Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

INFECTED WITH SOMETHING "buymap10"


  • Please log in to reply

#1
azndorksrule

azndorksrule

    Member

  • Member
  • PipPip
  • 11 posts
Please help! Here is the Hijack information.
My anti-virus showed something "buymap10"
i tried to delete that, thinking it was a trojan, and it would not allow it.
and everytime i open the computer, 2 pop ups with buymap10 would show.
also, explorer.exe shows up with a pop up too.

thanks.




Logfile of HijackThis v1.99.1
Scan saved at 下午 09:19:39, on 2006/11/21
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Cheetah Burner\Cheetah CD Burner\NMSAccess.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\PROGRA~1\yok\yok.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Philips\SPC 700NC PC Camera\TrayMin700.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Trillian\trillian.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Winamp\Winamp.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

R3 - URLSearchHook: ContextSearch Class - {88351CEF-BAC0-4A9B-8380-31A173E2926F} - C:\PROGRA~1\yok\toolbar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: VeryCD閉撰刲坰 - {75FE2B5A-D3A4-4EFA-AC11-ADC9C9459688} - C:\PROGRA~1\yok\toolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [phc700] C:\WINDOWS\vphc700.exe
O4 - HKLM\..\Run: [yok.exe] C:\PROGRA~1\yok\yok.exe
O4 - HKLM\..\Run: [buymap10] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\buymap10.dll,DllCanUnloadNow
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [foxy] "C:\Program Files\Foxy\Foxy.exe" -tray
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Foxy 下載 - res://C:\Program Files\Foxy\Foxy.exe/download.htm
O8 - Extra context menu item: Foxy 搜尋 - res://C:\Program Files\Foxy\Foxy.exe/search.htm
O8 - Extra context menu item: VeryCD閉撰刲坰 - C:\PROGRA~1\yok\yoksch.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {A16C2BF4-501E-45FA-8A14-F26E022D5E16} (MidRadioCtrl Class) - http://adweb.music-e...p...&ptx=mratdl
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\Cheetah Burner\Cheetah CD Burner\NMSAccess.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

Edited by azndorksrule, 21 November 2006 - 08:37 PM.

  • 0

Advertisements


#2
MFDnSC

MFDnSC

    Banned

  • Banned
  • PipPipPipPip
  • 1,137 posts
You may want to print this or save it to notepad as we will go to safe mode.

Fix these with HiJackThis – mark them, close IE, click fix checked

R3 - URLSearchHook: ContextSearch Class - {88351CEF-BAC0-4A9B-8380-31A173E2926F} - C:\PROGRA~1\yok\toolbar.dll

O2 - BHO: VeryCD閉撰刲坰 - {75FE2B5A-D3A4-4EFA-AC11-ADC9C9459688} - C:\PROGRA~1\yok\toolbar.dll

O4 - HKLM\..\Run: [yok.exe] C:\PROGRA~1\yok\yok.exe

O4 - HKLM\..\Run: [buymap10] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\buymap10.dll,DllCanUnloadNow

O8 - Extra context menu item: VeryCD閉撰刲坰 - C:\PROGRA~1\yok\yoksch.htm

DownLoad http://www.downloads...org/KillBox.zip or
http://www.thespykil...les/killbox.exe

Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

C:\PROGRA~1\yok
C:\WINDOWS\system32\buymap10.dll

Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

START – RUN – type in %temp% - OK - Edit – Select all – File – Delete

Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

Not all temp files will delete and that is normal
Empty the recycle bin
Boot

Download AVG Anti-Spyware from http://www.ewido.net/en/download/ and save that file to your desktop. Note: This is NOT the Anti Virus from AVG.

When the trial period expires it becomes feature-limited freeware but is still worth keeping as a good on-demand scanner.
1. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double click it to launch the set up program.
2. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
3. On the main screen select the icon "Update" then select the "Update now" link.
o Next select the "Start Update" button. The update will start and a progress bar will show the updates being installed.
4. Once the update has completed, select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
5. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
6. Under "Reports"
o Select "Automatically generate report after every scan"
o Un-Select "Only if threats were found"
Close AVG Anti-Spyware. Do Not run a scan just yet, we will run it in safe mode.
1. Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.

IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning as it may interfere with the scanning process:
2. Launch AVG Anti-Spyware by double clicking the icon on your desktop.
3. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
4. AVG will now begin the scanning process. Please be patient as this may take a little time.
Once the scan is complete, do the following:
5. If you have any infections you will be prompted. Then select "Apply all actions."
6. Next select the "Reports" icon at the top.
7. Select the "Save report as" button in the lower lef- hand of the screen and save it to a text file on your system (make sure to remember where you saved that file. This is important).
8. Close AVG Anti-Spyware and reboot your system back into Normal Mode.
Post the log from AVG and a new HiJack log


Please give feedback on what worked/didn’t work and the current status of your system
  • 0

#3
azndorksrule

azndorksrule

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
I followed your instructions but right now, when i start up the computer a pop up shows that the computer is trying to Run Buymap10. What should i do next? Thanks.
  • 0

#4
MFDnSC

MFDnSC

    Banned

  • Banned
  • PipPipPipPip
  • 1,137 posts
You have not posted the AVG log as requested nor have you posted a new hijack log after doing the fixes abaove
  • 0

#5
azndorksrule

azndorksrule

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
sorry. Here they are. Thank you!



HIJACK



Logfile of HijackThis v1.99.1
Scan saved at 下午 06:57:37, on 2006/11/22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Cheetah Burner\Cheetah CD Burner\NMSAccess.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\vphc700.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: VeryCD閉撰刲坰 - {75FE2B5A-D3A4-4EFA-AC11-ADC9C9459688} - C:\PROGRA~1\yok\toolbar.dll (file missing)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [phc700] C:\WINDOWS\vphc700.exe
O4 - HKLM\..\Run: [yok.exe] C:\PROGRA~1\yok\yok.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [foxy] "C:\Program Files\Foxy\Foxy.exe" -tray
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Foxy 下載 - res://C:\Program Files\Foxy\Foxy.exe/download.htm
O8 - Extra context menu item: Foxy 搜尋 - res://C:\Program Files\Foxy\Foxy.exe/search.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {A16C2BF4-501E-45FA-8A14-F26E022D5E16} (MidRadioCtrl Class) - http://adweb.music-e...p...&ptx=mratdl
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\Cheetah Burner\Cheetah CD Burner\NMSAccess.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe








AVG REPORT


---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 上午 06:32:24 2006/11/22

+ Scan result:



C:\System Volume Information\_restore{FA72BF71-C93A-4ED5-A199-D25B8C2B0DDC}\RP101\A0290357.exe -> Adware.180Solutions : Cleaned.
C:\System Volume Information\_restore{FA72BF71-C93A-4ED5-A199-D25B8C2B0DDC}\RP101\A0290647.exe -> Adware.180Solutions : Cleaned.
C:\System Volume Information\_restore{FA72BF71-C93A-4ED5-A199-D25B8C2B0DDC}\RP101\A0290806.exe -> Adware.180Solutions : Cleaned.
C:\System Volume Information\_restore{FA72BF71-C93A-4ED5-A199-D25B8C2B0DDC}\RP101\A0291096.exe -> Adware.180Solutions : Cleaned.
C:\System Volume Information\_restore{FA72BF71-C93A-4ED5-A199-D25B8C2B0DDC}\RP102\A0291164.exe -> Adware.180Solutions : Cleaned.
C:\System Volume Information\_restore{FA72BF71-C93A-4ED5-A199-D25B8C2B0DDC}\RP102\A0291215.exe -> Adware.180Solutions : Cleaned.
C:\System Volume Information\_restore{FA72BF71-C93A-4ED5-A199-D25B8C2B0DDC}\RP102\A0292296.exe -> Adware.180Solutions : Cleaned.
C:\System Volume Information\_restore{FA72BF71-C93A-4ED5-A199-D25B8C2B0DDC}\RP102\A0292700.exe -> Adware.180Solutions : Cleaned.
C:\System Volume Information\_restore{FA72BF71-C93A-4ED5-A199-D25B8C2B0DDC}\RP102\A0292832.exe -> Adware.180Solutions : Cleaned.
C:\System Volume Information\_restore{FA72BF71-C93A-4ED5-A199-D25B8C2B0DDC}\RP103\A0293188.exe -> Adware.180Solutions : Cleaned.
C:\System Volume Information\_restore{FA72BF71-C93A-4ED5-A199-D25B8C2B0DDC}\RP103\A0294933.exe -> Adware.180Solutions : Cleaned.
C:\System Volume Information\_restore{FA72BF71-C93A-4ED5-A199-D25B8C2B0DDC}\RP103\A0295877.exe -> Adware.180Solutions : Cleaned.
C:\System Volume Information\_restore{FA72BF71-C93A-4ED5-A199-D25B8C2B0DDC}\RP104\A0296602.exe -> Adware.180Solutions : Cleaned.
C:\System Volume Information\_restore{FA72BF71-C93A-4ED5-A199-D25B8C2B0DDC}\RP104\A0296871.exe -> Adware.180Solutions : Cleaned.
C:\System Volume Information\_restore{FA72BF71-C93A-4ED5-A199-D25B8C2B0DDC}\RP104\A0297307.exe -> Adware.180Solutions : Cleaned.
C:\System Volume Information\_restore{FA72BF71-C93A-4ED5-A199-D25B8C2B0DDC}\RP104\A0297899.exe -> Adware.180Solutions : Cleaned.
C:\System Volume Information\_restore{FA72BF71-C93A-4ED5-A199-D25B8C2B0DDC}\RP105\A0298408.exe -> Adware.180Solutions : Cleaned.
C:\System Volume Information\_restore{FA72BF71-C93A-4ED5-A199-D25B8C2B0DDC}\RP105\A0298673.exe -> Adware.180Solutions : Cleaned.
C:\System Volume Information\_restore{FA72BF71-C93A-4ED5-A199-D25B8C2B0DDC}\RP106\A0299761.exe/clientax.dll -> Adware.180Solutions : Cleaned.
C:\System Volume Information\_restore{FA72BF71-C93A-4ED5-A199-D25B8C2B0DDC}\RP106\A0299762.exe/clientax.dll -> Adware.180Solutions : Cleaned.
C:\System Volume Information\_restore{FA72BF71-C93A-4ED5-A199-D25B8C2B0DDC}\RP107\A0301173.exe/clientax.dll -> Adware.180Solutions : Cleaned.
C:\System Volume Information\_restore{FA72BF71-C93A-4ED5-A199-D25B8C2B0DDC}\RP108\A0302243.exe/clientax.dll -> Adware.180Solutions : Cleaned.
C:\System Volume Information\_restore{FA72BF71-C93A-4ED5-A199-D25B8C2B0DDC}\RP109\A0307975.exe/clientax.dll -> Adware.180Solutions : Cleaned.
C:\System Volume Information\_restore{FA72BF71-C93A-4ED5-A199-D25B8C2B0DDC}\RP111\A0311818.exe/clientax.dll -> Adware.180Solutions : Cleaned.
C:\System Volume Information\_restore{FA72BF71-C93A-4ED5-A199-D25B8C2B0DDC}\RP101\A0290357.exe/Plugins\npclntax.dll -> Adware.Zango : Cleaned.
C:\System Volume Information\_restore{FA72BF71-C93A-4ED5-A199-D25B8C2B0DDC}\RP101\A0290647.exe/Plugins\npclntax.dll -> Adware.Zango : Cleaned.
C:\System Volume Information\_restore{FA72BF71-C93A-4ED5-A199-D25B8C2B0DDC}\RP101\A0290648.dll -> Adware.Zango : Cleaned.
C:\System Volume Information\_restore{FA72BF71-C93A-4ED5-A199-D25B8C2B0DDC}\RP101\A0290725.dll -> Adware.Zango : Cleaned.
C:\System Volume Information\_restore{FA72BF71-C93A-4ED5-A199-D25B8C2B0DDC}\RP101\A0290806.exe/Plugins\npclntax.dll -> Adware.Zango : Cleaned.
C:\System Volume Information\_restore{FA72BF71-C93A-4ED5-A199-D25B8C2B0DDC}\RP101\A0291096.exe/Plugins\npclntax.dll -> Adware.Zango : Cleaned.
C:\System Volume Information\_restore{FA72BF71-C93A-4ED5-A199-D25B8C2B0DDC}\RP101\A0291098.dll -> Adware.Zango : Cleaned.
C:\System Volume Information\_restore{FA72BF71-C93A-4ED5-A199-D25B8C2B0DDC}\RP102\A0291164.exe/Plugins\npclntax.dll -> Adware.Zango : Cleaned.
C:\System Volume Information\_restore{FA72BF71-C93A-4ED5-A199-D25B8C2B0DDC}\RP102\A0291215.exe/Plugins\npclntax.dll -> Adware.Zango : Cleaned.
C:\System Volume Information\_restore{FA72BF71-C93A-4ED5-A199-D25B8C2B0DDC}\RP102\A0291325.dll -> Adware.Zango : Cleaned.
C:\System Volume Information\_restore{FA72BF71-C93A-4ED5-A199-D25B8C2B0DDC}\RP102\A0292296.exe/Plugins\npclntax.dll -> Adware.Zango : Cleaned.
C:\System Volume Information\_restore{FA72BF71-C93A-4ED5-A199-D25B8C2B0DDC}\RP102\A0292298.dll -> Adware.Zango : Cleaned.
C:\System Volume Information\_restore{FA72BF71-C93A-4ED5-A199-D25B8C2B0DDC}\RP102\A0292447.dll -> Adware.Zango : Cleaned.
C:\System Volume Information\_restore{FA72BF71-C93A-4ED5-A199-D25B8C2B0DDC}\RP102\A0292700.exe/Plugins\npclntax.dll -> Adware.Zango : Cleaned.
C:\System Volume Information\_restore{FA72BF71-C93A-4ED5-A199-D25B8C2B0DDC}\RP102\A0292832.exe/Plugins\npclntax.dll -> Adware.Zango : Cleaned.
C:\System Volume Information\_restore{FA72BF71-C93A-4ED5-A199-D25B8C2B0DDC}\RP102\A0292857.dll -> Adware.Zango : Cleaned.
C:\System Volume Information\_restore{FA72BF71-C93A-4ED5-A199-D25B8C2B0DDC}\RP103\A0293188.exe/Plugins\npclntax.dll -> Adware.Zango : Cleaned.
C:\System Volume Information\_restore{FA72BF71-C93A-4ED5-A199-D25B8C2B0DDC}\RP103\A0293274.dll -> Adware.Zango : Cleaned.
C:\System Volume Information\_restore{FA72BF71-C93A-4ED5-A199-D25B8C2B0DDC}\RP103\A0293824.dll -> Adware.Zango : Cleaned.
C:\System Volume Information\_restore{FA72BF71-C93A-4ED5-A199-D25B8C2B0DDC}\RP103\A0294933.exe/Plugins\npclntax.dll -> Adware.Zango : Cleaned.
C:\System Volume Information\_restore{FA72BF71-C93A-4ED5-A199-D25B8C2B0DDC}\RP103\A0294935.dll -> Adware.Zango : Cleaned.
C:\System Volume Information\_restore{FA72BF71-C93A-4ED5-A199-D25B8C2B0DDC}\RP103\A0295877.exe/Plugins\npclntax.dll -> Adware.Zango : Cleaned.
C:\System Volume Information\_restore{FA72BF71-C93A-4ED5-A199-D25B8C2B0DDC}\RP103\A0296112.dll -> Adware.Zango : Cleaned.
C:\System Volume Information\_restore{FA72BF71-C93A-4ED5-A199-D25B8C2B0DDC}\RP104\A0296602.exe/Plugins\npclntax.dll -> Adware.Zango : Cleaned.
C:\System Volume Information\_restore{FA72BF71-C93A-4ED5-A199-D25B8C2B0DDC}\RP104\A0296603.dll -> Adware.Zango : Cleaned.
C:\System Volume Information\_restore{FA72BF71-C93A-4ED5-A199-D25B8C2B0DDC}\RP104\A0296871.exe/Plugins\npclntax.dll -> Adware.Zango : Cleaned.
C:\System Volume Information\_restore{FA72BF71-C93A-4ED5-A199-D25B8C2B0DDC}\RP104\A0297307.exe/Plugins\npclntax.dll -> Adware.Zango : Cleaned.
C:\System Volume Information\_restore{FA72BF71-C93A-4ED5-A199-D25B8C2B0DDC}\RP104\A0297309.dll -> Adware.Zango : Cleaned.
C:\System Volume Information\_restore{FA72BF71-C93A-4ED5-A199-D25B8C2B0DDC}\RP104\A0297899.exe/Plugins\npclntax.dll -> Adware.Zango : Cleaned.
C:\System Volume Information\_restore{FA72BF71-C93A-4ED5-A199-D25B8C2B0DDC}\RP104\A0297960.dll -> Adware.Zango : Cleaned.
C:\System Volume Information\_restore{FA72BF71-C93A-4ED5-A199-D25B8C2B0DDC}\RP105\A0298408.exe/Plugins\npclntax.dll -> Adware.Zango : Cleaned.
C:\System Volume Information\_restore{FA72BF71-C93A-4ED5-A199-D25B8C2B0DDC}\RP105\A0298673.exe/Plugins\npclntax.dll -> Adware.Zango : Cleaned.
C:\System Volume Information\_restore{FA72BF71-C93A-4ED5-A199-D25B8C2B0DDC}\RP105\A0298880.dll -> Adware.Zango : Cleaned.
C:\System Volume Information\_restore{FA72BF71-C93A-4ED5-A199-D25B8C2B0DDC}\RP105\A0298969.dll -> Adware.Zango : Cleaned.
C:\System Volume Information\_restore{FA72BF71-C93A-4ED5-A199-D25B8C2B0DDC}\RP106\A0299462.dll -> Adware.Zango : Cleaned.
C:\System Volume Information\_restore{FA72BF71-C93A-4ED5-A199-D25B8C2B0DDC}\RP106\A0299379.dll -> Downloader.Agent.bbc : Cleaned.
C:\System Volume Information\_restore{FA72BF71-C93A-4ED5-A199-D25B8C2B0DDC}\RP106\A0299903.dll -> Downloader.Agent.bbc : Cleaned.
C:\System Volume Information\_restore{FA72BF71-C93A-4ED5-A199-D25B8C2B0DDC}\RP107\A0300322.dll -> Downloader.Agent.bbc : Cleaned.
C:\System Volume Information\_restore{FA72BF71-C93A-4ED5-A199-D25B8C2B0DDC}\RP107\A0300836.dll -> Downloader.Agent.bbc : Cleaned.
C:\System Volume Information\_restore{FA72BF71-C93A-4ED5-A199-D25B8C2B0DDC}\RP108\A0303619.dll -> Downloader.Agent.bbc : Cleaned.
C:\System Volume Information\_restore{FA72BF71-C93A-4ED5-A199-D25B8C2B0DDC}\RP108\A0304575.dll -> Downloader.Agent.bbc : Cleaned.
C:\System Volume Information\_restore{FA72BF71-C93A-4ED5-A199-D25B8C2B0DDC}\RP109\A0305044.dll -> Downloader.Agent.bbc : Cleaned.
C:\System Volume Information\_restore{FA72BF71-C93A-4ED5-A199-D25B8C2B0DDC}\RP109\A0306062.dll -> Downloader.Agent.bbc : Cleaned.
C:\System Volume Information\_restore{FA72BF71-C93A-4ED5-A199-D25B8C2B0DDC}\RP109\A0311089.dll -> Downloader.Agent.bbc : Cleaned.
C:\Program Files\Common Files\Real\CNNIC\setup-real.exe -> Dropper.Agent.ays : Cleaned.
C:\System Volume Information\_restore{FA72BF71-C93A-4ED5-A199-D25B8C2B0DDC}\RP106\A0299022.sys -> Hijacker.StartPage.amg : Cleaned.
C:\System Volume Information\_restore{FA72BF71-C93A-4ED5-A199-D25B8C2B0DDC}\RP106\A0299090.sys -> Hijacker.StartPage.amg : Cleaned.
C:\System Volume Information\_restore{FA72BF71-C93A-4ED5-A199-D25B8C2B0DDC}\RP106\A0299799.sys -> Hijacker.StartPage.amg : Cleaned.
C:\System Volume Information\_restore{FA72BF71-C93A-4ED5-A199-D25B8C2B0DDC}\RP107\A0300124.sys -> Hijacker.StartPage.amg : Cleaned.
C:\System Volume Information\_restore{FA72BF71-C93A-4ED5-A199-D25B8C2B0DDC}\RP107\A0300614.sys -> Hijacker.StartPage.amg : Cleaned.
C:\System Volume Information\_restore{FA72BF71-C93A-4ED5-A199-D25B8C2B0DDC}\RP108\A0301192.sys -> Hijacker.StartPage.amg : Cleaned.
C:\System Volume Information\_restore{FA72BF71-C93A-4ED5-A199-D25B8C2B0DDC}\RP108\A0304259.sys -> Hijacker.StartPage.amg : Cleaned.
C:\System Volume Information\_restore{FA72BF71-C93A-4ED5-A199-D25B8C2B0DDC}\RP109\A0305164.sys -> Hijacker.StartPage.amg : Cleaned.
C:\System Volume Information\_restore{FA72BF71-C93A-4ED5-A199-D25B8C2B0DDC}\RP109\A0306416.sys -> Hijacker.StartPage.amg : Cleaned.
C:\System Volume Information\_restore{FA72BF71-C93A-4ED5-A199-D25B8C2B0DDC}\RP109\A0311090.sys -> Hijacker.StartPage.amg : Cleaned.
C:\WINDOWS\system32\drivers\buymap10.sys -> Hijacker.StartPage.amg : Cleaned.
:mozilla.24:C:\Documents and Settings\Michelle Chou\Application Data\Mozilla\Firefox\Profiles\pq9wz6b7.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.107:C:\Documents and Settings\Michelle Chou\Application Data\Mozilla\Firefox\Profiles\pq9wz6b7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.272:C:\Documents and Settings\Michelle Chou\Application Data\Mozilla\Firefox\Profiles\pq9wz6b7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.27:C:\Documents and Settings\Michelle Chou\Application Data\Mozilla\Firefox\Profiles\pq9wz6b7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.28:C:\Documents and Settings\Michelle Chou\Application Data\Mozilla\Firefox\Profiles\pq9wz6b7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.299:C:\Documents and Settings\Michelle Chou\Application Data\Mozilla\Firefox\Profiles\pq9wz6b7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.29:C:\Documents and Settings\Michelle Chou\Application Data\Mozilla\Firefox\Profiles\pq9wz6b7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.300:C:\Documents and Settings\Michelle Chou\Application Data\Mozilla\Firefox\Profiles\pq9wz6b7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.30:C:\Documents and Settings\Michelle Chou\Application Data\Mozilla\Firefox\Profiles\pq9wz6b7.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.587:C:\Documents and Settings\Michelle Chou\Application Data\Mozilla\Firefox\Profiles\pq9wz6b7.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.588:C:\Documents and Settings\Michelle Chou\Application Data\Mozilla\Firefox\Profiles\pq9wz6b7.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.589:C:\Documents and Settings\Michelle Chou\Application Data\Mozilla\Firefox\Profiles\pq9wz6b7.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.62:C:\Documents and Settings\Michelle Chou\Application Data\Mozilla\Firefox\Profiles\pq9wz6b7.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.63:C:\Documents and Settings\Michelle Chou\Application Data\Mozilla\Firefox\Profiles\pq9wz6b7.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.108:C:\Documents and Settings\Michelle Chou\Application Data\Mozilla\Firefox\Profiles\pq9wz6b7.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.109:C:\Documents and Settings\Michelle Chou\Application Data\Mozilla\Firefox\Profiles\pq9wz6b7.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.569:C:\Documents and Settings\Michelle Chou\Application Data\Mozilla\Firefox\Profiles\pq9wz6b7.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.570:C:\Documents and Settings\Michelle Chou\Application Data\Mozilla\Firefox\Profiles\pq9wz6b7.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.571:C:\Documents and Settings\Michelle Chou\Application Data\Mozilla\Firefox\Profiles\pq9wz6b7.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.598:C:\Documents and Settings\Michelle Chou\Application Data\Mozilla\Firefox\Profiles\pq9wz6b7.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.599:C:\Documents and Settings\Michelle Chou\Application Data\Mozilla\Firefox\Profiles\pq9wz6b7.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.133:C:\Documents and Settings\Michelle Chou\Application Data\Mozilla\Firefox\Profiles\pq9wz6b7.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.148:C:\Documents and Settings\Michelle Chou\Application Data\Mozilla\Firefox\Profiles\pq9wz6b7.default\cookies.txt -> TrackingCookie.Estat : Cleaned.
:mozilla.45:C:\Documents and Settings\Michelle Chou\Application Data\Mozilla\Firefox\Profiles\pq9wz6b7.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.46:C:\Documents and Settings\Michelle Chou\Application Data\Mozilla\Firefox\Profiles\pq9wz6b7.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.47:C:\Documents and Settings\Michelle Chou\Application Data\Mozilla\Firefox\Profiles\pq9wz6b7.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.48:C:\Documents and Settings\Michelle Chou\Application Data\Mozilla\Firefox\Profiles\pq9wz6b7.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.82:C:\Documents and Settings\Michelle Chou\Application Data\Mozilla\Firefox\Profiles\pq9wz6b7.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.83:C:\Documents and Settings\Michelle Chou\Application Data\Mozilla\Firefox\Profiles\pq9wz6b7.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.84:C:\Documents and Settings\Michelle Chou\Application Data\Mozilla\Firefox\Profiles\pq9wz6b7.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.85:C:\Documents and Settings\Michelle Chou\Application Data\Mozilla\Firefox\Profiles\pq9wz6b7.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.86:C:\Documents and Settings\Michelle Chou\Application Data\Mozilla\Firefox\Profiles\pq9wz6b7.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.604:C:\Documents and Settings\Michelle Chou\Application Data\Mozilla\Firefox\Profiles\pq9wz6b7.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.180:C:\Documents and Settings\Michelle Chou\Application Data\Mozilla\Firefox\Profiles\pq9wz6b7.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.337:C:\Documents and Settings\Michelle Chou\Application Data\Mozilla\Firefox\Profiles\pq9wz6b7.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.338:C:\Documents and Settings\Michelle Chou\Application Data\Mozilla\Firefox\Profiles\pq9wz6b7.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.55:C:\Documents and Settings\Michelle Chou\Application Data\Mozilla\Firefox\Profiles\pq9wz6b7.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.56:C:\Documents and Settings\Michelle Chou\Application Data\Mozilla\Firefox\Profiles\pq9wz6b7.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.57:C:\Documents and Settings\Michelle Chou\Application Data\Mozilla\Firefox\Profiles\pq9wz6b7.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.58:C:\Documents and Settings\Michelle Chou\Application Data\Mozilla\Firefox\Profiles\pq9wz6b7.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.350:C:\Documents and Settings\Michelle Chou\Application Data\Mozilla\Firefox\Profiles\pq9wz6b7.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.351:C:\Documents and Settings\Michelle Chou\Application Data\Mozilla\Firefox\Profiles\pq9wz6b7.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.352:C:\Documents and Settings\Michelle Chou\Application Data\Mozilla\Firefox\Profiles\pq9wz6b7.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.353:C:\Documents and Settings\Michelle Chou\Application Data\Mozilla\Firefox\Profiles\pq9wz6b7.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.385:C:\Documents and Settings\Michelle Chou\Application Data\Mozilla\Firefox\Profiles\pq9wz6b7.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.141:C:\Documents and Settings\Michelle Chou\Application Data\Mozilla\Firefox\Profiles\pq9wz6b7.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.142:C:\Documents and Settings\Michelle Chou\Application Data\Mozilla\Firefox\Profiles\pq9wz6b7.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.143:C:\Documents and Settings\Michelle Chou\Application Data\Mozilla\Firefox\Profiles\pq9wz6b7.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.144:C:\Documents and Settings\Michelle Chou\Application Data\Mozilla\Firefox\Profiles\pq9wz6b7.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.404:C:\Documents and Settings\Michelle Chou\Application Data\Mozilla\Firefox\Profiles\pq9wz6b7.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.405:C:\Documents and Settings\Michelle Chou\Application Data\Mozilla\Firefox\Profiles\pq9wz6b7.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.406:C:\Documents and Settings\Michelle Chou\Application Data\Mozilla\Firefox\Profiles\pq9wz6b7.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.407:C:\Documents and Settings\Michelle Chou\Application Data\Mozilla\Firefox\Profiles\pq9wz6b7.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.408:C:\Documents and Settings\Michelle Chou\Application Data\Mozilla\Firefox\Profiles\pq9wz6b7.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.49:C:\Documents and Settings\Michelle Chou\Application Data\Mozilla\Firefox\Profiles\pq9wz6b7.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.50:C:\Documents and Settings\Michelle Chou\Application Data\Mozilla\Firefox\Profiles\pq9wz6b7.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.51:C:\Documents and Settings\Michelle Chou\Application Data\Mozilla\Firefox\Profiles\pq9wz6b7.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.52:C:\Documents and Settings\Michelle Chou\Application Data\Mozilla\Firefox\Profiles\pq9wz6b7.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.428:C:\Documents and Settings\Michelle Chou\Application Data\Mozilla\Firefox\Profiles\pq9wz6b7.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.429:C:\Documents and Settings\Michelle Chou\Application Data\Mozilla\Firefox\Profiles\pq9wz6b7.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.430:C:\Documents and Settings\Michelle Chou\Application Data\Mozilla\Firefox\Profiles\pq9wz6b7.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.431:C:\Documents and Settings\Michelle Chou\Application Data\Mozilla\Firefox\Profiles\pq9wz6b7.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.564:C:\Documents and Settings\Michelle Chou\Application Data\Mozilla\Firefox\Profiles\pq9wz6b7.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.565:C:\Documents and Settings\Michelle Chou\Application Data\Mozilla\Firefox\Profiles\pq9wz6b7.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.434:C:\Documents and Settings\Michelle Chou\Application Data\Mozilla\Firefox\Profiles\pq9wz6b7.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.435:C:\Documents and Settings\Michelle Chou\Application Data\Mozilla\Firefox\Profiles\pq9wz6b7.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.436:C:\Documents and Settings\Michelle Chou\Application Data\Mozilla\Firefox\Profiles\pq9wz6b7.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.437:C:\Documents and Settings\Michelle Chou\Application Data\Mozilla\Firefox\Profiles\pq9wz6b7.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.438:C:\Documents and Settings\Michelle Chou\Application Data\Mozilla\Firefox\Profiles\pq9wz6b7.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.439:C:\Documents and Settings\Michelle Chou\Application Data\Mozilla\Firefox\Profiles\pq9wz6b7.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.440:C:\Documents and Settings\Michelle Chou\Application Data\Mozilla\Firefox\Profiles\pq9wz6b7.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.441:C:\Documents and Settings\Michelle Chou\Application Data\Mozilla\Firefox\Profiles\pq9wz6b7.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.442:C:\Documents and Settings\Michelle Chou\Application Data\Mozilla\Firefox\Profiles\pq9wz6b7.default\cookies.txt -> TrackingCookie.Trafic : Cleaned.
:mozilla.443:C:\Documents and Settings\Michelle Chou\Application Data\Mozilla\Firefox\Profiles\pq9wz6b7.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.444:C:\Documents and Settings\Michelle Chou\Application Data\Mozilla\Firefox\Profiles\pq9wz6b7.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.445:C:\Documents and Settings\Michelle Chou\Application Data\Mozilla\Firefox\Profiles\pq9wz6b7.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.375:C:\Documents and Settings\Michelle Chou\Application Data\Mozilla\Firefox\Profiles\pq9wz6b7.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.376:C:\Documents and Settings\Michelle Chou\Application Data\Mozilla\Firefox\Profiles\pq9wz6b7.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.377:C:\Documents and Settings\Michelle Chou\Application Data\Mozilla\Firefox\Profiles\pq9wz6b7.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.378:C:\Documents and Settings\Michelle Chou\Application Data\Mozilla\Firefox\Profiles\pq9wz6b7.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.379:C:\Documents and Settings\Michelle Chou\Application Data\Mozilla\Firefox\Profiles\pq9wz6b7.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.548:C:\Documents and Settings\Michelle Chou\Application Data\Mozilla\Firefox\Profiles\pq9wz6b7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.557:C:\Documents and Settings\Michelle Chou\Application Data\Mozilla\Firefox\Profiles\pq9wz6b7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.558:C:\Documents and Settings\Michelle Chou\Application Data\Mozilla\Firefox\Profiles\pq9wz6b7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.559:C:\Documents and Settings\Michelle Chou\Application Data\Mozilla\Firefox\Profiles\pq9wz6b7.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\WINDOWS\system32\drivers\pacjih34.sys -> Trojan.Zapchast.ch : Cleaned.


::Report end
  • 0

#6
MFDnSC

MFDnSC

    Banned

  • Banned
  • PipPipPipPip
  • 1,137 posts
I strongly suggest you remove Emule and any other P2P programs

You may want to print this or save it to notepad as we will go to safe mode.

Fix these with HiJackThis – mark them, close IE, click fix checked

O2 - BHO: VeryCD閉撰刲坰 - {75FE2B5A-D3A4-4EFA-AC11-ADC9C9459688} - C:\PROGRA~1\yok\toolbar.dll (file missing)

O4 - HKLM\..\Run: [yok.exe] C:\PROGRA~1\yok\yok.exe

DownLoad http://www.downloads...org/KillBox.zip or
http://www.thespykil...les/killbox.exe

Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

C:\PROGRAM FILES\yok

Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

START – RUN – type in %temp% - OK - Edit – Select all – File – Delete

Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

Not all temp files will delete and that is normal
Empty the recycle bin
Boot and post a new log from normal NOT safe mode

Please give feedback on what worked/didn’t work and the current status of your system

Edited by MFDnSC, 26 November 2006 - 10:02 AM.

  • 0

#7
azndorksrule

azndorksrule

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
I followed the directions and my computer still shows the pop up that says it is trying to run "buymap10" and that it is not able to be located. Also, when i used killbox, C:\PROGRA~1\yok "did not exist" Thanks for helping!




Here is the new Hijack information.




Logfile of HijackThis v1.99.1
Scan saved at 下午 11:23:14, on 2006/11/25
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Cheetah Burner\Cheetah CD Burner\NMSAccess.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\vphc700.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: VeryCD閉撰刲坰 - {75FE2B5A-D3A4-4EFA-AC11-ADC9C9459688} - C:\PROGRA~1\yok\toolbar.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [phc700] C:\WINDOWS\vphc700.exe
O4 - HKLM\..\Run: [yok.exe] C:\PROGRA~1\yok\yok.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [foxy] "C:\Program Files\Foxy\Foxy.exe" -tray
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Foxy 下載 - res://C:\Program Files\Foxy\Foxy.exe/download.htm
O8 - Extra context menu item: Foxy 搜尋 - res://C:\Program Files\Foxy\Foxy.exe/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {A16C2BF4-501E-45FA-8A14-F26E022D5E16} (MidRadioCtrl Class) - http://adweb.music-e...p...&ptx=mratdl
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\Cheetah Burner\Cheetah CD Burner\NMSAccess.exe

Edited by azndorksrule, 25 November 2006 - 10:26 PM.

  • 0

#8
MFDnSC

MFDnSC

    Banned

  • Banned
  • PipPipPipPip
  • 1,137 posts
Do #6 again

====================

Go to the link below and download the trial version of SpySweeper:

SpySweeper http://www.webroot.c...s...4129&ac=tsg

(It's a 2 week trial.)

* Click the Try Spy Sweeper for FreeDownload the trial link.
* Install it. Once the program is installed, it will open.
* It will prompt you to update to the latest definitions, click Yes.
* Once the definitions are installed, click Options on the left side.
* Click the Sweep Options tab.
* Under What to Sweep please put a check next to the following:
o Sweep Memory
o Sweep Registry
o Sweep Cookies
o Sweep All User Accounts
o Enable Direct Disk Sweeping
o Sweep Contents of Compressed Files
o Sweep for Rootkits

o Please UNCHECK Do not Sweep System Restore Folder.

* Click Sweep Now on the left side.
* Click the Start button.
* When it's done scanning, click the Next button.
* Make sure everything has a check next to it, then click the Next button.
* It will remove all of the items found.
* Click Session Log in the upper right corner, copy everything in that window.
* Click the Summary tab and click Finish.
* Paste the contents of the session log you copied into your next reply.

Also post a new Hijack This log.
  • 0

#9
azndorksrule

azndorksrule

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Here are the new logs. thanks!




Sweeper Log



下午 04:40: Removal process completed. Elapsed time 00:00:08
下午 04:40: Quarantining All Traces: questionmarket cookie
下午 04:40: Removal process initiated
下午 04:39: Traces Found: 1
下午 04:39: Custom Sweep has completed. Elapsed time 00:43:10
下午 04:39: File Sweep Complete, Elapsed Time: 00:39:55
下午 04:35: Warning: Failed to access drive E:
下午 03:59: Starting File Sweep
下午 03:59: Warning: Failed to access drive A:
下午 03:59: Cookie Sweep Complete, Elapsed Time: 00:00:01
下午 03:59: c:\documents and settings\michelle chou\cookies\michelle [email protected][2].txt (ID = 3217)
下午 03:59: Found Spy Cookie: questionmarket cookie
下午 03:59: Starting Cookie Sweep
下午 03:59: Registry Sweep Complete, Elapsed Time:00:00:32
下午 03:58: Starting Registry Sweep
下午 03:58: Memory Sweep Complete, Elapsed Time: 00:02:29
下午 03:56: Starting Memory Sweep
下午 03:56: Start Custom Sweep
下午 03:56: Sweep initiated using definitions version 810
下午 03:56: Spy Sweeper 5.2.3.2132 started
下午 03:56: | Start of Session, 2006年11月29日 |
********
下午 03:56: | End of Session, 2006年11月29日 |
下午 03:53: Your definitions are up to date.
下午 03:49: Access to Hosts file allowed for C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
下午 03:46: Your spyware definitions have been updated.
Keylogger: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
下午 03:44: Shield States
下午 03:44: Spyware Definitions: 804
下午 03:44: Warning: Virus definitions files are invalid, please update your virus definitions. 220
下午 03:43: Spy Sweeper 5.2.3.2132 started
下午 03:43: Spy Sweeper 5.2.3.2132 started
下午 03:43: | Start of Session, 2006年11月29日 |
********






Hijack This Log




Logfile of HijackThis v1.99.1
Scan saved at 下午 04:43:44, on 2006/11/29
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Cheetah Burner\Cheetah CD Burner\NMSAccess.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\vphc700.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: VeryCD閉撰刲坰 - {75FE2B5A-D3A4-4EFA-AC11-ADC9C9459688} - C:\PROGRA~1\yok\toolbar.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [phc700] C:\WINDOWS\vphc700.exe
O4 - HKLM\..\Run: [yok.exe] C:\PROGRA~1\yok\yok.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [foxy] "C:\Program Files\Foxy\Foxy.exe" -tray
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Foxy 下載 - res://C:\Program Files\Foxy\Foxy.exe/download.htm
O8 - Extra context menu item: Foxy 搜尋 - res://C:\Program Files\Foxy\Foxy.exe/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {A16C2BF4-501E-45FA-8A14-F26E022D5E16} (MidRadioCtrl Class) - http://adweb.music-e...p...&ptx=mratdl
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\Cheetah Burner\Cheetah CD Burner\NMSAccess.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
  • 0

#10
MFDnSC

MFDnSC

    Banned

  • Banned
  • PipPipPipPip
  • 1,137 posts
Fix these with HiJackThis – mark them, close IE, click fix checked

O2 - BHO: VeryCD閉撰刲坰 - {75FE2B5A-D3A4-4EFA-AC11-ADC9C9459688} - C:\PROGRA~1\yok\toolbar.dll (file missing)

O4 - HKLM\..\Run: [yok.exe] C:\PROGRA~1\yok\yok.exe
  • 0

#11
azndorksrule

azndorksrule

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
I tried to delete those two items with Hijack This but it would not delete.
Please tell me what to do next. Thanks!
  • 0

#12
MFDnSC

MFDnSC

    Banned

  • Banned
  • PipPipPipPip
  • 1,137 posts
I just realized you have no active AV

Get the free AVG 7.5 install it, check for updates and run a full scan

AVG 7.5 - http://free.grisoft....eweb.php/doc/2/
===============

Try doing the fixes in safe mode
  • 0

#13
azndorksrule

azndorksrule

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
I tried Spy Sweeper. Didn't seem to do anything.
The Buymap10 is still trying to run at every start up.
and i also noticed that my internet explorer would not change its home page.
right now, instead of google, it is my123.com.

Also AVG detected this:

Trojan Horse Startpage.APE
and it does mention buymap10.

I tried clicking HEAL, but it would not allow me.
Then i tried clicking MOVE TO VAULT, it would not do it either.

What can i do now?

Thank you so much.
  • 0

#14
MFDnSC

MFDnSC

    Banned

  • Banned
  • PipPipPipPip
  • 1,137 posts
Did you get and run the AVG antivirus?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP