[Chaosbc29]

I have this newgenlook.info virus that puts shortcuts to [bleep] and gambling and drug sites i have no idea how to get rid of it hope this helps.

Logfile of HijackThis v1.99.1
Scan saved at 10:40:30 PM, on 4/26/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\NETRAT~1\Premeter\prmt.exe
C:\Program Files\Common Files\slmss\slmss.exe
C:\WINDOWS\jawa32.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Jxnabv.exe
C:\WINDOWS\Fokd.exe
C:\DOCUME~1\Bobby\LOCALS~1\Temp\ICD1.tmp\svcmm32.exe
C:\WINDOWS\svchost.exe
C:\windows\system32\LlamhgO.exe
C:\WINDOWS\iisver.exe
C:\WINDOWS\System32\wys.exe
C:\Program Files\Rewards Network\brndisp.exe
C:\Program Files\Preview AdService\PrevAdServ.exe
C:\Program Files\Preview AdService\PrevAdKeep.exe
C:\WINDOWS\System32\picsvr\picsvr.exe
C:\WINDOWS\System32\nriiil.exe
C:\WINDOWS\System32\abasa5jrp.exe
C:\WINDOWS\System32\typpperf.exe
C:\Program Files\AIM95\aim.exe
C:\WINDOWS\System32\wnsintsv.exe
C:\PROGRA~1\Web Offer\wo.exe
C:\WINDOWS\System32\tskmpntw.exe
C:\wp.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Documents and Settings\Bobby\Application Data\DownloadPlus.exe
C:\WINDOWS\System32\PRDDMM.exe
C:\Program Files\America Online 8.0\aol.exe
C:\Program Files\America Online 8.0\waol.exe
C:\Program Files\America Online 8.0\aolwbspd.exe
C:\program files\internet explorer\iexplore.exe
C:\WINDOWS\System32\winupdt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\System32\mstime.exe
C:\Documents and Settings\Bobby\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.newgenlook.info/ad/ad0202/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch...spx?tb_id=50038
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default-homep...rt.cgi?new-hklm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.seekseek.....asp?keyphrase=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.search...look=stmpl1&fw=
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.search...look=stmpl1&fw=
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.downloada...l.asp?V=5.3.9.6
R3 - URLSearchHook: URLSearch Class - {965A592F-8EFA-4250-8630-7960230792F1} - C:\WINDOWS\System32\cdsm32.dll
R3 - URLSearchHook: (no name) - {CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - C:\Program Files\SurfSideKick 2\SskBho.dll
O1 - Hosts: indows.
O1 - Hosts: 216.177.73.139 auto.search.msn.com
O1 - Hosts: 216.177.73.139 search.netscape.com
O1 - Hosts: 216.177.73.139 ieautosearch
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Documents and Settings\Bobby\DAP\DAPBHO.dll (file missing)
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {11CEFA27-5AE9-46CB-B791-738C242B4761} - C:\WINDOWS\SYSTEM32\30v73.dll (file missing)
O2 - BHO: ohb - {4D568F0F-8AC9-40AB-88B7-415134C78777} - C:\WINDOWS\SYSTEM32\winb2s32.dll (file missing)
O2 - BHO: Natural Language Navigation - {60E78CAC-E9A7-4302-B9EE-8582EDE22FBF} - C:\WINDOWS\System\BHO001.DLL
O2 - BHO: (no name) - {6720F770-C41E-12C1-F73A-5296DC160D6C} - C:\WINDOWS\Hxmxevtw.dll
O2 - BHO: Flash Enhancer - {7CD20E91-1F31-41da-8379-479EA31DF969} - c:\Program Files\XML\XML.dll
O2 - BHO: (no name) - {A78860C8-EE1A-46DF-A97F-E3E6D433E80B} - C:\WINDOWS\SYSTEM32\yx4.dll
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll
O2 - BHO: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll
O2 - BHO: OemjiSearchPlus - {D240DC29-C093-4388-B71F-A7103C796B0C} - C:\Program Files\Oemji\OemjiSearchPlus\OemjiPls.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
O3 - Toolbar: &eXact Toolbar - {224530A0-C9CB-4AEE-9C0F-54AC1B533211} - c:\progra~1\exact\exacttoolbar00068.dll
O3 - Toolbar: Begin2Search.com Bar - {52FE5233-367C-4EFB-BDD7-0BE4D212C107} - C:\WINDOWS\SYSTEM32\winb2s32.dll (file missing)
O3 - Toolbar: Search - {1BB98EE2-B219-B8D4-0C33-773616F1A849} - C:\WINDOWS\Hxmxevtw.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll
O3 - Toolbar: Oemji - {804DB5C7-31E6-4885-850A-F1941B58A4C7} - C:\Program Files\Oemji\Toolbar\OemjiSrc.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [EbatesMoeMoneyMaker] wjview /cp:p "C:\Program Files\EbatesMoeMoneyMaker\System\Code" Main lp: "C:\Program Files\EbatesMoeMoneyMaker"
O4 - HKLM\..\Run: [Premeter] C:\PROGRA~1\NETRAT~1\Premeter\prmt.exe
O4 - HKLM\..\Run: [WINSTA~1.EXE] C:\WINDOWS\System\WINSTA~1.EXE -b
O4 - HKLM\..\Run: [slmss] C:\Program Files\Common Files\slmss\slmss.exe
O4 - HKLM\..\Run: [fash] C:\WINDOWS\fash.exe
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [aqadcup] C:\WINDOWS\aqadcup.exe
O4 - HKLM\..\Run: [Jawa32] C:\WINDOWS\jawa32.exe
O4 - HKLM\..\Run: [REWARDS NETWORK] C:\Program Files\Rewards Network\brntray.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [vedpvx] C:\WINDOWS\Jxnabv.exe
O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe
O4 - HKLM\..\Run: [Jawa322] C:\WINDOWS\jawa32.exe
O4 - HKLM\..\Run: [Toml] C:\WINDOWS\Fokd.exe
O4 - HKLM\..\Run: [¢‰¸u0–4C
}ïÁzî[8C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\aguyuryp.exe
O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\System32\winupdtl.exe
O4 - HKLM\..\Run: [USB controller] "C:\DOCUME~1\Bobby\LOCALS~1\Temp\ICD1.tmp\svcmm32.exe" /startup
O4 - HKLM\..\Run: [Rzvdnu] C:\WINDOWS\svchost.exe
O4 - HKLM\..\Run: [Breg] "C:\Program Files\Common Files\Java\bcre.exe"
O4 - HKLM\..\Run: [DI2] "C:\DOCUME~1\Bobby\LOCALS~1\Temp\27.exe\27.exe"
O4 - HKLM\..\Run: [Xcpy1] "C:\Program Files\Common Files\Java\Xcpy1.exe"
O4 - HKLM\..\Run: [LlamhgO] C:\windows\system32\LlamhgO.exe
O4 - HKLM\..\Run: [iisver] C:\WINDOWS\iisver.exe
O4 - HKLM\..\Run: [Spool] "C:\WINDOWS\System32\wys.exe" /startup
O4 - HKLM\..\Run: [Preview AdService] C:\Program Files\Preview AdService\PrevAdServ.exe
O4 - HKLM\..\Run: [¢‰¸u0–4C
}ïÁzîžigÝC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\aguyuryp.exe
O4 - HKLM\..\Run: [picsvr] C:\WINDOWS\System32\picsvr\picsvr.exe
O4 - HKLM\..\Run: [wluf] C:\WINDOWS\wluf.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\nriiil.exe
O4 - HKLM\..\Run: [razin] C:\DOCUME~1\Bobby\LOCALS~1\Temp\rm05040901.Stub.exe
O4 - HKLM\..\Run: [abasa5jrp] C:\WINDOWS\System32\abasa5jrp.exe
O4 - HKLM\..\Run: [YfIYAuPx7] C:\WINDOWS\aguyuryp.exe
O4 - HKLM\..\Run: [7s3T32Q] typpperf.exe
O4 - HKLM\..\Run: [PRDDMM] C:\WINDOWS\System32\PRDDMM.exe
O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - HKLM\..\RunOnce: [cwaugyp.exe] C:\WINDOWS\System32\cwaugyp.exe /k
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [WNSC] C:\WINDOWS\System32\wnsintsv.exe
O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe
O4 - HKCU\..\Run: [msmc] C:\WINDOWS\System32\msmc.exe
O4 - HKCU\..\Run: [certmgr] C:\WINDOWS\System32\certmgr.exe
O4 - HKCU\..\Run: [mstime] C:\WINDOWS\System32\mstime.exe
O4 - HKCU\..\Run: [MBs3RSc6S] tskmpntw.exe
O4 - HKCU\..\Run: [Jawa32] C:\WINDOWS\jawa32.exe
O4 - HKCU\..\Run: [WindowsFY] c:\wp.exe
O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - HKCU\..\RunOnce: [cwaugyp.exe] C:\WINDOWS\System32\cwaugyp.exe /k
O4 - Startup: Download Plus.lnk = C:\Documents and Settings\Bobby\Application Data\DownloadPlus.exe
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: Ebates - file://C:\Program Files\EbatesMoeMoneyMaker\System\Temp\ebates_script0.htm
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind13.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Ebates - {7F241C00-DAB6-11d5-AAA8-0001028DF1BC} - file://C:\Program Files\EbatesMoeMoneyMaker\System\Temp\ebates_script0.htm (file missing) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {818F6E46-355A-4A1B-BE7B-4EBA61AF0442} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {818F6E46-355A-4A1B-BE7B-4EBA61AF0442} - (no file) (HKCU)
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {1671869C-25B3-4C80-9446-8AE6111F8765} (MaxisHotDateTeleX Control) - http://thesims.ea.co...otDateTeleX.cab
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {421A63BA-4632-43E0-A942-3B4AB645BE51} - http://download-ak.s...stemsoappro.cab
O16 - DPF: {8629CFEB-C31A-4429-9BB0-8765A8A24FDA} (MaxisUnleashedLotTeleX Control) - http://thesims.ea.co...hedLotTeleX.cab
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180search...com/180saax.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredim...er/imloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E4CCB4ED-1B55-44C2-B26A-91E02227F5DC}: NameServer = 205.188.146.145
O23 - Service: ISEXEng - Unknown owner - C:\WINDOWS\System32\angelex.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Tell me what i have to do its killing me!!

THANK YOU

[Advertisements]

Welcome to GTG.

Did you read the sticky and run the main tools yet? If not, read the topic below in my signature. Then do the fixes below (do what's still remaining, if it's not there, it should be deleted by the programs already):

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that 'Display the contents of system folders' is checked. If you have Windows XP, the search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that 'Search system folders', 'Search hidden files and folders', and 'Search subfolders' are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

If you have a fast internet connection (broadband), run an online virus scan at TrendMicro http://uk.trendmicro...call_launch.php. Just follow the instructions on the site to run the online scan. If any viruses/trojans are detected, try to delete or clean them in that site. You may use Panda ActiveScan also at http://www.pandasoft...ucts/activescan. Otherwise, make sure your antivirus program has the latest definitions and run a full system scan.

The Temp folders should be cleaned out periodically as installation programs and hijack programs leave a lot of junk there. Download CleanUp! http://cleanup.stevengould.org/ (Alternate Link if main link don't work - http://www.greyknigh...spy/Cleanup.exe ) and install it. Don't run it yet.

Reboot into Safe Mode by hitting the F8 key until menu shows up. In some systems, this may be the F5 key, so try that if F8 doesn't work. Make sure to close any open browsers. Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist:

CxtPls
Rewards Network
SurfSideKick
Premeter
ISTsvc
Viewpoint
Preview AdService
EbatesMoeMoneyMaker
Web Offer
Web Rebates
SideFind
WildTangent
webHancer

Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.newgenlook.info/ad/ad0202/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch...spx?tb_id=50038
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default-homep...rt.cgi?new-hklm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.seekseek.....asp?keyphrase=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.search...look=stmpl1&fw=
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.search...look=stmpl1&fw=
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.downloada...l.asp?V=5.3.9.6
R3 - URLSearchHook: URLSearch Class - {965A592F-8EFA-4250-8630-7960230792F1} - C:\WINDOWS\System32\cdsm32.dll
R3 - URLSearchHook: (no name) - {CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - C:\Program Files\SurfSideKick 2\SskBho.dll
O1 - Hosts: indows.
O1 - Hosts: 216.177.73.139 auto.search.msn.com
O1 - Hosts: 216.177.73.139 search.netscape.com
O1 - Hosts: 216.177.73.139 ieautosearch
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Documents and Settings\Bobby\DAP\DAPBHO.dll (file missing)
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll
O2 - BHO: (no name) - {11CEFA27-5AE9-46CB-B791-738C242B4761} - C:\WINDOWS\SYSTEM32\30v73.dll (file missing)
O2 - BHO: ohb - {4D568F0F-8AC9-40AB-88B7-415134C78777} - C:\WINDOWS\SYSTEM32\winb2s32.dll (file missing)
O2 - BHO: Natural Language Navigation - {60E78CAC-E9A7-4302-B9EE-8582EDE22FBF} - C:\WINDOWS\System\BHO001.DLL
O2 - BHO: (no name) - {6720F770-C41E-12C1-F73A-5296DC160D6C} - C:\WINDOWS\Hxmxevtw.dll
O2 - BHO: Flash Enhancer - {7CD20E91-1F31-41da-8379-479EA31DF969} - c:\Program Files\XML\XML.dll
O2 - BHO: (no name) - {A78860C8-EE1A-46DF-A97F-E3E6D433E80B} - C:\WINDOWS\SYSTEM32\yx4.dll
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll
O2 - BHO: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
O3 - Toolbar: &eXact Toolbar - {224530A0-C9CB-4AEE-9C0F-54AC1B533211} - c:\progra~1\exact\exacttoolbar00068.dll
O3 - Toolbar: Begin2Search.com Bar - {52FE5233-367C-4EFB-BDD7-0BE4D212C107} - C:\WINDOWS\SYSTEM32\winb2s32.dll (file missing)
O3 - Toolbar: Search - {1BB98EE2-B219-B8D4-0C33-773616F1A849} - C:\WINDOWS\Hxmxevtw.dll
O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll
O4 - HKLM\..\Run: [EbatesMoeMoneyMaker] wjview /cp:p "C:\Program Files\EbatesMoeMoneyMaker\System\Code" Main lp: "C:\Program Files\EbatesMoeMoneyMaker"
O4 - HKLM\..\Run: [Premeter] C:\PROGRA~1\NETRAT~1\Premeter\prmt.exe
O4 - HKLM\..\Run: [WINSTA~1.EXE] C:\WINDOWS\System\WINSTA~1.EXE -b
O4 - HKLM\..\Run: [slmss] C:\Program Files\Common Files\slmss\slmss.exe
O4 - HKLM\..\Run: [fash] C:\WINDOWS\fash.exe
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [aqadcup] C:\WINDOWS\aqadcup.exe
O4 - HKLM\..\Run: [Jawa32] C:\WINDOWS\jawa32.exe
O4 - HKLM\..\Run: [REWARDS NETWORK] C:\Program Files\Rewards Network\brntray.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [vedpvx] C:\WINDOWS\Jxnabv.exe
O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe
O4 - HKLM\..\Run: [Jawa322] C:\WINDOWS\jawa32.exe
O4 - HKLM\..\Run: [Toml] C:\WINDOWS\Fokd.exe
O4 - HKLM\..\Run: [¢‰¸u0–4C
}ïÁzî[8C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\aguyuryp.exe
O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\System32\winupdtl.exe
O4 - HKLM\..\Run: [USB controller] "C:\DOCUME~1\Bobby\LOCALS~1\Temp\ICD1.tmp\svcmm32.exe" /startup
O4 - HKLM\..\Run: [Rzvdnu] C:\WINDOWS\svchost.exe
O4 - HKLM\..\Run: [Breg] "C:\Program Files\Common Files\Java\bcre.exe"
O4 - HKLM\..\Run: [DI2] "C:\DOCUME~1\Bobby\LOCALS~1\Temp\27.exe\27.exe"
O4 - HKLM\..\Run: [Xcpy1] "C:\Program Files\Common Files\Java\Xcpy1.exe"
O4 - HKLM\..\Run: [LlamhgO] C:\windows\system32\LlamhgO.exe
O4 - HKLM\..\Run: [iisver] C:\WINDOWS\iisver.exe
O4 - HKLM\..\Run: [Spool] "C:\WINDOWS\System32\wys.exe" /startup
O4 - HKLM\..\Run: [Preview AdService] C:\Program Files\Preview AdService\PrevAdServ.exe
O4 - HKLM\..\Run: [¢‰¸u0–4C
}ïÁzîžigÝC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\aguyuryp.exe
O4 - HKLM\..\Run: [picsvr] C:\WINDOWS\System32\picsvr\picsvr.exe
O4 - HKLM\..\Run: [wluf] C:\WINDOWS\wluf.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\nriiil.exe
O4 - HKLM\..\Run: [razin] C:\DOCUME~1\Bobby\LOCALS~1\Temp\rm05040901.Stub.exe
O4 - HKLM\..\Run: [abasa5jrp] C:\WINDOWS\System32\abasa5jrp.exe
O4 - HKLM\..\Run: [YfIYAuPx7] C:\WINDOWS\aguyuryp.exe
O4 - HKLM\..\Run: [7s3T32Q] typpperf.exe
O4 - HKLM\..\Run: [PRDDMM] C:\WINDOWS\System32\PRDDMM.exe
O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - HKLM\..\RunOnce: [cwaugyp.exe] C:\WINDOWS\System32\cwaugyp.exe /k
O4 - HKCU\..\Run: [WNSC] C:\WINDOWS\System32\wnsintsv.exe
O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe
O4 - HKCU\..\Run: [msmc] C:\WINDOWS\System32\msmc.exe
O4 - HKCU\..\Run: [certmgr] C:\WINDOWS\System32\certmgr.exe
O4 - HKCU\..\Run: [mstime] C:\WINDOWS\System32\mstime.exe
O4 - HKCU\..\Run: [MBs3RSc6S] tskmpntw.exe
O4 - HKCU\..\Run: [Jawa32] C:\WINDOWS\jawa32.exe
O4 - HKCU\..\Run: [WindowsFY] c:\wp.exe
O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - HKCU\..\RunOnce: [cwaugyp.exe] C:\WINDOWS\System32\cwaugyp.exe /k
O4 - Startup: Download Plus.lnk = C:\Documents and Settings\Bobby\Application Data\DownloadPlus.exe
O8 - Extra context menu item: Ebates - file://C:\Program Files\EbatesMoeMoneyMaker\System\Temp\ebates_script0.htm
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind13.dll (file missing)
O9 - Extra button: Ebates - {7F241C00-DAB6-11d5-AAA8-0001028DF1BC} - file://C:\Program Files\EbatesMoeMoneyMaker\System\Temp\ebates_script0.htm (file missing) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {818F6E46-355A-4A1B-BE7B-4EBA61AF0442} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {818F6E46-355A-4A1B-BE7B-4EBA61AF0442} - (no file) (HKCU)
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {421A63BA-4632-43E0-A942-3B4AB645BE51} - http://download-ak.s...stemsoappro.cab
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180search...com/180saax.cab
O23 - Service: ISEXEng - Unknown owner - C:\WINDOWS\System32\angelex.exe

Delete the following Files/Folders (delete folders if no filename is specified) according to their directory (if none, just do a search for them) and delete them if they exist:

C:\Documents and Settings\Bobby\Application Data\DownloadPlus.exe
c:\progra~1\exact\
C:\PROGRA~1\NETRAT~1\
C:\PROGRA~1\Web Offer\
C:\Program Files\Common Files\Java\bcre.exe
C:\Program Files\Common Files\Java\Xcpy1.exe
C:\Program Files\Common Files\slmss\
C:\Program Files\CxtPls\
C:\Program Files\EbatesMoeMoneyMaker\
C:\Program Files\Preview AdService\
C:\Program Files\Rewards Network\
C:\Program Files\SEP\
C:\Program Files\SideFind\
C:\Program Files\SurfSideKick 2\
C:\Program Files\Viewpoint\
C:\Program Files\VVSN\
C:\Program Files\Web_Rebates\
c:\Program Files\XML\
C:\WINDOWS\aqadcup.exe
C:\WINDOWS\fash.exe
C:\WINDOWS\Fokd.exe
C:\WINDOWS\Hxmxevtw.dll
C:\WINDOWS\iisver.exe
C:\WINDOWS\jawa32.exe
C:\WINDOWS\Jxnabv.exe
C:\WINDOWS\svchost.exe - make SURE that you delete it in this Windows folder only and no where else
C:\WINDOWS\System\BHO001.DLL
C:\WINDOWS\System\WINSTA~1.EXE
C:\WINDOWS\SYSTEM32\30v73.dll
C:\WINDOWS\System32\abasa5jrp.exe
C:\WINDOWS\System32\angelex.exe
C:\WINDOWS\System32\cdsm32.dll
C:\WINDOWS\System32\certmgr.exe
C:\WINDOWS\System32\cwaugyp.exe
C:\windows\system32\LlamhgO.exe
C:\WINDOWS\System32\msbe.dll
C:\WINDOWS\System32\msmc.exe
C:\WINDOWS\System32\mstime.exe
C:\WINDOWS\System32\nriiil.exe
C:\WINDOWS\System32\nvms.dll
C:\WINDOWS\System32\picsvr\
C:\WINDOWS\System32\PRDDMM.exe
C:\WINDOWS\System32\spoolsrv32.exe
C:\WINDOWS\System32\tskmpntw.exe
C:\WINDOWS\System32\typpperf.exe
C:\WINDOWS\SYSTEM32\winb2s32.dll
C:\WINDOWS\System32\winupdtl.exe
C:\WINDOWS\System32\wnsintsv.exe
C:\WINDOWS\System32\wys.exe
C:\WINDOWS\SYSTEM32\yx4.dll
C:\WINDOWS\wluf.exe
C:\WINDOWS\wt\
c:\wp.exe
tskmpntw.exe
typpperf.exe

You should clear out the files in the Prefetch folder. Go to C:\Windows\ or C:\WINNT\ and look for the Prefetch folder. Open it up and delete all the files in that folder.

Run CleanUp! and click on CleanUp! button. When it asks you if you want to logoff, click on Yes.

Reboot into Normal Mode run a new HijackThis scan. Save the log file and post it here.

[greyknight17]

Welcome to GTG.

Did you read the sticky and run the main tools yet? If not, read the topic below in my signature. Then do the fixes below (do what's still remaining, if it's not there, it should be deleted by the programs already):

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that 'Display the contents of system folders' is checked. If you have Windows XP, the search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that 'Search system folders', 'Search hidden files and folders', and 'Search subfolders' are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

If you have a fast internet connection (broadband), run an online virus scan at TrendMicro http://uk.trendmicro...call_launch.php. Just follow the instructions on the site to run the online scan. If any viruses/trojans are detected, try to delete or clean them in that site. You may use Panda ActiveScan also at http://www.pandasoft...ucts/activescan. Otherwise, make sure your antivirus program has the latest definitions and run a full system scan.

The Temp folders should be cleaned out periodically as installation programs and hijack programs leave a lot of junk there. Download CleanUp! http://cleanup.stevengould.org/ (Alternate Link if main link don't work - http://www.greyknigh...spy/Cleanup.exe ) and install it. Don't run it yet.

Reboot into Safe Mode by hitting the F8 key until menu shows up. In some systems, this may be the F5 key, so try that if F8 doesn't work. Make sure to close any open browsers. Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist:

CxtPls
Rewards Network
SurfSideKick
Premeter
ISTsvc
Viewpoint
Preview AdService
EbatesMoeMoneyMaker
Web Offer
Web Rebates
SideFind
WildTangent
webHancer

Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.newgenlook.info/ad/ad0202/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch...spx?tb_id=50038
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default-homep...rt.cgi?new-hklm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.seekseek.....asp?keyphrase=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.search...look=stmpl1&fw=
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.search...look=stmpl1&fw=
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.downloada...l.asp?V=5.3.9.6
R3 - URLSearchHook: URLSearch Class - {965A592F-8EFA-4250-8630-7960230792F1} - C:\WINDOWS\System32\cdsm32.dll
R3 - URLSearchHook: (no name) - {CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - C:\Program Files\SurfSideKick 2\SskBho.dll
O1 - Hosts: indows.
O1 - Hosts: 216.177.73.139 auto.search.msn.com
O1 - Hosts: 216.177.73.139 search.netscape.com
O1 - Hosts: 216.177.73.139 ieautosearch
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Documents and Settings\Bobby\DAP\DAPBHO.dll (file missing)
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll
O2 - BHO: (no name) - {11CEFA27-5AE9-46CB-B791-738C242B4761} - C:\WINDOWS\SYSTEM32\30v73.dll (file missing)
O2 - BHO: ohb - {4D568F0F-8AC9-40AB-88B7-415134C78777} - C:\WINDOWS\SYSTEM32\winb2s32.dll (file missing)
O2 - BHO: Natural Language Navigation - {60E78CAC-E9A7-4302-B9EE-8582EDE22FBF} - C:\WINDOWS\System\BHO001.DLL
O2 - BHO: (no name) - {6720F770-C41E-12C1-F73A-5296DC160D6C} - C:\WINDOWS\Hxmxevtw.dll
O2 - BHO: Flash Enhancer - {7CD20E91-1F31-41da-8379-479EA31DF969} - c:\Program Files\XML\XML.dll
O2 - BHO: (no name) - {A78860C8-EE1A-46DF-A97F-E3E6D433E80B} - C:\WINDOWS\SYSTEM32\yx4.dll
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll
O2 - BHO: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
O3 - Toolbar: &eXact Toolbar - {224530A0-C9CB-4AEE-9C0F-54AC1B533211} - c:\progra~1\exact\exacttoolbar00068.dll
O3 - Toolbar: Begin2Search.com Bar - {52FE5233-367C-4EFB-BDD7-0BE4D212C107} - C:\WINDOWS\SYSTEM32\winb2s32.dll (file missing)
O3 - Toolbar: Search - {1BB98EE2-B219-B8D4-0C33-773616F1A849} - C:\WINDOWS\Hxmxevtw.dll
O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll
O4 - HKLM\..\Run: [EbatesMoeMoneyMaker] wjview /cp:p "C:\Program Files\EbatesMoeMoneyMaker\System\Code" Main lp: "C:\Program Files\EbatesMoeMoneyMaker"
O4 - HKLM\..\Run: [Premeter] C:\PROGRA~1\NETRAT~1\Premeter\prmt.exe
O4 - HKLM\..\Run: [WINSTA~1.EXE] C:\WINDOWS\System\WINSTA~1.EXE -b
O4 - HKLM\..\Run: [slmss] C:\Program Files\Common Files\slmss\slmss.exe
O4 - HKLM\..\Run: [fash] C:\WINDOWS\fash.exe
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [aqadcup] C:\WINDOWS\aqadcup.exe
O4 - HKLM\..\Run: [Jawa32] C:\WINDOWS\jawa32.exe
O4 - HKLM\..\Run: [REWARDS NETWORK] C:\Program Files\Rewards Network\brntray.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [vedpvx] C:\WINDOWS\Jxnabv.exe
O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe
O4 - HKLM\..\Run: [Jawa322] C:\WINDOWS\jawa32.exe
O4 - HKLM\..\Run: [Toml] C:\WINDOWS\Fokd.exe
O4 - HKLM\..\Run: [¢‰¸u0–4C
}ïÁzî[8C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\aguyuryp.exe
O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\System32\winupdtl.exe
O4 - HKLM\..\Run: [USB controller] "C:\DOCUME~1\Bobby\LOCALS~1\Temp\ICD1.tmp\svcmm32.exe" /startup
O4 - HKLM\..\Run: [Rzvdnu] C:\WINDOWS\svchost.exe
O4 - HKLM\..\Run: [Breg] "C:\Program Files\Common Files\Java\bcre.exe"
O4 - HKLM\..\Run: [DI2] "C:\DOCUME~1\Bobby\LOCALS~1\Temp\27.exe\27.exe"
O4 - HKLM\..\Run: [Xcpy1] "C:\Program Files\Common Files\Java\Xcpy1.exe"
O4 - HKLM\..\Run: [LlamhgO] C:\windows\system32\LlamhgO.exe
O4 - HKLM\..\Run: [iisver] C:\WINDOWS\iisver.exe
O4 - HKLM\..\Run: [Spool] "C:\WINDOWS\System32\wys.exe" /startup
O4 - HKLM\..\Run: [Preview AdService] C:\Program Files\Preview AdService\PrevAdServ.exe
O4 - HKLM\..\Run: [¢‰¸u0–4C
}ïÁzîžigÝC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\aguyuryp.exe
O4 - HKLM\..\Run: [picsvr] C:\WINDOWS\System32\picsvr\picsvr.exe
O4 - HKLM\..\Run: [wluf] C:\WINDOWS\wluf.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\nriiil.exe
O4 - HKLM\..\Run: [razin] C:\DOCUME~1\Bobby\LOCALS~1\Temp\rm05040901.Stub.exe
O4 - HKLM\..\Run: [abasa5jrp] C:\WINDOWS\System32\abasa5jrp.exe
O4 - HKLM\..\Run: [YfIYAuPx7] C:\WINDOWS\aguyuryp.exe
O4 - HKLM\..\Run: [7s3T32Q] typpperf.exe
O4 - HKLM\..\Run: [PRDDMM] C:\WINDOWS\System32\PRDDMM.exe
O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - HKLM\..\RunOnce: [cwaugyp.exe] C:\WINDOWS\System32\cwaugyp.exe /k
O4 - HKCU\..\Run: [WNSC] C:\WINDOWS\System32\wnsintsv.exe
O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe
O4 - HKCU\..\Run: [msmc] C:\WINDOWS\System32\msmc.exe
O4 - HKCU\..\Run: [certmgr] C:\WINDOWS\System32\certmgr.exe
O4 - HKCU\..\Run: [mstime] C:\WINDOWS\System32\mstime.exe
O4 - HKCU\..\Run: [MBs3RSc6S] tskmpntw.exe
O4 - HKCU\..\Run: [Jawa32] C:\WINDOWS\jawa32.exe
O4 - HKCU\..\Run: [WindowsFY] c:\wp.exe
O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - HKCU\..\RunOnce: [cwaugyp.exe] C:\WINDOWS\System32\cwaugyp.exe /k
O4 - Startup: Download Plus.lnk = C:\Documents and Settings\Bobby\Application Data\DownloadPlus.exe
O8 - Extra context menu item: Ebates - file://C:\Program Files\EbatesMoeMoneyMaker\System\Temp\ebates_script0.htm
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind13.dll (file missing)
O9 - Extra button: Ebates - {7F241C00-DAB6-11d5-AAA8-0001028DF1BC} - file://C:\Program Files\EbatesMoeMoneyMaker\System\Temp\ebates_script0.htm (file missing) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {818F6E46-355A-4A1B-BE7B-4EBA61AF0442} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {818F6E46-355A-4A1B-BE7B-4EBA61AF0442} - (no file) (HKCU)
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {421A63BA-4632-43E0-A942-3B4AB645BE51} - http://download-ak.s...stemsoappro.cab
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180search...com/180saax.cab
O23 - Service: ISEXEng - Unknown owner - C:\WINDOWS\System32\angelex.exe

Delete the following Files/Folders (delete folders if no filename is specified) according to their directory (if none, just do a search for them) and delete them if they exist:

C:\Documents and Settings\Bobby\Application Data\DownloadPlus.exe
c:\progra~1\exact\
C:\PROGRA~1\NETRAT~1\
C:\PROGRA~1\Web Offer\
C:\Program Files\Common Files\Java\bcre.exe
C:\Program Files\Common Files\Java\Xcpy1.exe
C:\Program Files\Common Files\slmss\
C:\Program Files\CxtPls\
C:\Program Files\EbatesMoeMoneyMaker\
C:\Program Files\Preview AdService\
C:\Program Files\Rewards Network\
C:\Program Files\SEP\
C:\Program Files\SideFind\
C:\Program Files\SurfSideKick 2\
C:\Program Files\Viewpoint\
C:\Program Files\VVSN\
C:\Program Files\Web_Rebates\
c:\Program Files\XML\
C:\WINDOWS\aqadcup.exe
C:\WINDOWS\fash.exe
C:\WINDOWS\Fokd.exe
C:\WINDOWS\Hxmxevtw.dll
C:\WINDOWS\iisver.exe
C:\WINDOWS\jawa32.exe
C:\WINDOWS\Jxnabv.exe
C:\WINDOWS\svchost.exe - make SURE that you delete it in this Windows folder only and no where else
C:\WINDOWS\System\BHO001.DLL
C:\WINDOWS\System\WINSTA~1.EXE
C:\WINDOWS\SYSTEM32\30v73.dll
C:\WINDOWS\System32\abasa5jrp.exe
C:\WINDOWS\System32\angelex.exe
C:\WINDOWS\System32\cdsm32.dll
C:\WINDOWS\System32\certmgr.exe
C:\WINDOWS\System32\cwaugyp.exe
C:\windows\system32\LlamhgO.exe
C:\WINDOWS\System32\msbe.dll
C:\WINDOWS\System32\msmc.exe
C:\WINDOWS\System32\mstime.exe
C:\WINDOWS\System32\nriiil.exe
C:\WINDOWS\System32\nvms.dll
C:\WINDOWS\System32\picsvr\
C:\WINDOWS\System32\PRDDMM.exe
C:\WINDOWS\System32\spoolsrv32.exe
C:\WINDOWS\System32\tskmpntw.exe
C:\WINDOWS\System32\typpperf.exe
C:\WINDOWS\SYSTEM32\winb2s32.dll
C:\WINDOWS\System32\winupdtl.exe
C:\WINDOWS\System32\wnsintsv.exe
C:\WINDOWS\System32\wys.exe
C:\WINDOWS\SYSTEM32\yx4.dll
C:\WINDOWS\wluf.exe
C:\WINDOWS\wt\
c:\wp.exe
tskmpntw.exe
typpperf.exe

You should clear out the files in the Prefetch folder. Go to C:\Windows\ or C:\WINNT\ and look for the Prefetch folder. Open it up and delete all the files in that folder.

Run CleanUp! and click on CleanUp! button. When it asks you if you want to logoff, click on Yes.

Reboot into Normal Mode run a new HijackThis scan. Save the log file and post it here.

[Chaosbc29]

Ok well i did it. Heres the new log.

Logfile of HijackThis v1.99.1
Scan saved at 5:43:13 PM, on 5/3/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Services\{8223CA69-A4D8-42D7-B86E-2FE88740F9DE}\SVCHOST.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\Services\{8223CA69-A4D8-42D7-B86E-2FE88740F9DE}\SVCHOST.EXE
C:\WINDOWS\System32\0mg3l88h.exe
C:\WINDOWS\System32\nriiil.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\AIM95\aim.exe
C:\WINDOWS\System32\CD32M.exe
C:\Program Files\AOL Companion\companion.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\System32\msiexec.exe
C:\Documents and Settings\Bobby\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ipassist.biz/index.php?id=11258
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;http://localhost;
R3 - URLSearchHook: (no name) - {CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - C:\Program Files\SurfSideKick 2\SskBho.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Search - {1BB98EE2-B219-B8D4-0C33-773616F1A849} - C:\WINDOWS\Hxmxevtw.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Oemji - {804DB5C7-31E6-4885-850A-F1941B58A4C7} - C:\Program Files\Oemji\Toolbar\OemjiSrc.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {1671869C-25B3-4C80-9446-8AE6111F8765} (MaxisHotDateTeleX Control) - http://thesims.ea.co...otDateTeleX.cab
O16 - DPF: {8629CFEB-C31A-4429-9BB0-8765A8A24FDA} (MaxisUnleashedLotTeleX Control) - http://thesims.ea.co...hedLotTeleX.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredim...er/imloader.cab
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

[greyknight17]

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Download WinsockFix and unzip it. Then double-click on it to run it.

Reboot into Safe Mode by hitting the F8 key until menu shows up. In some systems, this may be the F5 key, so try that if F8 doesn't work. Make sure to close any open browsers. Go into HijackThis->Config->Misc. Tools->Open process manager. Select the following and click 'Kill process' for each one if they are still listed (they shouldn't be - but double check):

C:\WINDOWS\System32\Services\{8223CA69-A4D8-42D7-B86E-2FE88740F9DE}\SVCHOST.EXE
C:\WINDOWS\System32\Services\{8223CA69-A4D8-42D7-B86E-2FE88740F9DE}\SVCHOST.EXE
C:\WINDOWS\System32\0mg3l88h.exe
C:\WINDOWS\System32\nriiil.exe
C:\WINDOWS\System32\CD32M.exe

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist:

SurfSideKick
webHancer

Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ipassist.biz/index.php?id=11258
R3 - URLSearchHook: (no name) - {CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - C:\Program Files\SurfSideKick 2\SskBho.dll (file missing)
O3 - Toolbar: Search - {1BB98EE2-B219-B8D4-0C33-773616F1A849} - C:\WINDOWS\Hxmxevtw.dll
O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer

Delete the following Files/Folders (delete folders if no filename is specified) according to their directory (if none, just do a search for them) and delete them if they exist:

C:\WINDOWS\System32\Services\{8223CA69-A4D8-42D7-B86E-2FE88740F9DE}\
C:\WINDOWS\System32\0mg3l88h.exe
C:\WINDOWS\System32\nriiil.exe
C:\WINDOWS\System32\CD32M.exe
C:\WINDOWS\System32\spoolsrv32.exe
webHancer - search for this and see if you can find any files or folders for it. Delete if found.

Reboot into Normal Mode run a new HijackThis scan. Save the log file and post it here.

Please empty any Quarantine folder in your antivirus program and purge all recovery items in the Spybot program (if you use it) before running this tool.

Download the Mwav virus checker at http://www.mwti.net/antivirus/mwav.asp (Use Link 3)

1. Save it to a folder.
2. Reboot into Safe Mode.
3. Double click the Mwav.exe file. This is a stand alone tool and NOT just a virus checker......so it won't install anything.
4. Select all local drives, scan all files, and press SCAN. When it is completed, anything found will be displayed in the lower pane.
5. In the Virus Log Information Pane......
Left click and highlight all the information in the Lower pane --- Use &CTRL C &on your keyboard to copy everything found in the lower pane and save it to a notepad file
*Note* If prompted that a virus was found and you need to purchase the product to remove the malware, just close out the prompt and let it continue scanning. We are not going to use this to remove anything...but to ID the bad files.

Once you copy that to a Notepad file...highlight the text and copy it here.

[Chaosbc29]

im pressing f5 and f8 but i can t reboot into safe mode

I also cannot delete

C:\WINDOWS\System32\Services\{8223CA69-A4D8-42D7-B86E-2FE88740F9DE}\
says it is in use

C:\WINDOWS\System32\spoolsrv32.exe
Says it is protected

[greyknight17]

Download KillBox http://www.greyknigh...spy/KillBox.exe. Run KillBox and check the box that says 'End Explorer Shell While Killing File'. Next click on 'Delete on Reboot'. For each of the following files below, check the box that says 'Unregister .dll Before Deleting' if it's not grayed out. Copy and paste each of the following into KillBox (hitting the X button for each file - choose NO when it asks if you want to reboot):

C:\WINDOWS\System32\Services\{8223CA69-A4D8-42D7-B86E-2FE88740F9DE}\
C:\WINDOWS\System32\spoolsrv32.exe

Follow the rest of the instructions.

[Chaosbc29]

Its a long one....

File C:\WINDOWS\System32\Services\{8223CA69-A4D8-42D7-B86E-2FE88740F9DE}\SECURITY.DLL infected by "Trojan.Win32.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\srpcsrv32.dll infected by "Trojan-Downloader.Win32.Adload.g" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\spoolsrv32.exe infected by "not-a-virus:AdWare.FindSpy.e" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\Services\{8223CA69-A4D8-42D7-B86E-2FE88740F9DE}\SVCHOST32.DLL infected by "Trojan.Win32.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\gpsssbh.dll infected by "Trojan-Downloader.Win32.Qoologic.l" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\csrs0dec.dll infected by "Backdoor.Win32.PPdoor.j" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\winup2date.dll infected by "Trojan-Clicker.Win32.Small.et" Virus. Action Taken: No Action Taken.
File c:\progra~1\exact\exacttoolbar00068.dll infected by "not-a-virus:AdWare.ToolBar.Exact" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\nvrsdctr.exe infected by "Backdoor.Win32.PPdoor.j" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\Services\{8223CA69-A4D8-42D7-B86E-2FE88740F9DE}\SVCHOST.EXE infected by "Trojan.Win32.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\nriiil.exe infected by "Trojan-Downloader.Win32.Qoologic.l" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\81XDNT5I.exe infected by "Trojan.Win32.Revop.c" Virus. Action Taken: No Action Taken.
File c:\progra~1\exact\exactupdate00136.exe infected by "not-a-virus:AdWare.ToolBar.Exact" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\csrs0dec.dll infected by "Backdoor.Win32.PPdoor.j" Virus. Action Taken: No Action Taken.
File c:\progra~1\exact\exacttoolbar00068.dll infected by "not-a-virus:AdWare.ToolBar.Exact" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\ocdddqr.exe infected by "Trojan-Downloader.Win32.Qoologic.l" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\nvrsdctr.exe infected by "Backdoor.Win32.PPdoor.j" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\Services\{8223CA69-A4D8-42D7-B86E-2FE88740F9DE}\SVCHOST.EXE infected by "Trojan.Win32.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\nriiil.exe infected by "Trojan-Downloader.Win32.Qoologic.l" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\81XDNT5I.exe infected by "Trojan.Win32.Revop.c" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\Services\{8223CA69-A4D8-42D7-B86E-2FE88740F9DE}\SECURITY.EXE infected by "Trojan.Win32.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\spoolsrv32.exe infected by "not-a-virus:AdWare.FindSpy.e" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Start Menu\Programs\Startup\tdrr.exe infected by "Trojan-Downloader.Win32.Qoologic.l" Virus. Action Taken: No Action Taken.
File System Found infected by "IBIS Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "AdRotator Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "AdRotator Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "SideFind Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "SideFind Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "SideFind Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "SideFind Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "SideFind Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "SideFind Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "Bargain Buddy Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "Bargain Buddy Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "Bargain Buddy Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "eZula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "eZula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "eZula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "eZula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "eZula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "eZula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "eZula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "eZula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "eZula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "eZula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "eZula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "eZula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "eZula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "eZula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "eZula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "eZula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "eZula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "eZula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "eZula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "eZula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "eZula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "eZula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "eZula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "eZula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "eZula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "eZula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "eZula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "eZula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "eZula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "eZula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "eZula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "eZula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "eZula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "eZula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "eZula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "eZula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "eZula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "eZula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "eZula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "eZula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "Alexa Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "SearchEXE Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "sidefind Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "emusic Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "wintools Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "istsvc Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "istbaristbar Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "DyFuCA Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "ist Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "quicken Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "Internet Optimizer Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "avenue media Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "saap Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "bullseye network Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "exactutil Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "ezula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "cydoor Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "dvx Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "vendor Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "bargainbuddy Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "DMO Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "se Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "AT-Games Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "addestroyer Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "slmss Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "mwsvm Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "Search-Exe Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "DownloadWare Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "ezula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "ezula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "ezula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "ezula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "ezula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "ezula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "ezula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "ezula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "ezula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "ezula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "ezula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "ezula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "WindUpdate Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "AdDestroyer Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "AdDestroyer Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "AdDestroyer Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "AdDestroyer Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "AdDestroyer Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "cws.therealsearch Spyware/Adware" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\70tovmto.exe infected by "not-a-virus:AdWare.Sahat.o" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\9qg.sys infected by "Trojan.Win32.Delf.cf" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\a95kfrhe.exe infected by "not-a-virus:AdWare.Sahat.o" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\aguyuryp.exe infected by "Trojan-Downloader.Win32.IstBar.ij" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\bxxs5.dll infected by "not-a-virus:AdWare.BookedSpace.c" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\eZinstall.exe infected by "not-a-virus:AdWare.EZula.ak" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Hxmxevtw.dll infected by "not-a-virus:AdWare.SearchBand.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\HyperLinker.exe infected by "not-a-virus:AdWare.MDH.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\ieasst.dll infected by "Trojan.Win32.StartPage.io" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\itivyv.exe_ infected by "not-a-virus:AdWare.180Solutions" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\mscore.dll infected by "not-a-virus:AdWare.WebSearch.k" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\mwsvm.exe infected by "not-a-virus:AdWare.Suggestor.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\mwsvm.ocx infected by "not-a-virus:AdWare.Suggestor.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\pup.exe infected by "Trojan.Win32.Revop.c" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\twaintec.dll infected by "not-a-virus:AdWare.BiSpy.m" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\webhdll.dll infected by "not-a-virus:AdWare.WebHancer" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\woinstall.exe infected by "not-a-virus:AdWare.EZula.ak" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\wsem300.dll infected by "Trojan-Downloader.Win32.Dyfuca.cv" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\0021-bdl94126.EXE infected by "Trojan-Downloader.Win32.VB.ca" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\06wu29rd.exe infected by "not-a-virus:AdWare.F1Organizer.h" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\1800411.dll infected by "Trojan-Dropper.Win32.Miewer.f" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\1800414.dll infected by "Trojan-Dropper.Win32.Miewer.f" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\1802.dll infected by "Trojan-Downloader.Win32.Miewer.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\1803.dll infected by "Trojan-Downloader.Win32.Miewer.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\2b3fsk0h.dll infected by "not-a-virus:AdWare.Sahat.l" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\2ndsrch.dll infected by "Trojan-Downloader.Win32.Agent.ja" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\449166.exe infected by "not-a-virus:AdWare.Beginto.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\9qg.sys infected by "Trojan.Win32.Delf.cf" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\anddd.dll infected by "Trojan-Downloader.Win32.Qoologic.l" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\ap9h4qmo.exe infected by "not-a-virus:AdWare.Sahat.o" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\ATPartners.dll infected by "not-a-virus:AdWare.F1Organizer.c" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\bizzard.dll infected by "Trojan-Dropper.Win32.Miewer.f" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\blapbrd.exe_ infected by "Trojan-Downloader.Win32.Apropo.t" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\bln02nqv.exe infected by "not-a-virus:AdWare.Sahat.o" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\cdoloader.exe infected by "not-a-virus:AdWare.Apropos.i" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\cd_clint.dll infected by "not-a-virus:AdWare.Cydoor" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\cd_htm.dll infected by "not-a-virus:AdWare.Cydoor" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\CS4P028.exe infected by "Trojan-Downloader.Win32.Small.go" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\cwaugyp.exe infected by "Trojan.Win32.Delf.cf" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\dde32v.exe infected by "not-a-virus:AdWare.Apropos.i" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\delfin.dll infected by "Trojan-Downloader.Win32.Miewer.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\delfin0406.dll infected by "Trojan-Downloader.Win32.Miewer.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\delfin0414.dll infected by "Trojan-Downloader.Win32.Miewer.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\destmler.exe_ infected by "Trojan-Downloader.Win32.Apropo.t" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\dp807615.exe infected by "Trojan-Downloader.Win32.Lalus" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\dp8pnt.exe_ infected by "Trojan-Downloader.Win32.Agent.ji" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\dwwntz.exe_ infected by "Trojan-Downloader.Win32.Apropo.t" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\EMBIOSO.exe infected by "Trojan.Win32.Revop.c" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\exdl.exe infected by "not-a-virus:AdWare.BargainBuddy.j" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\exdl1.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\exdl2.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\exul.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\exul1.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\exul2.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\gah95on6.exe infected by "not-a-virus:AdWare.Sahat.o" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\goldnew2b.dll infected by "Trojan-Dropper.Win32.Miewer.f" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\goldnew2b0406.dll infected by "Trojan-Dropper.Win32.Miewer.f" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\goldnew2b0414.dll infected by "Trojan-Dropper.Win32.Miewer.f" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\gpsssbh.dll infected by "Trojan-Downloader.Win32.Qoologic.l" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\IdleUI.dll infected by "Trojan-Spy.Win32.Idly.c" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\infamous_downloader.exe infected by "Trojan-Downloader.Win32.Small.iq" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\install2.exe infected by "Trojan.Win32.SecondThought.l" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\instsrv.exe tagged as not-a-virus:RiskWare.Tool.ServiceRunner.f. No Action Taken.
File C:\WINDOWS\System32\javex80.vxd infected by "not-a-virus:AdWare.BargainBuddy.l" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\javexulm.vxd infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\lcinstaller.exe infected by "not-a-virus:AdWare.WinAD.ab" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\LDRCLNRF.exe infected by "Trojan.Win32.Revop.c" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\lmf32v.dll infected by "not-a-virus:AdWare.Suggestor.f" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\mac80ex.idf infected by "not-a-virus:AdWare.BargainBuddy.l" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\midad.dll infected by "Trojan-Downloader.Win32.Miewer.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\mqexdlm.srg infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\mrt07615.exe infected by "not-a-virus:AdWare.Apropos.i" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\msshed32.exe infected by "Trojan-Downloader.Win32.Delf.go" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\mtxgehlp.exe_ infected by "Trojan-Downloader.Win32.Apropo.t" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\mydpnt.exe_ infected by "Trojan-Downloader.Win32.Apropo.t" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\ncoolfn.exe infected by "Trojan-Downloader.Win32.Apropo.t" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\netut80ex.vxd infected by "not-a-virus:AdWare.BargainBuddy.j" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\newdevin.exe infected by "not-a-virus:AdWare.BookedSpace.c" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\nmp.dll infected by "Trojan-Dropper.Win32.Miewer.f" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\opOops2P.exe infected by "Trojan.Win32.Revop.c" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\patquota.exe_ infected by "Trojan-Downloader.Win32.Apropo.t" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\pndsvinn.exe_ infected by "Trojan-Downloader.Win32.Agent.ji" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\pop0406b.dll infected by "Trojan-Dropper.Win32.Miewer.f" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\pop317.dll infected by "Trojan-Dropper.Win32.Miewer.f" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\pop5.dll infected by "Trojan-Downloader.Win32.Miewer.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\pop7.dll infected by "Trojan-Downloader.Win32.Miewer.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\PopOops.dll infected by "not-a-virus:AdWare.VirtualBouncer.g" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\PopOops2.dll infected by "not-a-virus:AdWare.VirtualBouncer.g" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\PPN.exe infected by "Trojan.Win32.Revop.c" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\q0gds8b1.dll infected by "not-a-virus:AdWare.Sahat.l" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\q17i9a4j.exe infected by "not-a-virus:AdWare.Sahat.o" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\qh4mkbv9.dll infected by "not-a-virus:AdWare.Sahat.l" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\qool414.dll infected by "Trojan-Dropper.Win32.Miewer.f" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\redirect.vbs infected by "Trojan-Downloader.VBS.Psyme.as" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\reg6523.exe infected by "not-a-virus:AdWare.Beginto.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\rouoree.exe_ infected by "Trojan-Downloader.Win32.Apropo.t" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\searchdll.dll infected by "not-a-virus:AdWare.Serch.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\shrcp60.exe_ infected by "Trojan-Downloader.Win32.Apropo.t" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\silent.exe infected by "not-a-virus:AdWare.WinFetcher.b" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\srpcsrv32.dll infected by "Trojan-Downloader.Win32.Adload.g" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\sskden2.dll infected by "Trojan-Dropper.Win32.Miewer.f" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\stcloader.exe infected by "Trojan.Win32.SecondThought.ai" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\SuiteInstall.exe infected by "Trojan-Downloader.NSIS.Gen" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\SWDAT10M.exe infected by "Trojan.Win32.Revop.c" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\SWLAD1.dll infected by "not-a-virus:AdWare.VirtualBouncer.g" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\SWLAD2.dll infected by "not-a-virus:AdWare.VirtualBouncer.g" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\SWRT01.dll infected by "not-a-virus:AdWare.VirtualBouncer.g" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\tv30406.dll infected by "Trojan-Downloader.Win32.Miewer.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\TVM_B5.EXE infected by "Trojan-Dropper.Win32.Small.ht" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\tvnew.dll infected by "Trojan-Downloader.Win32.Miewer.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\txfdb32.dll infected by "Trojan-Downloader.Win32.Adload.g" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\u9i.exe infected by "Trojan.Win32.Delf.cf" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\uickTimeQ.exe infected by "Trojan.Win32.Revop.c" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\vqwww.dat infected by "Trojan-Downloader.Win32.Qoologic.l" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\winup2date.dll infected by "Trojan-Clicker.Win32.Small.et" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\winupdt.exe infected by "Trojan.Win32.SecondThought.be" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\wldr.dll infected by "Trojan-Downloader.Win32.Agent.le" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\wmconfig.cpl infected by "Trojan-Dropper.Win32.Small.wc" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\wys.dll infected by "not-a-virus:AdWare.WhileSurf.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\wys5.dll infected by "Trojan-Downloader.Win32.Miewer.e" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\xTWIAFCIAUG.exe infected by "Trojan-Downloader.Win32.Agent.am" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\yx4.dll infected by "Trojan.Win32.Delf.cf" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\_1250C.exe infected by "Trojan.Win32.Revop.c" Virus. Action Taken: No Action Taken.
File C:\!Submit\param32.dll infected by "Trojan-Downloader.Win32.WarSpy.g" Virus. Action Taken: No Action Taken.
File C:\counter.cab infected by "Trojan-Dropper.Win32.Small.ls" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\wsxs\patchme.exe infected by "not-a-virus:AdWare.DelphinMedia.Viewer.f" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Start Menu\Programs\Startup\tdrr.exe infected by "Trojan-Downloader.Win32.Qoologic.l" Virus. Action Taken: No Action Taken.
File C:\installer\id53.exe infected by "Trojan.Win32.SecondThought.l" Virus. Action Taken: No Action Taken.
File C:\Program Files\180search Assistant\saap.exe infected by "not-a-virus:AdWare.180Solutions" Virus. Action Taken: No Action Taken.
File C:\Program Files\180search Assistant\saaphook.dll infected by "not-a-virus:AdWare.180Solutions" Virus. Action Taken: No Action Taken.
File C:\Program Files\AdDestroyer\AdDestroyer.exe infected by "not-a-virus:AdWare.VirtualBouncer.g" Virus. Action Taken: No Action Taken.
File C:\Program Files\AutoUpdate\AutoUpdate.exe infected by "Trojan-Downloader.Win32.Apropo.g" Virus. Action Taken: No Action Taken.
File C:\Program Files\Bcpc\bcpc.exe infected by "not-a-virus:AdWare.Broadcap.a" Virus. Action Taken: No Action Taken.
File C:\Program Files\Bcpc\bcre_inst.exe infected by "not-a-virus:AdWare.Broadcap.a" Virus. Action Taken: No Action Taken.
File C:\Program Files\Bpt\BPT.exe infected by "not-a-virus:AdWare.Broadcap.a" Virus. Action Taken: No Action Taken.
File C:\Program Files\Bpt\bptre_inst.exe infected by "not-a-virus:AdWare.Broadcap.a" Virus. Action Taken: No Action Taken.
File C:\Program Files\BullsEye Network\bin\adv.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\Program Files\BullsEye Network\bin\adx.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\Program Files\BullsEye Network\bin\bargains.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\Program Files\ClearSearch\CSBIINST.DLL infected by "not-a-virus:AdWare.ClearSearch.b" Virus. Action Taken: No Action Taken.
File C:\Program Files\ClearSearch\Loader.exe infected by "Backdoor.Win32.Ruledor.c" Virus. Action Taken: No Action Taken.
File C:\Program Files\Common Files\Java\bpt.cfg infected by "not-a-virus:AdWare.Broadcap.a" Virus. Action Taken: No Action Taken.
File C:\Program Files\Common Files\Java\bptre.exe infected by "not-a-virus:AdWare.Broadcap.a" Virus. Action Taken: No Action Taken.
File C:\Program Files\Common Files\Java\xclean.exe infected by "not-a-virus:AdWare.Broadcap.b" Virus. Action Taken: No Action Taken.
File C:\Program Files\Common Files\Java\Xcpy1.cfg infected by "not-a-virus:AdWare.FlashTrack.b" Virus. Action Taken: No Action Taken.
File C:\Program Files\Common Files\Uninstall Information\RemoveDisplayUtility.exe infected by "not-a-virus:AdWare.DelphinMedia.Viewer.f" Virus. Action Taken: No Action Taken.
File C:\Program Files\Common Files\WinTools\btiein.dll infected by "Trojan-Downloader.Win32.QDown.h" Virus. Action Taken: No Action Taken.
File C:\Program Files\Common Files\WinTools\WinTools.exe tagged as not-a-virus:RiskWare.Tool.Exporun. No Action Taken.
File C:\Program Files\DownloadWare\Downloads\217.dat infected by "not-a-virus:AdWare.WindowEnhancer" Virus. Action Taken: No Action Taken.
File C:\Program Files\DownloadWare\dw.exe infected by "not-a-virus:AdWare.DownloadWare" Virus. Action Taken: No Action Taken.
File C:\Program Files\DownloadWare\Temp\seinst.exe infected by "not-a-virus:AdWare.WindowEnhancer" Virus. Action Taken: No Action Taken.
File C:\Program Files\eSyndicate\esyn.dll infected by "not-a-virus:AdWare.Esyndic.a" Virus. Action Taken: No Action Taken.
File C:\Program Files\eXact\CloseWindow.exe infected by "not-a-virus:AdWare.Toolbar.Exact" Virus. Action Taken: No Action Taken.
File C:\Program Files\eXact\eXactToolbar.dll infected by "not-a-virus:AdWare.Toolbar.Exact" Virus. Action Taken: No Action Taken.
File C:\Program Files\eXact\exacttoolbar00043.dll infected by "not-a-virus:AdWare.ToolBar.Exact" Virus. Action Taken: No Action Taken.
File C:\Program Files\eXact\exacttoolbar00067.dll infected by "not-a-virus:AdWare.ToolBar.Exact" Virus. Action Taken: No Action Taken.
File C:\Program Files\eXact\exacttoolbar00068.dll infected by "not-a-virus:AdWare.ToolBar.Exact" Virus. Action Taken: No Action Taken.
File C:\Program Files\eXact\exactUpdate.exe infected by "not-a-virus:AdWare.ToolBar.Exact" Virus. Action Taken: No Action Taken.
File C:\Program Files\eXact\exactupdate00120.exe infected by "not-a-virus:AdWare.ToolBar.Exact" Virus. Action Taken: No Action Taken.
File C:\Program Files\eXact\exactupdate00136.exe infected by "not-a-virus:AdWare.ToolBar.Exact" Virus. Action Taken: No Action Taken.
File C:\Program Files\eZula\CHCON.dll infected by "not-a-virus:AdWare.EZula.ae" Virus. Action Taken: No Action Taken.
File C:\Program Files\eZula\mmod.exe infected by "not-a-virus:AdWare.EZula.z" Virus. Action Taken: No Action Taken.
File C:\Program Files\eZula\seng.dll infected by "not-a-virus:AdWare.EZula.ab" Virus. Action Taken: No Action Taken.
File C:\Program Files\Internet Optimizer\actalert.exe infected by "Trojan-Downloader.Win32.Dyfuca.cr" Virus. Action Taken: No Action Taken.
File C:\Program Files\Internet Optimizer\install.exe infected by "Trojan-Downloader.Win32.Dyfuca.cs" Virus. Action Taken: No Action Taken.
File C:\Program Files\Internet Optimizer\optimize.exe infected by "Trojan-Downloader.Win32.Dyfuca.cq" Virus. Action Taken: No Action Taken.
File C:\Program Files\Internet Optimizer\update\actalert.exe infected by "Trojan-Downloader.Win32.Dyfuca.cr" Virus. Action Taken: No Action Taken.
File C:\Program Files\Internet Optimizer\update\install.exe infected by "Trojan-Downloader.Win32.Dyfuca.cs" Virus. Action Taken: No Action Taken.
File C:\Program Files\ISTsvc\istsvc.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Lycos\IEagent\CSBIINST.DLL infected by "not-a-virus:AdWare.ClearSearch.b" Virus. Action Taken: No Action Taken.
File C:\Program Files\Lycos\IEagent\CSIE.DLL infected by "not-a-virus:AdWare.ClearSearch.l" Virus. Action Taken: No Action Taken.
File C:\Program Files\Lycos\IEagent\CSSSINST.DLL infected by "not-a-virus:AdWare.ClearSearch.b" Virus. Action Taken: No Action Taken.
File C:\Program Files\Lycos\IEagent\FNuninstaller.EXE infected by "not-a-virus:AdWare.ClearSearch.n" Virus. Action Taken: No Action Taken.
File C:\Program Files\Lycos\IEagent\Loader.exe infected by "Trojan-Downloader.Win32.Small.go" Virus. Action Taken: No Action Taken.
File C:\Program Files\Lycos\Sidesearch\sidesearch1400.dll infected by "not-a-virus:AdWare.Sidesearch.c" Virus. Action Taken: No Action Taken.
File C:\Program Files\NaviSearch\bin\nls.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\Program Files\over.exe infected by "Trojan.Win32.Revop.a" Virus. Action Taken: No Action Taken.
File C:\Program Files\pup.exe infected by "Trojan.Win32.Revop.c" Virus. Action Taken: No Action Taken.
File C:\Program Files\PurityScan\PuritySCAN.exe infected by "Trojan.Win32.Scapur.e" Virus. Action Taken: No Action Taken.
File C:\Program Files\se\v11\se.DLL infected by "not-a-virus:AdWare.WindowEnhancer" Virus. Action Taken: No Action Taken.
File C:\Program Files\se\v11\se.EXE infected by "not-a-virus:AdWare.WindowEnhancer" Virus. Action Taken: No Action Taken.
File C:\Program Files\STC\bundles.exe infected by "Trojan.Win32.SecondThought.ba" Virus. Action Taken: No Action Taken.
File C:\Program Files\STC\bundles118.exe infected by "Trojan.Win32.SecondThought.bf" Virus. Action Taken: No Action Taken.
File C:\Program Files\STC\bundles53.exe infected by "Trojan.Win32.SecondThought.bg" Virus. Action Taken: No Action Taken.
File C:\Program Files\STC\ClrSchP070.exe infected by "Backdoor.Win32.Ruledor.c" Virus. Action Taken: No Action Taken.
File C:\Program Files\STC\slmss.exe infected by "Trojan.Win32.SecondThought.a" Virus. Action Taken: No Action Taken.
File C:\Program Files\STC\Tvm_b5_269.exe infected by "Trojan-Dropper.Win32.Small.gj" Virus. Action Taken: No Action Taken.
File C:\Program Files\Windows Media Player\wmplayer.exe.tmp infected by "Trojan-Downloader.Win32.Small.apm" Virus. Action Taken: No Action Taken.
File C:\stcupdt.exe infected by "Trojan.Win32.SecondThought.bd" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP230\A0122701.exe infected by "Trojan.Win32.Revop.c" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP231\A0122708.exe infected by "Trojan.Win32.Revop.c" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP231\A0122712.dll infected by "not-a-virus:AdWare.BargainBuddy.l" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP231\A0122714.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP231\A0122715.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP231\A0122716.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP231\A0122718.DLL infected by "not-a-virus:AdWare.IGetNet.a" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP231\A0122719.DLL infected by "not-a-virus:AdWare.IGetNet.a" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP231\A0122721.DLL infected by "not-a-virus:AdWare.IGetNet.b" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP231\A0122722.exe infected by "Trojan.Win32.Revop.c" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP231\A0122733.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP231\A0122748.dll infected by "not-a-virus:AdWare.BargainBuddy.l" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP231\A0122751.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP231\A0122752.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP231\A0122753.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP231\A0122754.DLL infected by "not-a-virus:AdWare.IGetNet.a" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP231\A0122755.DLL infected by "not-a-virus:AdWare.IGetNet.a" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP231\A0122756.DLL infected by "not-a-virus:AdWare.IGetNet.b" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP231\A0122760.exe infected by "Trojan.Win32.Revop.c" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP231\A0122771.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP232\A0122805.dll infected by "not-a-virus:AdWare.IGetNet.a" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP232\A0122813.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP232\A0122831.dll infected by "not-a-virus:AdWare.BargainBuddy.l" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP232\A0122833.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP232\A0122834.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP232\A0122835.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP232\A0122837.DLL infected by "not-a-virus:AdWare.IGetNet.a" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP232\A0122839.DLL infected by "not-a-virus:AdWare.IGetNet.a" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP232\A0122841.DLL infected by "not-a-virus:AdWare.IGetNet.b" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP232\A0122842.exe infected by "Trojan.Win32.Revop.c" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP232\A0122856.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP232\A0122857.exe infected by "Trojan-Downloader.Win32.Agent.am" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP232\A0122867.dll infected by "not-a-virus:AdWare.BargainBuddy.l" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP232\A0122869.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP232\A0122870.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP232\A0122871.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP232\A0122873.DLL infected by "not-a-virus:AdWare.IGetNet.a" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP232\A0122874.DLL infected by "not-a-virus:AdWare.IGetNet.a" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP232\A0122876.DLL infected by "not-a-virus:AdWare.IGetNet.b" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP232\A0122878.exe infected by "Trojan.Win32.Revop.c" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP232\A0122893.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP232\A0122905.dll infected by "not-a-virus:AdWare.BargainBuddy.l" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP232\A0122907.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP232\A0122908.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP232\A0122909.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP232\A0122911.DLL infected by "not-a-virus:AdWare.IGetNet.a" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP232\A0122912.DLL infected by "not-a-virus:AdWare.IGetNet.a" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP232\A0122915.DLL infected by "not-a-virus:AdWare.IGetNet.b" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP232\A0122916.exe infected by "Trojan.Win32.Revop.c" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP232\A0122926.dll infected by "not-a-virus:AdWare.BargainBuddy.l" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP232\A0122928.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP232\A0122929.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP232\A0122930.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP232\A0122932.DLL infected by "not-a-virus:AdWare.IGetNet.a" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP232\A0122934.DLL infected by "not-a-virus:AdWare.IGetNet.a" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP232\A0122935.DLL infected by "not-a-virus:AdWare.IGetNet.b" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP232\A0122937.exe infected by "Trojan.Win32.Revop.c" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP232\A0122952.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP232\A0122967.dll infected by "not-a-virus:AdWare.BargainBuddy.l" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP232\A0122970.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP232\A0122971.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP232\A0122972.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP232\A0122973.DLL infected by "not-a-virus:AdWare.IGetNet.a" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP232\A0122975.DLL infected by "not-a-virus:AdWare.IGetNet.a" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP232\A0122976.DLL infected by "not-a-virus:AdWare.IGetNet.b" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP232\A0122978.exe infected by "Trojan.Win32.Revop.c" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP232\A0122990.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP233\A0123001.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP233\A0123002.exe infected by "Trojan.Win32.Revop.c" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP233\A0123025.dll infected by "not-a-virus:AdWare.BargainBuddy.l" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP233\A0123027.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP233\A0123028.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP233\A0123029.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP233\A0123031.DLL infected by "not-a-virus:AdWare.IGetNet.a" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP233\A0123032.DLL infected by "not-a-virus:AdWare.IGetNet.a" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP233\A0123033.DLL infected by "not-a-virus:AdWare.IGetNet.b" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP233\A0123036.exe infected by "Trojan.Win32.Revop.c" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP233\A0123048.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP233\A0123060.dll infected by "not-a-virus:AdWare.BargainBuddy.l" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP233\A0123062.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP233\A0123063.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP233\A0123064.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP233\A0123066.DLL infected by "not-a-virus:AdWare.IGetNet.a" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP233\A0123068.DLL infected by "not-a-virus:AdWare.IGetNet.a" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP233\A0123069.DLL infected by "not-a-virus:AdWare.IGetNet.b" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP233\A0123071.exe infected by "Trojan.Win32.Revop.c" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP233\A0123086.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP235\A0124060.dll infected by "not-a-virus:AdWare.BargainBuddy.l" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP235\A0124062.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP235\A0124063.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP235\A0124064.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP235\A0124066.DLL infected by "not-a-virus:AdWare.IGetNet.a" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP235\A0124067.DLL infected by "not-a-virus:AdWare.IGetNet.a" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP235\A0124069.DLL infected by "not-a-virus:AdWare.IGetNet.b" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP235\A0124071.exe infected by "Trojan.Win32.Revop.c" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP235\A0124085.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP235\A0124096.dll infected by "not-a-virus:AdWare.BargainBuddy.l" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP235\A0124098.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP235\A0124099.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP235\A0124100.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP235\A0124102.DLL infected by "not-a-virus:AdWare.IGetNet.a" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP235\A0124103.DLL infected by "not-a-virus:AdWare.IGetNet.a" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP235&#

[Chaosbc29]

Oh yea almost forgot

Logfile of HijackThis v1.99.1
Scan saved at 2:16:14 AM, on 5/5/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\Services\{8223CA69-A4D8-42D7-B86E-2FE88740F9DE}\SVCHOST.EXE
C:\WINDOWS\System32\nriiil.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\System32\81XDNT5I.exe
C:\Program Files\America Online 8.0\aol.exe
C:\Program Files\America Online 8.0\waol.exe
C:\Program Files\America Online 8.0\aolwbspd.exe
c:\progra~1\exact\exactupdate00136.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
C:\Documents and Settings\Bobby\Desktop\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ipassist.biz/index.php?id=11258
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: eXact Browser Companion - {F9765480-72D1-11D4-A75A-004F49045A87} - c:\progra~1\exact\exacttoolbar00068.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Oemji - {804DB5C7-31E6-4885-850A-F1941B58A4C7} - C:\Program Files\Oemji\Toolbar\OemjiSrc.dll
O3 - Toolbar: &eXact Toolbar - {224530A0-C9CB-4AEE-9C0F-54AC1B533211} - c:\progra~1\exact\exacttoolbar00068.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {1671869C-25B3-4C80-9446-8AE6111F8765} (MaxisHotDateTeleX Control) - http://thesims.ea.co...otDateTeleX.cab
O16 - DPF: {8629CFEB-C31A-4429-9BB0-8765A8A24FDA} (MaxisUnleashedLotTeleX Control) - http://thesims.ea.co...hedLotTeleX.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredim...er/imloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E4CCB4ED-1B55-44C2-B26A-91E02227F5DC}: NameServer = 205.188.146.145
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

[greyknight17]

OK, you have a lot of stuff there. Did you read the sticky topic yet (I should have asked you this earlier - missed it)? If not, go below (read this before posting your hijackthis....) and do the things there first. Then do the below and fix whatever still applies:

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Download CWShredder at http://www.greyknigh.../CWShredder.exe and run it. Click on 'I Agree' button if you agree with it. Click on 'Fix' (it will automatically fix anything it finds for you) and OK. If it asks if you want to delete a certain random file, choose No and post that filename here. Let it finish the scan and then hit Next and Exit.

Download KillBox http://www.greyknigh...spy/KillBox.exe. Don't run it yet.

Reboot into Safe Mode by hitting the F8 key until menu shows up. In some systems, this may be the F5 key, so try that if F8 doesn't work. Make sure to close any open browsers. Go into HijackThis->Config->Misc. Tools->Open process manager. Select the following and click 'Kill process' for each one if they are still listed (they shouldn't be - but double check):

C:\WINDOWS\System32\Services\{8223CA69-A4D8-42D7-B86E-2FE88740F9DE}\SVCHOST.EXE
C:\WINDOWS\System32\nriiil.exe
C:\WINDOWS\System32\81XDNT5I.exe
c:\progra~1\exact\exactupdate00136.exe

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist:

Exact Search Bar
WindUpdate
AdDestroyer
eZula
Bargain Buddy
BullsEye Network
Internet Optimizer

Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ipassist.biz/index.php?id=11258
O2 - BHO: eXact Browser Companion - {F9765480-72D1-11D4-A75A-004F49045A87} - c:\progra~1\exact\exacttoolbar00068.dll
O3 - Toolbar: &eXact Toolbar - {224530A0-C9CB-4AEE-9C0F-54AC1B533211} - c:\progra~1\exact\exacttoolbar00068.dll
O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe

Run KillBox and check the box that says 'End Explorer Shell While Killing File'. Next click on 'Delete on Reboot'. For each of the following files below, check the box that says 'Unregister .dll Before Deleting' if it's not grayed out. Copy and paste each of the following into KillBox (hitting the X button for each file - choose NO when it asks if you want to reboot):

C:\WINDOWS\System32\Services\{8223CA69-A4D8-42D7-B86E-2FE88740F9DE}\
C:\WINDOWS\System32\nriiil.exe
C:\WINDOWS\System32\81XDNT5I.exe
c:\progra~1\exact\

Also see if you can find and delete these files in KillBox:
C:\WINDOWS\System32\guninst.exe
C:\WINDOWS\System32\popup_bl.dll
C:\WINDOWS\System32\SEARCHDLL.DLL
C:\WINDOWS\System32\param32.dll
C:\WINDOWS\System32\systr.dll

You should clear out the files in the Prefetch folder. Go to C:\Windows\ or C:\WINNT\ and look for the Prefetch folder. Open it up and delete all the files in that folder.

Reboot into Normal Mode

Turn off system restore by right clicking on My Computer and go to Properties->System Restore and check the box for Turn off System Restore. Click Apply and then OK. Restart your computer and uncheck the same box to enable System Restore.

Restart and run a new HijackThis scan. Save the log file and post it here.

[Chaosbc29]

Logfile of HijackThis v1.99.1
Scan saved at 11:08:09 AM, on 5/5/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\Services\{8223CA69-A4D8-42D7-B86E-2FE88740F9DE}\SVCHOST.EXE
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\WINDOWS\System32\nriiil.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\AOL Companion\companion.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\System32\_21866C.exe
C:\WINDOWS\System32\msiexec.exe
C:\Documents and Settings\Bobby\Desktop\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ipassist.biz/index.php?id=11258
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;http://localhost;
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Oemji - {804DB5C7-31E6-4885-850A-F1941B58A4C7} - C:\Program Files\Oemji\Toolbar\OemjiSrc.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {1671869C-25B3-4C80-9446-8AE6111F8765} (MaxisHotDateTeleX Control) - http://thesims.ea.co...otDateTeleX.cab
O16 - DPF: {8629CFEB-C31A-4429-9BB0-8765A8A24FDA} (MaxisUnleashedLotTeleX Control) - http://thesims.ea.co...hedLotTeleX.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredim...er/imloader.cab
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

[greyknight17]

Were you also able to delete those last 5 files I listed to delete in KillBox?

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Reboot into Safe Mode by hitting the F8 key until menu shows up. In some systems, this may be the F5 key, so try that if F8 doesn't work. Make sure to close any open browsers. Go into HijackThis->Config->Misc. Tools->Open process manager. Select the following and click 'Kill process' for each one if they are still listed (they shouldn't be - but double check):

C:\WINDOWS\System32\Services\{8223CA69-A4D8-42D7-B86E-2FE88740F9DE}\SVCHOST.EXE
C:\WINDOWS\System32\nriiil.exe
C:\WINDOWS\System32\_21866C.exe

Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ipassist.biz/index.php?id=11258

Run KillBox and check the box that says 'End Explorer Shell While Killing File'. Next click on 'Delete on Reboot'. For each of the following files below, check the box that says 'Unregister .dll Before Deleting' if it's not grayed out. Copy and paste each of the following into KillBox (hitting the X button for each file - choose NO when it asks if you want to reboot):

C:\WINDOWS\System32\Services\{8223CA69-A4D8-42D7-B86E-2FE88740F9DE}\
C:\WINDOWS\System32\nriiil.exe
C:\WINDOWS\System32\_21866C.exe

Reboot into Normal Mode run a new HijackThis scan. Save the log file and post it here. Also give me a new mwav log.

[Chaosbc29]

Logfile of HijackThis v1.99.1
Scan saved at 2:52:41 PM, on 5/19/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\Services\{8223CA69-A4D8-42D7-B86E-2FE88740F9DE}\SVCHOST.EXE
C:\WINDOWS\System32\nriiil.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\System32\EGAPIR.exe
C:\Program Files\America Online 8.0\aol.exe
C:\Program Files\America Online 8.0\waol.exe
C:\Program Files\America Online 8.0\aolwbspd.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Bobby\Desktop\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ipassist.biz/index.php?id=11258
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {A78860C8-EE1A-46DF-A97F-E3E6D433E80B} - C:\WINDOWS\SYSTEM32\yx4.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Oemji - {804DB5C7-31E6-4885-850A-F1941B58A4C7} - C:\Program Files\Oemji\Toolbar\OemjiSrc.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\RunOnce: [cwaugyp.exe] C:\WINDOWS\System32\cwaugyp.exe /k
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\RunOnce: [cwaugyp.exe] C:\WINDOWS\System32\cwaugyp.exe /k
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.v...od/install.html
O16 - DPF: {1671869C-25B3-4C80-9446-8AE6111F8765} (MaxisHotDateTeleX Control) - http://thesims.ea.co...otDateTeleX.cab
O16 - DPF: {8629CFEB-C31A-4429-9BB0-8765A8A24FDA} (MaxisUnleashedLotTeleX Control) - http://thesims.ea.co...hedLotTeleX.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredim...er/imloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E4CCB4ED-1B55-44C2-B26A-91E02227F5DC}: NameServer = 205.188.146.145
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe







File C:\WINDOWS\System32\Services\{8223CA69-A4D8-42D7-B86E-2FE88740F9DE}\SECURITY.DLL infected by "Trojan.Win32.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\Services\{8223CA69-A4D8-42D7-B86E-2FE88740F9DE}\SVCHOST32.DLL infected by "Trojan.Win32.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\gpsssbh.dll infected by "Trojan-Downloader.Win32.Qoologic.l" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\csrs0dec.dll infected by "Backdoor.Win32.PPdoor.j" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\winup2date.dll infected by "Trojan-Clicker.Win32.Small.et" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\nvrsdctr.exe infected by "Backdoor.Win32.PPdoor.j" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\Services\{8223CA69-A4D8-42D7-B86E-2FE88740F9DE}\SVCHOST.EXE infected by "Trojan.Win32.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\nriiil.exe infected by "Trojan-Downloader.Win32.Qoologic.l" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\PQL.exe infected by "Trojan.Win32.Revop.c" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\csrs0dec.dll infected by "Backdoor.Win32.PPdoor.j" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM32\yx4.dll infected by "Trojan.Win32.Delf.cf" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\ocdddqr.exe infected by "Trojan-Downloader.Win32.Qoologic.l" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\nvrsdctr.exe infected by "Backdoor.Win32.PPdoor.j" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\Services\{8223CA69-A4D8-42D7-B86E-2FE88740F9DE}\SVCHOST.EXE infected by "Trojan.Win32.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\nriiil.exe infected by "Trojan-Downloader.Win32.Qoologic.l" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\PQL.exe infected by "Trojan.Win32.Revop.c" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\Services\{8223CA69-A4D8-42D7-B86E-2FE88740F9DE}\SECURITY.EXE infected by "Trojan.Win32.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\cwaugyp.exe infected by "Trojan.Win32.Delf.cf" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Start Menu\Programs\Startup\tdrr.exe infected by "Trojan-Downloader.Win32.Qoologic.l" Virus. Action Taken: No Action Taken.
File System Found infected by "IBIS Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "AdRotator Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "AdRotator Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "SideFind Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "SideFind Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "SideFind Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "SideFind Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "SideFind Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "SideFind Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "Bargain Buddy Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "Bargain Buddy Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "Bargain Buddy Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "eZula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "eZula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "eZula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "eZula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "eZula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "eZula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "eZula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "eZula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "eZula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "eZula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "eZula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "eZula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "eZula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "eZula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "eZula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "eZula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "eZula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "eZula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "eZula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "eZula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "eZula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "eZula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "eZula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "eZula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "eZula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "eZula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "eZula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "eZula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "eZula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "eZula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "eZula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "eZula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "eZula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "eZula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "eZula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "eZula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "eZula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "eZula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "eZula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "eZula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "Alexa Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "SearchEXE Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "sidefind Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "emusic Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "wintools Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "istsvc Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "istbaristbar Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "DyFuCA Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "ist Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "quicken Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "Internet Optimizer Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "avenue media Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "saap Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "bullseye network Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "exactutil Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "ezula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "cydoor Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "dvx Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "vendor Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "bargainbuddy Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "DMO Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "se Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "AT-Games Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "addestroyer Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "slmss Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "mwsvm Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "Search-Exe Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "DownloadWare Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "ezula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "ezula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "ezula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "ezula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "ezula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "ezula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "ezula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "ezula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "ezula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "ezula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "ezula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "ezula Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "WindUpdate Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "AdDestroyer Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "AdDestroyer Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "AdDestroyer Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "AdDestroyer Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "AdDestroyer Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "cws.therealsearch Spyware/Adware" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\70tovmto.exe infected by "not-a-virus:AdWare.Sahat.o" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\9qg.sys infected by "Trojan.Win32.Delf.cf" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\a95kfrhe.exe infected by "not-a-virus:AdWare.Sahat.o" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\aguyuryp.exe infected by "Trojan-Downloader.Win32.IstBar.ij" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\bxxs5.dll infected by "not-a-virus:AdWare.BookedSpace.c" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\eZinstall.exe infected by "not-a-virus:AdWare.EZula.ak" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Hxmxevtw.dll infected by "not-a-virus:AdWare.SearchBand.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\HyperLinker.exe infected by "not-a-virus:AdWare.MDH.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\ieasst.dll infected by "Trojan.Win32.StartPage.io" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\itivyv.exe_ infected by "not-a-virus:AdWare.180Solutions" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\mscore.dll infected by "not-a-virus:AdWare.WebSearch.k" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\mwsvm.exe infected by "not-a-virus:AdWare.Suggestor.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\mwsvm.ocx infected by "not-a-virus:AdWare.Suggestor.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\pup.exe infected by "Trojan.Win32.Revop.c" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\twaintec.dll infected by "not-a-virus:AdWare.BiSpy.m" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\webhdll.dll infected by "not-a-virus:AdWare.WebHancer" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\woinstall.exe infected by "not-a-virus:AdWare.EZula.ak" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\wsem300.dll infected by "Trojan-Downloader.Win32.Dyfuca.cv" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\0021-bdl94126.EXE infected by "Trojan-Downloader.Win32.VB.ca" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\06wu29rd.exe infected by "not-a-virus:AdWare.F1Organizer.h" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\1800411.dll infected by "Trojan-Dropper.Win32.Miewer.f" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\1800414.dll infected by "Trojan-Dropper.Win32.Miewer.f" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\1802.dll infected by "Trojan-Downloader.Win32.Miewer.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\1803.dll infected by "Trojan-Downloader.Win32.Miewer.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\2b3fsk0h.dll infected by "not-a-virus:AdWare.Sahat.l" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\2ndsrch.dll infected by "Trojan-Downloader.Win32.Agent.ja" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\449166.exe infected by "not-a-virus:AdWare.Beginto.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\9qg.sys infected by "Trojan.Win32.Delf.cf" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\anddd.dll infected by "Trojan-Downloader.Win32.Qoologic.l" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\ap9h4qmo.exe infected by "not-a-virus:AdWare.Sahat.o" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\ATPartners.dll infected by "not-a-virus:AdWare.F1Organizer.c" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\bizzard.dll infected by "Trojan-Dropper.Win32.Miewer.f" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\blapbrd.exe_ infected by "Trojan-Downloader.Win32.Apropo.t" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\bln02nqv.exe infected by "not-a-virus:AdWare.Sahat.o" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\cdoloader.exe infected by "not-a-virus:AdWare.Apropos.i" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\cd_clint.dll infected by "not-a-virus:AdWare.Cydoor" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\cd_htm.dll infected by "not-a-virus:AdWare.Cydoor" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\CS4P028.exe infected by "Trojan-Downloader.Win32.Small.go" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\dde32v.exe infected by "not-a-virus:AdWare.Apropos.i" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\delfin.dll infected by "Trojan-Downloader.Win32.Miewer.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\delfin0406.dll infected by "Trojan-Downloader.Win32.Miewer.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\delfin0414.dll infected by "Trojan-Downloader.Win32.Miewer.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\destmler.exe_ infected by "Trojan-Downloader.Win32.Apropo.t" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\dp807615.exe infected by "Trojan-Downloader.Win32.Lalus" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\dp8pnt.exe_ infected by "Trojan-Downloader.Win32.Agent.ji" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\dwwntz.exe_ infected by "Trojan-Downloader.Win32.Apropo.t" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\EMBIOSO.exe infected by "Trojan.Win32.Revop.c" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\exdl.exe infected by "not-a-virus:AdWare.BargainBuddy.j" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\exdl1.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\exdl2.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\exul.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\exul1.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\exul2.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\gah95on6.exe infected by "not-a-virus:AdWare.Sahat.o" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\goldnew2b.dll infected by "Trojan-Dropper.Win32.Miewer.f" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\goldnew2b0406.dll infected by "Trojan-Dropper.Win32.Miewer.f" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\goldnew2b0414.dll infected by "Trojan-Dropper.Win32.Miewer.f" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\gpsssbh.dll infected by "Trojan-Downloader.Win32.Qoologic.l" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\IdleUI.dll infected by "Trojan-Spy.Win32.Idly.c" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\infamous_downloader.exe infected by "Trojan-Downloader.Win32.Small.iq" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\install2.exe infected by "Trojan.Win32.SecondThought.l" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\instsrv.exe tagged as not-a-virus:RiskWare.Tool.ServiceRunner.f. No Action Taken.
File C:\WINDOWS\System32\javex80.vxd infected by "not-a-virus:AdWare.BargainBuddy.l" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\javexulm.vxd infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\lcinstaller.exe infected by "not-a-virus:AdWare.WinAD.ab" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\LDRCLNRF.exe infected by "Trojan.Win32.Revop.c" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\lmf32v.dll infected by "not-a-virus:AdWare.Suggestor.f" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\mac80ex.idf infected by "not-a-virus:AdWare.BargainBuddy.l" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\midad.dll infected by "Trojan-Downloader.Win32.Miewer.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\MOCXD.exe infected by "Trojan.Win32.Revop.c" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\mqexdlm.srg infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\mrt07615.exe infected by "not-a-virus:AdWare.Apropos.i" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\msshed32.exe infected by "Trojan-Downloader.Win32.Delf.go" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\mtxgehlp.exe_ infected by "Trojan-Downloader.Win32.Apropo.t" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\mydpnt.exe_ infected by "Trojan-Downloader.Win32.Apropo.t" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\ncoolfn.exe infected by "Trojan-Downloader.Win32.Apropo.t" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\netut80ex.vxd infected by "not-a-virus:AdWare.BargainBuddy.j" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\newdevin.exe infected by "not-a-virus:AdWare.BookedSpace.c" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\nmp.dll infected by "Trojan-Dropper.Win32.Miewer.f" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\opOops2P.exe infected by "Trojan.Win32.Revop.c" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\patquota.exe_ infected by "Trojan-Downloader.Win32.Apropo.t" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\pndsvinn.exe_ infected by "Trojan-Downloader.Win32.Agent.ji" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\pop0406b.dll infected by "Trojan-Dropper.Win32.Miewer.f" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\pop317.dll infected by "Trojan-Dropper.Win32.Miewer.f" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\pop5.dll infected by "Trojan-Downloader.Win32.Miewer.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\pop7.dll infected by "Trojan-Downloader.Win32.Miewer.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\PopOops.dll infected by "not-a-virus:AdWare.VirtualBouncer.g" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\PopOops2.dll infected by "not-a-virus:AdWare.VirtualBouncer.g" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\PPN.exe infected by "Trojan.Win32.Revop.c" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\q0gds8b1.dll infected by "not-a-virus:AdWare.Sahat.l" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\q17i9a4j.exe infected by "not-a-virus:AdWare.Sahat.o" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\qh4mkbv9.dll infected by "not-a-virus:AdWare.Sahat.l" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\qool414.dll infected by "Trojan-Dropper.Win32.Miewer.f" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\redirect.vbs infected by "Trojan-Downloader.VBS.Psyme.as" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\reg6523.exe infected by "not-a-virus:AdWare.Beginto.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\rouoree.exe_ infected by "Trojan-Downloader.Win32.Apropo.t" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\shrcp60.exe_ infected by "Trojan-Downloader.Win32.Apropo.t" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\silent.exe infected by "not-a-virus:AdWare.WinFetcher.b" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\srpcsrv32.dll infected by "Trojan-Downloader.Win32.Adload.g" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\sskden2.dll infected by "Trojan-Dropper.Win32.Miewer.f" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\stcloader.exe infected by "Trojan.Win32.SecondThought.ai" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\SuiteInstall.exe infected by "Trojan-Downloader.NSIS.Gen" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\SWDAT10M.exe infected by "Trojan.Win32.Revop.c" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\SWLAD1.dll infected by "not-a-virus:AdWare.VirtualBouncer.g" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\SWLAD2.dll infected by "not-a-virus:AdWare.VirtualBouncer.g" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\SWRT01.dll infected by "not-a-virus:AdWare.VirtualBouncer.g" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\tv30406.dll infected by "Trojan-Downloader.Win32.Miewer.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\TVM_B5.EXE infected by "Trojan-Dropper.Win32.Small.ht" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\tvnew.dll infected by "Trojan-Downloader.Win32.Miewer.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\txfdb32.dll infected by "Trojan-Downloader.Win32.Adload.g" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\u9i.exe infected by "Trojan.Win32.Delf.cf" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\uickTimeQ.exe infected by "Trojan.Win32.Revop.c" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\vqwww.dat infected by "Trojan-Downloader.Win32.Qoologic.l" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\winup2date.dll infected by "Trojan-Clicker.Win32.Small.et" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\winupdt.exe infected by "Trojan.Win32.SecondThought.be" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\wldr.dll infected by "Trojan-Downloader.Win32.Agent.le" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\wmconfig.cpl infected by "Trojan-Dropper.Win32.Small.wc" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\wys.dll infected by "not-a-virus:AdWare.WhileSurf.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\wys5.dll infected by "Trojan-Downloader.Win32.Miewer.e" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\xTWIAFCIAUG.exe infected by "Trojan-Downloader.Win32.Agent.am" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\_1250C.exe infected by "Trojan.Win32.Revop.c" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\Bobby\LOCALS~1\Temp\9qg.sys infected by "Trojan.Win32.Delf.cf" Virus. Action Taken: No Action Taken.
File C:\!Submit\param32.dll infected by "Trojan-Downloader.Win32.WarSpy.g" Virus. Action Taken: No Action Taken.
File C:\counter.cab infected by "Trojan-Dropper.Win32.Small.ls" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\wsxs\patchme.exe infected by "not-a-virus:AdWare.DelphinMedia.Viewer.f" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Start Menu\Programs\Startup\tdrr.exe infected by "Trojan-Downloader.Win32.Qoologic.l" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\Bobby\Desktop\HijackThis\backups\backup-20050505-105211-533.dll infected by "not-a-virus:AdWare.ToolBar.Exact" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\Bobby\Local Settings\Temp\9qg.sys infected by "Trojan.Win32.Delf.cf" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\John Quinn\Local Settings\Temp\9qg.sys infected by "Trojan.Win32.Delf.cf" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\Mary Kelly\Local Settings\Temp\9qg.sys infected by "Trojan.Win32.Delf.cf" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\Pete\Local Settings\Temp\9qg.sys infected by "Trojan.Win32.Delf.cf" Virus. Action Taken: No Action Taken.
File C:\installer\id53.exe infected by "Trojan.Win32.SecondThought.l" Virus. Action Taken: No Action Taken.
File C:\Program Files\180search Assistant\saap.exe infected by "not-a-virus:AdWare.180Solutions" Virus. Action Taken: No Action Taken.
File C:\Program Files\180search Assistant\saaphook.dll infected by "not-a-virus:AdWare.180Solutions" Virus. Action Taken: No Action Taken.
File C:\Program Files\AdDestroyer\AdDestroyer.exe infected by "not-a-virus:AdWare.VirtualBouncer.g" Virus. Action Taken: No Action Taken.
File C:\Program Files\AutoUpdate\AutoUpdate.exe infected by "Trojan-Downloader.Win32.Apropo.g" Virus. Action Taken: No Action Taken.
File C:\Program Files\Bcpc\bcpc.exe infected by "not-a-virus:AdWare.Broadcap.a" Virus. Action Taken: No Action Taken.
File C:\Program Files\Bcpc\bcre_inst.exe infected by "not-a-virus:AdWare.Broadcap.a" Virus. Action Taken: No Action Taken.
File C:\Program Files\Bpt\BPT.exe infected by "not-a-virus:AdWare.Broadcap.a" Virus. Action Taken: No Action Taken.
File C:\Program Files\Bpt\bptre_inst.exe infected by "not-a-virus:AdWare.Broadcap.a" Virus. Action Taken: No Action Taken.
File C:\Program Files\BullsEye Network\bin\adv.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\Program Files\BullsEye Network\bin\adx.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\Program Files\BullsEye Network\bin\bargains.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\Program Files\ClearSearch\CSBIINST.DLL infected by "not-a-virus:AdWare.ClearSearch.b" Virus. Action Taken: No Action Taken.
File C:\Program Files\ClearSearch\Loader.exe infected by "Backdoor.Win32.Ruledor.c" Virus. Action Taken: No Action Taken.
File C:\Program Files\Common Files\Java\bpt.cfg infected by "not-a-virus:AdWare.Broadcap.a" Virus. Action Taken: No Action Taken.
File C:\Program Files\Common Files\Java\bptre.exe infected by "not-a-virus:AdWare.Broadcap.a" Virus. Action Taken: No Action Taken.
File C:\Program Files\Common Files\Java\xclean.exe infected by "not-a-virus:AdWare.Broadcap.b" Virus. Action Taken: No Action Taken.
File C:\Program Files\Common Files\Java\Xcpy1.cfg infected by "not-a-virus:AdWare.FlashTrack.b" Virus. Action Taken: No Action Taken.
File C:\Program Files\Common Files\Uninstall Information\RemoveDisplayUtility.exe infected by "not-a-virus:AdWare.DelphinMedia.Viewer.f" Virus. Action Taken: No Action Taken.
File C:\Program Files\Common Files\WinTools\btiein.dll infected by "Trojan-Downloader.Win32.QDown.h" Virus. Action Taken: No Action Taken.
File C:\Program Files\Common Files\WinTools\WinTools.exe tagged as not-a-virus:RiskWare.Tool.Exporun. No Action Taken.
File C:\Program Files\DownloadWare\Downloads\217.dat infected by "not-a-virus:AdWare.WindowEnhancer" Virus. Action Taken: No Action Taken.
File C:\Program Files\DownloadWare\dw.exe infected by "not-a-virus:AdWare.DownloadWare" Virus. Action Taken: No Action Taken.
File C:\Program Files\DownloadWare\Temp\seinst.exe infected by "not-a-virus:AdWare.WindowEnhancer" Virus. Action Taken: No Action Taken.
File C:\Program Files\eSyndicate\esyn.dll infected by "not-a-virus:AdWare.Esyndic.a" Virus. Action Taken: No Action Taken.
File C:\Program Files\eXact\CloseWindow.exe infected by "not-a-virus:AdWare.Toolbar.Exact" Virus. Action Taken: No Action Taken.
File C:\Program Files\eXact\eXactToolbar.dll infected by "not-a-virus:AdWare.Toolbar.Exact" Virus. Action Taken: No Action Taken.
File C:\Program Files\eXact\exacttoolbar00043.dll infected by "not-a-virus:AdWare.ToolBar.Exact" Virus. Action Taken: No Action Taken.
File C:\Program Files\eXact\exacttoolbar00067.dll infected by "not-a-virus:AdWare.ToolBar.Exact" Virus. Action Taken: No Action Taken.
File C:\Program Files\eXact\exactUpdate.exe infected by "not-a-virus:AdWare.ToolBar.Exact" Virus. Action Taken: No Action Taken.
File C:\Program Files\eXact\exactupdate00120.exe infected by "not-a-virus:AdWare.ToolBar.Exact" Virus. Action Taken: No Action Taken.
File C:\Program Files\eXact\exactupdate00136.exe infected by "not-a-virus:AdWare.ToolBar.Exact" Virus. Action Taken: No Action Taken.
File C:\Program Files\eZula\CHCON.dll infected by "not-a-virus:AdWare.EZula.ae" Virus. Action Taken: No Action Taken.
File C:\Program Files\eZula\mmod.exe infected by "not-a-virus:AdWare.EZula.z" Virus. Action Taken: No Action Taken.
File C:\Program Files\eZula\seng.dll infected by "not-a-virus:AdWare.EZula.ab" Virus. Action Taken: No Action Taken.
File C:\Program Files\Internet Optimizer\actalert.exe infected by "Trojan-Downloader.Win32.Dyfuca.cr" Virus. Action Taken: No Action Taken.
File C:\Program Files\Internet Optimizer\install.exe infected by "Trojan-Downloader.Win32.Dyfuca.cs" Virus. Action Taken: No Action Taken.
File C:\Program Files\Internet Optimizer\optimize.exe infected by "Trojan-Downloader.Win32.Dyfuca.cq" Virus. Action Taken: No Action Taken.
File C:\Program Files\Internet Optimizer\update\actalert.exe infected by "Trojan-Downloader.Win32.Dyfuca.cr" Virus. Action Taken: No Action Taken.
File C:\Program Files\Internet Optimizer\update\install.exe infected by "Trojan-Downloader.Win32.Dyfuca.cs" Virus. Action Taken: No Action Taken.
File C:\Program Files\ISTsvc\istsvc.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Lycos\IEagent\CSBIINST.DLL infected by "not-a-virus:AdWare.ClearSearch.b" Virus. Action Taken: No Action Taken.
File C:\Program Files\Lycos\IEagent\CSIE.DLL infected by "not-a-virus:AdWare.ClearSearch.l" Virus. Action Taken: No Action Taken.
File C:\Program Files\Lycos\IEagent\CSSSINST.DLL infected by "not-a-virus:AdWare.ClearSearch.b" Virus. Action Taken: No Action Taken.
File C:\Program Files\Lycos\IEagent\FNuninstaller.EXE infected by "not-a-virus:AdWare.ClearSearch.n" Virus. Action Taken: No Action Taken.
File C:\Program Files\Lycos\IEagent\Loader.exe infected by "Trojan-Downloader.Win32.Small.go" Virus. Action Taken: No Action Taken.
File C:\Program Files\Lycos\Sidesearch\sidesearch1400.dll infected by "not-a-virus:AdWare.Sidesearch.c" Virus. Action Taken: No Action Taken.
File C:\Program Files\NaviSearch\bin\nls.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\Program Files\over.exe infected by "Trojan.Win32.Revop.a" Virus. Action Taken: No Action Taken.
File C:\Program Files\pup.exe infected by "Trojan.Win32.Revop.c" Virus. Action Taken: No Action Taken.
File C:\Program Files\PurityScan\PuritySCAN.exe infected by "Trojan.Win32.Scapur.e" Virus. Action Taken: No Action Taken.
File C:\Program Files\se\v11\se.DLL infected by "not-a-virus:AdWare.WindowEnhancer" Virus. Action Taken: No Action Taken.
File C:\Program Files\se\v11\se.EXE infected by "not-a-virus:AdWare.WindowEnhancer" Virus. Action Taken: No Action Taken.
File C:\Program Files\STC\bundles.exe infected by "Trojan.Win32.SecondThought.ba" Virus. Action Taken: No Action Taken.
File C:\Program Files\STC\bundles118.exe infected by "Trojan.Win32.SecondThought.bf" Virus. Action Taken: No Action Taken.
File C:\Program Files\STC\bundles53.exe infected by "Trojan.Win32.SecondThought.bg" Virus. Action Taken: No Action Taken.
File C:\Program Files\STC\ClrSchP070.exe infected by "Backdoor.Win32.Ruledor.c" Virus. Action Taken: No Action Taken.
File C:\Program Files\STC\slmss.exe infected by "Trojan.Win32.SecondThought.a" Virus. Action Taken: No Action Taken.
File C:\Program Files\STC\Tvm_b5_269.exe infected by "Trojan-Dropper.Win32.Small.gj" Virus. Action Taken: No Action Taken.
File C:\Program Files\Windows Media Player\wmplayer.exe.tmp infected by "Trojan-Downloader.Win32.Small.apm" Virus. Action Taken: No Action Taken.
File C:\stcupdt.exe infected by "Trojan.Win32.SecondThought.bd" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000010.DLL infected by "Trojan.Win32.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000014.exe infected by "Trojan.Win32.Revop.c" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000031.DLL infected by "Trojan.Win32.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000038.exe infected by "Trojan.Win32.Revop.c" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000064.DLL infected by "Trojan.Win32.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000069.exe infected by "Trojan.Win32.Revop.c" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000078.DLL infected by "Trojan.Win32.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000084.exe infected by "Trojan.Win32.Revop.c" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000120.DLL infected by "Trojan.Win32.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000125.exe infected by "Trojan.Win32.Revop.c" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0000146.DLL infected by "Trojan.Win32.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0000152.exe infected by "Trojan.Win32.Revop.c" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0000173.DLL infected by "Trojan.Win32.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0000179.exe infected by "Trojan.Win32.Revop.c" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0000194.exe infected by "Trojan-Downloader.Win32.Small.apm" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0000202.DLL infected by "Trojan.Win32.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0000214.exe infected by "Trojan.Win32.Revop.c" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0000233.DLL infected by "Trojan.Win32.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\A0000241.exe infected by "Trojan.Win32.Revop.c" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3\A0000264.exe infected by "Trojan.Win32.Revop.c" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3\A0000272.DLL infected by "Trojan.Win32.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3\A0000279.exe infected by "Trojan.Win32.Revop.c" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0000317.DLL infected by "Trojan.Win32.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0000323.exe infected by "Trojan.Win32.Revop.c" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0000345.exe infected by "Trojan-Downloader.Win32.Qoologic.l" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0000351.DLL infected by "Trojan.Win32.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0000358.exe infected by "Trojan.Win32.Revop.c" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0001350.DLL infected by "Trojan.Win32.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0001356.exe infected by "Trojan.Win32.Revop.c" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0001384.DLL infected by "Trojan.Win32.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0001390.exe infected by "Trojan.Win32.Revop.c" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0001409.DLL infected by "Trojan.Win32.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0001415.exe infected by "Trojan.Win32.Revop.c" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0001438.DLL infected by "Trojan.Win32.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0001444.exe infected by "Trojan.Win32.Revop.c" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0001464.DLL infected by "Trojan.Win32.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0001471.exe infected by "Trojan.Win32.Revop.c" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP5\A0001495.exe infected by "Trojan.Win32.Revop.c" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP5\A0001514.DLL infected by "Trojan.Win32.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP5\A0001521.exe infected by "Trojan.Win32.Revop.c" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP5\A0001546.DLL infected by "Trojan.Win32.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP5\A0001553.exe infected by "Trojan.Win32.Revop.c" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP5\A0001576.DLL infected by "Trojan.Win32.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP5\A0001582.exe infected by "Trojan.Win32.Revop.c" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP5\A0001603.DLL infected by "Trojan.Win32.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP5\A0001610.exe infected by "Trojan.Win32.Revop.c" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0001645.DLL infected by "Trojan.Win32.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0001647.exe infected by "Trojan.Win32.Revop.c" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0001681.DLL infected by "Trojan.Win32.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0001693.exe infected by "Trojan.Win32.Revop.c" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0001715.DLL infected by "Trojan.Win32.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0001729.exe infected by "Trojan.Win32.Revop.c" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0001750.DLL infected by "Trojan.Win32.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0001761.exe infected by "Trojan.Win32.Revop.c" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0001783.DLL infected by "Trojan.Win32.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP6\A0001788.exe infected by "Trojan.Win32.Revop.c" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002783.DLL infected by "Trojan.Win32.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002786.exe infected by "Trojan.Win32.Revop.c" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002796.DLL infected by "Trojan.Win32.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP8\A0002801.exe infected by "Trojan.Win32.Revop.c" Virus. Action Taken: No Action Taken.
File C:\temporary\install201.exe infected by "Trojan.Win32.SecondThought.an" Virus. Action Taken: No Action Taken.
File C:\temporary\install53.exe infected by "Trojan.Win32.SecondThought.ac" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\70tovmto.exe infected by "not-a-virus:AdWare.Sahat.o" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\9qg.sys infected by "Trojan.Win32.Delf.cf" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\a95kfrhe.exe infected by "not-a-virus:AdWare.Sahat.o" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\aguyuryp.exe infected by "Trojan-Downloader.Win32.IstBar.ij" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\bundles\2517041105.exe infected by "not-a-virus:AdWare.VirtualBouncer.c" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\bundles\shopinst.exe infected by "Trojan-Downloader.Win32.Small.wj" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\bundles\SSK_B5.EXE infected by "Trojan-Dropper.Win32.SurfSide.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\bundles\thin-8-1-x-x.exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\bundles\WebRebates_Auto_InstallSilent.exe infected by "not-a-virus:AdWare.WebRebates.g" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\bxxs5.dll infected by "not-a-virus:AdWare.BookedSpace.c" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\lsp_.dll infected by "not-a-virus:AdWare.Sahat.f" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\SAHAgent_.exe infected by "not-a-virus:AdWare.Sahat.i" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\SahHtml_.exe infected by "not-a-virus:AdWare.Sahat.j" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\SAHUninstall_.exe infected by "not-a-virus:AdWare.Sahat.j" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\eZinstall.exe infected by "not-a-virus:AdWare.EZula.ak" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Hxmxevtw.dll infected by "not-a-virus:AdWare.SearchBand.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\HyperLinker.exe infected by "not-a-virus:AdWare.MDH.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\ieasst.dll infected by "Trojan.Win32.StartPage.io" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\itivyv.exe_ infected by &q

[greyknight17]

This is not going to be easy. You ran all your antivirus scans (both online and offline) right? We'll have to remove it manually then.

Go to your Add/Remove Panel and see if you can uninstall these:

AdRotator
BullsEye Network
ClearSearch
DownloadWare
eXact Toolbar
eSyndicate
eZula
Internet Optimizer
Lycos
ISTsvc
NaviSearch
PurityScan
WinTools
AdDestroyer
180 Search Assistant

Turn off system restore by right clicking on My Computer and go to Properties->System Restore and check the box for Turn off System Restore. Click Apply and then OK. Restart your computer and uncheck the same box to enable System Restore.

The Temp folders should be cleaned out periodically as installation programs and hijack programs leave a lot of junk there. Download CleanUp! http://cleanup.stevengould.org/ (Alternate Link if main link don't work - http://www.greyknigh...spy/Cleanup.exe ) and install it. Run CleanUp! and click on CleanUp! button. When it asks you if you want to logoff, click on Yes.

Delete all these files (or folders if mentioned to delete). You should be able to see what files to delete, they are listed right after File::

C:\WINDOWS\System32\Services\{8223CA69-A4D8-42D7-B86E-2FE88740F9DE}\SECURITY.DLL infected by "Trojan.Win32.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\Services\{8223CA69-A4D8-42D7-B86E-2FE88740F9DE}\SVCHOST32.DLL infected by "Trojan.Win32.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\gpsssbh.dll infected by "Trojan-Downloader.Win32.Qoologic.l" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\csrs0dec.dll infected by "Backdoor.Win32.PPdoor.j" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\winup2date.dll infected by "Trojan-Clicker.Win32.Small.et" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\nvrsdctr.exe infected by "Backdoor.Win32.PPdoor.j" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\Services\{8223CA69-A4D8-42D7-B86E-2FE88740F9DE}\SVCHOST.EXE infected by "Trojan.Win32.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\nriiil.exe infected by "Trojan-Downloader.Win32.Qoologic.l" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\PQL.exe infected by "Trojan.Win32.Revop.c" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\csrs0dec.dll infected by "Backdoor.Win32.PPdoor.j" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM32\yx4.dll infected by "Trojan.Win32.Delf.cf" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\ocdddqr.exe infected by "Trojan-Downloader.Win32.Qoologic.l" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\nvrsdctr.exe infected by "Backdoor.Win32.PPdoor.j" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\Services\{8223CA69-A4D8-42D7-B86E-2FE88740F9DE}\SVCHOST.EXE infected by "Trojan.Win32.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\nriiil.exe infected by "Trojan-Downloader.Win32.Qoologic.l" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\PQL.exe infected by "Trojan.Win32.Revop.c" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\Services\{8223CA69-A4D8-42D7-B86E-2FE88740F9DE}\SECURITY.EXE infected by "Trojan.Win32.WebSearch.i" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\cwaugyp.exe infected by "Trojan.Win32.Delf.cf" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Start Menu\Programs\Startup\tdrr.exe
C:\WINDOWS\70tovmto.exe infected by "not-a-virus:AdWare.Sahat.o" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\9qg.sys infected by "Trojan.Win32.Delf.cf" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\a95kfrhe.exe infected by "not-a-virus:AdWare.Sahat.o" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\aguyuryp.exe infected by "Trojan-Downloader.Win32.IstBar.ij" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\bxxs5.dll infected by "not-a-virus:AdWare.BookedSpace.c" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\eZinstall.exe infected by "not-a-virus:AdWare.EZula.ak" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Hxmxevtw.dll infected by "not-a-virus:AdWare.SearchBand.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\HyperLinker.exe infected by "not-a-virus:AdWare.MDH.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\ieasst.dll infected by "Trojan.Win32.StartPage.io" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\itivyv.exe_ infected by "not-a-virus:AdWare.180Solutions" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\mscore.dll infected by "not-a-virus:AdWare.WebSearch.k" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\mwsvm.exe infected by "not-a-virus:AdWare.Suggestor.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\mwsvm.ocx infected by "not-a-virus:AdWare.Suggestor.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\pup.exe infected by "Trojan.Win32.Revop.c" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\twaintec.dll infected by "not-a-virus:AdWare.BiSpy.m" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\webhdll.dll infected by "not-a-virus:AdWare.WebHancer" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\woinstall.exe infected by "not-a-virus:AdWare.EZula.ak" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\wsem300.dll infected by "Trojan-Downloader.Win32.Dyfuca.cv" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\0021-bdl94126.EXE infected by "Trojan-Downloader.Win32.VB.ca" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\06wu29rd.exe infected by "not-a-virus:AdWare.F1Organizer.h" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\1800411.dll infected by "Trojan-Dropper.Win32.Miewer.f" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\1800414.dll infected by "Trojan-Dropper.Win32.Miewer.f" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\1802.dll infected by "Trojan-Downloader.Win32.Miewer.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\1803.dll infected by "Trojan-Downloader.Win32.Miewer.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\2b3fsk0h.dll infected by "not-a-virus:AdWare.Sahat.l" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\2ndsrch.dll infected by "Trojan-Downloader.Win32.Agent.ja" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\449166.exe infected by "not-a-virus:AdWare.Beginto.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\9qg.sys infected by "Trojan.Win32.Delf.cf" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\anddd.dll infected by "Trojan-Downloader.Win32.Qoologic.l" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\ap9h4qmo.exe infected by "not-a-virus:AdWare.Sahat.o" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\ATPartners.dll infected by "not-a-virus:AdWare.F1Organizer.c" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\bizzard.dll infected by "Trojan-Dropper.Win32.Miewer.f" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\blapbrd.exe_ infected by "Trojan-Downloader.Win32.Apropo.t" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\bln02nqv.exe infected by "not-a-virus:AdWare.Sahat.o" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\cdoloader.exe infected by "not-a-virus:AdWare.Apropos.i" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\cd_clint.dll infected by "not-a-virus:AdWare.Cydoor" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\cd_htm.dll infected by "not-a-virus:AdWare.Cydoor" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\CS4P028.exe infected by "Trojan-Downloader.Win32.Small.go" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\dde32v.exe infected by "not-a-virus:AdWare.Apropos.i" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\delfin.dll infected by "Trojan-Downloader.Win32.Miewer.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\delfin0406.dll infected by "Trojan-Downloader.Win32.Miewer.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\delfin0414.dll infected by "Trojan-Downloader.Win32.Miewer.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\destmler.exe_ infected by "Trojan-Downloader.Win32.Apropo.t" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\dp807615.exe infected by "Trojan-Downloader.Win32.Lalus" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\dp8pnt.exe_ infected by "Trojan-Downloader.Win32.Agent.ji" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\dwwntz.exe_ infected by "Trojan-Downloader.Win32.Apropo.t" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\EMBIOSO.exe infected by "Trojan.Win32.Revop.c" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\exdl.exe infected by "not-a-virus:AdWare.BargainBuddy.j" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\exdl1.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\exdl2.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\exul.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\exul1.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\exul2.exe infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\gah95on6.exe infected by "not-a-virus:AdWare.Sahat.o" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\goldnew2b.dll infected by "Trojan-Dropper.Win32.Miewer.f" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\goldnew2b0406.dll infected by "Trojan-Dropper.Win32.Miewer.f" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\goldnew2b0414.dll infected by "Trojan-Dropper.Win32.Miewer.f" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\gpsssbh.dll infected by "Trojan-Downloader.Win32.Qoologic.l" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\IdleUI.dll infected by "Trojan-Spy.Win32.Idly.c" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\infamous_downloader.exe infected by "Trojan-Downloader.Win32.Small.iq" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\install2.exe infected by "Trojan.Win32.SecondThought.l" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\instsrv.exe tagged as not-a-virus:RiskWare.Tool.ServiceRunner.f. No Action Taken.
File C:\WINDOWS\System32\javex80.vxd infected by "not-a-virus:AdWare.BargainBuddy.l" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\javexulm.vxd infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\lcinstaller.exe infected by "not-a-virus:AdWare.WinAD.ab" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\LDRCLNRF.exe infected by "Trojan.Win32.Revop.c" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\lmf32v.dll infected by "not-a-virus:AdWare.Suggestor.f" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\mac80ex.idf infected by "not-a-virus:AdWare.BargainBuddy.l" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\midad.dll infected by "Trojan-Downloader.Win32.Miewer.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\MOCXD.exe infected by "Trojan.Win32.Revop.c" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\mqexdlm.srg infected by "not-a-virus:AdWare.BargainBuddy.n" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\mrt07615.exe infected by "not-a-virus:AdWare.Apropos.i" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\msshed32.exe infected by "Trojan-Downloader.Win32.Delf.go" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\mtxgehlp.exe_ infected by "Trojan-Downloader.Win32.Apropo.t" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\mydpnt.exe_ infected by "Trojan-Downloader.Win32.Apropo.t" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\ncoolfn.exe infected by "Trojan-Downloader.Win32.Apropo.t" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\netut80ex.vxd infected by "not-a-virus:AdWare.BargainBuddy.j" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\newdevin.exe infected by "not-a-virus:AdWare.BookedSpace.c" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\nmp.dll infected by "Trojan-Dropper.Win32.Miewer.f" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\opOops2P.exe infected by "Trojan.Win32.Revop.c" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\patquota.exe_ infected by "Trojan-Downloader.Win32.Apropo.t" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\pndsvinn.exe_ infected by "Trojan-Downloader.Win32.Agent.ji" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\pop0406b.dll infected by "Trojan-Dropper.Win32.Miewer.f" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\pop317.dll infected by "Trojan-Dropper.Win32.Miewer.f" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\pop5.dll infected by "Trojan-Downloader.Win32.Miewer.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\pop7.dll infected by "Trojan-Downloader.Win32.Miewer.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\PopOops.dll infected by "not-a-virus:AdWare.VirtualBouncer.g" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\PopOops2.dll infected by "not-a-virus:AdWare.VirtualBouncer.g" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\PPN.exe infected by "Trojan.Win32.Revop.c" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\q0gds8b1.dll infected by "not-a-virus:AdWare.Sahat.l" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\q17i9a4j.exe infected by "not-a-virus:AdWare.Sahat.o" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\qh4mkbv9.dll infected by "not-a-virus:AdWare.Sahat.l" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\qool414.dll infected by "Trojan-Dropper.Win32.Miewer.f" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\redirect.vbs infected by "Trojan-Downloader.VBS.Psyme.as" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\reg6523.exe infected by "not-a-virus:AdWare.Beginto.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\rouoree.exe_ infected by "Trojan-Downloader.Win32.Apropo.t" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\shrcp60.exe_ infected by "Trojan-Downloader.Win32.Apropo.t" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\silent.exe infected by "not-a-virus:AdWare.WinFetcher.b" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\srpcsrv32.dll infected by "Trojan-Downloader.Win32.Adload.g" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\sskden2.dll infected by "Trojan-Dropper.Win32.Miewer.f" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\stcloader.exe infected by "Trojan.Win32.SecondThought.ai" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\SuiteInstall.exe infected by "Trojan-Downloader.NSIS.Gen" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\SWDAT10M.exe infected by "Trojan.Win32.Revop.c" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\SWLAD1.dll infected by "not-a-virus:AdWare.VirtualBouncer.g" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\SWLAD2.dll infected by "not-a-virus:AdWare.VirtualBouncer.g" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\SWRT01.dll infected by "not-a-virus:AdWare.VirtualBouncer.g" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\tv30406.dll infected by "Trojan-Downloader.Win32.Miewer.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\TVM_B5.EXE infected by "Trojan-Dropper.Win32.Small.ht" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\tvnew.dll infected by "Trojan-Downloader.Win32.Miewer.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\txfdb32.dll infected by "Trojan-Downloader.Win32.Adload.g" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\u9i.exe infected by "Trojan.Win32.Delf.cf" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\uickTimeQ.exe infected by "Trojan.Win32.Revop.c" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\vqwww.dat infected by "Trojan-Downloader.Win32.Qoologic.l" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\winup2date.dll infected by "Trojan-Clicker.Win32.Small.et" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\winupdt.exe infected by "Trojan.Win32.SecondThought.be" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\wldr.dll infected by "Trojan-Downloader.Win32.Agent.le" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\wmconfig.cpl infected by "Trojan-Dropper.Win32.Small.wc" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\wys.dll infected by "not-a-virus:AdWare.WhileSurf.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\wys5.dll infected by "Trojan-Downloader.Win32.Miewer.e" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\xTWIAFCIAUG.exe infected by "Trojan-Downloader.Win32.Agent.am" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\_1250C.exe infected by "Trojan.Win32.Revop.c" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\Bobby\LOCALS~1\Temp\9qg.sys infected by "Trojan.Win32.Delf.cf" Virus. Action Taken: No Action Taken.
File C:\!Submit\param32.dll infected by "Trojan-Downloader.Win32.WarSpy.g" Virus. Action Taken: No Action Taken.
File C:\counter.cab infected by "Trojan-Dropper.Win32.Small.ls" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\wsxs\patchme.exe infected by "not-a-virus:AdWare.DelphinMedia.Viewer.f" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Start Menu\Programs\Startup\tdrr.exe infected by "Trojan-Downloader.Win32.Qoologic.l" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\Bobby\Desktop\HijackThis\backups\backup-20050505-105211-533.dll infected by "not-a-virus:AdWare.ToolBar.Exact" Virus. Action Taken: No Action Taken.
File C:\installer\id53.exe infected by "Trojan.Win32.SecondThought.l" Virus. Action Taken: No Action Taken.
File C:\Program Files\180search Assistant\ - delete folder
File C:\Program Files\AdDestroyer\ - delete folder
File C:\Program Files\AutoUpdate\ - delete folder
File C:\Program Files\Bcpc\ - delete folder
File C:\Program Files\Bpt\ - delete folder
File C:\Program Files\BullsEye Network - delete folder
File C:\Program Files\ClearSearch\ - delete folder
File C:\Program Files\Common Files\Java\bpt.cfg infected by "not-a-virus:AdWare.Broadcap.a" Virus. Action Taken: No Action Taken.
File C:\Program Files\Common Files\Java\bptre.exe infected by "not-a-virus:AdWare.Broadcap.a" Virus. Action Taken: No Action Taken.
File C:\Program Files\Common Files\Java\xclean.exe infected by "not-a-virus:AdWare.Broadcap.b" Virus. Action Taken: No Action Taken.
File C:\Program Files\Common Files\Java\Xcpy1.cfg infected by "not-a-virus:AdWare.FlashTrack.b" Virus. Action Taken: No Action Taken.
File C:\Program Files\Common Files\Uninstall Information\RemoveDisplayUtility.exe
File C:\Program Files\Common Files\WinTools\ - delete folder
File C:\Program Files\DownloadWare\ - delete folder
File C:\Program Files\eSyndicate\ - delete folder
File C:\Program Files\eXact\ - delete folder
File C:\Program Files\eZula\ - delete folder
File C:\Program Files\Internet Optimizer\ - delete folder
File C:\Program Files\ISTsvc\ - delete folder
File C:\Program Files\Lycos\ - delete folder
File C:\Program Files\NaviSearch\ - delete folder
File C:\Program Files\over.exe infected by "Trojan.Win32.Revop.a" Virus. Action Taken: No Action Taken.
File C:\Program Files\pup.exe infected by "Trojan.Win32.Revop.c" Virus. Action Taken: No Action Taken.
File C:\Program Files\PurityScan\ - delete folder
File C:\Program Files\se\v11\se.DLL infected by "not-a-virus:AdWare.WindowEnhancer" Virus. Action Taken: No Action Taken.
File C:\Program Files\se\v11\se.EXE infected by "not-a-virus:AdWare.WindowEnhancer" Virus. Action Taken: No Action Taken.
File C:\Program Files\STC\bundles.exe infected by "Trojan.Win32.SecondThought.ba" Virus. Action Taken: No Action Taken.
File C:\Program Files\STC\bundles118.exe infected by "Trojan.Win32.SecondThought.bf" Virus. Action Taken: No Action Taken.
File C:\Program Files\STC\bundles53.exe infected by "Trojan.Win32.SecondThought.bg" Virus. Action Taken: No Action Taken.
File C:\Program Files\STC\ClrSchP070.exe infected by "Backdoor.Win32.Ruledor.c" Virus. Action Taken: No Action Taken.
File C:\Program Files\STC\slmss.exe infected by "Trojan.Win32.SecondThought.a" Virus. Action Taken: No Action Taken.
File C:\Program Files\STC\Tvm_b5_269.exe infected by "Trojan-Dropper.Win32.Small.gj" Virus. Action Taken: No Action Taken.
File C:\Program Files\Windows Media Player\wmplayer.exe.tmp infected by "Trojan-Downloader.Win32.Small.apm" Virus. Action Taken: No Action Taken.
File C:\stcupdt.exe
C:\temporary\install201.exe infected by "Trojan.Win32.SecondThought.an" Virus. Action Taken: No Action Taken.
File C:\temporary\install53.exe infected by "Trojan.Win32.SecondThought.ac" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\70tovmto.exe infected by "not-a-virus:AdWare.Sahat.o" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\9qg.sys infected by "Trojan.Win32.Delf.cf" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\a95kfrhe.exe infected by "not-a-virus:AdWare.Sahat.o" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\aguyuryp.exe infected by "Trojan-Downloader.Win32.IstBar.ij" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\bundles\ - delete folder
File C:\WINDOWS\bxxs5.dll infected by "not-a-virus:AdWare.BookedSpace.c" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\lsp_.dll infected by "not-a-virus:AdWare.Sahat.f" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\SAHAgent_.exe infected by "not-a-virus:AdWare.Sahat.i" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\SahHtml_.exe infected by "not-a-virus:AdWare.Sahat.j" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\SAHUninstall_.exe infected by "not-a-virus:AdWare.Sahat.j" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\eZinstall.exe infected by "not-a-virus:AdWare.EZula.ak" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Hxmxevtw.dll infected by "not-a-virus:AdWare.SearchBand.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\HyperLinker.exe infected by "not-a-virus:AdWare.MDH.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\ieasst.dll infected by "Trojan.Win32.StartPage.io" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\itivyv.exe_
C:\WINDOWS\System32\Services\{8223CA69-A4D8-42D7-B86E-2FE88740F9DE}\SVCHOST.EXE
C:\WINDOWS\System32\nriiil.exe
C:\WINDOWS\System32\EGAPIR.exe
C:\WINDOWS\SYSTEM32\yx4.dll

Check and fix these in HijackThis:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ipassist.biz/index.php?id=11258
O2 - BHO: (no name) - {A78860C8-EE1A-46DF-A97F-E3E6D433E80B} - C:\WINDOWS\SYSTEM32\yx4.dll
O4 - HKLM\..\RunOnce: [cwaugyp.exe] C:\WINDOWS\System32\cwaugyp.exe /k
O4 - HKCU\..\RunOnce: [cwaugyp.exe] C:\WINDOWS\System32\cwaugyp.exe /k
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.v...od/install.html

Restart and run a new mwav and HijackThis scan. Post both logs here.

[greyknight17]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.