Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Smitfraud et al...


  • This topic is locked This topic is locked

#1
Azureflame

Azureflame

    Member

  • Member
  • PipPip
  • 33 posts
Yet another Smitfraud post. I've been trying to read through some of the other posts this morning however Hotoffers is intent on makeing Jena Jameson my new screensaver it seems. I am the third user this machine has had in the last 2 years and I have been busy trying to remove alot of unnescessary proggys off of it so it will run more smoothly.

I have run AdAware SE Personal, Spybot S&D, SpySweeper. Have basically followed the newbie recomendations and removed alot of spyware so far but this persists. I'm not certain if sp2 is running properly on this machine but when I went to download sp1a I got nothing from the microsoft auto update page. I'll post my HJT log and if someone gets a moment to help me out would be greatly apreciated.

Logfile of HijackThis v1.99.1
Scan saved at 12:15:54 PM, on 4/20/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system\aaemqm.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\BRMFRSMG.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotoffers.info/ad0278/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ofm5aplb.slt\prefs.js)
O1 - Hosts: 69.50.173.4 lycos.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [BlockTracker] c:\hp\bin\BlockTracker.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [MoneyStartUp10.0] "c:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04e\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [GMedia2] C:\WINDOWS\System32\GSM2.exe
O4 - HKLM\..\Run: [nytcypo] C:\WINDOWS\System32\rhdyt\nytcypo.exe
O4 - HKLM\..\Run: [ddhpovw] C:\WINDOWS\System32\sbnqg\ddhpovw.exe
O4 - HKLM\..\Run: [exjjpdbk] C:\WINDOWS\System32\gwfqyc\exjjpdbk.exe
O4 - HKLM\..\Run: [oxthnn] C:\WINDOWS\System32\dykk\oxthnn.exe
O4 - HKLM\..\Run: [srdvd] C:\WINDOWS\System32\dpaxi\srdvd.exe
O4 - HKLM\..\Run: [cfgmgr51] RunDLL32.EXE C:\WINDOWS\cfgmgr51.dll,DllRun
O4 - HKLM\..\Run: [nwvspqp] C:\WINDOWS\nwvspqp.exe
O4 - HKLM\..\Run: [abasa5jrp] C:\WINDOWS\System32\abasa5jrp.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: SmartUI.lnk = C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {F889CA46-3E85-460F-BC03-77DD2EF56195} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {F889CA46-3E85-460F-BC03-77DD2EF56195} - (no file) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab30149.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} - http://www.errorguar...ion/Install.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.wea...Transporter.cab?
O16 - DPF: {60EFC337-15C2-4369-B2A0-3429B071D8B8} (WebProgramManager Class) - http://isupport4.hp....SWebManager.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1100030930796
O16 - DPF: {6602C449-3AC5-4EE0-B379-7CB8F9153003} (Pixami Upload UI Control) - http://cal.americang.../AGControls.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab30149.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zon...ry/ZAxRcMgr.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab27513.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zon...oF.cab31267.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://playweb06.pog...aploader_v6.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: ftjqnlxtohuq - Unknown owner - C:\WINDOWS\System32\nlxtohuq\ftjq.exe (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lpvjylhkppqd - Unknown owner - C:\WINDOWS\System32\lhkppqd\lpvjy.exe (file missing)
O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Thanks in advance
AF
  • 0

Advertisements


#2
Azureflame

Azureflame

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Still looking for help on this one if someone gets time today. I know I'm not the only one.

Thanks,

AF
  • 0

#3
Daemon

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
Download and run Silent Runners.vbs from HERE

It generates a log, please post the information back in this thread
  • 0

#4
Azureflame

Azureflame

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Siletrunners log

*edited I didn't let it finish

BAD MONKEY! BAD! :tazz:

"Silent Runners.vbs", revision 35, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\
"aaemqm.exe" = "C:\WINDOWS\system\aaemqm.exe" [null data]

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"NVIEW" = "rundll32.exe nview.dll,nViewLoadHook" [MS]
"MsnMsgr" = ""C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background" [MS]
"ctfmon.exe" = "C:\WINDOWS\System32\ctfmon.exe" [MS]
"MoneyAgent" = ""c:\Program Files\Microsoft Money\System\Money Express.exe"" [MS]
"SpySweeper" = ""C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0" ["Webroot Software, Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"BlockTracker" = "c:\hp\bin\BlockTracker.exe" [file not found]
"hpsysdrv" = "c:\windows\system\hpsysdrv.exe" ["Hewlett-Packard Company"]
"HotKeysCmds" = "C:\WINDOWS\System32\hkcmd.exe" ["Intel Corporation"]
"KBD" = "C:\HP\KBD\KBD.EXE" ["Hewlett-Packard Company"]
"StorageGuard" = ""C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r" ["VERITAS Software, Inc."]
"MoneyStartUp10.0" = ""c:\Program Files\Microsoft Money\System\Activation.exe"" [MS]
"WCOLOREAL" = ""C:\Program Files\COMPAQ\Coloreal\coloreal.exe"" [null data]
"Recguard" = "C:\WINDOWS\SMINST\RECGUARD.EXE" [empty string]
"NvCplDaemon" = "RUNDLL32.EXE NvQTwk,NvCplDaemon initialize" [MS]
"nwiz" = "nwiz.exe /installquiet /keeploaded" ["NVIDIA Corporation"]
"PS2" = "C:\WINDOWS\system32\ps2.exe" ["Hewlett-Packard Company"]
"msnappau" = ""C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"" [MS]
"DDCActiveMenu" = ""C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot" [file not found]
"iTunesHelper" = "C:\Program Files\iTunes\iTunesHelper.exe" ["Apple Computer, Inc."]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"SSBkgdUpdate" = ""C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot" ["Scansoft, Inc."]
"PaperPort PTD" = "C:\Program Files\Scansoft\PaperPort\pptd40nt.exe" ["ScanSoft, Inc."]
"IndexSearch" = "C:\Program Files\Scansoft\PaperPort\IndexSearch.exe" [null data]
"SetDefPrt" = "C:\Program Files\Brother\Brmfl04e\BrStDvPt.exe" [null data]
"ControlCenter2.0" = "C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun" ["Brother Industries, Ltd."]
"TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"ccApp" = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" ["Symantec Corporation"]
"gcasServ" = ""C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"" [MS]
"GMedia2" = "C:\WINDOWS\System32\GSM2.exe" [file not found]
"nytcypo" = "C:\WINDOWS\System32\rhdyt\nytcypo.exe" [file not found]
"ddhpovw" = "C:\WINDOWS\System32\sbnqg\ddhpovw.exe" [file not found]
"exjjpdbk" = "C:\WINDOWS\System32\gwfqyc\exjjpdbk.exe" [file not found]
"oxthnn" = "C:\WINDOWS\System32\dykk\oxthnn.exe" [file not found]
"srdvd" = "C:\WINDOWS\System32\dpaxi\srdvd.exe" [file not found]
"cfgmgr51" = "RunDLL32.EXE C:\WINDOWS\cfgmgr51.dll,DllRun" [MS]
"nwvspqp" = "C:\WINDOWS\nwvspqp.exe" [file not found]
"abasa5jrp" = "C:\WINDOWS\System32\abasa5jrp.exe" [file not found]
"Symantec NetDriver Monitor" = "C:\PROGRA~1\SYMNET~1\SNDMon.exe" ["Symantec Corporation"]
"SSC_UserPrompt" = "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" ["Symantec Corporation"]
"Security iGuard" = "C:\Program Files\Security iGuard\Security iGuard.exe" [file not found]
"Zone Labs Client" = ""C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"" ["Zone Labs LLC"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{302A3240-4805-4a34-97D7-1645A0B08410}\(Default) = "BolgerObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\Bolger.dll" ["Bolger"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{88C6C381-2E85-11D0-94DE-444553540000}" = "ActiveX Cache Folder"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\occache.dll" [MS]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Real\RealOne Player\rpshell.dll" ["RealNetworks, Inc."]
"{7F67036B-66F1-411A-AD85-759FB9C5B0DB}" = "SampleView"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\ShellvRTF.dll" ["XSS"]
"{5464D816-CF16-4784-B9F3-75C0DB52B499}" = "Yahoo! Mail"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\Downloaded Program Files\ymmapi.dll" ["Yahoo! Inc."]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{955B7B84-5308-419c-8ED8-0B9CA3C56985}" = "America Online"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\aolshare\shell\us\shellext.dll" ["America Online, Inc."]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]
"{7C9D5882-CB4A-4090-96C8-430BFE8B795B}" = "Webroot Spy Sweeper Context Menu Integration"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" ["Webroot Software, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\
INFECTION WARNING! "{D56A1203-1452-EBA1-7294-EE3377770000}" = "Interlinking Memory Support"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\param32.dll" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{9EF34FF2-3396-4527-9D27-04C8C1C67806}" = "Microsoft AntiSpyware Service Hook"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft AntiSpyware\shellextension.dll" [MS]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! igfxcui\DLLName = "igfxsrvc.dll" ["Intel Corporation"]

HKLM\Software\Classes\PROTOCOLS\Filter\
INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\ssstars.scr" [MS]


Enabled Wallpaper and Active Desktop:
-------------------------------------

Active Desktop is disabled.

