Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

help with Aurora popus removal

Started by chelegeurts67 , Jun 08 2005 12:27 AM

  • Please log in to reply

#1
chelegeurts67
Posted 08 June 2005 - 12:27 AM

chelegeurts67

    Member

  • Member
  • PipPip
  • 19 posts
I went thru the steps, dowloaded Hijack This, then scan with HJT and save log copied it and here it is:

Logfile of HijackThis v1.99.1
Scan saved at 11:21:55 PM, on 6/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\HP\KBD\KBD.EXE
C:\Program Files\WildTangent\Apps\GameChannel.exe
C:\WINDOWS\system32\VTTimer.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\QuickTime\qttask.exe
c:\windows\system32\slblhse.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRAM FILES\ROCKET DIVISION SOFTWARE\STARSKIN\STARSKIN.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe
C:\Program Files\NaviSearch\bin\nls.exe
C:\windows\system32\rlvknlg.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\PROGRA~1\COMPAQ~2\Presario\XPHNARP4EN\plugin\bin\pchbutton.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\system32\hpoipm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-qus10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.exactsearch.net/sidesearch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: VBRunDLL Class - {197B8CA4-E215-46DD-8F33-E0544A80E5C4} - C:\WINDOWS\system32\vbrundll.dll
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll
O2 - BHO: ohb - {9ADE0443-2AB2-4B23-A3F8-AC520773DE12} - C:\WINDOWS\system32\nsa57B.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\system32\nvms.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [stcloader] C:\WINDOWS\System32\stcloader.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [StarSkin] C:\PROGRAM FILES\ROCKET DIVISION SOFTWARE\STARSKIN\STARSKIN.EXE -H
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe
O4 - HKLM\..\Run: [regsync] C:\WINDOWS\system32\regsync.exe
O4 - HKLM\..\Run: [jmktjhy] c:\windows\system32\slblhse.exe r
O4 - HKLM\..\Run: [OSS] C:\windows\system32\rlvknlg.exe -boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\COMPAQ~2\Presario\XPHNARP4EN\plugin\bin\pchbutton.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: HPAiODevice(hp officejet 7100 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - http://ca1mikpws001....quicksilver.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp...ads/sysinfo.cab
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse....iveX/winrep.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...84/mcinsctl.cab
O16 - DPF: {7411047A-48E1-4EC9-8AC1-088087AD368F} (QuickBooks GLDownload Control) - https://cbspayroll.i.../GLDownload.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,21/mcgdmgr.cab
O18 - Protocol: bw+0 - {601C63E4-754F-4057-9D70-9D72139A6866} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {601C63E4-754F-4057-9D70-9D72139A6866} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {601C63E4-754F-4057-9D70-9D72139A6866} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {601C63E4-754F-4057-9D70-9D72139A6866} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {601C63E4-754F-4057-9D70-9D72139A6866} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {601C63E4-754F-4057-9D70-9D72139A6866} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {601C63E4-754F-4057-9D70-9D72139A6866} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {601C63E4-754F-4057-9D70-9D72139A6866} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {601C63E4-754F-4057-9D70-9D72139A6866} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {601C63E4-754F-4057-9D70-9D72139A6866} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {601C63E4-754F-4057-9D70-9D72139A6866} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {601C63E4-754F-4057-9D70-9D72139A6866} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {601C63E4-754F-4057-9D70-9D72139A6866} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {601C63E4-754F-4057-9D70-9D72139A6866} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {601C63E4-754F-4057-9D70-9D72139A6866} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {601C63E4-754F-4057-9D70-9D72139A6866} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {601C63E4-754F-4057-9D70-9D72139A6866} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {601C63E4-754F-4057-9D70-9D72139A6866} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {601C63E4-754F-4057-9D70-9D72139A6866} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {601C63E4-754F-4057-9D70-9D72139A6866} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {601C63E4-754F-4057-9D70-9D72139A6866} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {601C63E4-754F-4057-9D70-9D72139A6866} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {601C63E4-754F-4057-9D70-9D72139A6866} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {601C63E4-754F-4057-9D70-9D72139A6866} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {601C63E4-754F-4057-9D70-9D72139A6866} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {601C63E4-754F-4057-9D70-9D72139A6866} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {601C63E4-754F-4057-9D70-9D72139A6866} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {601C63E4-754F-4057-9D70-9D72139A6866} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {601C63E4-754F-4057-9D70-9D72139A6866} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {601C63E4-754F-4057-9D70-9D72139A6866} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {601C63E4-754F-4057-9D70-9D72139A6866} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {601C63E4-754F-4057-9D70-9D72139A6866} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {601C63E4-754F-4057-9D70-9D72139A6866} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {601C63E4-754F-4057-9D70-9D72139A6866} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {601C63E4-754F-4057-9D70-9D72139A6866} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {601C63E4-754F-4057-9D70-9D72139A6866} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {601C63E4-754F-4057-9D70-9D72139A6866} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {601C63E4-754F-4057-9D70-9D72139A6866} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {601C63E4-754F-4057-9D70-9D72139A6866} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {601C63E4-754F-4057-9D70-9D72139A6866} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {601C63E4-754F-4057-9D70-9D72139A6866} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {601C63E4-754F-4057-9D70-9D72139A6866} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {601C63E4-754F-4057-9D70-9D72139A6866} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {601C63E4-754F-4057-9D70-9D72139A6866} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {601C63E4-754F-4057-9D70-9D72139A6866} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {601C63E4-754F-4057-9D70-9D72139A6866} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {601C63E4-754F-4057-9D70-9D72139A6866} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {601C63E4-754F-4057-9D70-9D72139A6866} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {601C63E4-754F-4057-9D70-9D72139A6866} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {601C63E4-754F-4057-9D70-9D72139A6866} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {601C63E4-754F-4057-9D70-9D72139A6866} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {601C63E4-754F-4057-9D70-9D72139A6866} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {601C63E4-754F-4057-9D70-9D72139A6866} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {601C63E4-754F-4057-9D70-9D72139A6866} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {601C63E4-754F-4057-9D70-9D72139A6866} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {601C63E4-754F-4057-9D70-9D72139A6866} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {601C63E4-754F-4057-9D70-9D72139A6866} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {601C63E4-754F-4057-9D70-9D72139A6866} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {601C63E4-754F-4057-9D70-9D72139A6866} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {601C63E4-754F-4057-9D70-9D72139A6866} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {601C63E4-754F-4057-9D70-9D72139A6866} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {601C63E4-754F-4057-9D70-9D72139A6866} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {601C63E4-754F-4057-9D70-9D72139A6866} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {601C63E4-754F-4057-9D70-9D72139A6866} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {601C63E4-754F-4057-9D70-9D72139A6866} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {601C63E4-754F-4057-9D70-9D72139A6866} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {601C63E4-754F-4057-9D70-9D72139A6866} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {601C63E4-754F-4057-9D70-9D72139A6866} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {601C63E4-754F-4057-9D70-9D72139A6866} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {601C63E4-754F-4057-9D70-9D72139A6866} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {601C63E4-754F-4057-9D70-9D72139A6866} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {601C63E4-754F-4057-9D70-9D72139A6866} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {601C63E4-754F-4057-9D70-9D72139A6866} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {601C63E4-754F-4057-9D70-9D72139A6866} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {601C63E4-754F-4057-9D70-9D72139A6866} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {601C63E4-754F-4057-9D70-9D72139A6866} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {601C63E4-754F-4057-9D70-9D72139A6866} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: ZESOFT - Unknown owner - C:\WINDOWS\zeta.exe

It said don't make any changes until you check the log. I await my next step.

Thank you in advance for all your help.

Michele
  • 0

Advertisements

#2
Kat
Posted 08 June 2005 - 12:38 AM

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
Hello and welcome to GeeksToGo. My name is Kat, and I will be helping you clean your computer back up and get it on the Go!

I need you to do a couple of simple things first, if you would, to help clean your log up a little.

1. Boot into Safe Mode by repeatedly tapping the F8 key as the computer begins to boot. You will be taken to a screen where you are given the option to enter Safe mode.

2. Go to Start>Control Panel>Add and Remove programs, and uninstall the following:

New.Net (or New Dot Net)
Logitech Desktop Messenger
Viewpoint
Wild Tangent << This is a program that is NOT necessary to play online games. It can seriously slow your system down, and can even cause start up issues. You will still be able to play all your favorite games, just as before.
Navisearch
BullsEyeNetwork


3. After you have uninstalled all of the above, please reboot normally.

4. I need you to download MWav to a convenient location.

This scan might take around 3+ hours to finish when set to scan everything.
I need you to run MWav by double-clicking on mwav.exe.
Put a check next to the below items before scanning:
  • Memory
  • Startup Folders
  • Drive - All Local Drives
  • Folder - then click "browse" to change the directory to C: (default is C:\Windows)
  • Registry
  • System Folders
  • Services
  • Include Sub-Directory
  • Scan All Files
Please make sure ALL of these are checked, then press the Scan button. This typically will take hours to complete.

**NOTE*** Sometimes MWav will pause and it appears to be finished, but it isn't done. Just let it run until it says it's complete.

On the bottom portion of the window, you will see the lower panel where MWav is listing "infected items", please highlight everything in that lower panel and copy them by holding CTRL + C then paste it here. The whole log will be extremely BIG so there is no way to post the log. I just need the infected items list.

5. After you have done the above, please post back to this thread using the Add Reply button. I would like to see the MWav Infected Items List log, as well as a new HijackThis log taken AFTER you have done the other things.

I am getting ready to go to bed for the night, but I will be back in the morning, and will look for a reply then! :tazz:

Hang in there. You have a pretty hefty collection of Malware, but I promise you we WILL get you cleaned up in no time!
  • 0

#3
chelegeurts67
Posted 08 June 2005 - 10:37 AM

chelegeurts67

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Okay here are the infected items list:

File C:\WINDOWS\system32\DrPMon.dll infected by "Trojan.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\system32\rlls.dll tagged as "not-a-virus:AdWare.RK.a". Action Taken: No Action Taken.
File C:\windows\system32\rlvknlg.exe tagged as "not-a-virus:AdWare.RK.a". Action Taken: No Action Taken.
File C:\WINDOWS\system32\nsa57B.dll tagged as "not-a-virus:AdWare.ToolBar.HotSearchBar.g". Action Taken: No Action Taken.
File C:\PROGRA~1\BULLSE~1\bin\bargains.exe tagged as "not-a-virus:AdWare.BargainBuddy.u". Action Taken: No Action Taken.
File C:\windows\system32\rlvknlg.exe tagged as "not-a-virus:AdWare.RK.a". Action Taken: No Action Taken.
File C:\WINDOWS\svcproc.exe infected by "Trojan.Win32.Stervis.c" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\zeta.exe tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken.
Object "Quicken Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "BullsEye Network Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "exactutil Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "AltNet Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "eZula Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "eZula Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "eZula Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "eZula Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "eZula Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "eZula Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "eZula Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "eZula Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "eZula Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "eZula Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "eZula Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "c:\Program Files\HP\Digital Imaging\bbfe\director\director2.htm". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Easy Internet signup\locale.xml". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Easy Internet signup\HPDialer.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Easy Internet signup\HPHTTP.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Easy Internet signup\HPSender.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Easy Internet signup\HPUpdater.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Easy Internet signup\HTTPTransport.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Easy Internet signup\HPSdpApp.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Easy Internet signup\Dialer_phonebook_test.html". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Easy Internet signup\RASDialer.ini". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Easy Internet signup\HPSDP.pbk". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Easy Internet signup\GRIC.SCP". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Adobe\Fonts\Reqrd\Base\AdobeFnt.lst". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\hpop1607.hlp". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0514B040-84EA-11D0-A8BF-00A0C9008A48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" refers to invalid object "C:\WINDOWS\System32\msjava.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0C8903E0-E32F-4035-B798-50C0BBCA42B6}" refers to invalid object "C:\WINDOWS\System32\SymNeti.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{33CE799A-0E69-4f81-8F78-E3246771513B}" refers to invalid object "C:\WINDOWS\System32\SymNeti.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{349D777D-F7A2-4AAE-967F-A54F05A7FF3B}" refers to invalid object "C:\Program Files\Common Files\Intuit\QuickBooks\QBFinder.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{3C9E293E-3C02-4260-9B5B-3666AD6663E0}" refers to invalid object "C:\Program Files\Easy Internet signup\HPSender.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5321966D-031F-4A66-B698-2EB7C0D26705}" refers to invalid object "C:\Program Files\Easy Internet signup\HPHTTP.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5BC209ED-276E-4C42-8D77-0D1713605757}" refers to invalid object "c:\PROGRA~1\COMMON~1\PALOAL~1\QPAS4.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6628157E-EBAB-4c1d-A3DB-468DB60F890D}" refers to invalid object "C:\WINDOWS\System32\SymNeti.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6B180C18-F1F2-466D-8C9B-9E8746597BF5}" refers to invalid object "c:\PROGRA~1\COMMON~1\PALOAL~1\PAS4.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{83D4679F-B6D7-11D2-BF36-00C04FB90A03}" refers to invalid object "C:\PROGRA~1\MESSEN~1\rtcimsp.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{88E729D6-BDC1-11D1-BD2A-00C04FB9603F}" refers to invalid object "fde.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{99EEC57E-4532-4d00-98AB-43D7C8D07755}" refers to invalid object "C:\WINDOWS\System32\SymNeti.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B0693766-5278-4ec6-B9E1-3CE40560EF5A}" refers to invalid object "CaPlgin.ax". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B074BC8B-5A5B-11CE-98BD-0000C0E6B88E}" refers to invalid object "F:\SSTABS32.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B074BC8F-5A5B-11CE-98BD-0000C0E6B88E}" refers to invalid object "F:\SSTABS32.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B074BC90-5A5B-11CE-98BD-0000C0E6B88E}" refers to invalid object "F:\SSTABS32.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B074BC94-5A5B-11CE-98BD-0000C0E6B88E}" refers to invalid object "F:\SSTABS32.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B0CEC9BB-C729-4445-85D7-1899E23C0298}" refers to invalid object "C:\Program Files\Easy Internet signup\HPDialer.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B1A99896-3AB9-4125-89FC-45656D918477}" refers to invalid object "C:\Program Files\Easy Internet signup\HPSender.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BFFFD262-7705-11D0-B5DC-444553540000}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C79C91A1-DB06-11D2-9E0C-00105A26F05D}" refers to invalid object "c:\PROGRA~1\Quicken\QWAPP.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E8A52BE3-690C-4EB2-A0F2-83112532AA4B}" refers to invalid object "c:\PROGRA~1\Quicken\QSHOWH~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F3CA5665-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F3CA566B-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F3CA5671-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F3CA5677-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F3CA567D-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F3CA5683-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F3CA5689-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F3CA568F-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F3CA5695-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F3CA569B-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F3CA56A1-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F3CA56A7-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F3CA56AD-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F3CA56B3-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F3CA56B9-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F3CA56BF-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F3CA56C5-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F3CA56CB-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F3CA56D1-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F3CA56D7-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F3CA56DD-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F3CA56E3-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F3CA56E9-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F3CA56EF-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F3CA56F5-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F3CA56FB-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F3CA5701-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F3CA5707-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F3CA570D-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F3CA5713-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F3CA571F-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F3CA572B-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F3CA5731-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F3CA5737-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F3CA573D-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F3CA5749-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F3CA574F-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F3CA5755-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F3CA575B-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F3CA5767-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F3CA5791-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F3CA57DF-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F3CA57E5-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F3CA57EB-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "C:\WINDOWS\System32\dx3j.dll". Action Taken: No Action Taken.
Entry "HKCR\Alg.AlgSetup" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.
Entry "HKCR\Alg.AlgSetup.1" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.
Entry "HKCR\CDDBControlApple.CddbFullName.1" refers to invalid object "{63338267-37c4-44cf-8e46-756fbe9c8fdc}". Action Taken: No Action Taken.
Entry "HKCR\CDDBControlApple.FullName" refers to invalid object "{63338267-37c4-44cf-8e46-756fbe9c8fdc}". Action Taken: No Action Taken.
Entry "HKCR\ComPlusMetaData.MsCorHost" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken.
Entry "HKCR\ComPlusMetaData.MsCorHost.2" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken.
Entry "HKCR\DSP.DSP" refers to invalid object "{9C123EA9-AEC9-4f75-BBC0-7565FA1398966}". Action Taken: No Action Taken.
Entry "HKCR\DSP.DSPDMOProp_Chorus.1" refers to invalid object "{6F63B172-5543-4593-91CE-EDBA65B9FACDB}". Action Taken: No Action Taken.
Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken.
Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Entry "HKCR\Plenoptic.Plenoptic" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
Entry "HKCR\Plenoptic.Plenoptic.1" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
Entry "HKCR\RTCCore.RTCClient" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.
Entry "HKCR\RTCCore.RTCClient.1" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.
Entry "HKCR\SNDSrvc.LocationAwareness" refers to invalid object "{5705911C-A065-4568-9B45-E88F240963D9}". Action Taken: No Action Taken.
Entry "HKCR\SNDSrvc.LocationAwareness.1" refers to invalid object "{5705911C-A065-4568-9B45-E88F240963D9}". Action Taken: No Action Taken.
Entry "HKCR\Symantec.CommonClient.ccEvtMgr.EventManagerag" refers to invalid object "{49BB73EE-2C2F-445E-82E3-E6E3380285BF}". Action Taken: No Action Taken.
Entry "HKCR\Symantec.CommonClient.ccEvtMgr.LogManag" refers to invalid object "{B8E914C1-A516-421F-B413-B32B3FA3F18F}". Action Taken: No Action Taken.
Entry "HKCR\SymWriter.pdb" refers to invalid object "{520DC67A-752E-11D3-8D56-00C04F680B2B}". Action Taken: No Action Taken.
Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr.1" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
File C:\WINDOWS\autoheal.exe tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken.
File C:\WINDOWS\hzyekxk.exe tagged as "not-a-virus:AdWare.BetterInternet.c". Action Taken: No Action Taken.
File C:\WINDOWS\jssuymzfa.exe tagged as "not-a-virus:AdWare.BetterInternet". Action Taken: No Action Taken.
File C:\WINDOWS\Nail.exe tagged as "not-a-virus:AdWare.BetterInternet.b". Action Taken: No Action Taken.
File C:\WINDOWS\NDNuninstall6_38.exe tagged as "not-a-virus:AdWare.NewDotNet". Action Taken: No Action Taken.
File C:\WINDOWS\system32\angelex.exe tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken.
File C:\WINDOWS\system32\DrPMon.dll infected by "Trojan.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\system32\exdl.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\WINDOWS\system32\exul.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\WINDOWS\system32\instsrv.exe tagged as not-a-virus:Tool.Win32.ServiceRunner.f. No Action Taken.
File C:\WINDOWS\system32\javexulm.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\WINDOWS\system32\mqexdlm.srg tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\WINDOWS\system32\netut80ex.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\WINDOWS\system32\nsn56F.dll tagged as "not-a-virus:AdWare.ToolBar.HotSearchBar.g". Action Taken: No Action Taken.
File C:\WINDOWS\system32\nss55F.dll tagged as "not-a-virus:AdWare.ToolBar.HotSearchBar.g". Action Taken: No Action Taken.
File C:\WINDOWS\system32\nsx575.dll tagged as "not-a-virus:AdWare.ToolBar.HotSearchBar.g". Action Taken: No Action Taken.
File C:\WINDOWS\system32\rk.bin tagged as "not-a-virus:AdWare.RK.a". Action Taken: No Action Taken.
File C:\WINDOWS\system32\rlls.dll tagged as "not-a-virus:AdWare.RK.a". Action Taken: No Action Taken.
File C:\DOCUME~1\Owner\LOCALS~1\Temp\1.exe tagged as "not-a-virus:AdWare.BetterInternet". Action Taken: No Action Taken.
File C:\DOCUME~1\Owner\LOCALS~1\Temp\~os29.tmp\OSMIM.DLL tagged as "not-a-virus:AdWare.RK.a". Action Taken: No Action Taken.
File C:\DOCUME~1\Owner\LOCALS~1\Temp\~os29.tmp\ossproxy.exe tagged as "not-a-virus:AdWare.RK.a". Action Taken: No Action Taken.
File C:\DOCUME~1\Owner\LOCALS~1\Temp\~os29.tmp\rk.bin tagged as "not-a-virus:AdWare.RK.a". Action Taken: No Action Taken.
File C:\Documents and Settings\Owner\Local Settings\Temp\1.exe tagged as "not-a-virus:AdWare.BetterInternet". Action Taken: No Action Taken.
File C:\Documents and Settings\Owner\Local Settings\Temp\~os29.tmp\OSMIM.DLL tagged as "not-a-virus:AdWare.RK.a". Action Taken: No Action Taken.
File C:\Documents and Settings\Owner\Local Settings\Temp\~os29.tmp\ossproxy.exe tagged as "not-a-virus:AdWare.RK.a". Action Taken: No Action Taken.
File C:\Documents and Settings\Owner\Local Settings\Temp\~os29.tmp\rk.bin tagged as "not-a-virus:AdWare.RK.a". Action Taken: No Action Taken.
File C:\hp\bin\Terminator.exe tagged as not-a-virus:Tool.Win32.KillApp. No Action Taken.
File C:\Program Files\Online Services\AOL90US\comp01.000 tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\WildTangent\Apps\onplay.exe tagged as "not-a-virus:AdWare.WinAD". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP415\A0072946.dll tagged as "not-a-virus:AdWare.NewDotNet". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP433\A0075116.exe tagged as not-a-virus:Server-Proxy.Win32.MarketScore.k. No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP445\A0075952.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP445\A0075953.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP445\A0075961.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP445\A0075963.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP445\A0075969.srg tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP445\A0075984.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP445\A0075985.vxd tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP445\A0075986.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP445\snapshot\MFEX-1.DAT tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP446\A0076035.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP446\A0076036.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP446\A0076037.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP446\A0076038.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP447\A0076043.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP447\A0076045.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP447\A0076046.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP448\A0076070.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP448\A0076071.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP448\A0076072.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP449\A0076114.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP449\A0076115.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP449\A0076117.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP450\A0076180.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP450\A0076181.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP450\A0076182.vxd tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP450\A0076183.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP450\A0076229.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP450\A0076230.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP451\A0076255.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP451\A0076256.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP451\A0076257.vxd tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP451\A0076258.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP451\A0076263.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP451\A0076264.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP452\A0076283.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP452\A0076284.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP452\A0076285.vxd tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP452\A0076286.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP452\A0076293.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP452\A0076294.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP453\A0076320.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP453\A0076322.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP453\A0076323.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP453\A0076335.dll tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP453\A0076361.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP453\A0076362.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP453\A0076363.vxd tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP453\A0076364.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP454\A0076372.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP456\A0078348.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP456\A0078352.vxd tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP456\A0078365.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP458\A0078385.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP458\A0078386.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP458\A0078387.vxd tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP458\A0078388.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP459\A0078398.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP459\A0078399.vxd tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP459\A0078400.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP460\A0078427.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP460\A0078428.vxd tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP460\A0078429.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP461\A0078454.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP466\A0078564.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP466\A0078568.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP466\A0078573.vxd tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP466\A0078574.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP467\A0078699.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP467\A0078700.vxd tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP467\A0078703.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP468\A0078751.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP468\A0078752.vxd tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP468\A0078753.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP469\A0078801.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP473\A0078934.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP473\A0079053.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP473\A0079054.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP473\A0079055.vxd tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP473\A0079056.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP474\A0080151.exe tagged as not-a-virus:Server-Proxy.Win32.MarketSource.m. No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP474\A0080153.dll tagged as not-a-virus:Server-Proxy.Win32.MarketScore.l. No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP474\A0080184.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP474\A0080185.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP474\A0080186.vxd tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP474\A0080187.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP475\A0080205.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP475\A0080206.vxd tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP475\A0080207.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP476\A0080217.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP476\A0080218.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP476\A0080219.vxd tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP476\A0080220.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP477\A0080259.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP477\A0080260.vxd tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP477\A0080261.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP477\A0080405.exe tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP477\A0080406.exe tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP478\A0080582.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP478\A0080583.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP478\A0080584.vxd tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP478\A0080585.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP479\A0080602.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP479\A0080603.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP479\A0080604.vxd tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP479\A0080605.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP480\A0080618.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP480\A0080619.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP480\A0080620.vxd tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP480\A0080621.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP481\A0080642.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP481\A0080643.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP481\A0080644.vxd tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP481\A0080645.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP482\A0080691.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP482\A0080692.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP482\A0080693.vxd tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP482\A0080694.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP482\A0080715.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP482\A0080721.vxd tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP482\A0080723.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP483\A0080877.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP483\A0080878.vxd tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP483\A0080879.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP484\A0080918.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP484\A0080919.vxd tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP484\A0080920.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP485\A0080960.exe tagged as "not-a-virus:AdWare.BetterInternet". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP486\A0081015.exe tagged as "not-a-virus:AdWare.BetterInternet". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP486\A0081038.exe tagged as "not-a-virus:AdWare.NewDotNet". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP486\A0081219.dll tagged as "not-a-virus:AdWare.WildTangent.b". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP486\A0081232.dll tagged as "not-a-virus:AdWare.WildTangent.b". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP486\A0081242.dll tagged as "not-a-virus:AdWare.WildTangent.b". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP486\A0081256.dll tagged as "not-a-virus:AdWare.WildTangent.b". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP486\A0081322.dll tagged as "not-a-virus:AdWare.WinAD". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP486\A0081332.vxd tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP486\A0081333.exe tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP486\A0081335.dll tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP486\A0081336.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP486\A0081337.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP486\A0081339.dll tagged as "not-a-virus:AdWare.NewDotNet". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP486\A0081343.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP486\A0081344.srg tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP486\A0081345.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP486\A0081346.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\WINDOWS\autoheal.exe tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\install032.exe infected by "Trojan.Win32.SecondThought.c" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\installer_MARKETING14.exe infected by "Trojan-Downloader.Win32.Adload.a" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\hzyekxk.exe tagged as "not-a-virus:AdWare.BetterInternet.c". Action Taken: No Action Taken.
File C:\WINDOWS\jssuymzfa.exe tagged as "not-a-virus:AdWare.BetterInternet". Action Taken: No Action Taken.
File C:\WINDOWS\Nail.exe tagged as "not-a-virus:AdWare.BetterInternet.b". Action Taken: No Action Taken.
File C:\WINDOWS\NDNuninstall6_38.exe tagged as "not-a-virus:AdWare.NewDotNet". Action Taken: No Action Taken.
File C:\WINDOWS\system32\angelex.exe tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken.
File C:\WINDOWS\system32\DrPMon.dll infected by "Trojan.Win32.Agent.db" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\system32\exdl.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\WINDOWS\system32\exul.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\WINDOWS\system32\instsrv.exe tagged as not-a-virus:Tool.Win32.ServiceRunner.f. No Action Taken.
File C:\WINDOWS\system32\javexulm.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\WINDOWS\system32\mqexdlm.srg tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\WINDOWS\system32\netut80ex.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\WINDOWS\system32\nsn56F.dll tagged as "not-a-virus:AdWare.ToolBar.HotSearchBar.g". Action Taken: No Action Taken.
File C:\WINDOWS\system32\nss55F.dll tagged as "not-a-virus:AdWare.ToolBar.HotSearchBar.g". Action Taken: No Action Taken.
File C:\WINDOWS\system32\nsx575.dll tagged as "not-a-virus:AdWare.ToolBar.HotSearchBar.g". Action Taken: No Action Taken.
File C:\WINDOWS\system32\rk.bin tagged as "not-a-virus:AdWare.RK.a". Action Taken: No Action Taken.
File C:\WINDOWS\system32\rlls.dll tagged as "not-a-virus:AdWare.RK.a". Action Taken: No Action Taken.
File C:\Documents and Settings\Owner\Local Settings\Temp\1.exe tagged as "not-a-virus:AdWare.BetterInternet". Action Taken: No Action Taken.
File C:\Documents and Settings\Owner\Local Settings\Temp\~os29.tmp\OSMIM.DLL tagged as "not-a-virus:AdWare.RK.a". Action Taken: No Action Taken.
File C:\Documents and Settings\Owner\Local Settings\Temp\~os29.tmp\ossproxy.exe tagged as "not-a-virus:AdWare.RK.a". Action Taken: No Action Taken.
File C:\Documents and Settings\Owner\Local Settings\Temp\~os29.tmp\rk.bin tagged as "not-a-virus:AdWare.RK.a". Action Taken: No Action Taken.
File C:\hp\bin\Terminator.exe tagged as not-a-virus:Tool.Win32.KillApp. No Action Taken.
File C:\Program Files\Online Services\AOL90US\comp01.000 tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\WildTangent\Apps\onplay.exe tagged as "not-a-virus:AdWare.WinAD". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP415\A0072946.dll tagged as "not-a-virus:AdWare.NewDotNet". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP433\A0075116.exe tagged as not-a-virus:Server-Proxy.Win32.MarketScore.k. No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP445\A0075952.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP445\A0075953.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP445\A0075961.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP445\A0075963.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP445\A0075969.srg tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP445\A0075984.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP445\A0075985.vxd tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP445\A0075986.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP445\snapshot\MFEX-1.DAT tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP446\A0076035.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP446\A0076036.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP446\A0076037.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action
  • 0

#4
Kat
Posted 08 June 2005 - 12:44 PM

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
Please make sure you have UNINSTALLED NewDotNet BEFORE you run any further instructions. If you have not, you could lose your internet connection.

You should either print these instructions, or save them to a file on your desktop. You may not be able to access the Internet during portions of this fix, and you will need the exact instructions.

1. Go to Start | Run

Then type services.msc

This will lauch a new window, scroll down on the list and search for (ZESOFT) or (zeta)

Right click on this entry and select stop

Now right click and select properties, you will get new box with tabs.
In the General Tab, look for Start Up Type: in the drop down box select Disabled

Click Apply then OK and close out of the console.

Reboot into SafeMode and do the following:

Open HJT and click the "Open misc tools" section. Then click "Delete an NT service". In the text box paste or type zeta and click OK. Then let the machine reboot

2. Please download Nailfix from here:
http://www.noidea.us...050515010747824
Unzip it to the desktop but please do NOT run it yet.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:
http://www.pchell.co.../safemode.shtml


Once in Safe Mode, please double-click on Nailfix.cmd. Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

Next please run HijackThis, click Scan, and check:

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe

Close all open windows except for HijackThis and click Fix Checked. Reboot your computer into Normal Windows mode.

3. Copy all of the text below into a new Notepad page. Save as File Name: delfiles.bat and Save as File Type: ALL files Save this to your desktop.

attrib -h -r -s C:\WINDOWS\system32\DrPMon.dll 
del C:\WINDOWS\system32\DrPMon.dll 
attrib -h -r -s C:\WINDOWS\system32\rlls.dll
del C:\WINDOWS\system32\rlls.dll
attrib -h -r -s C:\windows\system32\rlvknlg.exe
del C:\windows\system32\rlvknlg.exe
attrib -h -r -s C:\WINDOWS\system32\nsa57B.dll
del C:\WINDOWS\system32\nsa57B.dll
attrib -h -r -s C:\WINDOWS\zeta.exe
del C:\WINDOWS\zeta.exe
attrib -h -r -s C:\WINDOWS\autoheal.exe
del C:\WINDOWS\autoheal.exe
attrib -h -r -s C:\WINDOWS\hzyekxk.exe
del C:\WINDOWS\hzyekxk.exe
attrib -h -r -s C:\WINDOWS\jssuymzfa.exe
del C:\WINDOWS\jssuymzfa.exe
attrib -h -r -s C:\WINDOWS\system32\angelex.exe
del C:\WINDOWS\system32\angelex.exe
attrib -h -r -s C:\WINDOWS\system32\exdl.exe
del C:\WINDOWS\system32\exdl.exe
attrib -h -r -s C:\WINDOWS\system32\exul.exe
del C:\WINDOWS\system32\exul.exe
attrib -h -r -s C:\WINDOWS\system32\instsrv.exe
del C:\WINDOWS\system32\instsrv.exe
attrib -h -r -s C:\WINDOWS\system32\javexulm.vxd 
del C:\WINDOWS\system32\javexulm.vxd 
attrib -h -r -s C:\WINDOWS\system32\mqexdlm.srg
del C:\WINDOWS\system32\mqexdlm.srg
attrib -h -r -s C:\WINDOWS\system32\nsn56F.dll 
del C:\WINDOWS\system32\nsn56F.dll 
attrib -h -r -s C:\WINDOWS\system32\nss55F.dll
del C:\WINDOWS\system32\nss55F.dll
attrib -h -r -s C:\WINDOWS\system32\nsx575.dll
del C:\WINDOWS\system32\nsx575.dll
attrib -h -r -s C:\WINDOWS\system32\rk.bin
del C:\WINDOWS\system32\rk.bin
attrib -h -r -s C:\WINDOWS\system32\rlls.dll
del C:\WINDOWS\system32\rlls.dll
attrib -h -r -s C:\hp\bin\Terminator.exe
del C:\hp\bin\Terminator.exe
attrib -h -r -s C:\Program Files\Online Services\AOL90US\comp01.000
del C:\Program Files\Online Services\AOL90US\comp01.000
attrib -h -r -s C:\WINDOWS\Downloaded Program Files\install032.exe
del C:\WINDOWS\Downloaded Program Files\install032.exe
attrib -h -r -s C:\WINDOWS\Downloaded Program Files\installer_MARKETING14.exe
del C:\WINDOWS\Downloaded Program Files\installer_MARKETING14.exe

Now, close everything else that is running, and double click on your delfiles.bat. It will run very quickly and close itself when finished.

4. *Please dowload: RegSeeker.
*Click on "Clean The Registry" in the left panel.
*Check all boxes (make sure the backup box in the lower left corner is selected!).
*After it runs, click "Select All" on the bottom, then right-click on any selected item in the window and select "Delete Selected Items".
*Click "Quit RegSeeker".

Now, open any of your installed programs, and make sure that everything opens ok. If so, reboot, then go back and run the RegSeeker again, do the same thing again if anything is found. When RegSeeker finds nothing else, then you can stop running it. *Make sure to reboot between each use of the program*.

5. Please download CleanUp! and run it to remove any leftover remnants of infection. Click the CleanUp button, and let it scan and select any files it needs to remove. Once it is done, exit the program.

6. After ALL of the above steps are done, please reply here with a new HijackThis log, so I can see what's left for us to fix!! :tazz:
  • 0

#5
chelegeurts67
Posted 10 June 2005 - 10:42 AM

chelegeurts67

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
I'm stuck at the RegSeeker. I keep running it, clean the registry, select all and delete selected items then restarting the computer. I have done that over 10 times now and stuff still keeps coming up. Am I doing something wrong?
  • 0

#6
Kat
Posted 10 June 2005 - 01:33 PM

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
Run it a couple of more times for me, being sure to reboot in between. Is it the same items coming up each time? If so, could you possibly paste me what they are? Or give me as good a description as possible??
  • 0

#7
chelegeurts67
Posted 10 June 2005 - 06:46 PM

chelegeurts67

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
The things that are showing up are the following:

HKEY_CURRENT_USER
Software\Microsoft\Office\11.0\Outlook\Journal
Outlook Item Log File C:\Documents and Settings\Owner\Application Data\Microsoft\Outlook|outitems.log
File or Path does not exist

HKEY_CURRENT_USER
Software\Microsoft\Office\11.0\Outlook\Journal
Item Log File C:\Documents and Settings\Owner\Application Data\Microsoft\Outlook|offitems.log
File or Path does not exist

HKEY_CURRENT_USER
SOFTWARE\Classes\Remove
Filetype not used

HKEY_CURRENT_USER
SOFTWARE\Realtek
Obsolete entry

HKEY_USERS
S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
Desktop C:\Documents and Settings\LocalService\Desktop
File or path does not exist

HKEY_USERS
S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
NetHood C:\Documents and Settings\LocalService\NetHood
File or path does not exist

HKEY_USERS
S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
Personal C:\Documents and Settings\LocalService\Personal
File or path does not exist

HKEY_USERS
S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
PrintHood C:\Documents and Settings\LocalService\PrintHood
File or path does not exist

HKEY_USERS
S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
SendTo C:\Documents and Settings\LocalService\SendTo
File or path does not exist

HKEY_USERS
S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
Start Menu C:\Documents and Settings\LocalService\Start Menu
File or path does not exist

HKEY_USERS
S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
Templates C:\Documents and Settings\LocalService\Templates
File or path does not exist

HKEY_USERS
S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
Programs C:\Documents and Settings\LocalService\Programs
File or path does not exist

HKEY_USERS
S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
Startup C:\Documents and Settings\LocalService\Startup
File or path does not exist

HKEY_USERS
S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
Desktop C:\Documents and Settings\LocalService\Desktop
File or path does not exist

HKEY_USERS
S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
Favorites C:\Documents and Settings\LocalService\Favorites
File or path does not exist

HKEY_USERS
S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
NetHood C:\Documents and Settings\LocalService\NetHood
File or path does not exist

HKEY_USERS
S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
Personal C:\Documents and Settings\LocalService\Personal
File or path does not exist

HKEY_USERS
S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
PrintHood C:\Documents and Settings\LocalService\PrintHood
File or path does not exist

HKEY_USERS
S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
Recent C:\Documents and Settings\LocalService\Recent
File or path does not exist

HKEY_USERS
S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
Send To C:\Documents and Settings\LocalService\Send To
File or path does not exist

HKEY_USERS
S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
Start Menu C:\Documents and Settings\LocalService\Start Menu
File or path does not exist

HKEY_USERS
S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
Templates C:\Documents and Settings\LocalService\Templates
File or path does not exist

HKEY_USERS
S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
Programs C:\Documents and Settings\LocalService\Programs
File or path does not exist

HKEY_USERS
S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
Startup C:\Documents and Settings\LocalService\Startup
File or path does not exist
  • 0

#8
Kat
Posted 10 June 2005 - 10:22 PM

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
Thankfully, none of those are harmful. Go ahead and proceed with the rest of the fix, and post me back the logs I asked for! :tazz:
  • 0

#9
chelegeurts67
Posted 11 June 2005 - 03:22 PM

chelegeurts67

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
when I click on clean up it says can not find.
  • 0

#10
chelegeurts67
Posted 11 June 2005 - 03:23 PM

chelegeurts67

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
when I click on clean up it says can not find.
  • 0

Advertisements

#11
Kat
Posted 11 June 2005 - 07:09 PM

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
The link may have been temporarily down. I just now clicked it myself, and it opened for me. Try it again. If it still doesn't work, then go ahead and post me your HJT log and we'll go from there.
  • 0

#12
chelegeurts67
Posted 12 June 2005 - 12:30 PM

chelegeurts67

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
I couldn't access the clean up. So here is the HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 11:27:53 AM, on 6/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRAM FILES\ROCKET DIVISION SOFTWARE\STARSKIN\STARSKIN.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
c:\windows\system32\vrivxy.exe
C:\windows\system32\rlvknlg.exe
C:\PROGRA~1\COMPAQ~2\Presario\XPHNARP4EN\plugin\bin\pchbutton.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\hpoipm07.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoflt07.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: VBRunDLL Class - {197B8CA4-E215-46DD-8F33-E0544A80E5C4} - C:\WINDOWS\system32\vbrundll.dll
O2 - BHO: ohb - {999A06FF-10EF-4A29-8640-69E99882C26B} - C:\WINDOWS\system32\nsn3D.dll
O2 - BHO: ohb - {9ADE0443-2AB2-4B23-A3F8-AC520773DE12} - C:\WINDOWS\system32\nsd16B7.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [stcloader] C:\WINDOWS\System32\stcloader.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [StarSkin] C:\PROGRAM FILES\ROCKET DIVISION SOFTWARE\STARSKIN\STARSKIN.EXE -H
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [regsync] C:\WINDOWS\system32\regsync.exe
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [wlwavje] c:\windows\system32\vrivxy.exe r
O4 - HKLM\..\Run: [OSS] C:\windows\system32\rlvknlg.exe -boot
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\COMPAQ~2\Presario\XPHNARP4EN\plugin\bin\pchbutton.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: HPAiODevice(hp officejet 7100 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - http://ca1mikpws001....quicksilver.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp...ads/sysinfo.cab
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse....iveX/winrep.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...84/mcinsctl.cab
O16 - DPF: {7411047A-48E1-4EC9-8AC1-088087AD368F} (QuickBooks GLDownload Control) - https://cbspayroll.i.../GLDownload.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,21/mcgdmgr.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
  • 0

#13
Kat
Posted 13 June 2005 - 09:51 PM

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
1. Go to Start | Run

Then type services.msc

This will lauch a new window, scroll down on the list and search for (System Startup Serivce) or (SvcProc)

Right click on this entry and select stop

Now right click and select properties, you will get new box with tabs.
In the General Tab, look for Start Up Type: in the drop down box select Disabled

Click Apply then OK and close out of the console.

Reboot into SafeMode and do the following:

Open HJT and click the "Open misc tools" section. Then click "Delete an NT service". In the text box paste or type SvcProc and click OK. Then let the machine reboot

2. Download CWShredder Here
Update CWShredder
  • Open CWShredder and click I AGREE
  • Click Check For Update
  • Close CWShredder
Boot into Safe Mode:

Now run CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about.

3. Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below (if still present).

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe

O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll
O2 - BHO: VBRunDLL Class - {197B8CA4-E215-46DD-8F33-E0544A80E5C4} - C:\WINDOWS\system32\vbrundll.dll
O2 - BHO: ohb - {999A06FF-10EF-4A29-8640-69E99882C26B} - C:\WINDOWS\system32\nsn3D.dll
O2 - BHO: ohb - {9ADE0443-2AB2-4B23-A3F8-AC520773DE12} - C:\WINDOWS\system32\nsd16B7.dll

O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)

O4 - HKLM\..\Run: [stcloader] C:\WINDOWS\System32\stcloader.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [regsync] C:\WINDOWS\system32\regsync.exe
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [wlwavje] c:\windows\system32\vrivxy.exe r
O4 - HKLM\..\Run: [OSS] C:\windows\system32\rlvknlg.exe -boot
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe

O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - http://ca1mikpws001....quicksilver.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp...ads/sysinfo.cab

O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll

O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe

Now close all windows other than HiJackThis, then click Fix Checked. Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Please remove these entries from Add/Remove Programs in the Control Panel(if present):

BullsEyeNetwork

Please note any other programs that you dont recognize in that list in your next response

Please delete these folders using Windows Explorer(if present):
C:\Program Files\BullsEye Network

Please delete these files using Windows Explorer(if present):
C:\WINDOWS\System32\stcloader.exe
C:\WINDOWS\system32\regsync.exe
C:\WINDOWS\wupdt.exe
c:\windows\system32\vrivxy.exe
C:\windows\system32\rlvknlg.exe
C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
C:\WINDOWS\System32\NavLogon.dll

After that, Reboot.

4. Please download ewido security suite it is a trial version of the program.
  • Install ewido security suite
  • Launch ewido, there should be an icon on your desktop double-click it.
  • The program will prompt you to update click the OK button
  • The program will now go to the main screen
You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Click on Start
The update will start and a progress bar will show the updates being installed.
Once the updates are installed do the following:
  • Click on scanner
  • Make sure the following boxes are checked before scanning:
    • Binder
    • Crypter
    • Archives
  • Click on Start Scan
  • Let the program scan the machine
While the scan is in progress you will be prompted to clean files, click OK
Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report
  • Save the report to your desktop
5. Make a reply here. Please include the report from Ewido, along with a fresh HijackThis log.
  • 0

#14
chelegeurts67
Posted 14 June 2005 - 10:12 AM

chelegeurts67

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
I didn't see "Save report" in Ewido program but I did see the analasys area and then under that it had startup connections and processes to save those reports. so here is that attached.

Here is a new HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 9:12:33 AM, on 6/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRAM FILES\ROCKET DIVISION SOFTWARE\STARSKIN\STARSKIN.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\COMPAQ~2\Presario\XPHNARP4EN\plugin\bin\pchbutton.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\system32\hpoipm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [StarSkin] C:\PROGRAM FILES\ROCKET DIVISION SOFTWARE\STARSKIN\STARSKIN.EXE -H
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\COMPAQ~2\Presario\XPHNARP4EN\plugin\bin\pchbutton.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HPAiODevice(hp officejet 7100 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse....iveX/winrep.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...84/mcinsctl.cab
O16 - DPF: {7411047A-48E1-4EC9-8AC1-088087AD368F} (QuickBooks GLDownload Control) - https://cbspayroll.i.../GLDownload.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,21/mcgdmgr.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe

Attached Files


  • 0

#15
chelegeurts67
Posted 14 June 2005 - 10:26 AM

chelegeurts67

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
When I reboot now, my Symantec Antivirus comes up with an error message. It says "The feature you are trying to use is on a network resource that is unavailable. Click OK to try again or enter an alternate path to a folder containing the installation package Symantec AntiVirus Client.msi in the box below
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP