Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

My computer is infected with a virus. Please help

Started by frosties , May 31 2006 09:42 AM

Please log in to reply

#1
frosties

Posted 31 May 2006 - 09:42 AM

New Member

Member
3 posts

My computer is keep comming with theese pop up's that my computer is infected by a "W32.Myzor.FK@yf". It relly slows my computer. Please help :whistling:

Logfile of HijackThis v1.99.1
Scan saved at 17:37:31, on 31-05-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\NavNT\defwatch.exe
C:\Programmer\Fælles filer\LightScribe\LSSrvc.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmer\NavNT\rtvscan.exe
C:\WINDOWS\System32\svc8021x.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\atmclk.exe
C:\WINDOWS\system32\dcomcfg.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Programmer\Java\j2re1.4.2_03\bin\jusched.exe
C:\Programmer\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\PROGRA~1\NavNT\vptray.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\BullsEye Network\bin\bargains.exe
C:\Programmer\NaviSearch\bin\nls.exe
C:\Programmer\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\programmer\valve\steam\steam.exe
C:\Programmer\ZyAIR USB Utility\ZyAIR.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\SpywareQuake.com\spyware-quake.exe
C:\Programmer\SpywareQuake.com\spyware-quake.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.exactsearch.net/sidesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Programmer\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Programmer\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Programmer\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Programmer\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmer\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar1.dll
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\system32\nvms.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\da\msntb.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\system32\msbe.dll
O2 - BHO: Nothing - {f79fd28e-36ee-4989-aa61-9dd8e30a82fa} - C:\WINDOWS\system32\hp100.tmp
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\da\msntb.dll
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Programmer\MyWay\myBar\1.bin\MYBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Programmer\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NavNT\vptray.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Programmer\Fælles filer\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BullsEye Network] C:\Programmer\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [NaviSearch] C:\Programmer\NaviSearch\bin\nls.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Programmer\Google\Gmail Notifier\gnotify.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\programmer\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Programmer\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Programmer\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: ZyAIR.lnk = C:\Programmer\ZyAIR USB Utility\ZyAIR.exe
O8 - Extra context menu item: &Google Search - res://c:\programmer\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsear...?p=ZHxdm035YYDK
O8 - Extra context menu item: &Translate English Word - res://c:\programmer\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programmer\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmer\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\programmer\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programmer\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O15 - Trusted Zone: *.danskebank.dk
O16 - DPF: {0878B424-1F95-4E26-B5AB-F0D349D89650} - http://download.bull...ller_ETE_AX.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...up1.0.0.8-2.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Programmer\NavNT\defwatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Programmer\Fælles filer\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Programmer\NavNT\rtvscan.exe
O23 - Service: AEGIS Client 1.3.6.1 (SVC8021X) - Meetinghouse Data Communications - C:\WINDOWS\System32\svc8021x.exe

#2
Noviciate

Posted 31 May 2006 - 02:37 PM

Confused Helper

Malware Removal
1,567 posts

You will need to make a copy of these instructions because you have to disconnect from the internet to complete the fix. Either print them out or copy and paste them into Notepad.

Preparation

1) Download the trial version of Ewido Anti-Malware from here and save it to your Desktop.
When the download has finished, locate ewido-setup.exe and double click it to begin installation.
** If you already have Ewido installed, update it and go to 2) **

In the 'Additional Options' window, uncheck:
'Install required for automatic updates (background guard)'.

When installation is complete, you will need to update Ewido to the latest definition files.
To do this:
Double click the Ewido Desktop icon.
In the main screen, on the left hand side, click Update.
In the following screen, click Start Update

A progress bar will show how the update is going. When it has finished updating, close it.

If you have problems with the updater, you can manually update Ewido:
Click here and save ewido-signatures-full-current.exe to your Desktop.
All you need to do then is to double-click it, click Install and then, when it has finished, Close.

Ewido Anti-Malware is designed to be used to both scan for and remove malicious files and also to run alongside, but not replace, your existing anti-virus program to give an added layer of protection.
However, as the real-time protection may interfere with the fixing of your PC, this function will have been disabled as long as you followed the installation instructions correctly.
At the end of the trial period, Ewido will revert to a stand-alone scanner which you can keep and update for free and use in a similar way to Ad-Aware SE Personal.
Should you wish to benefit from the real-time protection, you will need to upgrade the program. To do this, simply open it and click on the Buy now online button.

2) Download SmitfraudFix.zip by S!Ri from here and save it to your Desktop.
You will then need to extract the files.
To do this: Right click on the zipped folder and from the menu that appears, click on Extract All...
In the 'Extraction Wizard' window that opens, click on Next> and in the next window that appears, click on Next> again.
In the final window, click on Finish

Close the folder, you will need it later.

3) You will need to know how to boot into Safe Mode.
Instructions can be found here.

4) You will need to set Windows to show All Hidden Files and Folders.
Instructions can be found here.
** These files are hidden to stop you accidentally removing something important.
It is advisable to hide them again after fixing your computer. **

5) Log off from the internet and disconnect your modem cable for the duration of the fix.

Removal

1) Boot into Safe Mode.

2) Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Press "2" and then <ENTER> to start the cleaning process.

Wait for the tool to complete and disk cleanup to finish.
You will be prompted "Registry cleaning - Do you want to clean the registry ? Press "Y" and then <ENTER>.
The tool will also check if wininet.dll is infected. You may be prompted to "Replace infected file ?" - press "Y" and then <ENTER>.

Your PC now needs to be rebooted. If this does not happen automatically, you will need to do so manually. Either way, your PC will need to be booted back INTO SAFE MODE.

3) Navigate to the C:\Windows\Temp folder and delete all the files that you find there.
Do this for all Usernames.

4) Navigate to C:\Documents and Settings\Username\Local Settings\Temp and delete all the files that you find there.
Do this for all Usernames.

5) Go to Start > Control Panel > Internet Options and under Temporary Internet files, click on Delete Files...
Check the box to the left of 'Delete all offline content' and then click on OK.

6) Go to Start > Control Panel > Display.
Select the Desktop Tab, click on Customise Desktop... and then select the Web Tab.
Under Web pages: you should see a checked entry called Security info - or similar. Highlight this entry and then click the Delete button.
Finally click OK > Apply > OK.

7) Empty the Recycle Bin.

8) Ensure that ALL open Windows / Programs / Folders are closed and then run Ewido.

Click on Scanner and then Settings.
Ensure that all the boxes are checked and that under What to scan?, "Scan every file" is selected and then click OK.
Click on Complete System Scan and the scan will begin.
While the scan is in progress you will be prompted to clean files, click OK.
When it asks if you want to clean the first file, put a checkmark in the lower left corner of the box that says "Perform action with all infections" and also in the box next to "Create encrypted backup" then choose clean and click OK.
Once the scan has completed, there will be a button located on the bottom of the screen called Save report - click it.
Save the report.txt file to your desktop.

You can now close Ewido Anti-Malware.

Warning: While the scan is in progress, DO NOT open any folders or the Windows Control Panel !!

9) Reboot into Normal Mode.

10) Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Press "3" and then <ENTER> to "Delete Trusted Zone".
When prompted "Restore Trusted Zone ?", press "Y" and then <ENTER>.

* Please Note: If you use SpywareBlaster and/or IE/Spyads, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE/Spyads, run the batch file and reinstall the protection *

Will you then post the following:

A new HJT log,
The Ewido log,
The text file rapport.txt that will be found in the root of your drive, eg: Local Disk C: or partition where your operating system is installed.
For most, this file can be found by double-clicking My Computer and then Local Disk (C:)
A description of how your PC is behaving.
Also, run HJT and click on Open the Misc Tools section.
In the next window, click on Open Uninstall Manager...
In the final window, click on Save list... and save it to your Desktop.
Copy and paste this file: uninstall_list.txt into your next reply.

This fix is based on a canned speech supplied by Kimberly.

#3
frosties

Posted 01 June 2006 - 01:27 PM

New Member

Topic Starter
Member
3 posts

At first, thank you for helping me. :whistling:

And second, my computer is running better now. The commercials is almost gone.
Here is the logs.

Logfile of HijackThis v1.99.1
Scan saved at 21:13:58, on 01-06-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\NavNT\defwatch.exe
C:\Programmer\ewido anti-malware\ewidoctrl.exe
C:\Programmer\Fælles filer\LightScribe\LSSrvc.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmer\NavNT\rtvscan.exe
C:\WINDOWS\System32\svc8021x.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Programmer\Java\j2re1.4.2_03\bin\jusched.exe
C:\Programmer\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe
C:\PROGRA~1\NavNT\vptray.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Google\Gmail Notifier\gnotify.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\programmer\valve\steam\steam.exe
C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmer\ZyAIR USB Utility\ZyAIR.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Programmer\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Programmer\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Programmer\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Programmer\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Nothing - {6ab7158b-4bff-4160-ad7d-4d622df548cf} - C:\WINDOWS\system32\hp100.tmp (file missing)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmer\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\da\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\da\msntb.dll
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Programmer\MyWay\myBar\1.bin\MYBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Programmer\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NavNT\vptray.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Programmer\Fælles filer\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BullsEye Network] C:\Programmer\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Programmer\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [PCMService] "C:\Programmer\Dell\Media Experience\PCMService.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\programmer\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Programmer\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Programmer\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: ZyAIR.lnk = C:\Programmer\ZyAIR USB Utility\ZyAIR.exe
O8 - Extra context menu item: &Google Search - res://c:\programmer\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsear...?p=ZHxdm035YYDK
O8 - Extra context menu item: &Translate English Word - res://c:\programmer\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programmer\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmer\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\programmer\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programmer\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {0878B424-1F95-4E26-B5AB-F0D349D89650} - http://download.bull...ller_ETE_AX.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...up1.0.0.8-2.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Programmer\NavNT\defwatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Programmer\Fælles filer\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Programmer\NavNT\rtvscan.exe
O23 - Service: AEGIS Client 1.3.6.1 (SVC8021X) - Meetinghouse Data Communications - C:\WINDOWS\System32\svc8021x.exe

---------------------------------------------------------
ewido anti-malware - Scanningsrapport
---------------------------------------------------------

+ Oprettet den: 20:41:23, 01-06-2006
+ Rapport-Checksum: 89C82687

+ Scanningsresultat:
C:\Documents and Settings\Kim Frost\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-51d3f209-31b3eb3a.class -> Trojan.ClassLoader.Dummy.c : Renset med backup
C:\Documents and Settings\Kim Frost\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-531c338a-6beb3209.class -> Trojan.ClassLoader.Dummy.c : Renset med backup
C:\Documents and Settings\Kim Frost\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\ok.class-602516f-5005cebd.class -> Trojan.Nocheat : Renset med backup
C:\Documents and Settings\Kim Frost\Cookies\kim frost@adjuggler[2].txt -> TrackingCookie.Adjuggler : Renset med backup
C:\Documents and Settings\Kim Frost\Cookies\kim frost@adtech[2].txt -> TrackingCookie.Adtech : Renset med backup
C:\Documents and Settings\Kim Frost\Cookies\kim frost@doubleclick[1].txt -> TrackingCookie.Doubleclick : Renset med backup
C:\Documents and Settings\Kim Frost\Cookies\kim [email protected][1].txt -> TrackingCookie.Adjuggler : Renset med backup
C:\Documents and Settings\Kim Frost\Cookies\kim [email protected][2].txt -> TrackingCookie.Reliablestats : Renset med backup
C:\Documents and Settings\Kim Frost\Cookies\kim frost@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Renset med backup
C:\Documents and Settings\Kim Frost\Cookies\kim [email protected][2].txt -> TrackingCookie.Myaffiliateprogram : Renset med backup
C:\Documents and Settings\Kim Frost\Lokale indstillinger\Temp\Cookies\kim frost@247realmedia[1].txt -> TrackingCookie.247realmedia : Renset med backup
C:\Documents and Settings\Kim Frost\Lokale indstillinger\Temp\Cookies\kim [email protected][2].txt -> TrackingCookie.Yieldmanager : Renset med backup
C:\Documents and Settings\Kim Frost\Lokale indstillinger\Temp\Cookies\kim frost@adtech[2].txt -> TrackingCookie.Adtech : Renset med backup
C:\Documents and Settings\Kim Frost\Lokale indstillinger\Temp\Cookies\kim frost@advertising[1].txt -> TrackingCookie.Advertising : Renset med backup
C:\Documents and Settings\Kim Frost\Lokale indstillinger\Temp\Cookies\kim [email protected][1].txt -> TrackingCookie.Falkag : Renset med backup
C:\Documents and Settings\Kim Frost\Lokale indstillinger\Temp\Cookies\kim [email protected][2].txt -> TrackingCookie.Clickzs : Renset med backup
C:\Documents and Settings\Kim Frost\Lokale indstillinger\Temp\Cookies\kim [email protected][2].txt -> TrackingCookie.Clickzs : Renset med backup
C:\Documents and Settings\Kim Frost\Lokale indstillinger\Temp\Cookies\kim frost@doubleclick[1].txt -> TrackingCookie.Doubleclick : Renset med backup
C:\Documents and Settings\Kim Frost\Lokale indstillinger\Temp\Cookies\kim [email protected][1].txt -> TrackingCookie.Itrack : Renset med backup
C:\Documents and Settings\Kim Frost\Lokale indstillinger\Temp\Cookies\kim frost@mediaplex[1].txt -> TrackingCookie.Mediaplex : Renset med backup
C:\Documents and Settings\Kim Frost\Lokale indstillinger\Temp\Cookies\kim frost@yadro[2].txt -> TrackingCookie.Yadro : Renset med backup
C:\Documents and Settings\Kim Frost\Lokale indstillinger\Temp\NI.UWA6PK_0001_N73M1204\setup.exe -> Trojan.Fakealert : Renset med backup
C:\Documents and Settings\Kim Frost\Lokale indstillinger\Temporary Internet Files\Content.IE5\UBKZV0PG\ErrorSafeFreeInstall_dk[1].cab/UERSK_0001_N68M2202NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Renset med backup
C:\Programmer\BullsEye Network -> Adware.BargainBuddy : Renset med backup
C:\Programmer\BullsEye Network\ad.dat -> Adware.BargainBuddy : Renset med backup
C:\Programmer\BullsEye Network\bin -> Adware.BargainBuddy : Renset med backup
C:\Programmer\BullsEye Network\bin\adv.exe -> Adware.BargainBuddy : Renset med backup
C:\Programmer\BullsEye Network\bin\adx.exe -> Adware.BargainBuddy : Renset med backup
C:\Programmer\BullsEye Network\bin\bargains.exe -> Adware.BargainBuddy : Renset med backup
C:\Programmer\BullsEye Network\index.dat -> Adware.BargainBuddy : Renset med backup
C:\Programmer\BullsEye Network\ub.dat -> Adware.BargainBuddy : Renset med backup
C:\Programmer\BullsEye Network\Uninstall.exe -> Adware.BargainBuddy : Renset med backup
C:\Programmer\NaviSearch -> Adware.BargainBuddy : Renset med backup
C:\Programmer\NaviSearch\ad.dat -> Adware.BargainBuddy : Renset med backup
C:\Programmer\NaviSearch\bin -> Adware.BargainBuddy : Renset med backup
C:\Programmer\NaviSearch\bin\nls.exe -> Adware.BargainBuddy : Renset med backup
C:\Programmer\NaviSearch\t1147442127.dec -> Adware.BargainBuddy : Renset med backup
C:\Programmer\NaviSearch\ub.dat -> Adware.BargainBuddy : Renset med backup
C:\Programmer\NaviSearch\Uninstall.exe -> Adware.BargainBuddy : Renset med backup
C:\RECYCLER\S-1-5-21-405254679-4151349306-294617901-500\Dc2\FSG.exe -> Adware.Gator : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP577\A0108434.dll -> Adware.180Solutions : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP577\A0108496.dll -> Adware.180Solutions : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP578\A0108544.exe -> Adware.180Solutions : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP578\A0108545.exe -> Adware.180Solutions : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP582\A0109491.dll -> Adware.180Solutions : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP606\A0113007.exe -> Adware.SaveNow : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP607\A0113044.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP607\A0113045.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP607\A0113046.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP607\snapshot\MFEX-1.DAT -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP608\A0113049.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP608\A0113050.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP608\A0113051.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP608\A0113057.srg -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP608\snapshot\MFEX-1.DAT -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP609\A0113097.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP609\A0113098.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP609\A0113099.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP610\A0113109.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP610\A0113110.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP610\A0113111.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP611\A0113147.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP611\A0113148.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP611\A0113149.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP611\A0113150.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP612\A0113158.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP612\A0113159.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP613\A0113177.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP613\A0113178.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP613\A0113179.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP613\A0113180.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP614\A0113193.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP614\A0113194.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP614\A0113195.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP614\A0113196.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP615\A0113210.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP615\A0113211.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP615\A0113212.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP615\A0113213.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP616\A0113233.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP616\A0113234.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP616\A0113235.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP616\A0113236.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP617\A0113278.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP617\A0113279.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP617\A0113280.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP617\A0113281.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP618\A0113287.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP618\A0113288.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP618\A0113289.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP618\A0113290.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP618\A0113344.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP618\A0113345.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP618\A0113346.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP618\A0113347.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP619\A0113373.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP619\A0113374.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP619\A0113375.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP619\A0113376.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP620\A0113387.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP620\A0113388.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP620\A0113389.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP621\A0113393.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP621\A0113394.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP621\A0113395.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP621\A0113396.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP622\A0113398.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP622\A0113399.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP622\A0113400.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP623\A0113403.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP623\A0113404.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP623\A0113405.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP624\A0113407.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP624\A0113408.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP624\A0113409.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP624\A0113433.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP624\A0113434.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP624\A0113435.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP624\A0113436.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP625\A0113476.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP625\A0113477.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP625\A0113478.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP626\A0113485.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP626\A0113486.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP626\A0113487.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP626\A0113488.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP627\A0113492.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP627\A0113493.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP627\A0113494.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP628\A0113502.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP628\A0113503.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP628\A0113504.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP629\A0113515.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP629\A0113516.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP629\A0113517.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP630\A0113519.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP630\A0113520.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP630\A0113521.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP631\A0113530.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP631\A0113531.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP631\A0113532.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP631\A0113533.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP632\A0113582.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP632\A0113583.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP632\A0113587.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP633\A0113618.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP633\A0113619.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP633\A0113620.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP634\A0113624.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP634\A0113625.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP634\A0113626.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP635\A0113646.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP635\A0113647.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP635\A0113648.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP636\A0113679.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP636\A0113680.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP636\A0113681.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP636\A0113682.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP637\A0113694.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP637\A0113695.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP637\A0113696.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP638\A0113712.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP638\A0113713.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP638\A0113714.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP638\A0113715.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP639\A0113724.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP639\A0113725.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP639\A0113726.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP639\A0113768.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP639\A0113769.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP639\A0113770.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP639\A0113771.exe -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP640\A0113816.dll -> Trojan.Fakealert : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP640\A0113817.dll -> Adware.BargainBuddy : Renset med backup
C:\System Volume Information\_restore{8B8967CB-CFD7-4068-A2A2-720D4D4CCD9E}\RP640\A0113818.dll -> Adware.BargainBuddy : Renset med backup
C:\WINDOWS\SYSTEM32\exdl.exe -> Adware.BargainBuddy : Renset med backup
C:\WINDOWS\SYSTEM32\exdl1.exe -> Adware.BargainBuddy : Renset med backup
C:\WINDOWS\SYSTEM32\exdl2.exe -> Adware.BargainBuddy : Renset med backup
C:\WINDOWS\SYSTEM32\exul.exe -> Adware.BargainBuddy : Renset med backup
C:\WINDOWS\SYSTEM32\exul1.exe -> Adware.BargainBuddy : Renset med backup
C:\WINDOWS\SYSTEM32\exul2.exe -> Adware.BargainBuddy : Renset med backup
C:\WINDOWS\SYSTEM32\javexulm.vxd -> Adware.BargainBuddy : Renset med backup
C:\WINDOWS\SYSTEM32\mqexdlm.srg -> Adware.BargainBuddy : Renset med backup

::Rapport [bleep]

SmitFraudFix v2.53

Scan done at 15:31:41,92, 01-06-2006
Run from C:\Documents and Settings\Kim Frost\Dokumenter\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{62eb0924-19d2-4226-b4b9-8ad1f70904c1}"="bronchovascular"

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\atmclk.exe Deleted
C:\WINDOWS\system32\dcomcfg.exe Deleted
C:\WINDOWS\system32\hp???.tmp Deleted
C:\WINDOWS\system32\hvnwm.dll Deleted
C:\WINDOWS\system32\ld????.tmp Deleted
C:\WINDOWS\system32\msbe.dll Deleted
C:\WINDOWS\system32\nvms.dll Deleted
C:\WINDOWS\system32\ot.ico Deleted
C:\WINDOWS\system32\regperf.exe Deleted
C:\WINDOWS\system32\simpole.tlb Deleted
C:\WINDOWS\system32\stdole3.tlb Deleted
C:\WINDOWS\system32\ts.ico Deleted
C:\WINDOWS\system32\1024\ Deleted
C:\Programmer\SpywareQuake.com\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

Adobe Reader 7.0.7 - Dansk
AEGIS Client
ArcSoft Panorama Maker 3.0
ArcSoft Software Suite
Broadcom Management Programs
Cycling Manager 4
Dell Media Experience
Dell Solution Center
Disneys Anders And
Disneys Multispil
DSC108
DV Studio3
DVDSentry
e-Safekey
EuroTalk Talk Now Plus!
ewido anti-malware
GameCenter
Google Earth
Google Gmail Notifier
Google Toolbar for Internet Explorer
Half-Life
Half-Life® 2
HighMAT-udvidelse til Guiden Cd-skrivning til Microsoft Windows XP
Hijackthis 1.99.1
HijackThis 1.99.1
IKEA Home Planner Kitchen
Intel® 537EP V9x DF PCI Modem
Intel® Extreme Graphics Driver
iPod for Windows 2005-03-23
iTunes
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Java 2 Runtime Environment, SE v1.4.2_03
Lademanns Multimedia Leksikon 2002
LimeWire
LiveReg (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)
Macromedia Flash Player 8
Macromedia Shockwave Player
MEDION-Navigator
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Danish Language Pack
Microsoft ActiveSync 3.7
Microsoft Data Access Components KB870669
Microsoft Office Professional Edition 2003
Microsoft Outlook 2002
Microsoft Windows Media Video 9 VCM
Microsoft Works 7.0
Modem Event Monitor
Modem Helper
Modem On Hold
MSN Messenger 7.0
MSN Toolbar
My Search Bar
My Web Search (HistorySwatter)
Nero Suite
Nikon View 5
Norton AntiVirus Corporate Edition
Opdatering til Windows XP (KB894391)
Opdatering til Windows XP (KB896727)
Opdatering til Windows XP (KB898461)
Opdatering til Windows XP (KB900485)
Opdatering til Windows XP (KB910437)
PokerStars
PowerDVD
Pro Cycling Manager
Pro Cycling Manager Demo
QuickTime
SD Viewer
Sikkerhedsopdatering til Windows Media Player (KB911564)
Sikkerhedsopdatering til Windows Media Player 10 (KB911565)
Sikkerhedsopdatering til Windows XP (KB883939)
Sikkerhedsopdatering til Windows XP (KB890046)
Sikkerhedsopdatering til Windows XP (KB893756)
Sikkerhedsopdatering til Windows XP (KB896358)
Sikkerhedsopdatering til Windows XP (KB896422)
Sikkerhedsopdatering til Windows XP (KB896423)
Sikkerhedsopdatering til Windows XP (KB896424)
Sikkerhedsopdatering til Windows XP (KB896428)
Sikkerhedsopdatering til Windows XP (KB896688)
Sikkerhedsopdatering til Windows XP (KB899587)
Sikkerhedsopdatering til Windows XP (KB899588)
Sikkerhedsopdatering til Windows XP (KB899591)
Sikkerhedsopdatering til Windows XP (KB900725)
Sikkerhedsopdatering til Windows XP (KB901017)
Sikkerhedsopdatering til Windows XP (KB901214)
Sikkerhedsopdatering til Windows XP (KB902400)
Sikkerhedsopdatering til Windows XP (KB903235)
Sikkerhedsopdatering til Windows XP (KB904706)
Sikkerhedsopdatering til Windows XP (KB905414)
Sikkerhedsopdatering til Windows XP (KB905749)
Sikkerhedsopdatering til Windows XP (KB905915)
Sikkerhedsopdatering til Windows XP (KB908519)
Sikkerhedsopdatering til Windows XP (KB908531)
Sikkerhedsopdatering til Windows XP (KB911562)
Sikkerhedsopdatering til Windows XP (KB911567)
Sikkerhedsopdatering til Windows XP (KB911927)
Sikkerhedsopdatering til Windows XP (KB912812)
Sikkerhedsopdatering til Windows XP (KB912919)
Sikkerhedsopdatering til Windows XP (KB913446)
Sikkerhedsopdatering til Windows XP (KB913580)
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
Steam
SupportAgenten
The Sims 2
The Sims Unleashed
Uden at prale - Det er Harry Version 1.06
UEFA EURO 2004
USB Driver for Panasonic DVC
WebCam Driver for Panasonic DVC
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
ZyAIR USB Utility

#4
Noviciate

Posted 01 June 2006 - 02:24 PM

Confused Helper

Malware Removal
1,567 posts

1) Go to Start > Control Panel > Add/Remove Programs and remove the following, and then reboot your PC:

My Search Bar
My Web Search (HistorySwatter)

2) Run HijackThis as you did to generate a log, but this time click on 'Do a system scan only'.
Place a checkmark in the boxes to the left of the following entries, by clicking on them:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Programmer\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Programmer\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Programmer\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Programmer\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: Nothing - {6ab7158b-4bff-4160-ad7d-4d622df548cf} - C:\WINDOWS\system32\hp100.tmp (file missing)

O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Programmer\MyWay\myBar\1.bin\MYBAR.DLL

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Programmer\MyWebSearch\bar\1.bin\MWSOEMON.EXE

O16 - DPF: {0878B424-1F95-4E26-B5AB-F0D349D89650} - http://download.bull...ller_ETE_AX.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...up1.0.0.8-2.cab

CLOSE ALL OPEN WINDOWS AND BROWSERS - EXCEPT HJT and click on Fix checked

3) Delete the folowing folders, if present:

C:\Programmer\MyWebSearch
C:\Programmer\MyWay

As an example:
To delete C:\WINDOWS\system32\foldertogo
Double click the My Computer icon on your Desktop.
Double click on Local Disc (C:)
Double click on the Windows folder,
Double click on the System 32 folder,
Right click on foldertogo and from the menu that appears, click on 'Delete'

4) Run the following online scan: Panda ActiveScan.

Please note that IE is required to run this scan.
You will need to fill in the "Country, region, email address" information before you can download and install the ActiveX components necessary to run the scan.
When you are asked to "Select a device to scan...", click on "My Computer".

When the scan has finished, click See Report > Save Report which by default will save the scan results as Activescan.txt in My Documents.

Copy and paste the result of the above scan into your next reply along with a fresh HJT log AND a description of how your PC is running.

#5
frosties

Posted 07 June 2006 - 10:37 AM

New Member

Topic Starter
Member
3 posts

The computer is running almost as good at before. :whistling:

Logfile of HijackThis v1.99.1
Scan saved at 18:32:57, on 07-06-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\NavNT\defwatch.exe
C:\Programmer\ewido anti-malware\ewidoctrl.exe
C:\Programmer\Fælles filer\LightScribe\LSSrvc.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmer\NavNT\rtvscan.exe
C:\WINDOWS\System32\svc8021x.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Programmer\Java\j2re1.4.2_03\bin\jusched.exe
C:\Programmer\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\PROGRA~1\NavNT\vptray.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Google\Gmail Notifier\gnotify.exe
C:\Programmer\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\programmer\valve\steam\steam.exe
C:\Programmer\ZyAIR USB Utility\ZyAIR.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sporten.tv2.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmer\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\da\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\da\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Programmer\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NavNT\vptray.exe
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Programmer\Fælles filer\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BullsEye Network] C:\Programmer\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Programmer\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [PCMService] "C:\Programmer\Dell\Media Experience\PCMService.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\programmer\valve\steam\steam.exe" -silent
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: ZyAIR.lnk = C:\Programmer\ZyAIR USB Utility\ZyAIR.exe
O8 - Extra context menu item: &Google Search - res://c:\programmer\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programmer\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programmer\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmer\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\programmer\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programmer\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Programmer\NavNT\defwatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Programmer\Fælles filer\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Programmer\NavNT\rtvscan.exe
O23 - Service: AEGIS Client 1.3.6.1 (SVC8021X) - Meetinghouse Data Communications - C:\WINDOWS\System32\svc8021x.exe

Incident Status Location

Adware:adware/exact.bargainbuddy Not disinfected c:\windows\system32\bbchk.exe
Adware:adware/emediacodec Not disinfected c:\documents and settings\all users\skrivebord\Online Security Guide.url
Adware:adware/securityerror Not disinfected C:\Documents and Settings\Kim Frost\Foretrukne\Antivirus Test Online.url
Potentially unwanted tool:application/bestoffer Not disinfected c:\windows\smdat32a.sys
Potentially unwanted tool:application/funweb Not disinfected c:\programmer\FunWebProducts
Potentially unwanted tool:application/winantivirus2006 Not disinfected c:\programmer\WinAntiVirus Pro 2006
Potentially unwanted tool:application/mywebsearch Not disinfected hkey_current_user\software\MyWebSearch
Potentially unwanted tool:application/myway Not disinfected hkey_local_machine\software\MyWay
Potentially unwanted tool:application/altnet Not disinfected hkey_classes_root\clsid\{B7156514-A76C-4545-9D5B-A4E1D02C7AEC}
Adware:adware/exact.bullseye Not disinfected Windows Registry
Adware:adware/looksmart Not disinfected Windows Registry
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Kim Frost\Cookies\kim [email protected][2].txt
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Kim Frost\Cookies\kim frost@adtech[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Kim Frost\Cookies\kim frost@advertising[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Kim Frost\Cookies\kim [email protected][2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Kim Frost\Cookies\kim [email protected][2].txt
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Kim Frost\Cookies\kim frost@bravenet[1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Kim Frost\Cookies\kim frost@casalemedia[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Kim Frost\Cookies\kim frost@doubleclick[1].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Kim Frost\Cookies\kim frost@errorsafe[2].txt
Spyware:Cookie/Itrack Not disinfected C:\Documents and Settings\Kim Frost\Cookies\kim [email protected][2].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Kim Frost\Cookies\kim frost@maxserving[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Kim Frost\Cookies\kim frost@mediaplex[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Kim Frost\Cookies\kim frost@realmedia[1].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Kim Frost\Cookies\kim [email protected][2].txt
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Kim Frost\Cookies\kim [email protected][2].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Kim Frost\Cookies\kim frost@tradedoubler[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Kim Frost\Cookies\kim frost@tribalfusion[2].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Kim Frost\Cookies\kim [email protected][2].txt
Spyware:Cookie/SecurityError Not disinfected C:\Documents and Settings\Kim Frost\Cookies\kim [email protected][1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Kim Frost\Cookies\kim frost@xiti[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Kim Frost\Dokumenter\SmitfraudFix\Process.exe
Virus:W32/Netsky.P.worm Disinfected Personal Folders\Inbox\important.zip[details.txt .pif]
Virus:W32/Netsky.P.worm Disinfected Personal Folders\Inbox\Re: hello\excel document_k.frost.zip[details.txt .pif]
Virus:W32/Netsky.P.worm Disinfected Personal Folders\Inbox\important.zip[details.txt .pif]
Virus:W32/Netsky.P.worm Disinfected Personal Folders\Inbox\Re: hello\excel document_k.frost.zip[details.txt .pif]
Virus:W32/Netsky.P.worm Disinfected Personal Folders\Inbox\Mail Delivery (failure [email protected])\message.scr
Adware:Adware/Exact.Funcade Not disinfected C:\Documents and Settings\Kim Frost\Lokale indstillinger\Temp\be26F.tmp[funcade.exe]
Adware:Adware/Exact.BargainBuddy Not disinfected C:\Documents and Settings\Kim Frost\Lokale indstillinger\Temp\be26F.tmp[package_funcade_ETE_AX.exe][exdl.exe]
Adware:Adware/Exact.SearchBar Not disinfected C:\Documents and Settings\Kim Frost\Lokale indstillinger\Temp\be26F.tmp[package_funcade_ETE_AX.exe][exul.exe]
Adware:Adware/Exact.BargainBuddy Not disinfected C:\Documents and Settings\Kim Frost\Lokale indstillinger\Temp\be26F.tmp[package_funcade_ETE_AX.exe][adp8047_ETE_AX.exe][bargains.exe]
Adware:Adware/Exact.BargainBuddy Not disinfected C:\Documents and Settings\Kim Frost\Lokale indstillinger\Temp\be26F.tmp[package_funcade_ETE_AX.exe][adp8047_ETE_AX.exe][adv.exe]
Adware:Adware/Exact.BargainBuddy Not disinfected C:\Documents and Settings\Kim Frost\Lokale indstillinger\Temp\be26F.tmp[package_funcade_ETE_AX.exe][adp8047_ETE_AX.exe][adx.exe]
Adware:Adware/Exact.BargainBuddy Not disinfected C:\Documents and Settings\Kim Frost\Lokale indstillinger\Temp\be26F.tmp[package_funcade_ETE_AX.exe][adp8047_ETE_AX.exe][²èÇ]
Adware:Adware/Exact.SearchBar Not disinfected C:\Documents and Settings\Kim Frost\Lokale indstillinger\Temp\be26F.tmp[package_funcade_ETE_AX.exe][nls8045_ETE_AX.exe][²èÇ]
Adware:Adware/Exact.SearchBar Not disinfected C:\Documents and Settings\Kim Frost\Lokale indstillinger\Temp\be26F.tmp[package_funcade_ETE_AX.exe][nls8045_ETE_AX.exe][nls.exe]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Kim Frost\Lokale indstillinger\Temp\Cookies\kim frost@adultfriendfinder[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Kim Frost\Lokale indstillinger\Temp\Cookies\kim frost@belnk[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Kim Frost\Lokale indstillinger\Temp\Cookies\kim [email protected][2].txt
Potentially unwanted tool:Application/P2PNetworking Not disinfected C:\Documents and Settings\Kim Frost\Lokale indstillinger\Temp\p2psetup.exe

#6
Noviciate

Posted 07 June 2006 - 01:26 PM

Confused Helper

Malware Removal
1,567 posts

The computer is running almost as good at before.

I trust you mean before you were infected, NOT before I started helping you! :whistling:

--------------------------------------------------------------------------------------------------------------------------------

A little tidying-up and you're done.

You will need to make a copy of these instructions because you have to disconnect from the internet to complete the fix. Either print them out or copy and paste them into Notepad.

Preparation

1) You will need to set Windows to show All Hidden Files and Folders
Instructions can be found here.
** These files are hidden to stop you accidentally removing something important.
It is advisable to hide them again after fixing your computer. **

2) You will also need to know how to boot into Safe Mode.
Instructions can be found here.

3) Log off from the internet and disconnect your modem cable for the duration of the fix.

Removal

1) Run HijackThis as you did to generate a log, but this time click on 'Do a system scan only'.
Place a checkmark in the boxes to the left of the following entries, by clicking on them:

O4 - HKLM\..\Run: [BullsEye Network] C:\Programmer\BullsEye Network\bin\bargains.exe

CLOSE ALL OPEN WINDOWS AND BROWSERS - EXCEPT HJT and click on Fix checked

2) Boot into Safe Mode.

3) Remove any/all of the following files/folders that you can find:

Files

c:\windows\system32\bbchk.exe
c:\documents and settings\all users\skrivebord\Online Security Guide.url
C:\Documents and Settings\Kim Frost\Foretrukne\Antivirus Test Online.url
c:\windows\smdat32a.sys

As an example:
To delete C:\WINDOWS\system32\filetogo.bye
Double click the My Computer icon on your Desktop.
Double click on Local Disc (C:)
Double click on the Windows folder,
Double click on the System 32 folder,
Right click on filetogo.bye and from the menu that appears, click on 'Delete'

Folders

C:\Programmer\BullsEye Network
c:\programmer\FunWebProducts
c:\programmer\WinAntiVirus Pro 2006

As an example:
To delete C:\WINDOWS\system32\foldertogo
Double click the My Computer icon on your Desktop.
Double click on Local Disc (C:)
Double click on the Windows folder,
Double click on the System 32 folder,
Right click on foldertogo and from the menu that appears, click on 'Delete'

4) Navigate to the C:\Windows\Temp folder and delete all the files that you find there.
Do this for all Usernames.

5) Navigate to C:\Documents and Settings\Username\Local Settings\Temp and delete all the files that you find there.
Do this for all Usernames.

6) Go to Start > Control Panel > Internet Options and under Temporary Internet files, click on Delete Files...
Check the box to the left of 'Delete all offline content' and then click on OK.

7) Boot into Normal Mode.

--------------------------------------------------------------------------------------------------------------------------
Just one more thing to do:

You are running an old version of Sun Java which needs updating:

1) Go here and and click on the "Download JRE 5.0 Update 7" link.
Under Windows Platform - J2SE™ Runtime Environment 5.0 Update 7, click on "Windows Offline Installation, Multi-language".
* You will need to accept the license agreement before you can download the installation file.

2) Go to Add/Remove Programs and remove any entries that refer to Java 2 Runtime Enviroment and then reboot your PC.

3) Navigate to and delete the following folder, if it exists: C:\Program Files\Java.

4) Finally double click the installation file that you downloaded earlier.

----------------------------------------------------------------------------------------------------------------------------

As long as all goes well with the above, I want you to run your PC as normal for a few days. When you are happy that everything is fine, do the following:

Update your anti-virus program,
Disable System Restore,
Boot into Safe Mode,
Scan your computer for viruses.
When you get the all clear, reboot into Normal Mode.
Re-enable System Restore,
Create a Restore Point.
This will give a clean Restore Point should you need it in the future.
A tutorial for System Restore is available here.

The reason for waiting is that if removing the malware has caused a problem, which it occasionally does, you can put your PC back to how it was before the fix. This will re-install the malware, but an infected PC is better than an expensive paperweight!

Some bedtime reading: This is a very good tutorial about keeping your computer safe and secure on the internet.