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\wp.bmp"


Startup items in "Owner" & "All Users" startup folders:
-------------------------------------------------------

C:\Documents and Settings\Owner\Start Menu\Programs\Startup
"MyWebSearch Email Plugin" -> shortcut to: "C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE" ["MyWebSearch.com"]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"HP Digital Imaging Monitor" -> shortcut to: "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" [file not found]
"MyWebSearch Email Plugin" -> shortcut to: "C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE" ["MyWebSearch.com"]
"QuickBooks Update Agent" -> shortcut to: "C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe" ["Intuit, Inc."]
"Quicken Scheduled Updates" -> shortcut to: "C:\Program Files\Quicken\bagent.exe" ["Intuit Inc."]
"SmartUI" -> shortcut to: "C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe" ["Scansoft, Inc."]


Enabled Scheduled Tasks:
------------------------

"Norton AntiVirus - Scan my computer" -> launches: "C:\PROGRA~1\NORTON~1\NAVW32.exe /task:C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\NORTON~1\Tasks\mycomp.sca" ["Symantec Corporation"]
"Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Explorer Bars

HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\
{4528BBE0-4E08-11D5-AD55-00010333D0AD}\
-> {CLSID}\(Default) = "&Yahoo! Messenger"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Messenger\yhexbmes.dll" ["Yahoo! Inc."]

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{4528BBE0-4E08-11D5-AD55-00010333D0AD}\
-> {CLSID}\(Default) = "&Yahoo! Messenger"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Messenger\yhexbmes.dll" ["Yahoo! Inc."]

Dormant Explorer Bars in "View, Explorer Bar" menu

HKLM\Software\Classes\CLSID\{9404901D-06DA-4B23-A0EE-3EA4F64EC9B3}\
(Default) = "MoneySide"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "c:\Program Files\Microsoft Money\System\mnyviewer.dll" [MS]

HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\
(Default) = "&Research"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [null data]

Extensions (Tools menu items, main toolbar menu buttons)

HKCU\Software\Microsoft\Internet Explorer\Extensions\
{AF6CABAB-61F9-4F12-A198-B7D41EF1CB52}\
"ButtonText" = "WeatherBug"
"CLSIDExtension" = "{AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}"
"Exec" = "C:\Program Files\AWS\WeatherBug\Weather.exe" [file not found]

{F889CA46-3E85-460F-BC03-77DD2EF56195}\
"ButtonText" = "Microsoft AntiSpyware helper"
"MenuText" = "Microsoft AntiSpyware helper"

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{2499216C-4BA5-11D5-BD9C-000103C116D5}\
"ButtonText" = "Yahoo! Login"
"MenuText" = "Yahoo! Login"
"CLSIDExtension" = "{2499216C-4BA5-11D5-BD9C-000103C116D5}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Common\ylogin.dll" ["Yahoo! Inc."]

{4528BBE0-4E08-11D5-AD55-00010333D0AD}\
"ButtonText" = "Messenger"
"MenuText" = "Yahoo! Messenger"
"CLSIDExtension" = "{4C171D40-8277-11D5-AD55-00010333D0AD}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Messenger\yhexbmes.dll" ["Yahoo! Inc."]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Research"

{E023F504-0C5A-4750-A1E7-A9046DEA8A21}\
"ButtonText" = "MoneySide"
"CLSIDExtension" = "{301DA1EE-F65C-4188-A417-9E915CC8FBFA}"
-> {CLSID}\InProcServer32\(Default) = "c:\Program Files\Microsoft Money\System\mnyviewer.dll" [MS]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Messenger"
"Exec" = "C:\Program Files\Messenger\MSMSGS.EXE" [MS]


HOSTS file
----------

C:\WINDOWS\system32\Drivers\Etc\HOSTS

maps: 13 domain names to IP addresses,
1 of the IP addresses is *not* localhost!


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Brother Popup Suspend service for Resource manager, brmfrmps, ""C:\WINDOWS\system32\Brmfrmps.exe" -service " ["Brother Industries, Ltd."]
BrSplService, Brother XP spl Service, "C:\WINDOWS\System32\brsvc01a.exe" ["brother Industries Ltd"]
iPod Service, iPodService, "C:\Program Files\iPod\bin\iPodService.exe" ["Apple Computer, Inc."]
Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS]
Norton AntiVirus Auto Protect Service, navapsvc, ""C:\Program Files\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"]
TrueVector Internet Monitor, vsmon, "C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service" ["Zone Labs LLC"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS]


----------
This report excludes default entries except where indicated.
To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
----------

Edited by Azureflame, 22 April 2005 - 06:17 AM.

  • 0

#5
Daemon

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
Click here to download Pocket Killbox by Option^Explicit. Extract it from the zip file then double-click on Killbox.exe to run it.

Select the Delete on reboot option.

In the 'Full Path of File to Delete' box, copy and paste the following, clicking the 'Delete File' button (red circle with a white X) after pasting:

C:\WINDOWS\System32\param32.dll

It will prompt you to reboot, press the NO button. Instead, copy and paste the following and click the 'Delete File' button again:

C:\WINDOWS\Bolger.dll

When it prompts you to reboot this time, press the YES button.

After restarting, with only HijackThis running, scan and when complete, remove the following entry by checking the box to the left and clicking 'fixed checked':

[B]R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotoffers.info/ad0278/
R3 - Default URLSearchHook is missing
O1 - Hosts: 69.50.173.4 lycos.com
O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot
O4 - HKLM\..\Run: [GMedia2] C:\WINDOWS\System32\GSM2.exe
O4 - HKLM\..\Run: [nytcypo] C:\WINDOWS\System32\rhdyt\nytcypo.exe
O4 - HKLM\..\Run: [ddhpovw] C:\WINDOWS\System32\sbnqg\ddhpovw.exe
O4 - HKLM\..\Run: [exjjpdbk] C:\WINDOWS\System32\gwfqyc\exjjpdbk.exe
O4 - HKLM\..\Run: [oxthnn] C:\WINDOWS\System32\dykk\oxthnn.exe
O4 - HKLM\..\Run: [srdvd] C:\WINDOWS\System32\dpaxi\srdvd.exe
O4 - HKLM\..\Run: [cfgmgr51] RunDLL32.EXE C:\WINDOWS\cfgmgr51.dll,DllRun
O4 - HKLM\..\Run: [nwvspqp] C:\WINDOWS\nwvspqp.exe
O4 - HKLM\..\Run: [abasa5jrp] C:\WINDOWS\System32\abasa5jrp.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O9 - Extra button: Microsoft AntiSpyware helper - {F889CA46-3E85-460F-BC03-77DD2EF56195} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {F889CA46-3E85-460F-BC03-77DD2EF56195} - (no file) (HKCU)
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} - http://www.errorguar...ion/Install.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.wea...Transporter.cab?
O23 - Service: ftjqnlxtohuq - Unknown owner - C:\WINDOWS\System32\nlxtohuq\ftjq.exe (file missing)
O23 - Service: lpvjylhkppqd - Unknown owner - C:\WINDOWS\System32\lhkppqd\lpvjy.exe (file missing)


Exit HijackThis when done. Reboot, rescan with HijackThis and post a new log here.
  • 0

#6
Azureflame

Azureflame

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
New Log

Logfile of HijackThis v1.99.1
Scan saved at 11:53:25 AM, on 4/22/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system\aaemqm.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\BRMFRSMG.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ofm5aplb.slt\prefs.js)
O2 - BHO: BolgerObj Class - {302A3240-4805-4a34-97D7-1645A0B08410} - C:\WINDOWS\Bolger.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [BlockTracker] c:\hp\bin\BlockTracker.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [MoneyStartUp10.0] "c:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04e\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: SmartUI.lnk = C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab30149.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {60EFC337-15C2-4369-B2A0-3429B071D8B8} (WebProgramManager Class) - http://isupport4.hp....SWebManager.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1100030930796
O16 - DPF: {6602C449-3AC5-4EE0-B379-7CB8F9153003} (Pixami Upload UI Control) - http://cal.americang.../AGControls.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab30149.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zon...ry/ZAxRcMgr.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab27513.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zon...oF.cab31267.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://playweb06.pog...aploader_v6.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  • 0

#7
Daemon

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
Click here to download eScan's mwav application. Double-click it to run it, select all local drives, scan all files, press 'scan' and when it is completed, anything found will be displayed in the lower pane. Highlight it, CTRL C and paste it in your next reply.
  • 0

#8
Azureflame

Azureflame

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
THanks for the help Daemon. :tazz:

ack! Sorry for the double post. Also the scan wasn't complete obviously. Will report back with completed scan.

As previously stated I R Bad Monkey ;)

Edited by Azureflame, 22 April 2005 - 02:30 PM.

  • 0

#9
Azureflame

Azureflame

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
THanks for the help Daemon. :tazz:

Here's the requested log

File C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoestb.dll infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\DrPMon.dll infected by "Trojan.Win32.Agent.db" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system\aaemqm.exe infected by "Trojan-Downloader.Win32.Small.aly" Virus. Action Taken: No Action Taken.
File C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSOEMON.EXE infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system\aaemqm.exe infected by "Trojan-Downloader.Win32.Small.aly" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\msCMTSrvc.exe infected by "Trojan-Downloader.Win32.Presario" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\svcproc.exe infected by "Trojan.Win32.Stervis.b" Virus. Action Taken: No Action Taken.
File System Found infected by "VX2 Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "VX2 Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "mywebsearch Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "mysearch Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "zango Spyware/Adware" Virus. Action Taken: No Action Taken.
  • 0

#10
Daemon

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
Go to Start->Run and type Services.msc then hit Ok. Scroll down and find the service called "System Startup Service". When you find it, double-click on it. In the next window that opens, click the Stop button, then click on properties and under the General Tab, change the Startup Type to Disabled. Now hit Apply and then Ok and close any open windows.


Start Killbox and click on Tools->Delete Temp Files. When that finishes, copy and paste each of the following lines into the "Full Path of File to Delete" box in Killbox, and click the red button with the white X on it after each. Keep track of any files it tells you either could not be found or could not be deleted, as you'll need those later:

C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSOEMON.EXE
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoestb.dll
C:\WINDOWS\svcproc.exe
C:\WINDOWS\system32\DrPMon.dll
C:\WINDOWS\system32\msCMTSrvc.exe
C:\WINDOWS\system\aaemqm.exe

For the files that it either couldn't find or couldn't delete, in the killbox again this time, put a mark next to "Delete on Reboot". Copy and paste each file into the file name box, then click the red button with the X after each. It will ask you if you want to reboot each time you click it, answer NO until after you've pasted the last file name, at which time you should answer Yes.

Reboot if it doesn't do so automatically.

Open HijackThis, scan and when complete, remove the following entries by checking the box to the left and clicking 'fixed checked':

O2 - BHO: BolgerObj Class - {302A3240-4805-4a34-97D7-1645A0B08410} - C:\WINDOWS\Bolger.dll (file missing)
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe

Reboot when done. Rescan with HJT and post a new log for a final check over.
  • 0

Advertisements


#11
Azureflame

Azureflame

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Hey Daemon. I had to leave the office friday and didn't get a chance to re-run the scan which I hadn't allowed to finish. Here is a complete silentrunners log.

File C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoestb.dll infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\DrPMon.dll infected by "Trojan.Win32.Agent.db" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system\aaemqm.exe infected by "Trojan-Downloader.Win32.Small.aly" Virus. Action Taken: No Action Taken.
File C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSOEMON.EXE infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system\aaemqm.exe infected by "Trojan-Downloader.Win32.Small.aly" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\msCMTSrvc.exe infected by "Trojan-Downloader.Win32.Presario" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\svcproc.exe infected by "Trojan.Win32.Stervis.b" Virus. Action Taken: No Action Taken.
File System Found infected by "VX2 Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "VX2 Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "mywebsearch Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "mysearch Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "zango Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "AdRotator Spyware/Adware" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\kmoucwf.exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\kmxzyvfipo.exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\mm15201518.Stub.exe infected by "not-a-virus:AdWare.EZula.ah" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Nail.exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\dist001.exe infected by "Trojan-Downloader.Win32.VB.eu" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\DrPMon.dll infected by "Trojan.Win32.Agent.db" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\f3pssavr.scr infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\guninst.exe infected by "not-a-virus:AdWare.Serpo.j" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\stubinstaller4528.exe infected by "Trojan-Dropper.Win32.Agent.hl" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\wldr.dll infected by "Trojan-Downloader.Win32.Agent.le" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\Owner\LOCALS~1\Temp\180SAInstaller.exe infected by "not-a-virus:AdWare.180Solutions.g" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\Owner\LOCALS~1\Temp\CZW\uacupg.exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\Owner\LOCALS~1\Temp\Del12D.tmp infected by "Trojan-Downloader.Win32.Small.asf" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\Owner\LOCALS~1\Temp\Del67.tmp infected by "Trojan-Downloader.Win32.Small.asf" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\Owner\LOCALS~1\Temp\FTJ\aurareco.exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\Owner\LOCALS~1\Temp\i29.tmp infected by "not-a-virus:AdWare.SurfSide.j" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\Owner\LOCALS~1\Temp\iDC.tmp infected by "not-a-virus:AdWare.SurfSide.j" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\Owner\LOCALS~1\Temp\res68.tmp infected by "not-a-virus:AdWare.180Solutions.g" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\Owner\LOCALS~1\Temp\XBV\aurareco.exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\0X2NGL2R\Bolger[1].dll infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\C1U301MJ\mm15201518.Stub[1].exe infected by "not-a-virus:AdWare.EZula.ah" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\DC4NX58D\mtrslib2[1].js infected by "Trojan-Downloader.JS.Small.ag" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\DCOVPTOX\dropper[1].chm infected by "Trojan-Downloader.Win32.WarSpy.d" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\FKT1ZOKW\TRACK15[1].CHM infected by "Trojan-Downloader.VBS.Psyme.x" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\G5AFG5M7\track2[1].htm infected by "Exploit.HTML.Mht" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\KN3NUG15\wow[1].htm infected by "Exploit.HTML.Mht" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\Q9ETWHO3\track15[1].htm infected by "Exploit.HTML.Mht" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\U174X8F6\trk_0002[1].exe infected by "not-a-virus:AdWare.Pacer.c" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\URXGVL2S\trk_0015[1].exe infected by "not-a-virus:AdWare.Pacer.e" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\U7ERMBC7\STATS25[1].CHM infected by "Trojan-Downloader.JS.Psyme.n" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\U7KFSHCD\stats25[1].htm infected by "Exploit.HTML.Mht" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\Owner\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0F.dat infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\Owner\Local Settings\Temp\180SAInstaller.exe infected by "not-a-virus:AdWare.180Solutions.g" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\Owner\Local Settings\Temp\CZW\uacupg.exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\Owner\Local Settings\Temp\Del12D.tmp infected by "Trojan-Downloader.Win32.Small.asf" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\Owner\Local Settings\Temp\Del67.tmp infected by "Trojan-Downloader.Win32.Small.asf" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\Owner\Local Settings\Temp\FTJ\aurareco.exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\Owner\Local Settings\Temp\i29.tmp infected by "not-a-virus:AdWare.SurfSide.j" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\Owner\Local Settings\Temp\iDC.tmp infected by "not-a-virus:AdWare.SurfSide.j" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\Owner\Local Settings\Temp\res68.tmp infected by "not-a-virus:AdWare.180Solutions.g" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\Owner\Local Settings\Temp\XBV\aurareco.exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0X2NGL2R\Bolger[1].dll infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\C1U301MJ\mm15201518.Stub[1].exe infected by "not-a-virus:AdWare.EZula.ah" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\DC4NX58D\mtrslib2[1].js infected by "Trojan-Downloader.JS.Small.ag" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\DCOVPTOX\dropper[1].chm infected by "Trojan-Downloader.Win32.WarSpy.d" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\FKT1ZOKW\TRACK15[1].CHM infected by "Trojan-Downloader.VBS.Psyme.x" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\G5AFG5M7\track2[1].htm infected by "Exploit.HTML.Mht" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\KN3NUG15\wow[1].htm infected by "Exploit.HTML.Mht" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\Q9ETWHO3\track15[1].htm infected by "Exploit.HTML.Mht" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\U174X8F6\trk_0002[1].exe infected by "not-a-virus:AdWare.Pacer.c" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\URXGVL2S\trk_0015[1].exe infected by "not-a-virus:AdWare.Pacer.e" Virus. Action Taken: No Action Taken.
File C:\hp\bin\Terminator.exe tagged as not-a-virus:RiskWare.Tool.KillApp. No Action Taken.
File C:\hp\bin\win32all-146.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\FwBarTemp\searchbar.exe infected by "Trojan-Downloader.Win32.VB.eu" Virus. Action Taken: No Action Taken.
File C:\Program Files\Microsoft AntiSpyware\Quarantine\F40B4CFA-FFB8-45D1-84CC-FA0D3B\AE54D7D4-2C06-4214-B54E-9BFFE4 infected by "not-a-virus:AdWare.180Solutions" Virus. Action Taken: No Action Taken.
File C:\Program Files\Microsoft AntiSpyware\Quarantine\F40B4CFA-FFB8-45D1-84CC-FA0D3B\CFCB4BA9-342F-41BF-9670-9CF197 infected by "not-a-virus:AdWare.180Solutions" Virus. Action Taken: No Action Taken.
File C:\Program Files\Microsoft AntiSpyware\Quarantine\F40B4CFA-FFB8-45D1-84CC-FA0D3B\E956CD34-16F4-4E6B-BE43-1ED539 infected by "not-a-virus:AdWare.180Solutions" Virus. Action Taken: No Action Taken.
File C:\Program Files\Microsoft AntiSpyware\Quarantine\FF9B19C8-496C-46A5-BD3C-FF4FC9\867BEE6A-E073-405C-BC3F-0E279A infected by "not-a-virus:AdWare.IWon" Virus. Action Taken: No Action Taken.
File C:\Program Files\MSN Messenger\riched20.dll infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.
File C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.
File C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.
File C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.
File C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.
File C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.
File C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.
File C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.
File C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.
File C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.
File C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.
File C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.
File C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.
File C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.
File C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.
File C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.
File C:\Program Files\Netscape\Netscape\Plugins\npwthost.dll infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\18EC0CD0.exe infected by "Trojan.Win32.Agent.ct" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\226F2181.exe infected by "Trojan-Downloader.Win32.WarSpy.d" Virus. Action Taken: No Action Taken.
File C:\Program Files\Windows Media Player\wmplayer.exe.tmp infected by "not-a-virus:AdWare.Pacer.c" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP106\A0011454.exe infected by "not-a-virus:AdWare.Gator.a" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP106\A0011455.exe infected by "not-a-virus:AdWare.Gator.a" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012383.exe infected by "Trojan-Downloader.Win32.Agent.lg" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012384.exe infected by "Trojan.Win32.VB.ux" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012389.exe infected by "Trojan-Downloader.Win32.Small.apm" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012397.exe infected by "not-a-virus:AdWare.BargianBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012398.exe infected by "not-a-virus:AdWare.Sahat.m" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012399.exe infected by "not-a-virus:AdWare.Wintol.ab" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012404.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012416.exe infected by "not-a-virus:AdWare.WebSearch.af" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012424.exe infected by "not-a-virus:AdWare.BargianBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012425.srg infected by "not-a-virus:AdWare.BargianBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012429.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012435.vxd infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012436.ax infected by "not-a-virus:AdWare.BargainBuddy.l" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012437.vxd infected by "not-a-virus:AdWare.BargianBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012447.EXE infected by "not-a-virus:AdWare.VirtualBouncer.j" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012456.exe infected by "not-a-virus:AdWare.Sahat.o" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012466.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012467.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012468.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012469.exe infected by "not-a-virus:AdWare.Apropos.f" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012471.exe infected by "Trojan-Downloader.Win32.Apropo.aa" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012472.exe infected by "not-a-virus:AdWare.Apropos.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012474.dll infected by "Trojan-Downloader.Win32.Apropo.w" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012479.dll infected by "not-a-virus:AdWare.Apropos.f" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012480.exe infected by "Trojan-Downloader.Win32.Dyfuca.dx" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012484.exe infected by "not-a-virus:AdWare.ToolBar.EliteBar.z" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012485.dll infected by "not-a-virus:AdWare.ToolBar.EliteBar.af" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012486.dll infected by "not-a-virus:AdWare.ToolBar.EliteBar.z" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012488.exe infected by "not-a-virus:AdWare.CashBack.b" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012489.exe infected by "not-a-virus:AdWare.CashBack.d" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012490.dll infected by "not-a-virus:AdWare.BargainBuddy.l" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012496.exe infected by "Trojan-Dropper.Win32.Agent.hl" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012497.dll infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012498.exe infected by "not-a-virus:AdWare.DealHelper.ac" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012499.exe infected by "not-a-virus:AdWare.Sahat.o" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012501.exe infected by "not-a-virus:AdWare.WinAD.af" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012502.exe infected by "not-a-virus:AdWare.WinAD.am" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012503.exe infected by "not-a-virus:AdWare.WinAD.af" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012504.exe infected by "not-a-virus:AdWare.Pacer.a" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012507.exe infected by "not-a-virus:AdWare.VirtualBouncer.g" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012508.exe infected by "Trojan-Dropper.Win32.Agent.hl" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012509.dll infected by "not-a-virus:AdWare.VirtualBouncer.g" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012511.dll infected by "not-a-virus:AdWare.VirtualBouncer.g" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012512.dll infected by "not-a-virus:AdWare.VirtualBouncer.g" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012513.dll infected by "not-a-virus:AdWare.VirtualBouncer.g" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012515.EXE infected by "not-a-virus:AdWare.VirtualBouncer.j" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012521.exe infected by "Trojan-Downloader.Win32.Small.abd" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012522.exe infected by "Trojan-Downloader.Win32.Small.abd" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012524.EXE infected by "not-a-virus:AdWare.SurfSide.j" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012525.exe infected by "Trojan-Downloader.Win32.Stubby.c" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012526.exe infected by "not-a-virus:AdWare.WildTangent.DownloadWare" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012528.exe infected by "not-a-virus:AdWare.VirtualBouncer.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012529.EXE infected by "not-a-virus:AdWare.VirtualBouncer" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012540.exe infected by "not-a-virus:AdWare.WebSearch.af" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012543.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012556.dll infected by "not-a-virus:AdWare.WinAD.am" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012562.DLL infected by "not-a-virus:AdWare.ToolBar.MyWay.j" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012563.EXE infected by "not-a-virus:AdWare.ToolBar.MyWay.j" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012635.exe infected by "not-a-virus:AdWare.WebRebates.d" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012636.exe infected by "not-a-virus:AdWare.WebRebates.d" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012637.exe infected by "not-a-virus:AdWare.WebRebates.c" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012646.DLL infected by "not-a-virus:AdWare.IWon" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012648.EXE infected by "not-a-virus:AdWare.Toolbar.MyWay.b" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012649.exe infected by "Trojan-Downloader.Win32.Dyfuca.dx" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012660.exe infected by "not-a-virus:AdWare.EZula.z" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012662.dll infected by "not-a-virus:AdWare.EZula.ab" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012665.exe infected by "not-a-virus:AdWare.EZula.ap" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012666.dll infected by "not-a-virus:AdWare.EZula.x" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012668.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012670.exe infected by "not-a-virus:AdWare.ToolBar.MyWay.j" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012671.dll infected by "not-a-virus:AdWare.EZula.ae" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012676.exe infected by "not-a-virus:AdWare.WebSearch.af" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012679.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012746.exe infected by "not-a-virus:AdWare.WinAD.am" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012747.exe infected by "not-a-virus:AdWare.WinAD.am" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012748.dll infected by "not-a-virus:AdWare.WinAD.am" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012756.exe infected by "not-a-virus:AdWare.Wintol.ab" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012757.exe infected by "not-a-virus:AdWare.WebRebates.g" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012758.exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012761.exe infected by "not-a-virus:AdWare.VirtualBouncer.c" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012762.exe infected by "Trojan-Downloader.Win32.Small.abd" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012766.exe infected by "not-a-virus:AdWare.Sahat.o" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012767.exe infected by "not-a-virus:AdWare.Sahat.o" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012772.exe infected by "Trojan-Downloader.Win32.Agent.jq" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012775.exe infected by "not-a-virus:AdWare.ToolBar.BrowserVillage.b" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012776.exe infected by "Trojan-Dropper.Win32.Small.mr" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012780.exe infected by "Trojan-Downloader.Win32.Agent.lg" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012781.exe infected by "Trojan-Dropper.Win32.Delf.z" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012782.dll infected by "Trojan-Clicker.Win32.Delf.r" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012785.exe infected by "Trojan-Dropper.Win32.Agent.hk" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012786.exe infected by "Trojan-Dropper.Win32.Agent.hk" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012787.exe infected by "Trojan-Dropper.Win32.Agent.hk" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012789.exe infected by "Trojan-Downloader.Win32.Agent.hw" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012795.srg infected by "not-a-virus:AdWare.BargianBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012796.exe infected by "not-a-virus:AdWare.BargianBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012797.exe infected by "not-a-virus:AdWare.BargianBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012798.exe infected by "not-a-virus:AdWare.BargianBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012799.exe infected by "not-a-virus:AdWare.BargianBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012800.exe infected by "not-a-virus:AdWare.ToolBar.HotSearchBar.d" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012801.exe infected by "not-a-virus:AdWare.Beginto.c" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012802.dll infected by "not-a-virus:AdWare.ToolBar.HotSearchBar.d" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012803.dll infected by "not-a-virus:AdWare.Beginto.c" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012804.ax infected by "not-a-virus:AdWare.BargainBuddy.l" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012806.exe infected by "Trojan-Downloader.Win32.Adload.a" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012807.exe infected by "Trojan-Downloader.Win32.Apropo.ab" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012808.exe infected by "Trojan-Downloader.Win32.Apropo.ab" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012810.exe infected by "Trojan-Downloader.Win32.Small.akz" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012811.exe infected by "Trojan-Downloader.Win32.Small.akz" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012812.dll infected by "Trojan-Clicker.Win32.Small.ez" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012813.exe infected by "Trojan-Downloader.Win32.Agent.jq" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012815.exe infected by "not-a-virus:AdWare.Searcher.h" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012816.exe infected by "not-a-virus:AdWare.Searcher.h" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012825.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012830.exe infected by "not-a-virus:AdWare.WebSearch.af" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012928.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012930.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012935.exe infected by "not-a-virus:AdWare.WebSearch.af" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012952.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012957.exe infected by "not-a-virus:AdWare.WebSearch.af" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012965.exe infected by "Trojan.Win32.Registrator.b" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0013085.exe infected by "not-a-virus:AdWare.WebSearch.af" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0013089.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0013174.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0013180.exe infected by "not-a-virus:AdWare.WebSearch.af" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0013209.dll infected by "not-a-virus:AdWare.SurfSide.k" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0013210.dll infected by "not-a-virus:AdWare.SurfSide.k" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0013211.exe infected by "not-a-virus:AdWare.SurfSide.k" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0013226.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0013232.exe infected by "not-a-virus:AdWare.WebSearch.af" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP121\A0013347.exe infected by "not-a-virus:AdWare.WebSearch.af" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP121\A0013356.exe infected by "not-a-virus:AdWare.WebSearch.af" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP121\A0013359.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP121\A0013418.exe infected by "not-a-virus:AdWare.WebSearch.af" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP121\A0013425.exe infected by "Trojan.Win32.Registrator.b" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP121\A0013457.dll infected by "not-a-virus:AdWare.WebSearch.ae" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP121\A0013482.DLL infected by "not-a-virus:AdWare.ToolBar.MyWay.j" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP121\A0013483.EXE infected by "not-a-virus:AdWare.ToolBar.MyWay.j" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP121\A0013639.DLL infected by "not-a-virus:AdWare.ToolBar.MyWay.j" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP121\A0013649.exe infected by "not-a-virus:AdWare.WebSearch.af" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP121\A0013683.exe infected by "Trojan-Downloader.Win32.Small.apm" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP121\A0013690.dll infected by "not-a-virus:AdWare.WebSearch.af" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP121\A0013692.exe infected by "not-a-virus:AdWare.WebSearch.af" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP121\A0013694.dll infected by "not-a-virus:AdWare.WebSearch.ae" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP121\A0013734.exe infected by "Trojan.Win32.VB.ux" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP121\A0013744.exe infected by "not-a-virus:AdWare.EZula.ak" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP121\A0013747.EXE infected by "not-a-virus:AdWare.SurfSide.j" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP121\A0013748.exe infected by "Trojan-Dropper.Win32.Agent.hl" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP121\A0013749.exe infected by "Trojan-Dropper.Win32.Agent.hl" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP121\A0013750.exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP121\A0013752.exe infected by "Trojan-Dropper.Win32.Agent.hl" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP121\A0013753.exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP121\A0013754.exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP121\A0013756.exe infected by "not-a-virus:AdWare.EZula.ak" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP121\A0013758.EXE infected by "not-a-virus:AdWare.SurfSide.j" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP121\A0013759.exe infected by "Trojan.Win32.Registrator.b" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP121\A0013761.exe infected by "not-a-virus:AdWare.EZula.z" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP121\A0013764.exe infected by "Trojan-Downloader.Win32.VB.eu" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP122\A0013774.exe infected by "Trojan-Downloader.Win32.Small.abd" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP122\A0014716.exe infected by "Trojan.Win32.Registrator.b" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP122\A0014718.exe infected by "not-a-virus:AdWare.EZula.z" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP124\A0014761.exe infected by "Trojan-Downloader.Win32.Delf.ky" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP124\A0014771.exe infected by "not-a-virus:AdWare.Pacer.c" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP124\A0015762.exe infected by "not-a-virus:AdWare.EZula.ak" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP124\A0015790.exe infected by "Trojan-Downloader.Win32.Delf.ky" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP124\A0015791.exe infected by "Trojan-Downloader.Win32.Delf.ky" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP124\A0015792.exe infected by "Trojan-Downloader.Win32.Agent.lg" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP125\A0015914.dll infected by "Trojan-Downloader.Win32.Agent.le" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP125\A0015915.exe infected by "Trojan.Win32.Agent.ct" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP125\A0015936.exe infected by "not-a-virus:AdWare.Serpo.j" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP125\A0015937.dll infected by "Trojan-Downloader.Win32.WarSpy.e" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP125\A0016001.exe infected by "Trojan-Downloader.Win32.VB.eu" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP125\A0016005.exe infected by "not-a-virus:AdWare.EZula.z" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP125\A0016007.exe infected by "Trojan.Win32.Registrator.b" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP125\A0016008.exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP125\A0016010.exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP125\A0016011.exe infected by "Trojan-Dropper.Win32.Agent.hl" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP125\A0016012.exe infected by "Trojan-Dropper.Win32.Agent.hl" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP125\A0016013.EXE infected by "not-a-virus:AdWare.SurfSide.j" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP127\A0017165.dll infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP127\A0017174.dll infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP127\A0017184.dll infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP130\A0018022.dll infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP130\A0018064.dll infected by "Trojan-Downloader.Win32.WarSpy.e" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP130\A0018065.dll infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP131\A0019106.exe infected by "Trojan.Win32.Agent.ct" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP99\A0010971.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP99\A0011002.exe infected by "not-a-virus:AdWare.180Solutions" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP99\A0011011.DLL infected by "not-a-virus:AdWare.IWon" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\kmoucwf.exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\kmxzyvfipo.exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\mm15201518.Stub.exe infected by "not-a-virus:AdWare.EZula.ah" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Nail.exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\dist001.exe infected by "Trojan-Downloader.Win32.VB.eu" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\DrPMon.dll infected by "Trojan.Win32.Agent.db" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\f3pssavr.scr infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\guninst.exe infected by "not-a-virus:AdWare.Serpo.j" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\stubinstaller4528.exe infected by "Trojan-Dropper.Win32.Agent.hl" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\wldr.dll infected by "Trojan-Downloader.Win32.Agent.le" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\wt\wtvh.dll infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No Action Taken.


Again thanks for your assistance!

AF
  • 0

#12
Azureflame

Azureflame

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
I went ahead and followed your last proceedure but the two lines in HJT were not there to fix. Wallpaper is still showing it's error message but that seems to be about all that's left of it so far. Here is a freshie

Logfile of HijackThis v1.99.1
Scan saved at 8:37:22 AM, on 4/26/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\BRMFRSMG.EXE
C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ofm5aplb.slt\prefs.js)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [MoneyStartUp10.0] "c:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04e\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: SmartUI.lnk = C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab30149.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {60EFC337-15C2-4369-B2A0-3429B071D8B8} (WebProgramManager Class) - http://isupport4.hp....SWebManager.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1100030930796
O16 - DPF: {6602C449-3AC5-4EE0-B379-7CB8F9153003} (Pixami Upload UI Control) - http://cal.americang.../AGControls.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab30149.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zon...ry/ZAxRcMgr.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab27513.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zon...oF.cab31267.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://playweb06.pog...aploader_v6.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  • 0

#13
Daemon

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
Start Killbox and click on Tools->Delete Temp Files. When that finishes, copy and paste each of the following lines into the "Full Path of File to Delete" box in Killbox, and click the red button with the white X on it after each. Keep track of any files it tells you either could not be found or could not be deleted, as you'll need those later:

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\U7ERMBC7\STATS25[1].CHM
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\U7KFSHCD\stats25[1].htm
C:\Documents and Settings\Owner\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0F.dat
C:\Documents and Settings\Owner\Local Settings\Temp\180SAInstaller.exe
C:\Documents and Settings\Owner\Local Settings\Temp\CZW\uacupg.exe
C:\Documents and Settings\Owner\Local Settings\Temp\Del12D.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\Del67.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\FTJ\aurareco.exe
C:\Documents and Settings\Owner\Local Settings\Temp\i29.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\iDC.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\res68.tmp
C:\Documents and Settings\Owner\Local Settings\Temp\XBV\aurareco.exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0X2NGL2R\Bolger[1].dll
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\C1U301MJ\mm15201518.Stub[1].exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\DC4NX58D\mtrslib2[1].js
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\DCOVPTOX\dropper[1].chm
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\FKT1ZOKW\TRACK15[1].CHM
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\G5AFG5M7\track2[1].htm
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\KN3NUG15\wow[1].htm
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\Q9ETWHO3\track15[1].htm
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\U174X8F6\trk_0002[1].exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\URXGVL2S\trk_0015[1].exe
C:\Program Files\FwBarTemp\searchbar.exe
C:\Program Files\MSN Messenger\riched20.dll
C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
C:\Program Files\Windows Media Player\wmplayer.exe.tmp
C:\WINDOWS\kmoucwf.exe
C:\WINDOWS\kmxzyvfipo.exe
C:\WINDOWS\mm15201518.Stub.exe
C:\WINDOWS\Nail.exe
C:\WINDOWS\svcproc.exe
C:\WINDOWS\System32\dist001.exe
C:\WINDOWS\system32\DrPMon.dll
C:\WINDOWS\system32\f3pssavr.scr
C:\WINDOWS\System32\guninst.exe
C:\WINDOWS\system32\msCMTSrvc.exe
C:\WINDOWS\System32\stubinstaller4528.exe
C:\WINDOWS\System32\wldr.dll
C:\WINDOWS\system\aaemqm.exe
C:\WINDOWS\wt\wtvh.dll

For the files that it either couldn't find or couldn't delete, in the killbox again this time, put a mark next to "Delete on Reboot". Copy and paste each file into the file name box, then click the red button with the X after each. It will ask you if you want to reboot each time you click it, answer NO until after you've pasted the last file name, at which time you should answer Yes.

Reboot if it doesn't do so automatically. Post a new mwav scan in your next reply.
  • 0

#14
Azureflame

Azureflame

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
I followed your last instructions. New mwv log.

File System Found infected by "VX2 Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "VX2 Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "mywebsearch Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "mysearch Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "zango Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "AdRotator Spyware/Adware" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\dist001.exe infected by "Trojan-Downloader.Win32.VB.eu" Virus. Action Taken: No Action Taken.
File C:\!Submit\0F.dat infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No Action Taken.
File C:\!Submit\aaemqm.exe infected by "Trojan-Downloader.Win32.Small.aly" Virus. Action Taken: No Action Taken.
File C:\!Submit\Bolger[1].dll infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken.
File C:\!Submit\dropper[1].chm infected by "Trojan-Downloader.Win32.WarSpy.d" Virus. Action Taken: No Action Taken.
File C:\!Submit\DrPMon.dll infected by "Trojan.Win32.Agent.db" Virus. Action Taken: No Action Taken.
File C:\!Submit\F3CJPEG.DLL infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.
File C:\!Submit\F3POPSWT.DLL infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.
File C:\!Submit\F3PSSAVR.SCR infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.
File C:\!Submit\F3REPROX.DLL infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.
File C:\!Submit\F3RESTUB.DLL infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.
File C:\!Submit\F3SCRCTR.DLL infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.
File C:\!Submit\F3WPHOOK.DLL infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.
File C:\!Submit\guninst.exe infected by "not-a-virus:AdWare.Serpo.j" Virus. Action Taken: No Action Taken.
File C:\!Submit\kmoucwf.exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken.
File C:\!Submit\kmxzyvfipo.exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken.
File C:\!Submit\M3OUTLCN.DLL infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.
File C:\!Submit\M3SKIN.DLL infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.
File C:\!Submit\mm15201518.Stub.exe infected by "not-a-virus:AdWare.EZula.ah" Virus. Action Taken: No Action Taken.
File C:\!Submit\mm15201518.Stub[1].exe infected by "not-a-virus:AdWare.EZula.ah" Virus. Action Taken: No Action Taken.
File C:\!Submit\msCMTSrvc.exe infected by "Trojan-Downloader.Win32.Presario" Virus. Action Taken: No Action Taken.
File C:\!Submit\mtrslib2[1].js infected by "Trojan-Downloader.JS.Small.ag" Virus. Action Taken: No Action Taken.
File C:\!Submit\MWSBAR.DLL infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.
File C:\!Submit\MWSOEMON.EXE infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.
File C:\!Submit\MWSOEPLG.DLL infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.
File C:\!Submit\mwsoestb.dll infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.
File C:\!Submit\MWSSRCAS.DLL infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.
File C:\!Submit\Nail.exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken.
File C:\!Submit\riched20.dll infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.
File C:\!Submit\searchbar.exe infected by "Trojan-Downloader.Win32.VB.eu" Virus. Action Taken: No Action Taken.
File C:\!Submit\STATS25[1].CHM infected by "Trojan-Downloader.JS.Psyme.n" Virus. Action Taken: No Action Taken.
File C:\!Submit\stats25[1].htm infected by "Exploit.HTML.Mht" Virus. Action Taken: No Action Taken.
File C:\!Submit\stubinstaller4528.exe infected by "Trojan-Dropper.Win32.Agent.hl" Virus. Action Taken: No Action Taken.
File C:\!Submit\svcproc.exe infected by "Trojan.Win32.Stervis.b" Virus. Action Taken: No Action Taken.
File C:\!Submit\TRACK15[1].CHM infected by "Trojan-Downloader.VBS.Psyme.x" Virus. Action Taken: No Action Taken.
File C:\!Submit\track15[1].htm infected by "Exploit.HTML.Mht" Virus. Action Taken: No Action Taken.
File C:\!Submit\track2[1].htm infected by "Exploit.HTML.Mht" Virus. Action Taken: No Action Taken.
File C:\!Submit\trk_0002[1].exe infected by "not-a-virus:AdWare.Pacer.c" Virus. Action Taken: No Action Taken.
File C:\!Submit\trk_0015[1].exe infected by "not-a-virus:AdWare.Pacer.e" Virus. Action Taken: No Action Taken.
File C:\!Submit\wldr.dll infected by "Trojan-Downloader.Win32.Agent.le" Virus. Action Taken: No Action Taken.
File C:\!Submit\wmplayer.exe.tmp infected by "not-a-virus:AdWare.Pacer.c" Virus. Action Taken: No Action Taken.
File C:\!Submit\wow[1].htm infected by "Exploit.HTML.Mht" Virus. Action Taken: No Action Taken.
File C:\!Submit\wtvh.dll infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No Action Taken.
File C:\hp\bin\Terminator.exe tagged as not-a-virus:RiskWare.Tool.KillApp. No Action Taken.
File C:\hp\bin\win32all-146.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\Microsoft AntiSpyware\Quarantine\F40B4CFA-FFB8-45D1-84CC-FA0D3B\AE54D7D4-2C06-4214-B54E-9BFFE4 infected by "not-a-virus:AdWare.180Solutions" Virus. Action Taken: No Action Taken.
File C:\Program Files\Microsoft AntiSpyware\Quarantine\F40B4CFA-FFB8-45D1-84CC-FA0D3B\CFCB4BA9-342F-41BF-9670-9CF197 infected by "not-a-virus:AdWare.180Solutions" Virus. Action Taken: No Action Taken.
File C:\Program Files\Microsoft AntiSpyware\Quarantine\F40B4CFA-FFB8-45D1-84CC-FA0D3B\E956CD34-16F4-4E6B-BE43-1ED539 infected by "not-a-virus:AdWare.180Solutions" Virus. Action Taken: No Action Taken.
File C:\Program Files\Microsoft AntiSpyware\Quarantine\FF9B19C8-496C-46A5-BD3C-FF4FC9\867BEE6A-E073-405C-BC3F-0E279A infected by "not-a-virus:AdWare.IWon" Virus. Action Taken: No Action Taken.
File C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.
File C:\Program Files\Netscape\Netscape\Plugins\npwthost.dll infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\18EC0CD0.exe infected by "Trojan.Win32.Agent.ct" Virus. Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\226F2181.exe infected by "Trojan-Downloader.Win32.WarSpy.d" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP106\A0011454.exe infected by "not-a-virus:AdWare.Gator.a" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP106\A0011455.exe infected by "not-a-virus:AdWare.Gator.a" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012383.exe infected by "Trojan-Downloader.Win32.Agent.lg" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012384.exe infected by "Trojan.Win32.VB.ux" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012389.exe infected by "Trojan-Downloader.Win32.Small.apm" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012397.exe infected by "not-a-virus:AdWare.BargianBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012398.exe infected by "not-a-virus:AdWare.Sahat.m" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012399.exe infected by "not-a-virus:AdWare.Wintol.ab" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012404.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012416.exe infected by "not-a-virus:AdWare.WebSearch.af" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012424.exe infected by "not-a-virus:AdWare.BargianBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012425.srg infected by "not-a-virus:AdWare.BargianBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012429.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012435.vxd infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012436.ax infected by "not-a-virus:AdWare.BargainBuddy.l" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012437.vxd infected by "not-a-virus:AdWare.BargianBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012447.EXE infected by "not-a-virus:AdWare.VirtualBouncer.j" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012456.exe infected by "not-a-virus:AdWare.Sahat.o" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012466.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012467.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012468.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012469.exe infected by "not-a-virus:AdWare.Apropos.f" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012471.exe infected by "Trojan-Downloader.Win32.Apropo.aa" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012472.exe infected by "not-a-virus:AdWare.Apropos.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012474.dll infected by "Trojan-Downloader.Win32.Apropo.w" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012479.dll infected by "not-a-virus:AdWare.Apropos.f" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012480.exe infected by "Trojan-Downloader.Win32.Dyfuca.dx" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012484.exe infected by "not-a-virus:AdWare.ToolBar.EliteBar.z" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012485.dll infected by "not-a-virus:AdWare.ToolBar.EliteBar.af" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012486.dll infected by "not-a-virus:AdWare.ToolBar.EliteBar.z" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012488.exe infected by "not-a-virus:AdWare.CashBack.b" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012489.exe infected by "not-a-virus:AdWare.CashBack.d" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012490.dll infected by "not-a-virus:AdWare.BargainBuddy.l" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012496.exe infected by "Trojan-Dropper.Win32.Agent.hl" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012497.dll infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012498.exe infected by "not-a-virus:AdWare.DealHelper.ac" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012499.exe infected by "not-a-virus:AdWare.Sahat.o" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012501.exe infected by "not-a-virus:AdWare.WinAD.af" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012502.exe infected by "not-a-virus:AdWare.WinAD.am" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012503.exe infected by "not-a-virus:AdWare.WinAD.af" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012504.exe infected by "not-a-virus:AdWare.Pacer.a" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012507.exe infected by "not-a-virus:AdWare.VirtualBouncer.g" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012508.exe infected by "Trojan-Dropper.Win32.Agent.hl" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012509.dll infected by "not-a-virus:AdWare.VirtualBouncer.g" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012511.dll infected by "not-a-virus:AdWare.VirtualBouncer.g" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012512.dll infected by "not-a-virus:AdWare.VirtualBouncer.g" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012513.dll infected by "not-a-virus:AdWare.VirtualBouncer.g" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012515.EXE infected by "not-a-virus:AdWare.VirtualBouncer.j" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012521.exe infected by "Trojan-Downloader.Win32.Small.abd" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012522.exe infected by "Trojan-Downloader.Win32.Small.abd" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012524.EXE infected by "not-a-virus:AdWare.SurfSide.j" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012525.exe infected by "Trojan-Downloader.Win32.Stubby.c" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012526.exe infected by "not-a-virus:AdWare.WildTangent.DownloadWare" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012528.exe infected by "not-a-virus:AdWare.VirtualBouncer.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012529.EXE infected by "not-a-virus:AdWare.VirtualBouncer" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012540.exe infected by "not-a-virus:AdWare.WebSearch.af" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012543.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012556.dll infected by "not-a-virus:AdWare.WinAD.am" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012562.DLL infected by "not-a-virus:AdWare.ToolBar.MyWay.j" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP118\A0012563.EXE infected by "not-a-virus:AdWare.ToolBar.MyWay.j" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012635.exe infected by "not-a-virus:AdWare.WebRebates.d" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012636.exe infected by "not-a-virus:AdWare.WebRebates.d" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012637.exe infected by "not-a-virus:AdWare.WebRebates.c" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012646.DLL infected by "not-a-virus:AdWare.IWon" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012648.EXE infected by "not-a-virus:AdWare.Toolbar.MyWay.b" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012649.exe infected by "Trojan-Downloader.Win32.Dyfuca.dx" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012660.exe infected by "not-a-virus:AdWare.EZula.z" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012662.dll infected by "not-a-virus:AdWare.EZula.ab" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012665.exe infected by "not-a-virus:AdWare.EZula.ap" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012666.dll infected by "not-a-virus:AdWare.EZula.x" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012668.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012670.exe infected by "not-a-virus:AdWare.ToolBar.MyWay.j" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012671.dll infected by "not-a-virus:AdWare.EZula.ae" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012676.exe infected by "not-a-virus:AdWare.WebSearch.af" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012679.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012746.exe infected by "not-a-virus:AdWare.WinAD.am" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012747.exe infected by "not-a-virus:AdWare.WinAD.am" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012748.dll infected by "not-a-virus:AdWare.WinAD.am" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012756.exe infected by "not-a-virus:AdWare.Wintol.ab" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012757.exe infected by "not-a-virus:AdWare.WebRebates.g" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012758.exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012761.exe infected by "not-a-virus:AdWare.VirtualBouncer.c" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012762.exe infected by "Trojan-Downloader.Win32.Small.abd" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012766.exe infected by "not-a-virus:AdWare.Sahat.o" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012767.exe infected by "not-a-virus:AdWare.Sahat.o" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012772.exe infected by "Trojan-Downloader.Win32.Agent.jq" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012775.exe infected by "not-a-virus:AdWare.ToolBar.BrowserVillage.b" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012776.exe infected by "Trojan-Dropper.Win32.Small.mr" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012780.exe infected by "Trojan-Downloader.Win32.Agent.lg" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012781.exe infected by "Trojan-Dropper.Win32.Delf.z" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012782.dll infected by "Trojan-Clicker.Win32.Delf.r" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012785.exe infected by "Trojan-Dropper.Win32.Agent.hk" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012786.exe infected by "Trojan-Dropper.Win32.Agent.hk" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012787.exe infected by "Trojan-Dropper.Win32.Agent.hk" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012789.exe infected by "Trojan-Downloader.Win32.Agent.hw" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012795.srg infected by "not-a-virus:AdWare.BargianBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012796.exe infected by "not-a-virus:AdWare.BargianBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012797.exe infected by "not-a-virus:AdWare.BargianBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012798.exe infected by "not-a-virus:AdWare.BargianBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012799.exe infected by "not-a-virus:AdWare.BargianBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012800.exe infected by "not-a-virus:AdWare.ToolBar.HotSearchBar.d" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012801.exe infected by "not-a-virus:AdWare.Beginto.c" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012802.dll infected by "not-a-virus:AdWare.ToolBar.HotSearchBar.d" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012803.dll infected by "not-a-virus:AdWare.Beginto.c" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012804.ax infected by "not-a-virus:AdWare.BargainBuddy.l" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012806.exe infected by "Trojan-Downloader.Win32.Adload.a" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012807.exe infected by "Trojan-Downloader.Win32.Apropo.ab" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012808.exe infected by "Trojan-Downloader.Win32.Apropo.ab" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012810.exe infected by "Trojan-Downloader.Win32.Small.akz" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012811.exe infected by "Trojan-Downloader.Win32.Small.akz" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012812.dll infected by "Trojan-Clicker.Win32.Small.ez" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012813.exe infected by "Trojan-Downloader.Win32.Agent.jq" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012815.exe infected by "not-a-virus:AdWare.Searcher.h" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012816.exe infected by "not-a-virus:AdWare.Searcher.h" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012825.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012830.exe infected by "not-a-virus:AdWare.WebSearch.af" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012928.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012930.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012935.exe infected by "not-a-virus:AdWare.WebSearch.af" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012952.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012957.exe infected by "not-a-virus:AdWare.WebSearch.af" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0012965.exe infected by "Trojan.Win32.Registrator.b" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0013085.exe infected by "not-a-virus:AdWare.WebSearch.af" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0013089.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0013174.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0013180.exe infected by "not-a-virus:AdWare.WebSearch.af" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0013209.dll infected by "not-a-virus:AdWare.SurfSide.k" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0013210.dll infected by "not-a-virus:AdWare.SurfSide.k" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0013211.exe infected by "not-a-virus:AdWare.SurfSide.k" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0013226.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP119\A0013232.exe infected by "not-a-virus:AdWare.WebSearch.af" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP121\A0013347.exe infected by "not-a-virus:AdWare.WebSearch.af" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP121\A0013356.exe infected by "not-a-virus:AdWare.WebSearch.af" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP121\A0013359.exe infected by "Trojan.Win32.Agent.cp" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP121\A0013418.exe infected by "not-a-virus:AdWare.WebSearch.af" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP121\A0013425.exe infected by "Trojan.Win32.Registrator.b" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP121\A0013457.dll infected by "not-a-virus:AdWare.WebSearch.ae" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP121\A0013482.DLL infected by "not-a-virus:AdWare.ToolBar.MyWay.j" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP121\A0013483.EXE infected by "not-a-virus:AdWare.ToolBar.MyWay.j" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP121\A0013639.DLL infected by "not-a-virus:AdWare.ToolBar.MyWay.j" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP121\A0013649.exe infected by "not-a-virus:AdWare.WebSearch.af" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP121\A0013683.exe infected by "Trojan-Downloader.Win32.Small.apm" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP121\A0013690.dll infected by "not-a-virus:AdWare.WebSearch.af" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP121\A0013692.exe infected by "not-a-virus:AdWare.WebSearch.af" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP121\A0013694.dll infected by "not-a-virus:AdWare.WebSearch.ae" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP121\A0013734.exe infected by "Trojan.Win32.VB.ux" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP121\A0013744.exe infected by "not-a-virus:AdWare.EZula.ak" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP121\A0013747.EXE infected by "not-a-virus:AdWare.SurfSide.j" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP121\A0013748.exe infected by "Trojan-Dropper.Win32.Agent.hl" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP121\A0013749.exe infected by "Trojan-Dropper.Win32.Agent.hl" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP121\A0013750.exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP121\A0013752.exe infected by "Trojan-Dropper.Win32.Agent.hl" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP121\A0013753.exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP121\A0013754.exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP121\A0013756.exe infected by "not-a-virus:AdWare.EZula.ak" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP121\A0013758.EXE infected by "not-a-virus:AdWare.SurfSide.j" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP121\A0013759.exe infected by "Trojan.Win32.Registrator.b" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP121\A0013761.exe infected by "not-a-virus:AdWare.EZula.z" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP121\A0013764.exe infected by "Trojan-Downloader.Win32.VB.eu" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP122\A0013774.exe infected by "Trojan-Downloader.Win32.Small.abd" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP122\A0014716.exe infected by "Trojan.Win32.Registrator.b" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP122\A0014718.exe infected by "not-a-virus:AdWare.EZula.z" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP124\A0014761.exe infected by "Trojan-Downloader.Win32.Delf.ky" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP124\A0014771.exe infected by "not-a-virus:AdWare.Pacer.c" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP124\A0015762.exe infected by "not-a-virus:AdWare.EZula.ak" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP124\A0015790.exe infected by "Trojan-Downloader.Win32.Delf.ky" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP124\A0015791.exe infected by "Trojan-Downloader.Win32.Delf.ky" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP124\A0015792.exe infected by "Trojan-Downloader.Win32.Agent.lg" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP125\A0015914.dll infected by "Trojan-Downloader.Win32.Agent.le" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP125\A0015915.exe infected by "Trojan.Win32.Agent.ct" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP125\A0015936.exe infected by "not-a-virus:AdWare.Serpo.j" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP125\A0015937.dll infected by "Trojan-Downloader.Win32.WarSpy.e" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP125\A0016001.exe infected by "Trojan-Downloader.Win32.VB.eu" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP125\A0016005.exe infected by "not-a-virus:AdWare.EZula.z" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP125\A0016007.exe infected by "Trojan.Win32.Registrator.b" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP125\A0016008.exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP125\A0016010.exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP125\A0016011.exe infected by "Trojan-Dropper.Win32.Agent.hl" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP125\A0016012.exe infected by "Trojan-Dropper.Win32.Agent.hl" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP125\A0016013.EXE infected by "not-a-virus:AdWare.SurfSide.j" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP127\A0017165.dll infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP127\A0017174.dll infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP127\A0017184.dll infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP130\A0018022.dll infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP130\A0018064.dll infected by "Trojan-Downloader.Win32.WarSpy.e" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP130\A0018065.dll infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP131\A0019106.exe infected by "Trojan.Win32.Agent.ct" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP133\A0019217.EXE infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP133\A0019218.exe infected by "Trojan.Win32.Stervis.b" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP133\A0019219.exe infected by "Trojan-Downloader.Win32.Presario" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP133\A0019220.exe infected by "Trojan-Downloader.Win32.Small.aly" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP133\A0019222.DLL infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP133\A0019223.dll infected by "Trojan.Win32.Agent.db" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP133\A0019311.exe infected by "Trojan-Downloader.Win32.VB.eu" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP133\A0019312.dll infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP133\A0019313.DLL infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP133\A0019314.DLL infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP133\A0019315.SCR infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP133\A0019316.DLL infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP133\A0019317.DLL infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP133\A0019318.DLL infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP133\A0019319.DLL infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP133\A0019320.DLL infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP133\A0019321.DLL infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP133\A0019322.DLL infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP133\A0019323.DLL infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP133\A0019324.DLL infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP133\A0019325.exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP133\A0019326.exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP133\A0019327.exe infected by "not-a-virus:AdWare.EZula.ah" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP133\A0019328.exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP133\A0019329.scr infected by "not-a-virus:AdWare.ToolBar.MyWebSearch" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP133\A0019330.exe infected by "not-a-virus:AdWare.Serpo.j" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP133\A0019331.exe infected by "Trojan-Dropper.Win32.Agent.hl" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP133\A0019332.dll infected by "Trojan-Downloader.Win32.Agent.le" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP133\A0019333.dll infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP99\A0010971.dll infected by "not-a-virus:AdWare.Gator.6041" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP99\A0011002.exe infected by "not-a-virus:AdWare.180Solutions" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP99\A0011011.DLL infected by "not-a-virus:AdWare.IWon" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\dist001.exe infected by "Trojan-Downloader.Win32.VB.eu" Virus. Action Taken: No Action Taken.
  • 0

#15
Daemon

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
Good, repeat my previous instructions on these two files:

C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
C:\WINDOWS\System32\dist001.exe


Then follow this sequence:

1. Right-click My Computer>Click Properties>Click the System Restore tab>Check the box next to 'Turn off System Restore on all drives'>Click Apply>Click OK.

2. Reboot.

3. Repeat the process but this time remove the check from the box.

Post a new HJT log when done.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP