Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Mynbx247


  • Please log in to reply

#1
3030rgj

3030rgj

    New Member

  • Member
  • Pip
  • 2 posts
Whenever i boot up my pc, explorer opens to mynbx247.info. The page doesn't actually display; just a blank page with that URL. I've run Norton Antivirus, Spybot, Adaware and microsoft antispyware.

Here's my Hijack This file:

Logfile of HijackThis v1.99.1
Scan saved at 6:07:29 PM, on 7/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\pctspk.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\regeditt.exe
C:\Program Files\Compaq\On-Screen Display\Osd.exe
C:\PROGRA~1\COMPAQ\EASYAC~1\BTTNSERV.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\COMPAQ\EASYAC~1\EAUSBKBD.EXE
C:\Program Files\Aim\aim.exe
C:\Program Files\Ares Lite Edition\Ares.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\AOL\ACS\acsd.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\b166f81\LOCALS~1\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R3 - URLSearchHook: (no name) - _{1E432263-6841-4653-8F02-366A2F77E339} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: TChkBHO Class - {9E91CCC2-0C4D-11D8-A1ED-0010B556C358} - C:\WINDOWS\SYSTEM32\zwzkrucd.dll (file missing)
O3 - Toolbar: (no name) - {A1DD937D-71E1-4BB5-BD5D-1B01B9CB1C2F} - (no file)
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [REGRUN] C:\WINDOWS\system32\regeditt.exe
O4 - HKLM\..\Run: [WinUpdate] updsys.exe
O4 - HKLM\..\RunServices: [WinUpdate] updsys.exe
O4 - Startup: Shortcut to Osd.exe.lnk = C:\Program Files\Compaq\On-Screen Display\Osd.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\Aim\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: Royal Vegas Poker - {FA4904B4-1FAF-4afd-886C-C19D2297BA62} - C:\Program Files\royalvegasMPP\MPPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...e/bridge-c5.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1105043580454
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.web...otoUploader.CAB
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://register3.va...OCX/FlashAX.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

Advertisements


#2
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Hi 3030rgj and Welcome to GeekstoGo!

I need to have a look at a file as soon as you cab get it to me!

C:\WINDOWS\system32\regeditt.exe<< Pay close attention to the 2 Ts at the end!

Dont mistake this file for the legit "regedit.exe"!

Right Click the Desktop and Select Compressed(zipped)Folder

Place a copy of regeditt.exe inside that Zip folder,before you close it,Click File>> Add a Password>> Make the Password "infected"

Email it to the Address I will private message you with!

Let me get a glance at what this thing does!

If you see a file with this name "updsys.exe" in either the System32 or the Windows Folder,email that as well!
  • 0

#3
3030rgj

3030rgj

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Your email mentions MWAV scan and the instructions you gave me. I didn't receive a file or instructions. I don't know whay you're talking about.
  • 0

#4
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Sorry about all the Confusion!

Lets get these 2 scans done and see how things look after that!

Please Download the MWAV Scanner from Here

Unzip it to its predetermined Directory (C:\Kaspersky)

Locate "kavupd.exe" in the New Folder and Double Click to Update!

If you it says the signatures are more than 30 days old, keep trying!
Keep trying until you get the actual signatures!

When you see "Updates downloaded Successfully"

Please Press Enter to Continue!

It should open automatically>Leave the "Default Settings ticked" and add a "tick" "Drives">this will light up "All Drives">Click "Scan Clean" to begin!

This Scan will take Several Hours or more to Complete,Depending on the Hard Drive Size!

Please be sure it is Completed before proceeding!

Once the Scan has finished,All entries Identified as Infected will displayed in the lower pane!

Highlight everything that is inside the lower pane and press Ctrl+C at the same time to Copy!

Open a Blank Notepad Page and Paste the results (Ctrl+V) to it!

Post those results back here!


Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/

Please read Ewido Setup Instructions
Install it, and update the definitions to the newest files. Do NOT run a scan yet.


Just get both Updated and then Restart in Safe Mode and Scan with Both just as described above!

Post the results from both scans and a fresh HijackThis log!
  • 0

#5
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
MWAV Scan results:

File C:\Program Files\America Online 9.0\Jiti\Jiti_mm.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Documents and Settings\b166f81\Local Settings\Temp\res22.tmp tagged as not-a-virus:AdWare.180Solutions.g. No Action Taken.
File C:\Documents and Settings\b166f81\Local Settings\Temp\resE5.tmp tagged as not-a-virus:AdWare.180Solutions.g. No Action Taken.
File C:\Documents and Settings\b166f81\Local Settings\Temp\res3DC.tmp tagged as not-a-virus:AdWare.180Solutions.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP185\A0019680.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP185\A0019681.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP185\A0019683.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP185\A0019684.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP185\A0019685.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP185\A0019686.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP185\A0019688.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP185\A0019689.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP185\A0019690.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP185\A0019691.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP185\A0019692.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP185\A0019693.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP185\A0019694.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP185\A0019695.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP185\A0019696.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP185\A0019697.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP185\A0019698.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP185\A0019699.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP185\A0019700.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP185\A0019701.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP185\A0019702.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP185\A0019703.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP185\A0019704.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP185\A0019705.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP185\A0019706.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP185\A0019707.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP185\A0019708.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP185\A0019709.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP185\A0019710.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP185\A0019711.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP185\A0019712.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP185\A0019713.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP185\A0019714.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP185\A0019715.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP185\A0019716.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP185\A0019717.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP185\A0019718.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP185\A0019720.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP185\A0019721.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP185\A0019722.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP185\A0019724.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP185\A0019725.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP185\A0019738.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP185\A0019739.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP185\A0019740.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP185\A0019741.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP185\A0019742.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP185\A0019743.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP185\A0019744.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP185\A0019745.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP185\A0019746.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP185\A0019747.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP185\A0019748.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP185\A0019749.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP185\A0019760.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP185\A0019764.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP185\A0019767.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP185\A0019768.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP185\A0019769.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP185\A0019770.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP185\A0019775.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP185\A0019777.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP185\A0019779.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP185\A0019780.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP185\A0019783.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP185\A0019793.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP186\A0019794.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP186\A0019795.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP186\A0019796.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP186\A0019798.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP186\A0019799.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP186\A0019800.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP186\A0019801.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP186\A0019808.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP186\A0019809.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP186\A0019813.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP186\A0019820.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP186\A0019828.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP186\A0019830.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP186\A0019831.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP186\A0019854.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP186\A0019855.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP186\A0019856.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP186\A0019857.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP186\A0019858.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP186\A0019863.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP186\A0019864.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP186\A0019865.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP186\A0019866.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP186\A0019867.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP186\A0019868.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP186\A0019869.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP186\A0019870.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP186\A0019871.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP186\A0019872.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP186\A0019874.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP186\A0019875.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP186\A0019876.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP186\A0019877.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP186\A0019878.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP186\A0019879.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP186\A0019880.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP186\A0019881.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP187\A0019883.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP187\A0019887.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP187\A0019889.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP187\A0019890.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP187\A0019891.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP187\A0019893.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP187\A0019894.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP187\A0019895.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP187\A0019896.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP187\A0019897.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP187\A0019898.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP187\A0019899.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP187\A0019900.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP187\A0019901.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP187\A0019902.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP187\A0019903.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP187\A0019904.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP187\A0019905.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP187\A0019906.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP187\A0019907.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP187\A0019908.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP187\A0019909.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP187\A0019910.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP187\A0019911.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP187\A0019912.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP187\A0019913.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP187\A0019914.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP187\A0019915.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP187\A0019916.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP187\A0019917.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP187\A0019918.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP191\A0020157.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP191\A0020158.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP191\A0020159.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP191\A0020160.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP191\A0020161.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP191\A0020162.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP191\A0020163.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP191\A0020164.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP191\A0020165.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP191\A0020166.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP191\A0020167.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP191\A0020168.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP191\A0020169.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP191\A0020170.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP191\A0020171.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP191\A0020172.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP191\A0020173.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP191\A0020174.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP191\A0020175.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP191\A0020176.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP191\A0020177.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP191\A0020189.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP191\A0020190.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP191\A0020191.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP191\A0020192.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP191\A0020193.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP191\A0020194.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP191\A0020195.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP191\A0020196.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP191\A0020197.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP191\A0020198.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP191\A0020199.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP191\A0020200.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP191\A0020201.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP191\A0020202.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP191\A0020203.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP191\A0020204.exe tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP192\A0020285.dll tagged as not-a-virus:AdWare.ClearSearch.z. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP192\A0020289.dll tagged as not-a-virus:AdWare.ClearSearch.y. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP198\A0020660.exe tagged as not-a-virus:AdWare.ToolBar.404Search.a. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP198\A0020663.exe tagged as not-a-virus:AdWare.VirtualBouncer.d. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP198\A0020664.dll tagged as not-a-virus:AdWare.WildTangent.b. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP198\A0020665.exe tagged as not-a-virus:AdWare.PurityScan.u. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP198\A0020674.DLL tagged as not-a-virus:AdWare.WildTangent.b. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP198\A0020675.EXE tagged as not-a-virus:AdWare.PurityScan.u. No Action Taken.
File C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP199\A0020713.DLL tagged as not-a-virus:AdWare.ClearSearch.y. No Action Taken.
File C:\Recycled\NPROTECT\00202441 tagged as not-a-virus:AdWare.180Solutions. No Action Taken.
File C:\Recycled\NPROTECT\00202442 tagged as not-a-virus:AdWare.180Solutions.g. No Action Taken.
File C:\Recycled\NPROTECT\00202451 tagged as not-a-virus:AdWare.Sahat.ah. No Action Taken.
File C:\Recycled\NPROTECT\00202460 tagged as not-a-virus:AdWare.Sahat.f. No Action Taken.
File C:\Recycled\NPROTECT\00202431 tagged as not-a-virus:AdWare.180Solutions.j. No Action Taken.
File C:\Recycled\NPROTECT\00202432 tagged as not-a-virus:AdWare.180Solutions.j. No Action Taken.
File C:\Recycled\NPROTECT\00074775.EXE tagged as not-a-virus:AdWare.WebRebates.g. No Action Taken.
File D:\CPQS\TOOLS\REBOOT.COM tagged as not-a-virus:Tool.DOS.Reboot. No Action Taken.
File D:\unzipped\hijackthis[1]\backup-20040114-073122-411.dll tagged as not-a-virus:AdWare.CommonName.d. No Action Taken.

Ewido Scan Results:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 6:50:55 PM, 7/9/2005
+ Report-Checksum: 9846E660

+ Scan result:

HKLM\SOFTWARE\Classes\Interface\{9603A736-05B9-4D78-BDD5-BDCB0914E522} -> Spyware.WurldMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{BC12B055-C9F5-407D-9B66-1851973F32AF} -> Spyware.WurldMedia : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup
HKU\S-1-5-21-861567501-854245398-1202660629-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000010-6F7D-442C-93E3-4A4827C2E4C8} -> Spyware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-21-861567501-854245398-1202660629-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} -> Spyware.MoneyTree : Cleaned with backup
HKU\S-1-5-21-861567501-854245398-1202660629-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FB534E3-67CB-4307-AE0A-9E8B5581BE2C} -> Spyware.WindowsSearchBar : Cleaned with backup
HKU\S-1-5-21-861567501-854245398-1202660629-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E0CE16CB-741C-4B24-8D04-A817856E07F4} -> Spyware.Roimoi : Cleaned with backup
C:\WINDOWS\SYSTEM32\k404SearchSetup_MS14.exe -> Spyware.404Search : Cleaned with backup
C:\WINDOWS\SYSTEM32\in5BO2809040510.dll -> TrojanDropper.Mudrop.m : Cleaned with backup
C:\WINDOWS\SYSTEM32\ezWebRebatesV1.dll -> TrojanDropper.Mudrop.m : Cleaned with backup
C:\WINDOWS\SYSTEM32\BO2809040510.exe -> Spyware.VirtualBouncer : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\MediaGatewayX.dll -> Spyware.WinAD : Cleaned with backup
C:\WINDOWS\Local Settings\Temporary Internet Files\Content.IE5\IT2DSXCF\bridge-c5[1].cab/MediaGatewayX.dll -> Spyware.WinAD : Cleaned with backup
C:\Program Files\Netscape\Communicator\Program\Plugins\npwthost.dll -> Spyware.WildTangent : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\36C1C090-A199-4D74-B629-C9A55B\BCF93395-56BD-4DD6-AF6B-27A939 -> Spyware.180Solutions : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\36C1C090-A199-4D74-B629-C9A55B\9B1C1646-917F-45E7-BD2D-B7EBE8 -> Spyware.180Solutions : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\3B5B906E-E7B0-4949-B777-4D6E0E\AD10D429-9E78-4AF6-A36D-3F4E68 -> Spyware.180Solutions : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\CF02345E-1FA6-4B11-8BE3-6EA0A5\6A1B6704-E2F0-4EB6-AD84-F2D350 -> Spyware.180Solutions : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\B3BD136A-1011-4348-906A-AF3761\B78FB86B-AB13-4309-899B-CFC101 -> Adware.SAHA : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\11CE38D7-1E70-4829-902F-7099C1\A7A94A6F-E11A-483A-A8F7-B48CB5 -> Spyware.WinAD : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\C6DC2439-2B35-48AF-9422-7E7B0D\411C1AD6-5480-4F88-93AD-1D2CCF -> Spyware.WinAD : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\B7C73AE0-FDD1-47AD-87AB-16993F\093A1A9C-52DD-4BCC-8B16-5046F1 -> Spyware.VirtualBouncer : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\E1D518FA-573E-459C-A1D5-06A33F\5314CF08-8BC4-4A16-AF03-CC8D41 -> Spyware.WinAD : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\5C5942CD-722A-4DF3-ACC5-6E473E\7DE75E7D-8DB9-414C-8876-57539E -> Spyware.WinAD : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\E287F9FD-71CE-409C-AD11-962BFA\9976BDE9-F0A2-42FB-B870-BC54B4 -> Spyware.VirtualBouncer : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\B798972D-417B-4EEB-ACA8-2405BD\265B1CA3-AB59-4EB0-9C16-363A4F -> Spyware.180Solutions : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\4B8AD7B3-8283-4B8B-8CF0-0F3466\80298F63-7376-49C5-9251-8F15CA -> Spyware.180Solutions : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\B65780A0-6562-4460-8031-278C76\1414F476-297A-4952-8130-65B27F -> Spyware.180Solutions : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\B65780A0-6562-4460-8031-278C76\A304B83A-4881-4363-8620-C79A03 -> Spyware.180Solutions : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\B65780A0-6562-4460-8031-278C76\0548DDCA-B18B-48F4-86A5-247683 -> Spyware.180Solutions : Cleaned with backup
C:\Documents and Settings\b166f81\Local Settings\Temp\180sainstallernusalm.exe/clientax.dll -> Spyware.180Solutions : Cleaned with backup
C:\Documents and Settings\b166f81\Cookies\b166f81@trafficmp[2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\b166f81\Cookies\b166f81@install.xxxtoolbar[1].txt -> Spyware.Cookie.Xxxtoolbar : Cleaned with backup
C:\Documents and Settings\b166f81\Cookies\b166f81@www.xxxtoolbar[1].txt -> Spyware.Cookie.Xxxtoolbar : Cleaned with backup
C:\Documents and Settings\b166f81\Cookies\b166f81@tradedoubler[1].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\b166f81\Cookies\b166f81@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\b166f81\Cookies\b166f81@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\b166f81\Cookies\b166f81@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\b166f81\Cookies\b166f81@valueclick[2].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\b166f81\Cookies\b166f81@citi.bridgetrack[1].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\b166f81\Cookies\b166f81@servedby.advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\b166f81\Cookies\b166f81@a.tribalfusion[2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\b166f81\Cookies\b166f81@adorigin[1].txt -> Spyware.Cookie.Adorigin : Cleaned with backup
C:\Documents and Settings\b166f81\Cookies\b166f81@ads18.bpath[1].txt -> Spyware.Cookie.Bpath : Cleaned with backup
C:\Documents and Settings\b166f81\Cookies\b166f81@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\b166f81\Cookies\b166f81@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\b166f81\Cookies\b166f81@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\b166f81\Cookies\b166f81@qksrv[2].txt -> Spyware.Cookie.Qksrv : Cleaned with backup
C:\Documents and Settings\b166f81\Cookies\b166f81@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\b166f81\Cookies\b166f81@adopt.specificclick[1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\b166f81\Cookies\b166f81@adopt.specificclick[3].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\b166f81\Cookies\b166f81@a.tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\b166f81\Cookies\b166f81@free.wegcash[2].txt -> Spyware.Cookie.Wegcash : Cleaned with backup
C:\Documents and Settings\b166f81\Cookies\b166f81@programs.wegcash[2].txt -> Spyware.Cookie.Wegcash : Cleaned with backup
C:\Documents and Settings\b166f81\Cookies\b166f81@adorigin[3].txt -> Spyware.Cookie.Adorigin : Cleaned with backup
C:\Documents and Settings\b166f81\Cookies\b166f81@ivwbox[2].txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
C:\Documents and Settings\b166f81\mt-uninstaller.exe -> Spyware.PurityScan.u : Cleaned with backup
C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP184\A0019653.dll -> Spyware.180Solutions : Cleaned with backup
C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP185\A0019762.exe -> Spyware.WinAD : Cleaned with backup
C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP185\A0019763.dll -> Spyware.WinAD : Cleaned with backup
C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP187\A0019960.dll -> Spyware.180Solutions : Cleaned with backup
C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP191\A0020216.exe -> Spyware.WinAD : Cleaned with backup
C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP191\A0020217.exe -> Spyware.WinAD : Cleaned with backup
C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP193\A0020316.dll -> Spyware.WildTangent : Cleaned with backup
C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP195\A0020332.exe -> Spyware.PurityScan.u : Cleaned with backup
C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP196\A0020364.exe -> Spyware.PurityScan.u : Cleaned with backup
C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP197\A0020392.exe -> Spyware.PurityScan.u : Cleaned with backup
C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP198\A0020633.exe -> TrojanDropper.Agent.mm : Cleaned with backup
C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP198\A0020634.DLL -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP198\A0020635.EXE -> Trojan.Small.cy : Cleaned with backup
C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP198\A0020636.EXE -> TrojanDropper.Agent.mm : Cleaned with backup
C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP198\A0020646.dll -> Spyware.180Solutions : Cleaned with backup
C:\System Volume Information\_restore{1527B985-41AE-4886-9C7A-E25F836C51E7}\RP198\A0020647.dll -> Spyware.180Solutions : Cleaned with backup
C:\Recycled\NPROTECT\00075795 -> Spyware.WinAD : Cleaned with backup
C:\Recycled\NPROTECT\00075647 -> Spyware.WinAD : Cleaned with backup
C:\Recycled\NPROTECT\00074212.dll -> Spyware.180Solutions : Cleaned with backup
C:\Recycled\NPROTECT\00074232.dll -> Spyware.180Solutions : Cleaned with backup
C:\Recycled\NPROTECT\00074297.EXE -> Spyware.WinAD : Cleaned with backup
C:\Recycled\NPROTECT\00074333.exe -> Spyware.180Solutions : Cleaned with backup
C:\Recycled\NPROTECT\00074340.exe -> Spyware.180Solutions : Cleaned with backup
C:\Recycled\NPROTECT\00074354.exe -> Adware.SAHA : Cleaned with backup
C:\Recycled\NPROTECT\00074375.exe -> Adware.Saha : Cleaned with backup
C:\Recycled\NPROTECT\00074376.exe -> Adware.SAHA : Cleaned with backup
C:\Recycled\NPROTECT\00074387 -> Spyware.180Solutions : Cleaned with backup
C:\Recycled\NPROTECT\00074388 -> Spyware.180Solutions : Cleaned with backup
C:\Recycled\NPROTECT\00074389 -> Spyware.180Solutions : Cleaned with backup
C:\Recycled\NPROTECT\00075503 -> Adware.SAHA : Cleaned with backup
C:\Recycled\NPROTECT\00075512 -> Spyware.WinAD : Cleaned with backup
C:\Recycled\NPROTECT\00074399 -> Spyware.180Solutions : Cleaned with backup
C:\Recycled\NPROTECT\00074400 -> Spyware.180Solutions : Cleaned with backup
C:\Recycled\NPROTECT\00074419 -> Adware.SAHA : Cleaned with backup
C:\Recycled\NPROTECT\00074420 -> Adware.SAHA : Cleaned with backup
C:\Recycled\NPROTECT\00074421 -> Adware.SAHA : Cleaned with backup
C:\Recycled\NPROTECT\00074422 -> Adware.SAHA : Cleaned with backup
C:\Recycled\NPROTECT\00074423 -> Adware.SAHA : Cleaned with backup
C:\Recycled\NPROTECT\00074424 -> Adware.SAHA : Cleaned with backup
C:\Recycled\NPROTECT\00074425 -> Adware.SAHA : Cleaned with backup
C:\Recycled\NPROTECT\00074426 -> Adware.SAHA : Cleaned with backup
C:\Recycled\NPROTECT\00074427 -> Adware.SAHA : Cleaned with backup
C:\Recycled\NPROTECT\00074428 -> Adware.SAHA : Cleaned with backup
C:\Recycled\NPROTECT\00074429 -> Adware.SAHA : Cleaned with backup
C:\Recycled\NPROTECT\00074430 -> Adware.SAHA : Cleaned with backup
C:\Recycled\NPROTECT\00074431 -> Adware.SAHA : Cleaned with backup
C:\Recycled\NPROTECT\00074469 -> Spyware.WinAD : Cleaned with backup
C:\Recycled\NPROTECT\00074470 -> Spyware.WinAD : Cleaned with backup
C:\Recycled\NPROTECT\00074479 -> Spyware.WebRebates : Cleaned with backup
C:\Recycled\NPROTECT\00074480 -> Spyware.HelpExpress : Cleaned with backup
C:\Recycled\NPROTECT\00074676.DLL -> Spyware.WildTangent : Cleaned with backup
C:\Recycled\NPROTECT\00074767.EXE -> Spyware.PurityScan.u : Cleaned with backup
C:\Recycled\NPROTECT\00074768 -> Spyware.WebRebates : Cleaned with backup
C:\Recycled\NPROTECT\00074769 -> Spyware.180Solutions : Cleaned with backup
C:\Recycled\NPROTECT\00074770 -> Adware.SAHA : Cleaned with backup
C:\Recycled\NPROTECT\00074771 -> Spyware.TopMoxie : Cleaned with backup
C:\Recycled\NPROTECT\00074772 -> Spyware.WebRebates : Cleaned with backup
C:\Recycled\NPROTECT\00074773 -> Spyware.HelpExpress : Cleaned with backup
C:\Recycled\NPROTECT\00074774 -> Spyware.WebRebates : Cleaned with backup


::Report End

Most recent Hijack This Log:

Logfile of HijackThis v1.99.1
Scan saved at 8:18:21 PM, on 7/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\updsys.exe
C:\PROGRA~1\COMPAQ\EASYAC~1\BTTNSERV.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Compaq\On-Screen Display\Osd.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\pctspk.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\PROGRA~1\COMPAQ\EASYAC~1\EAUSBKBD.EXE
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Local Settings\Temporary Internet Files\Content.IE5\W16PC9K9\HijackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R3 - URLSearchHook: (no name) - _{1E432263-6841-4653-8F02-366A2F77E339} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: (no name) - {A1DD937D-71E1-4BB5-BD5D-1B01B9CB1C2F} - (no file)
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [WinUpdate] updsys.exe
O4 - HKLM\..\RunServices: [WinUpdate] updsys.exe
O4 - Startup: Shortcut to Osd.exe.lnk = C:\Program Files\Compaq\On-Screen Display\Osd.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\Aim\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: Royal Vegas Poker - {FA4904B4-1FAF-4afd-886C-C19D2297BA62} - C:\Program Files\royalvegasMPP\MPPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1105043580454
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.web...otoUploader.CAB
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://register3.va...OCX/FlashAX.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


Don't know why, but - right before I started the scans, the MYMBX window as well as the other popup stopped occuring.
  • 0

#6
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Had to bounce around and find everything!

Go to Add\Remove Programs and Remove

180Soulutions
Internet Optimizer
Media Gateway
Search Assistant
Select CashBack
Software Update Manager


Download CleanUp! 4.0:
http://downloads.ste...p/CleanUp40.exe

Download CCleaner:
http://www.filehippo...d_ccleaner.html

Download the Hoster from here:
http://www.funkytoad...load/hoster.zip

Get Ewido Updated


Reboot into SAFE MODE(Tap F8 when restarting)
Here is a link on how to boot into Safe Mode:
http://service1.syma...src=sec_doc_nam

After restarting in Safe Mode,Configure Windows to Show All Hidden Files and Folders Here is a link to help with that:
http://www.bleepingc...showtutorial=62

Open the Hoster and Press "Restore Original Hosts" and press "OK"!!
Exit Program!!

Open CCleaner and Click Run Cleaner and Remove what it finds!

Open CleanUp!-> Click on the Cleanp Tab and When Prompted to Log Off-> Click No!

Locate and Delete

C:\WINDOWS\system32\updsys.exe<< File Only!

C:\WINDOWS\system32\regeditt.exe<< File Only!

C:\Program Files\Internet Optimizer<< Folder!

Open HijackThis and put a check by these but DO NOT hit the Fix Checked button yet!

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\SYSTEM\blank.htm

R3 - URLSearchHook: (no name) - _{1E432263-6841-4653-8F02-366A2F77E339} - (no file)

O3 - Toolbar: (no name) - {A1DD937D-71E1-4BB5-BD5D-1B01B9CB1C2F} - (no file)

O4 - HKLM\..\Run: [WinUpdate] updsys.exe

O4 - HKLM\..\RunServices: [WinUpdate] updsys.exe

O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.web...otoUploader.CAB

O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://register3.va...OCX/FlashAX.cab

Now Make sure ALL WINDOWS and BROWSERS are CLOSED and hit the Fix Checked Button!!


Scan the System with Ewido again and Save that Report!


Run MSCONFIG and enable everything in the startup area. To get to MSCONFIG, click on Start -> Run -> type in MSCONFIG -> click OK!

Under the "General" Tab
Make Sure Normal Startup is Checked!!

Click Apply>>OK>>Follow the Prompts to Restart!!

Restart Normal and have the PC Scanned here:
Panda Active Scan

You will need to be using Internet Explorer for the Scan to work!

Save the Report it generates


Post back with a fresh HijackThis log and the reports from Ewido and Panda!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP