Tech Support banner

Status
Not open for further replies.
1 - 9 of 9 Posts

·
Registered
Joined
·
6 Posts
Discussion Starter · #1 ·
Hi guys. Im ashamed to admit I fell for this. But a couple days ago I got an IM from one of my friends saying to click the link to see pictures. I had to download a .com file and I did and clicked on it. My brother also downloaded a free DVD player that came with lots of adware. My computer started going REAL slow so I disabled everything in startup. But some things are still comging back. And I get popups every 15 seconds or so. Seems to only be when Im actually using the computer though. Here is my HJT log. Any ideas? Ive run adaware and antivir multiple times. A few just wont leave. Particularly TR/Spy.Agent.dg.2.B hope thats fixable.
Thanks guys



Logfile of HijackThis v1.99.1
Scan saved at 7:24:46 PM, on 10/3/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\AVPersonal\AVGNT.EXE
D:\WINDOWS\etb\pokapoka73.exe
D:\Program Files\AVPersonal\AVGUARD.EXE
D:\Program Files\AVPersonal\AVWUPSRV.EXE
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Documents and Settings\Craig.AEGOS\My Documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.the818search-co.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.the818search-co.com/sp2.php
O4 - HKLM\..\Run: [New.net Startup] rundll32 D:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVGCtrl] "D:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [System service70] D:\WINDOWS\\\etb\\pokapoka70.exe
O4 - HKLM\..\Run: [System service72] D:\WINDOWS\\\etb\\pokapoka72.exe
O4 - HKLM\..\Run: [System service73] D:\WINDOWS\etb\pokapoka73.exe
O4 - HKLM\..\RunServices: [stratas] lockx.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.sharewareonline.com/adserver/Install.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1110837056216
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - D:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - D:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
 

·
Premium Member
Joined
·
14,311 Posts
Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Download AimFix and run it.

Please download Ewido Security Suite at http://www.ewido.net/en/download/.

1. Install Ewido Security Suite.
2. When installing, under 'Additional Options' uncheck:
* Install background guard
* Install scan via context menu
3. Launch Ewido, there should be an icon on your desktop, double click it.
4. The program will now open to the main screen.
5. When you run Ewido for the first time, you will get a warning 'Database could not be found!'. Click OK. We will fix this in a moment.
6. You will need to update Ewido to the latest definition files.
* On the left hand side of the main screen click update.
* Then click on Start Update.
7. The update will start and a progress bar will show the updates being installed. The status bar at the bottom will display 'Update successful'.
8. Exit Ewido. DO NOT scan yet.

If you are having problems with the updater, you can go to http://www.ewido.net/en/download/updates/ to update manually.

Download CleanUp! http://cleanup.stevengould.org/ (Alternate Link if main link don't work - http://www.greyknight17.com/spy/CleanUp.exe ) and install it. Don't run it yet.

Download LQFix http://users.telenet.be/bluepatchy/miekiemoes/tools/LQfix.exe Run LQfix.exe and click on Next->Next->Install. Click Finish to launch LQfix. Follow the screen prompts. Your system will reboot afterwards. Please wait for the script to finish in the background at this time...

Download LSPFix http://www.greyknight17.com/spy/LSPFix.exe and run it. Check the box first. Click on any file that begins with newdotnet...dll on the left window and click on the arrow pointing to the right. Click Finish and follow the prompts.

Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work.

CleanUp! deletes EVERYTHING out of your temp/temporary folders, it does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp!. Run CleanUp! and click on the Options button. Uncheck 'Scan local drives for temporary files'. Also uncheck those two Newsgroup entries if you don't want to delete them. Click OK and then click on the CleanUp! button. Let it run. After it's done, choose Yes to logoff.

Now open Ewido and do a scan on your system.

* Click on scanner
* Click on Complete System Scan and the scan will begin.
* NOTE: During some scans with Ewido it is finding cases of false positives.
o You will need to step through the process of cleaning files one-by-one.
o If Ewido detects a file you KNOW to be legitimate, select none as the action.
o Do NOT select 'Perform action on all infections'
o If you are unsure of any entry found, select none for now as the action.
* Once the scan has completed, there will be a button located on the bottom of the screen named Save report
* Click Save report.
* Save the report .txt file to your desktop or a location where you can find it easily.

Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.the818search-co.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.the818search-co.com/sp2.php
O4 - HKLM\..\Run: [New.net Startup] rundll32 D:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [System service70] D:\WINDOWS\\\etb\\pokapoka70.exe
O4 - HKLM\..\Run: [System service72] D:\WINDOWS\\\etb\\pokapoka72.exe
O4 - HKLM\..\Run: [System service73] D:\WINDOWS\etb\pokapoka73.exe
O4 - HKLM\..\RunServices: [stratas] lockx.exe
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.sharewareonline.com...ver/Install.cab


Uninstall New.Net via your Add/Remove panel.

Locate and delete the following:

D:\PROGRA~1\NEWDOT~1\
lockx.exe


Restart your computer. Post the logs for HijackThis and Ewido.
 

·
Registered
Joined
·
6 Posts
Discussion Starter · #3 ·
Aftermath

ok. Thanks for the help up to this point greyknight. I followed your directions. Ewido found 9801 infections that I had to verify individually so it took me a while to get back on here. Most of them were just cookies so I will spare you the 2MB txt file. lol Here is what I got from the logs.


Logfile of HijackThis v1.99.1
Scan saved at 2:32:56 PM, on 10/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\DOCUME~1\ADMINI~1.AEG\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [New.net Startup] rundll32 D:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVGCtrl] "D:\Program Files\AVPersonal\AVGNT.EXE" /min
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.sharewareonline.com/adserver/Install.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1110837056216
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - D:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - D:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe





Here is the Ewido log (truncated):

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 2:30:18 PM, 10/5/2005
+ Report-Checksum: 32585ED5

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Spyware.NewDotNet : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}\TypeLib\\ -> Spyware.NewDotNet : Cleaned with backup
HKLM\SOFTWARE\Classes\Tldctl2.URLLink\CLSID\\ -> Spyware.NewDotNet : Cleaned with backup
HKLM\SOFTWARE\Classes\Tldctl2.URLLink.1\CLSID\\ -> Spyware.NewDotNet : Cleaned with backup
C:\_RESTORE\ARCHIVE\FS1851.CAB/A0396613.CPY -> Spyware.WildTangent : Cleaned with backup
C:\_RESTORE\ARCHIVE\FS1851.CAB/A0396615.CPY -> Not-A-Virus.HackTool.CrackSearch.a : Cleaned with backup
C:\_RESTORE\ARCHIVE\FS1195.CAB/A0372210.CPY/Save.exe -> Adware.SaveNow : Cleaned with backup
C:\_RESTORE\ARCHIVE\FS1195.CAB/A0372210.CPY/SaveUninst.exe -> Adware.SaveNow : Cleaned with backup
C:\_RESTORE\ARCHIVE\FS1195.CAB/A0372210.CPY/Save.exe -> Adware.SaveNow : Cleaned with backup
C:\_RESTORE\ARCHIVE\FS1195.CAB/A0372210.CPY/SaveUninst.exe -> Adware.SaveNow : Cleaned with backup
C:\_RESTORE\ARCHIVE\FS1195.CAB/A0372210.CPY/Weather.exe -> Spyware.WeatherCast : Cleaned with backup
C:\_RESTORE\ARCHIVE\FS1195.CAB/A0372210.CPY/Uninst.exe -> Adware.SaveNow : Cleaned with backup
C:\_RESTORE\ARCHIVE\FS1195.CAB/A0372210.CPY/Weather.exe -> Spyware.WeatherCast : Cleaned with backup
C:\_RESTORE\ARCHIVE\FS1195.CAB/A0372210.CPY/Uninst.exe -> Adware.SaveNow : Cleaned with backup
C:\_RESTORE\ARCHIVE\FS1195.CAB/A0372212.CPY/Save.exe -> Adware.SaveNow : Cleaned with backup
C:\_RESTORE\ARCHIVE\FS1195.CAB/A0372212.CPY/SaveUninst.exe -> Adware.SaveNow : Cleaned with backup
C:\_RESTORE\ARCHIVE\FS1195.CAB/A0372212.CPY/Save.exe -> Adware.SaveNow : Cleaned with backup
C:\_RESTORE\ARCHIVE\FS1195.CAB/A0372212.CPY/SaveUninst.exe -> Adware.SaveNow : Cleaned with backup
C:\_RESTORE\ARCHIVE\FS1195.CAB/A0372212.CPY/Weather.exe -> Spyware.WeatherCast : Cleaned with backup
C:\_RESTORE\ARCHIVE\FS1195.CAB/A0372212.CPY/Uninst.exe -> Adware.SaveNow : Cleaned with backup
C:\_RESTORE\ARCHIVE\FS1195.CAB/A0372212.CPY/Weather.exe -> Spyware.WeatherCast : Cleaned with backup
C:\_RESTORE\ARCHIVE\FS1195.CAB/A0372212.CPY/Uninst.exe -> Adware.SaveNow : Cleaned with backup
C:\_RESTORE\ARCHIVE\FS1636.CAB/A0385550.CPY -> Spyware.TimeSink : Cleaned with backup
C:\_RESTORE\ARCHIVE\FS1636.CAB/A0385552.CPY -> Spyware.TimeSink : Cleaned with backup
C:\WINDOWS\TEMP\$1153.TXT -> Spyware.Cookie.Xxxtoolbar : Cleaned with backup
C:\WINDOWS\TEMP\backup-20040426-133903-341.dll -> Spyware.WurldMedia : Cleaned with backup
:mozilla.6:C:\WINDOWS\Application Data\Mozilla\Profiles\default\mufqtwc1.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.7:C:\WINDOWS\Application Data\Mozilla\Profiles\default\mufqtwc1.slt\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
C:\WINDOWS\Temporary Internet Files\Content.IE5\S74769UF\Params.richmedia=yes&Params[2].htm -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\Temporary Internet Files\Content.IE5\8XI3W1E3\ew100[1].htm -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\Cookies\[email protected][1].txt -> Spyware.Cookie.Specificpop : Cleaned with backup
C:\WINDOWS\Cookies\[email protected][1].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\WINDOWS\Cookies\[email protected][1].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\WINDOWS\Cookies\[email protected][2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\WINDOWS\Cookies\[email protected]2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\WINDOWS\Cookies\[email protected][1].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
C:\WINDOWS\Cookies\[email protected][2].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\WINDOWS\Cookies\[email protected][1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
C:\WINDOWS\Cookies\[email protected]2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\WINDOWS\Cookies\[email protected]2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\WINDOWS\Cookies\[email protected]2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\WINDOWS\Cookies\[email protected][2].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.3.1.001\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
C:\WINDOWS\wt\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
C:\WINDOWS\Lycos\ss_IGN1_setup.exe -> Spyware.Sidesearch.d : Cleaned with backup
C:\My Documents\CRACKSEARCHER\CrackSearcher.exe -> Not-A-Virus.HackTool.CrackSearch.a : Cleaned with backup
C:\Program Files\mozilla.org\Mozilla\plugins\npwthost.dll -> Spyware.WildTangent : Cleaned with backup
C:\Program Files\I-ON Video CD Player 1.01\SuperBarInstall.exe -> Spyware.SuperBar : Cleaned with backup
D:\Recycled\NPROTECT\00061983.idf/D:/WINDOWS/system32/msbe.dll -> Spyware.BargainBuddy : Cleaned with backup
D:\Recycled\NPROTECT\00061983.idf/D:/Program Files/BullsEye Network/bin/bargains.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\Recycled\NPROTECT\00061983.idf/D:/Program Files/BullsEye Network/bin/adv.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\Recycled\NPROTECT\00061983.idf/D:/Program Files/BullsEye Network/bin/adx.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\Recycled\NPROTECT\00061990.VXD/D:/WINDOWS/system32/exdl.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\Recycled\NPROTECT\00061990.VXD/D:/WINDOWS/system32/mqexdlm.srg -> Spyware.BargainBuddy : Cleaned with backup
D:\Recycled\NPROTECT\00061990.VXD/D:/WINDOWS/system32/exul.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\Recycled\NPROTECT\00061990.VXD/D:/WINDOWS/system32/javexulm.vxd -> Spyware.BargainBuddy : Cleaned with backup
D:\Recycled\NPROTECT\00061990.VXD/D:/WINDOWS/system32/bbchk.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\Recycled\NPROTECT\00061990.VXD/D:/WINDOWS/system32/msexreg.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\Recycled\NPROTECT\00061990.VXD/D:/WINDOWS/system32/instsrv.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\Recycled\NPROTECT\00062241.idf/D:/WINDOWS/system32/msbe.dll -> Spyware.BargainBuddy : Cleaned with backup
D:\Recycled\NPROTECT\00062241.idf/D:/Program Files/BullsEye Network/bin/bargains.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\Recycled\NPROTECT\00062241.idf/D:/Program Files/BullsEye Network/bin/adv.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\Recycled\NPROTECT\00062241.idf/D:/Program Files/BullsEye Network/bin/adx.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\Recycled\NPROTECT\00062248.VXD/D:/WINDOWS/system32/exdl.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\Recycled\NPROTECT\00062248.VXD/D:/WINDOWS/system32/mqexdlm.srg -> Spyware.BargainBuddy : Cleaned with backup
D:\Recycled\NPROTECT\00062248.VXD/D:/WINDOWS/system32/exul.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\Recycled\NPROTECT\00062248.VXD/D:/WINDOWS/system32/javexulm.vxd -> Spyware.BargainBuddy : Cleaned with backup
D:\Recycled\NPROTECT\00062248.VXD/D:/WINDOWS/system32/bbchk.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\Recycled\NPROTECT\00062248.VXD/D:/WINDOWS/system32/msexreg.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\Recycled\NPROTECT\00062248.VXD/D:/WINDOWS/system32/instsrv.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\Recycled\NPROTECT\00063095.idf/D:/WINDOWS/system32/msbe.dll -> Spyware.BargainBuddy : Cleaned with backup
D:\Recycled\NPROTECT\00063095.idf/D:/Program Files/BullsEye Network/bin/bargains.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\Recycled\NPROTECT\00063095.idf/D:/Program Files/BullsEye Network/bin/adv.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\Recycled\NPROTECT\00063095.idf/D:/Program Files/BullsEye Network/bin/adx.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\Recycled\NPROTECT\00063102.VXD/D:/WINDOWS/system32/exdl.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\Recycled\NPROTECT\00063102.VXD/D:/WINDOWS/system32/mqexdlm.srg -> Spyware.BargainBuddy : Cleaned with backup
D:\Recycled\NPROTECT\00063102.VXD/D:/WINDOWS/system32/exul.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\Recycled\NPROTECT\00063102.VXD/D:/WINDOWS/system32/javexulm.vxd -> Spyware.BargainBuddy : Cleaned with backup
D:\Recycled\NPROTECT\00063102.VXD/D:/WINDOWS/system32/bbchk.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\Recycled\NPROTECT\00063102.VXD/D:/WINDOWS/system32/msexreg.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\Recycled\NPROTECT\00063102.VXD/D:/WINDOWS/system32/instsrv.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\Recycled\NPROTECT\00064040.idf/D:/WINDOWS/system32/msbe.dll -> Spyware.BargainBuddy : Cleaned with backup
D:\Recycled\NPROTECT\00064040.idf/D:/Program Files/BullsEye Network/bin/bargains.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\Recycled\NPROTECT\00064040.idf/D:/Program Files/BullsEye Network/bin/adv.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\Recycled\NPROTECT\00064040.idf/D:/Program Files/BullsEye Network/bin/adx.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\Recycled\NPROTECT\00064047.VXD/D:/WINDOWS/system32/exdl.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\Recycled\NPROTECT\00064047.VXD/D:/WINDOWS/system32/mqexdlm.srg -> Spyware.BargainBuddy : Cleaned with backup
D:\Recycled\NPROTECT\00064047.VXD/D:/WINDOWS/system32/exul.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\Recycled\NPROTECT\00064047.VXD/D:/WINDOWS/system32/javexulm.vxd -> Spyware.BargainBuddy : Cleaned with backup
D:\Recycled\NPROTECT\00064047.VXD/D:/WINDOWS/system32/bbchk.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\Recycled\NPROTECT\00064047.VXD/D:/WINDOWS/system32/msexreg.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\Recycled\NPROTECT\00064047.VXD/D:/WINDOWS/system32/instsrv.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\Recycled\NPROTECT\00065189.idf/D:/WINDOWS/system32/msbe.dll -> Spyware.BargainBuddy : Cleaned with backup
D:\Recycled\NPROTECT\00065189.idf/D:/Program Files/BullsEye Network/bin/bargains.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\Recycled\NPROTECT\00065189.idf/D:/Program Files/BullsEye Network/bin/adv.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\Recycled\NPROTECT\00065189.idf/D:/Program Files/BullsEye Network/bin/adx.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\Recycled\NPROTECT\00065196.VXD/D:/WINDOWS/system32/exdl.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\Recycled\NPROTECT\00065196.VXD/D:/WINDOWS/system32/mqexdlm.srg -> Spyware.BargainBuddy : Cleaned with backup
D:\Recycled\NPROTECT\00065196.VXD/D:/WINDOWS/system32/exul.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\Recycled\NPROTECT\00065196.VXD/D:/WINDOWS/system32/javexulm.vxd -> Spyware.BargainBuddy : Cleaned with backup
D:\Recycled\NPROTECT\00065196.VXD/D:/WINDOWS/system32/bbchk.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\Recycled\NPROTECT\00065196.VXD/D:/WINDOWS/system32/msexreg.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\Recycled\NPROTECT\00065196.VXD/D:/WINDOWS/system32/instsrv.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\Recycled\NPROTECT\00061726.idf/D:/WINDOWS/system32/msbe.dll -> Spyware.BargainBuddy : Cleaned with backup
D:\Recycled\NPROTECT\00061726.idf/D:/Program Files/BullsEye Network/bin/bargains.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\Recycled\NPROTECT\00061726.idf/D:/Program Files/BullsEye Network/bin/adv.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\Recycled\NPROTECT\00061726.idf/D:/Program Files/BullsEye Network/bin/adx.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\Recycled\NPROTECT\00061733.VXD/D:/WINDOWS/system32/exdl.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\Recycled\NPROTECT\00061733.VXD/D:/WINDOWS/system32/mqexdlm.srg -> Spyware.BargainBuddy : Cleaned with backup
D:\Recycled\NPROTECT\00061733.VXD/D:/WINDOWS/system32/exul.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\Recycled\NPROTECT\00061733.VXD/D:/WINDOWS/system32/javexulm.vxd -> Spyware.BargainBuddy : Cleaned with backup
D:\Recycled\NPROTECT\00061733.VXD/D:/WINDOWS/system32/bbchk.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\Recycled\NPROTECT\00061733.VXD/D:/WINDOWS/system32/msexreg.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\Recycled\NPROTECT\00061733.VXD/D:/WINDOWS/system32/instsrv.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\JOHNS\mydocs\Documents and Settings\John Gassel\Cookies\john [email protected][2].txt -> Spyware.Cookie.Com : Cleaned with backup
D:\JOHNS\mydocs\Documents and Settings\John Gassel\Cookies\john [email protected][1].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
D:\JOHNS\mydocs\Documents and Settings\John Gassel\Desktop\Torrents\CRACKSEARCHER\CrackSearcher.exe -> Not-A-Virus.HackTool.CrackSearch.a : Cleaned with backup
D:\New Folder\INFECTED\1620BFD4.386 -> Spyware.WildTangent : Cleaned with backup
D:\New Folder\INFECTED\F74C6BFC.041 -> Not-A-Virus.HackTool.CrackSearch.a : Cleaned with backup
D:\Documents and Settings\Craig.AEGOS\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0D.dat/files\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
D:\Program Files\Kiwi Alpha\Partner\installer_NPS.exe -> TrojanDownloader.Adload.a : Cleaned with backup
D:\Program Files\NewDotNet\uninstall6_38.exe -> Spyware.NewDotNet : Cleaned with backup
D:\System Volume Information\_restore{D1434AA3-AB65-434C-BA6B-3A7E4108A09C}\RP83\A0018568.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{D1434AA3-AB65-434C-BA6B-3A7E4108A09C}\RP83\A0018573.vxd/D:/WINDOWS/system32/exdl.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{D1434AA3-AB65-434C-BA6B-3A7E4108A09C}\RP83\A0018573.vxd/D:/WINDOWS/system32/mqexdlm.srg -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{D1434AA3-AB65-434C-BA6B-3A7E4108A09C}\RP83\A0018573.vxd/D:/WINDOWS/system32/exul.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{D1434AA3-AB65-434C-BA6B-3A7E4108A09C}\RP83\A0018573.vxd/D:/WINDOWS/system32/javexulm.vxd -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{D1434AA3-AB65-434C-BA6B-3A7E4108A09C}\RP83\A0018573.vxd/D:/WINDOWS/system32/bbchk.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{D1434AA3-AB65-434C-BA6B-3A7E4108A09C}\RP83\A0018573.vxd/D:/WINDOWS/system32/msexreg.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{D1434AA3-AB65-434C-BA6B-3A7E4108A09C}\RP83\A0018573.vxd/D:/WINDOWS/system32/instsrv.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{D1434AA3-AB65-434C-BA6B-3A7E4108A09C}\RP84\snapshot\MFEX-1.DAT -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{D1434AA3-AB65-434C-BA6B-3A7E4108A09C}\RP84\A0018848.srg -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{D1434AA3-AB65-434C-BA6B-3A7E4108A09C}\RP84\A0018891.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{D1434AA3-AB65-434C-BA6B-3A7E4108A09C}\RP85\A0018894.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{D1434AA3-AB65-434C-BA6B-3A7E4108A09C}\RP86\A0018904.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{D1434AA3-AB65-434C-BA6B-3A7E4108A09C}\RP87\A0018909.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{D1434AA3-AB65-434C-BA6B-3A7E4108A09C}\RP88\A0018922.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{D1434AA3-AB65-434C-BA6B-3A7E4108A09C}\RP89\A0019854.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{D1434AA3-AB65-434C-BA6B-3A7E4108A09C}\RP90\A0019856.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{D1434AA3-AB65-434C-BA6B-3A7E4108A09C}\RP90\A0019867.vxd/D:/WINDOWS/system32/exdl.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{D1434AA3-AB65-434C-BA6B-3A7E4108A09C}\RP90\A0019867.vxd/D:/WINDOWS/system32/mqexdlm.srg -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{D1434AA3-AB65-434C-BA6B-3A7E4108A09C}\RP90\A0019867.vxd/D:/WINDOWS/system32/exul.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{D1434AA3-AB65-434C-BA6B-3A7E4108A09C}\RP90\A0019867.vxd/D:/WINDOWS/system32/javexulm.vxd -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{D1434AA3-AB65-434C-BA6B-3A7E4108A09C}\RP90\A0019867.vxd/D:/WINDOWS/system32/bbchk.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{D1434AA3-AB65-434C-BA6B-3A7E4108A09C}\RP90\A0019867.vxd/D:/WINDOWS/system32/msexreg.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{D1434AA3-AB65-434C-BA6B-3A7E4108A09C}\RP90\A0019867.vxd/D:/WINDOWS/system32/instsrv.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{D1434AA3-AB65-434C-BA6B-3A7E4108A09C}\RP91\A0019872.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{D1434AA3-AB65-434C-BA6B-3A7E4108A09C}\RP91\A0019874.vxd/D:/WINDOWS/system32/exdl.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{D1434AA3-AB65-434C-BA6B-3A7E4108A09C}\RP91\A0019874.vxd/D:/WINDOWS/system32/mqexdlm.srg -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{D1434AA3-AB65-434C-BA6B-3A7E4108A09C}\RP91\A0019874.vxd/D:/WINDOWS/system32/exul.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{D1434AA3-AB65-434C-BA6B-3A7E4108A09C}\RP91\A0019874.vxd/D:/WINDOWS/system32/javexulm.vxd -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{D1434AA3-AB65-434C-BA6B-3A7E4108A09C}\RP91\A0019874.vxd/D:/WINDOWS/system32/bbchk.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{D1434AA3-AB65-434C-BA6B-3A7E4108A09C}\RP91\A0019874.vxd/D:/WINDOWS/system32/msexreg.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{D1434AA3-AB65-434C-BA6B-3A7E4108A09C}\RP91\A0019874.vxd/D:/WINDOWS/system32/instsrv.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{D1434AA3-AB65-434C-BA6B-3A7E4108A09C}\RP92\A0019889.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{D1434AA3-AB65-434C-BA6B-3A7E4108A09C}\RP92\A0019891.vxd/D:/WINDOWS/system32/exdl.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{D1434AA3-AB65-434C-BA6B-3A7E4108A09C}\RP92\A0019891.vxd/D:/WINDOWS/system32/mqexdlm.srg -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{D1434AA3-AB65-434C-BA6B-3A7E4108A09C}\RP92\A0019891.vxd/D:/WINDOWS/system32/exul.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{D1434AA3-AB65-434C-BA6B-3A7E4108A09C}\RP92\A0019891.vxd/D:/WINDOWS/system32/javexulm.vxd -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{D1434AA3-AB65-434C-BA6B-3A7E4108A09C}\RP92\A0019891.vxd/D:/WINDOWS/system32/bbchk.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{D1434AA3-AB65-434C-BA6B-3A7E4108A09C}\RP92\A0019891.vxd/D:/WINDOWS/system32/msexreg.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{D1434AA3-AB65-434C-BA6B-3A7E4108A09C}\RP92\A0019891.vxd/D:/WINDOWS/system32/instsrv.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{D1434AA3-AB65-434C-BA6B-3A7E4108A09C}\RP92\A0019906.vxd/D:/WINDOWS/system32/exdl.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{D1434AA3-AB65-434C-BA6B-3A7E4108A09C}\RP92\A0019906.vxd/D:/WINDOWS/system32/mqexdlm.srg -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{D1434AA3-AB65-434C-BA6B-3A7E4108A09C}\RP92\A0019906.vxd/D:/WINDOWS/system32/exul.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{D1434AA3-AB65-434C-BA6B-3A7E4108A09C}\RP92\A0019906.vxd/D:/WINDOWS/system32/javexulm.vxd -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{D1434AA3-AB65-434C-BA6B-3A7E4108A09C}\RP92\A0019906.vxd/D:/WINDOWS/system32/bbchk.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{D1434AA3-AB65-434C-BA6B-3A7E4108A09C}\RP92\A0019906.vxd/D:/WINDOWS/system32/msexreg.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{D1434AA3-AB65-434C-BA6B-3A7E4108A09C}\RP92\A0019906.vxd/D:/WINDOWS/system32/instsrv.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{D1434AA3-AB65-434C-BA6B-3A7E4108A09C}\RP94\A0019923.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{D1434AA3-AB65-434C-BA6B-3A7E4108A09C}\RP94\A0019939.vxd/D:/WINDOWS/system32/exdl.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{D1434AA3-AB65-434C-BA6B-3A7E4108A09C}\RP94\A0019939.vxd/D:/WINDOWS/system32/mqexdlm.srg -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{D1434AA3-AB65-434C-BA6B-3A7E4108A09C}\RP94\A0019939.vxd/D:/WINDOWS/system32/exul.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{D1434AA3-AB65-434C-BA6B-3A7E4108A09C}\RP94\A0019939.vxd/D:/WINDOWS/system32/javexulm.vxd -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{D1434AA3-AB65-434C-BA6B-3A7E4108A09C}\RP94\A0019939.vxd/D:/WINDOWS/system32/bbchk.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{D1434AA3-AB65-434C-BA6B-3A7E4108A09C}\RP94\A0019939.vxd/D:/WINDOWS/system32/msexreg.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{D1434AA3-AB65-434C-BA6B-3A7E4108A09C}\RP94\A0019939.vxd/D:/WINDOWS/system32/instsrv.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{D1434AA3-AB65-434C-BA6B-3A7E4108A09C}\RP95\A0019953.vxd/D:/WINDOWS/system32/exdl.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{D1434AA3-AB65-434C-BA6B-3A7E4108A09C}\RP95\A0019953.vxd/D:/WINDOWS/system32/mqexdlm.srg -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{D1434AA3-AB65-434C-BA6B-3A7E4108A09C}\RP95\A0019953.vxd/D:/WINDOWS/system32/exul.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{D1434AA3-AB65-434C-BA6B-3A7E4108A09C}\RP95\A0019953.vxd/D:/WINDOWS/system32/javexulm.vxd -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{D1434AA3-AB65-434C-BA6B-3A7E4108A09C}\RP95\A0019953.vxd/D:/WINDOWS/system32/bbchk.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{D1434AA3-AB65-434C-BA6B-3A7E4108A09C}\RP95\A0019953.vxd/D:/WINDOWS/system32/msexreg.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{D1434AA3-AB65-434C-BA6B-3A7E4108A09C}\RP95\A0019953.vxd/D:/WINDOWS/system32/instsrv.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{D1434AA3-AB65-434C-BA6B-3A7E4108A09C}\RP95\A0019954.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{D1434AA3-AB65-434C-BA6B-3A7E4108A09C}\RP95\A0019956.vxd/D:/WINDOWS/system32/exdl.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{D1434AA3-AB65-434C-BA6B-3A7E4108A09C}\RP95\A0019956.vxd/D:/WINDOWS/system32/mqexdlm.srg -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{D1434AA3-AB65-434C-BA6B-3A7E4108A09C}\RP95\A0019956.vxd/D:/WINDOWS/system32/exul.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{D1434AA3-AB65-434C-BA6B-3A7E4108A09C}\RP95\A0019956.vxd/D:/WINDOWS/system32/javexulm.vxd -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{D1434AA3-AB65-434C-BA6B-3A7E4108A09C}\RP95\A0019956.vxd/D:/WINDOWS/system32/bbchk.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{D1434AA3-AB65-434C-BA6B-3A7E4108A09C}\RP95\A0019956.vxd/D:/WINDOWS/system32/msexreg.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{D1434AA3-AB65-434C-BA6B-3A7E4108A09C}\RP95\A0019956.vxd/D:/WINDOWS/system32/instsrv.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{D1434AA3-AB65-434C-BA6B-3A7E4108A09C}\RP96\A0019957.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{D1434AA3-AB65-434C-BA6B-3A7E4108A09C}\RP96\A0019984.vxd/D:/WINDOWS/system32/exdl.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{D1434AA3-AB65-434C-BA6B-3A7E4108A09C}\RP96\A0019984.vxd/D:/WINDOWS/system32/mqexdlm.srg -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{D1434AA3-AB65-434C-BA6B-3A7E4108A09C}\RP96\A0019984.vxd/D:/WINDOWS/system32/exul.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{D1434AA3-AB65-434C-BA6B-3A7E4108A09C}\RP96\A0019984.vxd/D:/WINDOWS/system32/javexulm.vxd -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{D1434AA3-AB65-434C-BA6B-3A7E4108A09C}\RP96\A0019984.vxd/D:/WINDOWS/system32/bbchk.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{D1434AA3-AB65-434C-BA6B-3A7E4108A09C}\RP96\A0019984.vxd/D:/WINDOWS/system32/msexreg.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{D1434AA3-AB65-434C-BA6B-3A7E4108A09C}\RP96\A0019984.vxd/D:/WINDOWS/system32/instsrv.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{D1434AA3-AB65-434C-BA6B-3A7E4108A09C}\RP97\A0019985.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{D1434AA3-AB65-434C-BA6B-3A7E4108A09C}\RP97\A0019987.vxd/D:/WINDOWS/system32/exdl.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{D1434AA3-AB65-434C-BA6B-3A7E4108A09C}\RP97\A0019987.vxd/D:/WINDOWS/system32/mqexdlm.srg -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{D1434AA3-AB65-434C-BA6B-3A7E4108A09C}\RP97\A0019987.vxd/D:/WINDOWS/system32/exul.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{D1434AA3-AB65-434C-BA6B-3A7E4108A09C}\RP97\A0019987.vxd/D:/WINDOWS/system32/javexulm.vxd -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{D1434AA3-AB65-434C-BA6B-3A7E4108A09C}\RP97\A0019987.vxd/D:/WINDOWS/system32/bbchk.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{D1434AA3-AB65-434C-BA6B-3A7E4108A09C}\RP97\A0019987.vxd/D:/WINDOWS/system32/msexreg.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{D1434AA3-AB65-434C-BA6B-3A7E4108A09C}\RP97\A0019987.vxd/D:/WINDOWS/system32/instsrv.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{D1434AA3-AB65-434C-BA6B-3A7E4108A09C}\RP98\A0019988.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{D1434AA3-AB65-434C-BA6B-3A7E4108A09C}\RP98\A0020018.vxd/D:/WINDOWS/system32/exdl.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{D1434AA3-AB65-434C-BA6B-3A7E4108A09C}\RP98\A0020018.vxd/D:/WINDOWS/system32/mqexdlm.srg -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{D1434AA3-AB65-434C-BA6B-3A7E4108A09C}\RP98\A0020018.vxd/D:/WINDOWS/system32/exul.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{D1434AA3-AB65-434C-BA6B-3A7E4108A09C}\RP98\A0020018.vxd/D:/WINDOWS/system32/javexulm.vxd -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{D1434AA3-AB65-434C-BA6B-3A7E4108A09C}\RP98\A0020018.vxd/D:/WINDOWS/system32/bbchk.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{D1434AA3-AB65-434C-BA6B-3A7E4108A09C}\RP98\A0020018.vxd/D:/WINDOWS/system32/msexreg.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{D1434AA3-AB65-434C-BA6B-3A7E4108A09C}\RP98\A0020018.vxd/D:/WINDOWS/system32/instsrv.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{D1434AA3-AB65-434C-BA6B-3A7E4108A09C}\RP99\A0020019.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{D1434AA3-AB65-434C-BA6B-3A7E4108A09C}\RP99\A0020052.vxd/D:/WINDOWS/system32/exdl.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{D1434AA3-AB65-434C-BA6B-3A7E4108A09C}\RP99\A0020052.vxd/D:/WINDOWS/system32/mqexdlm.srg -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{D1434AA3-AB65-434C-BA6B-3A7E4108A09C}\RP99\A0020052.vxd/D:/WINDOWS/system32/exul.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{D1434AA3-AB65-434C-BA6B-3A7E4108A09C}\RP99\A0020052.vxd/D:/WINDOWS/system32/javexulm.vxd -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{D1434AA3-AB65-434C-BA6B-3A7E4108A09C}\RP99\A0020052.vxd/D:/WINDOWS/system32/bbchk.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{D1434AA3-AB65-434C-BA6B-3A7E4108A09C}\RP99\A0020052.vxd/D:/WINDOWS/system32/msexreg.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{D1434AA3-AB65-434C-BA6B-3A7E4108A09C}\RP99\A0020052.vxd/D:/WINDOWS/system32/instsrv.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{57EE810D-8947-4397-9575-7670D48E9DEB}\RP193\A0047157.exe -> Adware.SaveNow : Cleaned with backup
D:\System Volume Information\_restore{57EE810D-8947-4397-9575-7670D48E9DEB}\RP193\A0047158.DLL -> Spyware.MyWay : Cleaned with backup
D:\System Volume Information\_restore{57EE810D-8947-4397-9575-7670D48E9DEB}\RP193\A0047159.EXE -> Spyware.MyWay : Cleaned with backup
D:\System Volume Information\_restore{57EE810D-8947-4397-9575-7670D48E9DEB}\RP197\A0048084.DLL -> Spyware.MyWay : Cleaned with backup
D:\System Volume Information\_restore{57EE810D-8947-4397-9575-7670D48E9DEB}\RP197\A0048260.dll -> TrojanSpy.Small.dj : Cleaned with backup
D:\System Volume Information\_restore{57EE810D-8947-4397-9575-7670D48E9DEB}\RP199\A0049260.dll -> TrojanSpy.Small.dj : Cleaned with backup
D:\System Volume Information\_restore{57EE810D-8947-4397-9575-7670D48E9DEB}\RP199\A0050260.dll -> TrojanSpy.Small.dj : Cleaned with backup
D:\System Volume Information\_restore{57EE810D-8947-4397-9575-7670D48E9DEB}\RP200\A0050268.sys -> Trojan.Rootkit.h : Cleaned with backup
D:\System Volume Information\_restore{57EE810D-8947-4397-9575-7670D48E9DEB}\RP201\A0050281.dll -> TrojanSpy.Small.dj : Cleaned with backup
D:\System Volume Information\_restore{57EE810D-8947-4397-9575-7670D48E9DEB}\RP201\A0050282.exe -> Spyware.EliteBar : Cleaned with backup
D:\System Volume Information\_restore{57EE810D-8947-4397-9575-7670D48E9DEB}\RP202\A0050287.exe -> Trojan.EliteBar.d : Cleaned with backup
D:\System Volume Information\_restore{57EE810D-8947-4397-9575-7670D48E9DEB}\RP202\A0050293.dll -> Spyware.EliteBar : Cleaned with backup
D:\System Volume Information\_restore{57EE810D-8947-4397-9575-7670D48E9DEB}\RP202\A0050294.dll -> Trojan.EliteBar.d : Cleaned with backup
D:\System Volume Information\_restore{57EE810D-8947-4397-9575-7670D48E9DEB}\RP203\A0050315.sys -> Trojan.Rootkit.h : Cleaned with backup
D:\System Volume Information\_restore{57EE810D-8947-4397-9575-7670D48E9DEB}\RP203\A0050323.dll -> Spyware.NewDotNet : Cleaned with backup
D:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.1.0.037\npwthost.dll -> Spyware.WildTangent : Cleaned with backup
D:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.1.0.037\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
D:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
D:\WINDOWS\wt\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
D:\WINDOWS\NDNuninstall6_38.exe -> Spyware.NewDotNet : Cleaned with backup


::Report End




thanks, hope nothin comes back *crosses fingers*
 

·
Administrator
Joined
·
4,870 Posts
Just a couple more little issues.

You are running Hijack This from a temporary directory. It needs to be in a permanent folder. Please go into Windows Explorer, click on C: then click on File > New > Folder and call it HJK , or another name of your choice.

Reboot your system in Safe Mode (By continually tapping the F8 key, until the menu appears).

Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any)

R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [New.net Startup] rundll32 D:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.sharewareonline.com...ver/Install.cab


Please remember to close all other windows, including browsers then click Fix checked.

Delete the following Folders indicated in BLUE if they still exist.

D:\PROGRA~1\NEWDOT~1\

Reboot your system in Normal Mode.

Please do an online scan at Panda ActiveScan

  1. Click on the Scan your PC button & a pop up window shall appear. (Ensure that your pop up blocker doesn't block it)
  2. Click On Next
  3. Enter your e-mail address & click Send. (It will begin downloading Panda's ActiveX controls which are about 8MB in size)
  4. In the next window, & checkmark the following:
    • Disinfect automatically
    • Scan compressed files
    • Scan e-mail files
    • Detect unknown viruses (Heuristic)
    • Detect spyware
  5. Begin the scan by selecting All My Computer

    You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.

  6. If it finds any malware, it will offer you a report. Click on see report
  7. Then click Save report
  8. Post the contents of the report in your next reply

Please post a fresh Hijack This log so that we can check if your system is clean.
 

·
Registered
Joined
·
6 Posts
Discussion Starter · #5 ·
me again

I couldn't find any of the things you wanted me to remove in my HJT screen. But I did the rest. Here are the logs.




Incident Status Location

Adware:adware/maxifiles No disinfected D:\PROGRAM FILES\COMMON FILES\InetGet
Adware:adware/elitebar No disinfected D:\Documents and Settings\Craig.AEGOS\Favorites\Casino & Carrers
Spyware:spyware/new.net No disinfected Windows Registry
Virus:W32/Parite.B No disinfected C:\_RESTORE\ARCHIVE\FS1314.CAB[A0378959.CPY]
Adware:Adware/ShoppingCommunityNo disinfected C:\WINDOWS\SYSTEM\moconfig.exe
Adware:Adware/Superbar No disinfected C:\WINDOWS\TEMP\pft3364~TMP\Disk1\data1.cab[SuperBarInstall.exe]
Adware:Adware/IST.ISTBar No disinfected C:\WINDOWS\Temporary Internet Files\Content.IE5\QUFMJB2Y\crackz[1].htm
Adware:Adware/WUpd No disinfected C:\WINDOWS\Temporary Internet Files\Content.IE5\6R6T4PGZ\count[1].htm
Adware:Adware/Superbar No disinfected C:\Program Files\InstallShield Installation Information\{4BC0FD61-CD29-4761-A286-B69C16EE8F9A}\data1.cab[SuperBarInstall.exe]
Virus:W32/Sdbot.EFG.worm Disinfected C:\xz.bat
Dialer:Dialer.CQF No disinfected D:\JOHNS\mydocs\Documents and Settings\John Gassel\Desktop\Torrents\CRACKSEARCHER\Cracks\A\C\Active_WebCam_Deluxe_v3.8.zip[CRACKED.RAR][webcam.exe]
Adware:Adware/EliteBar No disinfected D:\Documents and Settings\Craig.AEGOS\Desktop\aimfix_quarantine\21332_pokapoka73.exe.bak
Adware:Adware/Exact.SearchBar No disinfected D:\System Volume Information\_restore{D1434AA3-AB65-434C-BA6B-3A7E4108A09C}\RP83\A0018569.exe
Adware:Adware/Maxifiles No disinfected D:\WINDOWS\system32\mc-110-12-0000080.exe






Logfile of HijackThis v1.99.1
Scan saved at 4:32:02 PM, on 10/6/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\AVPersonal\AVGNT.EXE
D:\Program Files\AVPersonal\AVGUARD.EXE
D:\Program Files\AVPersonal\AVWUPSRV.EXE
D:\Program Files\ewido\security suite\ewidoctrl.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Mozilla Firefox\FIREFOX.EXE
D:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.the818search-co.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.the818search-co.com/sp2.php
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVGCtrl] "D:\Program Files\AVPersonal\AVGNT.EXE" /min
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1110837056216
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - D:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - D:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe



Thanks again
 

·
Administrator
Joined
·
4,870 Posts
Hi there

Please download Cleanup! or use this (Alternate Link) if the main link does not work and install it. You will use this later.

Reboot your system in Safe Mode (By continually tapping the F8 key, until the menu appears).

Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any)

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.the818search-co.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.the818search-co.com/sp2.php


Please remember to close all other windows, including browsers then click Fix checked.

Delete the following Folders indicated in BLUE if they still exist.

D:\PROGRAM FILES\COMMON FILES\InetGet
D:\Documents and Settings\Craig.AEGOS\Favorites\Casino & Carrers
C:\WINDOWS\SYSTEM\moconfig.exe
C:\Program Files\InstallShield Installation Information\{4BC0FD61-CD29-4761-A286-B69C16EE8F9A}\data1.cab
D:\JOHNS\mydocs\Documents and Settings\John Gassel\Desktop\Torrents\CRACKSEARCHER\Cracks\A\C\A ctive_WebCam_Deluxe_v3.8.zip
D:\WINDOWS\system32\mc-110-12-0000080.exe


Open Cleanup! by double-clicking the icon on your desktop (or from Start > All Programs). Set the program up as follows:

Click Options
Move the slider button down to Custom CleanUp!

Check the following:
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Cleanup! All Users
Uncheck the following :
  • Scan local drives for temporary files

*NOTE* Cleanup deletes EVERYTHING out of temporary folders and does not make backups.

Click OK, Press the CleanUp! button to start the program and reboot when prompted.

Post a new Hijack This log.
 

·
Registered
Joined
·
6 Posts
Discussion Starter · #7 ·
ok

ok I found all that stuff and deleted it. Heres my new log.


Logfile of HijackThis v1.99.1
Scan saved at 3:24:46 PM, on 10/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\AVPersonal\AVGNT.EXE
D:\Program Files\AVPersonal\AVGUARD.EXE
D:\Program Files\AVPersonal\AVWUPSRV.EXE
D:\Program Files\ewido\security suite\ewidoctrl.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\wscntfy.exe
C:\HJT\HijackThis.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVGCtrl] "D:\Program Files\AVPersonal\AVGNT.EXE" /min
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1110837056216
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - D:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - D:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe



you see anything else?
 

·
Premium Member
Joined
·
14,311 Posts
Your log is clean.

To help prevent future spyware installations/infections, please read the Anti-Spyware Tutorial and use the tools provided.

Are there any problems now? If not, you should be set to go.
 
1 - 9 of 9 Posts
Status
Not open for further replies.
Top