Downloader.Win32.Small.ayh
C:\System Volume Information\_restore{A5C80DEF-0E5A-41E4-A058-6E6A2A6D246A}\RP84\A0048894.dll Infected: Trojan.Win32.Agent.db
C:\System Volume Information\_restore{A5C80DEF-0E5A-41E4-A058-6E6A2A6D246A}\RP87\A0050395.dll Infected: Trojan.Win32.Agent.db
C:\System Volume Information\_restore{A5C80DEF-0E5A-41E4-A058-6E6A2A6D246A}\RP91\A0052565.dll Infected: Trojan-Downloader.Win32.Apropo.ag
C:\System Volume Information\_restore{A5C80DEF-0E5A-41E4-A058-6E6A2A6D246A}\RP91\A0052576.exe/WISE0001.BIN Infected: Trojan-Downloader.Win32.Agent.gv
C:\System Volume Information\_restore{A5C80DEF-0E5A-41E4-A058-6E6A2A6D246A}\RP91\A0052576.exe Infected: Trojan-Downloader.Win32.Agent.gv
C:\System Volume Information\_restore{A5C80DEF-0E5A-41E4-A058-6E6A2A6D246A}\RP91\A0052664.dll Infected: Trojan.Win32.Agent.db
C:\System Volume Information\_restore{A5C80DEF-0E5A-41E4-A058-6E6A2A6D246A}\RP91\A0052665.exe/data0002 Infected: Trojan.Win32.Registrator.b
C:\System Volume Information\_restore{A5C80DEF-0E5A-41E4-A058-6E6A2A6D246A}\RP91\A0052665.exe/data0003 Infected: Trojan-Downloader.Win32.Small.ayh
C:\System Volume Information\_restore{A5C80DEF-0E5A-41E4-A058-6E6A2A6D246A}\RP91\A0052665.exe Infected: Trojan-Downloader.Win32.Small.ayh
C:\System Volume Information\_restore{A5C80DEF-0E5A-41E4-A058-6E6A2A6D246A}\RP93\A0057945.dll Infected: Trojan.Win32.Agent.db
C:\System Volume Information\_restore{A5C80DEF-0E5A-41E4-A058-6E6A2A6D246A}\RP94\A0059961.dll Infected: Trojan.Win32.Agent.db
C:\System Volume Information\_restore{A5C80DEF-0E5A-41E4-A058-6E6A2A6D246A}\RP95\A0063078.dll Infected: Trojan.Win32.Agent.db
C:\WINDOWS\ast_4_mm.exe/WISE0007.BIN Infected: Trojan-Downloader.Win32.VB.ah
C:\WINDOWS\ast_4_mm.exe Infected: Trojan-Downloader.Win32.VB.ah
C:\WINDOWS\cpr_mm2.exe/WISE0008.BIN Infected: Trojan-Downloader.Win32.Adroar
C:\WINDOWS\cpr_mm2.exe/WISE0009.BIN Infected: Trojan-Downloader.Win32.Adroar
C:\WINDOWS\cpr_mm2.exe Infected: Trojan-Downloader.Win32.Adroar
C:\WINDOWS\erefhsc.exe Infected: Trojan-Downloader.Win32.VB.ec

Scan process completed.

============

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...
winsync 9/2/2005 6:05:26 AM 29696 C:\Logfile of HijackThis v1.doc

Checking %ProgramFilesDir% folder...
UPX! 7/10/2004 11:37:30 AM 1752392 C:\Program Files\PopupStop.exe
UPX! 7/10/2004 11:30:32 AM 2553320 C:\Program Files\spyhunterFULL.exe
UPX! 7/9/2004 5:30:20 PM 2526320 C:\Program Files\spyhunterS.exe

Checking %WinDir% folder...
UPX! 2/4/2005 12:23:34 AM 293716 C:\WINDOWS\Golden Palace Casino PT setup.exe

Checking %System% folder...
PEC2 9/3/2002 12:30:40 PM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
PTech 8/3/2005 10:33:42 AM 520456 C:\WINDOWS\SYSTEM32\LegitCheckControl.DLL
UPX! 8/21/2005 1:08:42 PM 121433 C:\WINDOWS\SYSTEM32\mc-110-12-0000079.exe
PECompact2 8/4/2005 9:31:38 PM 1449304 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/4/2005 9:31:38 PM 1449304 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/4/2004 3:56:36 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 8/4/2004 3:56:44 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 9/3/2002 1:10:48 PM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...
UPX! 9/10/2005 6:28:50 PM 726016 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
FSG! 9/10/2005 6:28:50 PM 726016 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
PEC2 9/10/2005 6:28:50 PM 726016 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
aspack 9/10/2005 6:28:50 PM 726016 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
PTech 8/4/2004 1:41:38 AM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
9/11/2005 9:02:30 PM S 2048 C:\WINDOWS\bootstat.dat
9/11/2005 5:04:08 PM H 54156 C:\WINDOWS\QTFont.qfn
9/11/2005 1:13:30 PM H 31767 C:\WINDOWS\system32\vsconfig.xml
9/10/2005 6:03:18 PM H 4212 C:\WINDOWS\system32\zllictbl.dat
7/19/2005 7:18:10 PM S 18913 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB896727.cat
9/11/2005 9:02:22 PM H 8192 C:\WINDOWS\system32\config\default.LOG
9/11/2005 9:02:54 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG
9/11/2005 9:02:32 PM H 16384 C:\WINDOWS\system32\config\SECURITY.LOG
9/11/2005 9:03:34 PM H 81920 C:\WINDOWS\system32\config\software.LOG
9/11/2005 9:02:54 PM H 811008 C:\WINDOWS\system32\config\system.LOG
8/12/2005 11:09:10 PM H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
8/17/2005 11:27:54 AM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini
8/17/2005 11:27:54 AM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\01BUVEXY\desktop.ini
8/17/2005 11:27:54 AM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\7QRABU4W\desktop.ini
8/17/2005 11:27:54 AM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\F780AK3D\desktop.ini
8/17/2005 11:27:54 AM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HRSBLV56\desktop.ini
9/5/2005 4:11:48 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\fadad07b-8601-4171-b5c3-c13c06a1c470
9/5/2005 4:11:48 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
9/11/2005 8:59:44 PM H 6 C:\WINDOWS\Tasks\SA.DAT
8/23/2005 11:07:14 AM HS 113 C:\WINDOWS\Temp\History\History.IE5\desktop.ini
8/23/2005 11:07:14 AM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop.ini
8/23/2005 11:07:14 AM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\7VZE0FJZ\desktop.ini
8/23/2005 11:07:14 AM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\IBGV0OYZ\desktop.ini
8/23/2005 11:07:14 AM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\K9PWBSN8\desktop.ini
8/23/2005 11:07:14 AM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\MEXIQF77\desktop.ini

Checking for CPL files...
Microsoft Corporation 8/4/2004 3:56:58 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 6/3/2005 3:52:54 AM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 9/3/2002 12:40:02 PM 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 9/3/2002 12:47:04 PM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
NVIDIA Corporation 10/6/2003 2:16:00 PM 73728 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Apple Computer, Inc. 6/20/2001 7:34:36 PM 287232 C:\WINDOWS\SYSTEM32\QuickTime.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 9/3/2002 1:06:38 PM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
NETGEAR 3/20/2002 6:01:34 PM R 297028 C:\WINDOWS\SYSTEM32\WLANCFG.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 9/3/2002 12:40:02 PM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 9/3/2002 12:47:04 PM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 298496 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl
Microsoft Corporation 9/3/2002 1:06:38 PM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
2/20/2005 9:22:48 PM 1757 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
5/31/2004 3:41:22 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
6/2/2004 7:43:52 PM 1596 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Lexmark X125 Settings Utility.lnk
6/1/2004 9:54:58 PM 1725 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
5/31/2004 8:18:54 AM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini

Checking files in %USERPROFILE%\Startup folder...
5/31/2004 3:41:22 PM HS 84 C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
5/31/2004 8:18:54 AM HS 62 C:\Documents and Settings\Administrator\Application Data\desktop.ini

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
FunWebProducts =
SV1 =
acc=ventura5 =
acc=none =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\AVG7 Shell Extension
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\xtgmsnqg
{a27e483c-6060-4b13-b437-abfad219deb6} = C:\WINDOWS\system32\aoder.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG7 Shell Extension
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{3369AF0D-62E9-4bda-8103-B4C75499B578}
ButtonText = AOL Toolbar :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
ButtonText = AIM : C:\PROGRA~1\AIM\aim.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
NvCplDaemon RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
nwiz nwiz.exe /install
BCMSMMSG BCMSMMSG.exe
WLANSTA.EXE WLANSTA.EXE START
TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
SunJavaUpdateSched C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
HostManager C:\Program Files\Common Files\AOL\1125950716\ee\AOLHostManager.exe
Zone Labs Client C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
AVG7_CC C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
AVG7_EMC C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
AVG7_Run C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon
= C:\WINDOWS\System32\NavLogon.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.3.9 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 9/11/2005 9:11:49 PM

===============

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"BCMSMMSG"="BCMSMMSG.exe"
"WLANSTA.EXE"="WLANSTA.EXE START"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_04\\bin\\jusched.exe"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1125950716\\ee\\AOLHostManager.exe"
"Zone Labs Client"="C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"AVG7_EMC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgemc.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

-----------------
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers


Subkey --- AVG7 Shell Extension
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
C:\Program Files\Grisoft\AVG Free\avgse.dll

Subkey --- BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D}
syncui.dll

Subkey --- Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03}
C:\WINDOWS\System32\cscui.dll

Subkey --- Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- xtgmsnqg
{a27e483c-6060-4b13-b437-abfad219deb6}
C:\WINDOWS\system32\aoder.dll

Subkey --- {a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin
C:\WINDOWS\system32\SHELL32.dll

=====================

HKEY_CLASSES_ROOT\Folder\shellex\ColumnHandlers


Subkey --- {0D2E74C4-3C34-11d2-A27E-00C04FC30871}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- {24F14F01-7B1C-11d1-838f-0000F80461CF}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- {24F14F02-7B1C-11d1-838f-0000F80461CF}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- {66742402-F9B9-11D1-A202-0000F81FEDEE}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- {F9DB5320-233E-11D1-9F84-707F02C10627}
C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

==============================
C:\Documents and Settings\All Users\Start Menu\Programs\Startup

Adobe Reader Speed Launch.lnk
desktop.ini
Lexmark X125 Settings Utility.lnk
Microsoft Office.lnk
==============================
C:\Documents and Settings\Kay\Start Menu\Programs\Startup

Adobe Reader Speed Launch.lnk
desktop.ini
Lexmark X125 Settings Utility.lnk
Microsoft Office.lnk
desktop.ini
==============================
C:\WINDOWS\system32 cpl files


access.cpl Microsoft Corporation
appwiz.cpl Microsoft Corporation
bthprops.cpl Microsoft Corporation
desk.cpl Microsoft Corporation
firewall.cpl Microsoft Corporation
hdwwiz.cpl Microsoft Corporation
inetcpl.cpl Microsoft Corporation
intl.cpl Microsoft Corporation
irprops.cpl Microsoft Corporation
joy.cpl Microsoft Corporation
jpicpl32.cpl Sun Microsystems, Inc.
main.cpl Microsoft Corporation
mmsys.cpl Microsoft Corporation
ncpa.cpl Microsoft Corporation
netsetup.cpl Microsoft Corporation
nusrmgr.cpl Microsoft Corporation
nvtuicpl.cpl NVIDIA Corporation
odbccp32.cpl Microsoft Corporation
powercfg.cpl Microsoft Corporation
QuickTime.cpl Apple Computer, Inc.
sysdm.cpl Microsoft Corporation
telephon.cpl Microsoft Corporation
timedate.cpl Microsoft Corporation
WLANCFG.cpl NETGEAR
wscui.cpl Microsoft Corporation
wuaucpl.cpl Microsoft Corporation\

Thanx Subs and Teton!
-blitze
 

·
TSF Security Team, Emeritus
Joined
·
26,363 Posts
Launch Spybot S&D & go to the Recovery tab. Select all items listed under backup & purge them

I have attached a file to this post - regdel.txt
Download it & rename it "regdel.REG" (inclusive of the quotes)
Make sure you do not mistakenly rename it as regdel.reg.txt (double extensions)
Double-click on it & answer YES when prompted to merge into the Registry


= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


Download these additional files/programs. Do not run them until instructed to do so.
Unless otherwise stated, they should be stored in same directory as the HiJackThis program.

CleanUp.exe - Install.

KillBox v2.0.0.175.exe (it's important that you get version v2.0.0.175)

Host.zip
Extract the file & overwrite the existing copy located at C:\WINDOWS\SYSTEM32\DRIVERS\ETC\host

Download DelO15Domains.inf - Right click on this & choose "Save As..." DelO15Domains.inf

Right click on DelO15Domains.inf and choose Install. It will run immediately (you won't be able to see anything happen). You may delete the file afterwards.

SpywareBlaster 3.4
Install & update SpywareBlaster with the latest definitions.
After you have updated, click the button - enable protection for all unprotected items

IE-SpyAD - Extract the contents to a new folder
From within the folder, double-click install.bat
Select Option #2 - Install the new IE-SPYAD list.
Then return to the main menu.
Select option #4 - Add the old porn sites domain


'UNPLUG'/DISCONNECT YOUR COMPUTER FROM THE INTERNET WHEN YOU HAVE FINISHED DOWNLOADING


This webpage would not be available when you're carrying out the fix. Please save the following instructions in Notepad. I have customed my instructions on the assumption that you are using Notepad. It may lead to some confusion should you choose to do otherwise.

If there's anything that you don't understand, kindly ask your questions before proceeding with the fixes. There should not be any opened browsers when you are carrying out the procedures below.


IT IS IMPORTANT THAT YOU DON'T MISS A STEP & PERFORM EVERYTHING IN THE RIGHT ORDER.


= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


Launch KillBox.exe & select the following options:
  • delete on Reboot
  • end Explorer shell while killing file
  • unregister dlll before deleting * if it's not grayed out
Select all the filenames below & then right-click & select Copy
  • C:\WINDOWS\cpr_mm2.exe
    C:\WINDOWS\erefhsc.exe
    C:\Program Files\PopupStop.exe
    C:\Program Files\spyhunterFULL.exe
    C:\Program Files\spyhunterS.exe
    C:\WINDOWS\SYSTEM32\mc-110-12-0000079.exe
    C:\WINDOWS\system32\aoder.dll
* Go to the File menu, and choose Paste from Clipboard
* Click on the dropdown menu next to Full Path of File to Delete field.
* Verify that the filenames you pasted are found there
* Click the RED X button.
* Click Yes at the Delete on Reboot prompt.
* Click Yes at the 'Pending Operations prompt'.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, download and run missingfilesetup.exe. Then try Killbox again.
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


Next, reboot your computer in SafeMode

Run Cleanup! using the following configuration:

1. Click Options...
2. Set the slider to Standard CleanUp!
3. Uncheck the following:
  • Delete Newsgroup cache
    [*]Delete Newsgroup Subscriptions
    [*]Scan local drives for temporary files
4. Click OK
5. Press the CleanUp! button to start the program. Reboot/logoff when prompted.
* CleanUp! will not create any backups!!


= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


Do another WinPfind scan


= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


Reboot back to Normal Mode

Have HijackThis fix these:

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.type2find.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.type2find.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.type2find.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.type2find.com/sp2.php



CLEAR & RESET SYSTEM RESTORE'S CACHE
Go to Start >> Run - type control sysdm.cpl,,4 & press Enter
  • Tick on the checkbox - Turn off System Restore on all drives
  • Click Apply
Turn it back 'On' by unticking the same checkbox & click OK


Then do an online scan at either Panda or Kaspersky

I require fresh logs in your next post:

WinPFind
Online scan
HJT log


Let me know if you had any difficulties with the fix & how the machineis behaving now.
 
1 - 20 of 20 Posts
Status
Not open for further replies.
Top