Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware Explosion [CLOSED]

Started by frustratedmom , Jul 08 2005 12:36 PM

  • This topic is locked This topic is locked

#1
frustratedmom
Posted 08 July 2005 - 12:36 PM

frustratedmom

    Member

  • Member
  • PipPip
  • 17 posts
Had DrWatson32.exe in my task list, when I would delete task, I'd be able to work again. Haven't noticed it lately but don't know how it got deleted.

Have tried About:Buster, Spybot Search and Destroy, ssfsetup and aawsepersonal with no luck. Please help.

Logfile of HijackThis v1.99.1
Scan saved at 2:38:43 PM, on 7/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\wscntfy.exe
c:\windows\system32\kxvwdiq.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\aol\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\sysbr.exe
C:\PROGRA~1\COMMON~1\AOL\110479~1\EE\AOLHOS~1.EXE
C:\WINDOWS\system32\objhttp.exe
C:\Program Files\Media Access\MediaAccK.exe
C:\PROGRA~1\COMMON~1\AOL\110479~1\EE\AOLServiceHost.exe
C:\Program Files\Media Access\MediaAccess.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\nvwqn.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\addxr.exe
C:\PROGRA~1\AMERIC~2.0\waol.exe
C:\PROGRA~1\AMERIC~2.0\shellmon.exe
C:\Documents and Settings\Debbie Nigon\Local Settings\Temporary Internet Files\Content.IE5\UNQFQL2R\HijackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\irsac.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\irsac.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\irsac.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\irsac.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\irsac.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\irsac.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Class - {67402903-E9FC-3BCE-3676-D58D571EC50F} - C:\WINDOWS\system32\mswd.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1104793195\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\aol\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [msmc] C:\WINDOWS\system32\msmc.exe
O4 - HKLM\..\Run: [ptwbcrz] c:\windows\system32\ptwbcrz.exe
O4 - HKLM\..\Run: [sysbr.exe] C:\WINDOWS\system32\sysbr.exe
O4 - HKLM\..\Run: [etbrun] C:\windows\system32\elitevbe32.exe
O4 - HKLM\..\Run: [AutoLoaderpFqv1WbKaJaO] "C:\WINDOWS\system32\xacnify.exe" /HideDir /HideUninstall /PC="CP.KAI" /ShowLegalNote="nonbranded"
O4 - HKLM\..\Run: [regsync] C:\WINDOWS\system32\regsync.exe
O4 - HKLM\..\Run: [exp] C:\WINDOWS\system32\exp
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [ps9T3qe] objhttp.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [liconfgc] C:\WINDOWS\system32\liconfgc.exe
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\RunOnce: [d3px.exe] C:\WINDOWS\system32\d3px.exe
O4 - HKLM\..\RunOnce: [windo.exe] C:\WINDOWS\windo.exe
O4 - HKLM\..\RunOnce: [sysfk.exe] C:\WINDOWS\system32\sysfk.exe
O4 - HKLM\..\RunOnce: [javase32.exe] C:\WINDOWS\javase32.exe
O4 - HKLM\..\RunOnce: [addxr.exe] C:\WINDOWS\system32\addxr.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [YBq3RkKEl] nvwqn.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [AOL Fast Start] "C:\PROGRA~1\AMERIC~2.0\AOL.EXE" -b
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.05p.com (HKLM)
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.scoobidoo.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted IP range: 206.161.124.130 (HKLM)
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.14...tiveXImgCtl.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{4DF9ED30-95D1-4829-87D2-46E463C1BC0F}: NameServer = 205.188.146.145
O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\atlwy32.exe (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\aol\AOLSPY~1\\aolserv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

Advertisements

#2
ScHwErV
Posted 08 July 2005 - 12:51 PM

ScHwErV

    Member 5k

  • Retired Staff
  • 21,285 posts
  • MVP
Hello and welcome to Geeks To Go.

You have a nice collection started there. Lets go after this one at a time since you have multiple infections.

First lets get rid of those annoying aurora popups.

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

Please download Nailfix from here:
http://www.noidea.us...050515010747824
Unzip it to the desktop but please do NOT run it yet.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

Once in Safe Mode, please double-click on Nailfix.cmd. Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

Then please run Ewido, and run a full scan. Save the logfile from the scan.

Next please run HijackThis, click Scan, and check:

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe

Close all open windows except for HijackThis and click Fix Checked.

Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.

ScHwErV :tazz:
  • 0

#3
frustratedmom
Posted 08 July 2005 - 03:18 PM

frustratedmom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Logfile of HijackThis v1.99.1
Scan saved at 5:28:02 PM, on 7/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\aol\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\objhttp.exe
C:\PROGRA~1\COMMON~1\AOL\110479~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\110479~1\EE\AOLServiceHost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\nvwqn.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\PROGRA~1\AMERIC~2.0\waol.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\PROGRA~1\AMERIC~2.0\shellmon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\FixforDrWatson\HijackThis.exe
C:\WINDOWS\notepad.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\irsac.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\irsac.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\irsac.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\irsac.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\irsac.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\irsac.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\cfgmgr52.dll
O2 - BHO: Class - {67402903-E9FC-3BCE-3676-D58D571EC50F} - C:\WINDOWS\system32\mswd.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1104793195\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\aol\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [msmc] C:\WINDOWS\system32\msmc.exe
O4 - HKLM\..\Run: [ptwbcrz] c:\windows\system32\ptwbcrz.exe
O4 - HKLM\..\Run: [sysbr.exe] C:\WINDOWS\system32\sysbr.exe
O4 - HKLM\..\Run: [etbrun] C:\windows\system32\elitevbe32.exe
O4 - HKLM\..\Run: [AutoLoaderpFqv1WbKaJaO] "C:\WINDOWS\system32\xacnify.exe" /HideDir /HideUninstall /PC="CP.KAI" /ShowLegalNote="nonbranded"
O4 - HKLM\..\Run: [regsync] C:\WINDOWS\system32\regsync.exe
O4 - HKLM\..\Run: [exp] C:\WINDOWS\system32\exp
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [ps9T3qe] objhttp.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [liconfgc] C:\WINDOWS\system32\liconfgc.exe
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [YBq3RkKEl] nvwqn.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [AOL Fast Start] "C:\PROGRA~1\AMERIC~2.0\AOL.EXE" -b
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.05p.com (HKLM)
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.scoobidoo.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted IP range: 206.161.124.130 (HKLM)
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.14...tiveXImgCtl.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{4DF9ED30-95D1-4829-87D2-46E463C1BC0F}: NameServer = 205.188.146.145
O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\atlwy32.exe (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\aol\AOLSPY~1\\aolserv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 4:37:22 PM, 7/8/2005
+ Report-Checksum: B7F5D553

+ Scan result:

HKLM\SOFTWARE\AutoLoader -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\AutoLoader\pFqv1WbKaJaO -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\AutoLoader\pFqZ1WbKaJaO -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\BookedSpace.DLL -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\{026E4B83-1BF7-41CB-8233-4AF35341BC69} -> Spyware.ClientMan : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\{0DC5CD7C-F653-4417-AA43-D457BE3A9622} -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\BookedSpace.Extension -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\BookedSpace.Extension\CLSID -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\BookedSpace.Extension\CurVer -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9} -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{02D6ED78-680A-F6C9-B9CE-A9A1BA770720} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{08A3BAAE-CEB8-766F-9585-A831A8E94068} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1714A690-3BE3-3C63-D05D-B9E2E19A88A3} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{19ADC647-766D-0AC1-0176-44846D7DA203} -> Spyware.HomeSearchAssistant : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{27D7BC22-F101-E351-8F6E-1B9CE9ECDD9C} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2AC8EC43-EAE7-F7BD-2B63-7DE1FF58C69F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6477E0AE-C44A-D3CD-6823-CC6538DFBFEE} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{676575DD-4D46-911D-8037-9B10D6EE8BB5} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{76321C6A-B800-93A4-24BB-B1F318D2A8E0} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{85F1C7FC-7359-D6D5-C42B-F3E410DB4CAD} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8D48267B-92A9-5684-83DC-0E47E94F8B80} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B595A235-53A2-27D5-EFF6-D0208801D071} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C0C3B877-2F73-D5F0-470E-5687890C47C6} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C174CC42-7291-0DCA-CE42-7DB1C655AADD} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D3E61C7F-BD83-EA01-13F4-464C2595C096} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E24280F1-5872-DD80-6349-14510DFCB851} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{ED9E1188-DD79-D9A6-01FD-CC124FC74649} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F6ED913D-FAB1-F1A5-C359-4E2B2AC7B284} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.BottomFrame -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.BottomFrame\CLSID -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.BottomFrame\CurVer -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.LeftFrame -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.LeftFrame\CLSID -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.LeftFrame\CurVer -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.PopupBrowser -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.PopupBrowser\CLSID -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.PopupBrowser\CurVer -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.PopupWindow -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.PopupWindow\CLSID -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.PopupWindow\CurVer -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{05080E6B-A88A-4CFD-8C3D-9B2557670B6E} -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{18E6C36A-C45F-4B60-A1A4-5C0BB16D4CC2} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{59EBB576-CEB0-42FA-9917-DA6254A275AD} -> Spyware.VX2 : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{A7370377-E217-4467-8448-9845270CD4A3} -> Spyware.ClientMan : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{A93B84C6-5278-473A-8027-F6304A291A7A} -> Spyware.VX2 : Cleaned with backup
HKLM\SOFTWARE\Classes\MediaAccess.Installer -> Spyware.WinAd : Cleaned with backup
HKLM\SOFTWARE\Classes\MediaAccess.Installer\CLSID -> Spyware.WinAd : Cleaned with backup
HKLM\SOFTWARE\Classes\MediaAccess.Installer\CurVer -> Spyware.WinAd : Cleaned with backup
HKLM\SOFTWARE\Classes\ToolbarBestToolbarsToolbar.BestToolbarsToolbarObject -> Spyware.FizzleBar : Cleaned with backup
HKLM\SOFTWARE\Classes\ToolbarBestToolbarsToolbar.BestToolbarsToolbarObject\CLSID -> Spyware.FizzleBar : Cleaned with backup
HKLM\SOFTWARE\Classes\ToolbarBestToolbarsToolbar.BestToolbarsToolbarObject\CurVer -> Spyware.FizzleBar : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{00A322E2-7D50-4DBA-BEA4-5C8078D47269} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{026E4B83-1BF7-41CB-8233-4AF35341BC69} -> Spyware.ClientMan : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{0DC5CD7C-F653-4417-AA43-D457BE3A9622} -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{F0F4C299-735E-4EAC-B2F9-F97324D5CC1D} -> Spyware.VX2 : Cleaned with backup
HKLM\SOFTWARE\Classes\urlcli.UrlCliObj -> Spyware.ClientMan : Cleaned with backup
HKLM\SOFTWARE\Classes\urlcli.UrlCliObj\CLSID -> Spyware.ClientMan : Cleaned with backup
HKLM\SOFTWARE\Classes\urlcli.UrlCliObj\CurVer -> Spyware.ClientMan : Cleaned with backup
HKLM\SOFTWARE\Classes\Wbho.Band -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\Wbho.Band\CLSID -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\Wbho.Band\CurVer -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\ZServDll.ZServDllObj -> Spyware.BetterInternet : Cleaned with backup
HKLM\SOFTWARE\Classes\ZServDll.ZServDllObj\CLSID -> Spyware.BetterInternet : Cleaned with backup
HKLM\SOFTWARE\Classes\ZServDll.ZServDllObj\CurVer -> Spyware.BetterInternet : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9} -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SE -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Relevancy -> Spyware.SearchRelevancy : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SW -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\SearchRelevancy -> Spyware.SearchRelevancy : Cleaned with backup
HKU\S-1-5-21-830062959-2755728395-1067147255-1007\Software\intexp -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-830062959-2755728395-1067147255-1007\Software\intexp\Config -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-830062959-2755728395-1067147255-1007\Software\intexp\MyFileSystem2 -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-830062959-2755728395-1067147255-1007\Software\LQ -> Dialer.Generic : Cleaned with backup
HKU\S-1-5-21-830062959-2755728395-1067147255-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0982868C-47F0-4EFB-A664-C7B0B1015808} -> Spyware.ClientMan : Cleaned with backup
HKU\S-1-5-21-830062959-2755728395-1067147255-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{94927A13-4AAA-476A-989D-392456427688} -> Spyware.ClientMan : Cleaned with backup
HKU\S-1-5-21-830062959-2755728395-1067147255-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A318BFD4-C3A4-E970-DD27-26C4F5F2AD25} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-830062959-2755728395-1067147255-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9} -> Spyware.BookedSpace : Cleaned with backup
HKU\S-1-5-21-830062959-2755728395-1067147255-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A0A40C-F432-4C59-BA11-B25D142C7AB7} -> Spyware.ClientMan : Cleaned with backup
HKU\S-1-5-21-830062959-2755728395-1067147255-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{016235BE-59D4-4CEB-ADD5-E2378282A1D9} -> Spyware.AproposMedia : Cleaned with backup
HKU\S-1-5-21-830062959-2755728395-1067147255-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01F44A8A-8C97-4325-A378-76E68DC4AB2E} -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-830062959-2755728395-1067147255-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0982868C-47F0-4EFB-A664-C7B0B1015808} -> Spyware.ClientMan : Cleaned with backup
HKU\S-1-5-21-830062959-2755728395-1067147255-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25F7FA20-3FC3-11D7-B487-00D05990014C} -> Spyware.ClientMan : Cleaned with backup
HKU\S-1-5-21-830062959-2755728395-1067147255-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{94927A13-4AAA-476A-989D-392456427688} -> Spyware.ClientMan : Cleaned with backup
HKU\S-1-5-21-830062959-2755728395-1067147255-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A318BFD4-C3A4-E970-DD27-26C4F5F2AD25} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-830062959-2755728395-1067147255-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC916B4B-BE44-4026-A19D-8C74BBD23361} -> Spyware.ClientMan : Cleaned with backup
HKU\S-1-5-21-830062959-2755728395-1067147255-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCADDC14-BD46-408A-9842-CDBE1C6D37EB} -> Spyware.ClientMan : Cleaned with backup
C:\Documents and Settings\Debbie Nigon\Cookies\debbie [email protected][2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Debbie Nigon\Cookies\debbie [email protected][1].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Debbie Nigon\Cookies\debbie [email protected][2].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Debbie Nigon\Cookies\debbie nigon@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Debbie Nigon\Cookies\debbie nigon@trafficmp[2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Debbie Nigon\Cookies\debbie nigon@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Debbie Nigon\Cookies\debbie [email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Debbie Nigon\Local Settings\Temp\installer_MARKETING50 -> TrojanDownloader.Adload.a : Cleaned with backup
C:\Documents and Settings\Debbie Nigon\Local Settings\Temp\msdioo.exe -> Trojan.Small.i : Cleaned with backup
C:\Documents and Settings\Debbie Nigon\Local Settings\Temp\nst112.EXE -> Spyware.SmartPops : Cleaned with backup
C:\Documents and Settings\Debbie Nigon\Local Settings\Temp\sa8.tmp.exe -> TrojanDownloader.Small.uf : Cleaned with backup
C:\Documents and Settings\Debbie Nigon\Local Settings\Temp\suicidetb.exe -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Debbie Nigon\Local Settings\Temp\uninstall.exe -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Debbie Nigon\Local Settings\Temporary Internet Files\Content.IE5\IFXTVC7S\tagger[1].dll -> Spyware.ClientMan : Cleaned with backup
C:\Documents and Settings\Debbie Nigon\Local Settings\Temporary Internet Files\Content.IE5\UNQFQL2R\2in1[1].dll -> Spyware.ClientMan : Cleaned with backup
C:\Documents and Settings\John D. Nigon\Local Settings\Temp\46.tmp.exe -> Spyware.WinShow : Cleaned with backup
C:\Documents and Settings\John D. Nigon\Local Settings\Temp\btgupg.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\John D. Nigon\Local Settings\Temp\iinstall.exe -> TrojanDownloader.IstBar : Cleaned with backup
C:\Documents and Settings\John D. Nigon\Local Settings\Temp\sa75.tmp.exe -> TrojanDownloader.Small.uf : Cleaned with backup
C:\Documents and Settings\John D. Nigon\Local Settings\Temp\suicidetb.exe -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\John D. Nigon\Local Settings\Temp\uninstall.exe -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\John D. Nigon\Local Settings\Temp\WKP\aurareco.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\John D. Nigon\Local Settings\Temp\WToolsB.dll -> Spyware.Wintol : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ENIDAH4R\protector_update[1].exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OT6N85YN\sideb[1].exe -> Spyware.EliteBar : Cleaned with backup
C:\Program Files\Aprps\CxtPls.dll -> Heuristic.Win32.Hijacker1 : Cleaned with backup
C:\Program Files\Common Files\aolback\Comps\coach\aolcinst.exe/fastengine.cab\data\player\AOLNySEV.exe -> Heuristic.Win32.Hijacker1 : Cleaned with backup
C:\Program Files\Common Files\aolback\Comps\coach\aolcinst.exe/fastengine.cab\data\player\AOLNySEV.exe -> Heuristic.Win32.Hijacker1 : Cleaned with backup
C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe -> Heuristic.Win32.Hijacker1 : Cleaned with backup
C:\Program Files\EarthLink 5.0\Access\conmgr.exe -> Heuristic.Win32.Dialer : Cleaned with backup
C:\Program Files\EarthLink 5.0\conmgr.exe -> Heuristic.Win32.Dialer : Cleaned with backup
C:\Program Files\EarthLink 5.0\Data1.cab/conmgr.exe -> Heuristic.Win32.Dialer : Cleaned with backup
C:\Program Files\EarthLink 5.0\Data1.cab/conmgr.exe1 -> Heuristic.Win32.Dialer : Cleaned with backup
C:\Program Files\Media Access\MediaAccess.exe -> Spyware.WinAD : Cleaned with backup
C:\RECYCLER\S-1-5-21-830062959-2755728395-1067147255-1007\Dc29.exe -> Trojan.Agent.bi : Cleaned with backup
C:\SearchInstall.exe -> Spyware.SearchSquire : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP236\A0052517.INI:idecb -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP236\A0052518.exe:bexhd -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP236\A0052518.exe -> TrojanDownloader.Agent.am : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP236\A0052522.exe -> Trojan.Revop.b : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP236\A0052523.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP237\A0052527.INI:idecb -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP237\A0052528.exe:bexhd -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP237\A0052528.exe -> TrojanDownloader.Agent.am : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP237\A0052531.exe -> Trojan.Revop.b : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP238\A0052532.INI:idecb -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP238\A0052533.exe:bexhd -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP238\A0052533.exe -> TrojanDownloader.Agent.am : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP239\A0052536.INI:idecb -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP239\A0052537.exe:bexhd -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP239\A0052537.exe -> TrojanDownloader.Agent.am : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP239\A0052545.INI:idecb -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP239\A0052546.exe:bexhd -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP239\A0052546.exe -> TrojanDownloader.Agent.am : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP239\A0052556.exe -> Trojan.Revop.b : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP239\A0052563.exe -> TrojanDownloader.OneClickNetSearch.i : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP239\A0052566.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP239\A0053542.INI:idecb -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP239\A0053543.exe:bexhd -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP239\A0053543.exe -> TrojanDownloader.Agent.am : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP239\A0053552.exe -> Trojan.Revop.b : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP239\A0053593.INI:idecb -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP239\A0053594.exe:bexhd -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP239\A0053594.exe -> TrojanDownloader.Agent.am : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP239\A0053604.exe -> Trojan.Revop.b : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP239\A0054594.INI:idecb -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP239\A0054595.exe:bexhd -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP239\A0054595.exe -> TrojanDownloader.Agent.am : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP239\A0054599.exe -> Trojan.Revop.b : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP239\A0054626.exe -> Trojan.Small.i : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP239\A0054644.INI:idecb -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP239\A0054645.exe:bexhd -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP239\A0054645.exe -> TrojanDownloader.Agent.am : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP239\A0054655.exe -> Trojan.Revop.b : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP239\A0054662.PIF:lrpbgv -> Spyware.SearchPage : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP239\A0054663.exe -> TrojanDownloader.OneClickNetSearch.i : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP239\A0055643.INI:idecb -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP239\A0055644.exe:bexhd -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP239\A0055644.exe -> TrojanDownloader.Agent.am : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP239\A0055654.exe -> Trojan.Revop.b : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP239\A0055662.PIF:lrpbgv -> Spyware.SearchPage : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP239\A0056643.INI:idecb -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP239\A0056644.exe:bexhd -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP239\A0056644.exe -> TrojanDownloader.Agent.am : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP239\A0056653.exe -> Trojan.Revop.b : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP240\A0056685.INI:idecb -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP240\A0056686.exe -> TrojanDownloader.Agent.am : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP240\A0056689.PIF:lrpbgv -> Spyware.SearchPage : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP240\A0057643.INI:idecb -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP240\A0057644.exe:bexhd -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP240\A0057644.exe -> TrojanDownloader.Agent.am : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP240\A0057655.exe -> Trojan.Revop.b : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP240\A0057677.PIF:lrpbgv -> Spyware.SearchPage : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP240\A0057678.dll -> Spyware.SearchPage : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP240\A0057692.INI:idecb -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP240\A0057693.exe:bexhd -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP240\A0057693.exe -> TrojanDownloader.Agent.am : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP240\A0057703.exe -> Trojan.Revop.b : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP240\A0057720.INI:idecb -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP240\A0057721.exe:bexhd -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP240\A0057721.exe -> TrojanDownloader.Agent.am : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP240\A0057726.exe -> Trojan.Revop.b : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP240\A0057749.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP240\A0057766.exe:bexhd -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP240\A0057766.exe -> TrojanDownloader.Agent.am : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP240\A0057773.PIF:lrpbgv -> Spyware.SearchPage : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP240\A0057806.INI:idecb -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP240\A0057807.exe:bexhd -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP240\A0057807.exe -> TrojanDownloader.Agent.am : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP240\A0057812.exe -> Trojan.Revop.b : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP240\A0057828.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP240\A0057833.PIF:lrpbgv -> Spyware.SearchPage : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP240\A0057834.exe -> Trojan.Small.i : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP240\A0057845.exe -> Trojan.Revop.A : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP240\A0057862.INI:idecb -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP240\A0057863.exe:bexhd -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP240\A0057863.exe -> TrojanDownloader.Agent.am : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP240\A0057868.exe -> Trojan.Revop.b : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP240\A0057880.exe -> TrojanDownloader.OneClickNetSearch.i : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP240\A0057891.PIF:lrpbgv -> Spyware.SearchPage : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP240\A0057909.INI:idecb -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP240\A0057910.exe:bexhd -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP240\A0057910.exe -> TrojanDownloader.Agent.am : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP240\A0057915.exe -> Trojan.Revop.b : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP240\A0057917.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP240\A0058908.exe:bexhd -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP240\A0058908.exe -> TrojanDownloader.Agent.am : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP240\A0058918.exe -> Trojan.Revop.b : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP240\A0058949.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP240\A0059908.exe:bexhd -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP240\A0059908.exe -> TrojanDownloader.Agent.am : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP240\A0059913.exe -> Trojan.Revop.b : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP240\A0059915.exe -> TrojanDownloader.OneClickNetSearch.i : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP241\A0059944.INI:idecb -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP241\A0059945.exe:bexhd -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP241\A0059945.exe -> TrojanDownloader.Agent.am : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP241\A0059947.dll -> Spyware.SearchPage : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP242\A0060019.INI:idecb -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP242\A0060020.exe:bexhd -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP242\A0060020.exe -> TrojanDownloader.Agent.am : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP242\A0060052.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP243\A0060060.INI:idecb -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP243\A0060061.exe:bexhd -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP243\A0060061.exe -> TrojanDownloader.Agent.am : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP243\A0060097.INI:idecb -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP243\A0060098.exe:bexhd -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP243\A0060098.exe -> TrojanDownloader.Agent.am : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP243\A0060108.exe -> Trojan.Revop.b : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP243\A0060115.exe -> TrojanDownloader.OneClickNetSearch.i : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP243\A0060140.INI:idecb -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP243\A0060141.exe:bexhd -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP243\A0060141.exe -> TrojanDownloader.Agent.am : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP243\A0060151.exe -> Trojan.Revop.b : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP243\A0060167.exe -> Trojan.Small.i : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP243\A0060184.INI:idecb -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP243\A0060185.exe:bexhd -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP243\A0060185.exe -> TrojanDownloader.Agent.am : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP243\A0060195.exe -> Trojan.Revop.b : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP243\A0060211.dll -> Spyware.SearchPage : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP243\A0060225.INI:idecb -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP243\A0060226.exe:bexhd -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP243\A0060226.exe -> TrojanDownloader.Agent.am : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP243\A0060236.exe -> Trojan.Revop.b : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP243\A0060253.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP243\A0060268.INI:idecb -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP243\A0060269.exe:bexhd -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP243\A0060269.exe -> TrojanDownloader.Agent.am : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP243\A0060272.exe -> Trojan.Revop.b : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP243\A0060286.exe -> TrojanDownloader.OneClickNetSearch.i : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP243\A0060309.INI:idecb -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP243\A0060311.exe:bexhd -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP243\A0060311.exe -> TrojanDownloader.Agent.am : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP243\A0060320.exe -> Trojan.Revop.b : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP243\A0060363.INI:idecb -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP243\A0060364.exe:bexhd -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP243\A0060364.exe -> TrojanDownloader.Agent.am : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP243\A0060382.exe -> TrojanDownloader.OneClickNetSearch.i : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP244\A0060411.INI:idecb -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP244\A0060412.exe:bexhd -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP244\A0060412.exe -> TrojanDownloader.Agent.am : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP244\A0060418.exe -> Trojan.Revop.b : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP244\A0060443.INI:idecb -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP244\A0060444.exe:bexhd -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP244\A0060444.exe -> TrojanDownloader.Agent.am : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP244\A0060454.exe -> Trojan.Revop.b : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP244\A0060483.INI:idecb -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP244\A0060484.exe:bexhd -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP244\A0060484.exe -> TrojanDownloader.Agent.am : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP244\A0060492.exe -> Trojan.Revop.b : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP244\A0060529.INI:idecb -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP244\A0060530.exe:bexhd -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP244\A0060530.exe -> TrojanDownloader.Agent.am : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP245\A0060549.INI:idecb -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP245\A0060550.exe:bexhd -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP245\A0060550.exe -> TrojanDownloader.Agent.am : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP247\A0060576.INI:idecb -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP247\A0060577.exe:bexhd -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP247\A0060577.exe -> TrojanDownloader.Agent.am : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP247\A0060587.exe -> Trojan.Revop.b : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP247\A0060606.dll -> Spyware.SearchPage : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP247\A0060625.INI:idecb -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP247\A0060626.exe:bexhd -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP247\A0060626.exe -> TrojanDownloader.Agent.am : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP247\A0060631.exe -> Trojan.Revop.b : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP248\A0060667.INI:idecb -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP248\A0060668.exe:bexhd -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP248\A0060668.exe -> TrojanDownloader.Agent.am : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP248\A0060677.exe -> Trojan.Revop.b : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP248\A0060695.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP248\A0060714.INI:idecb -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP248\A0060715.exe:bexhd -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP248\A0060715.exe -> TrojanDownloader.Agent.am : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP249\A0060738.INI:idecb -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP249\A0060739.exe:bexhd -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP249\A0060739.exe -> TrojanDownloader.Agent.am : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP249\A0060760.INI:idecb -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP249\A0060761.exe:bexhd -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP249\A0060761.exe -> TrojanDownloader.Agent.am : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP249\A0060766.exe -> Trojan.Revop.b : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP249\A0060777.INI:idecb -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP249\A0060778.exe:bexhd -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP249\A0060778.exe -> TrojanDownloader.Agent.am : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP249\A0060779.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP249\A0060784.exe -> Trojan.Revop.b : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP249\A0061777.INI:idecb -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP249\A0061779.exe:bexhd -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP249\A0061779.exe -> TrojanDownloader.Agent.am : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP249\A0061783.exe -> Trojan.Revop.b : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP249\A0061796.INI:idecb -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP249\A0061797.exe:bexhd -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP249\A0061797.exe -> TrojanDownloader.Agent.am : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP249\A0061803.exe -> Trojan.Revop.b : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP249\A0061843.INI:idecb -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP249\A0061844.exe:bexhd -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624
  • 0

#4
frustratedmom
Posted 08 July 2005 - 03:25 PM

frustratedmom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
I had some problems. Couldn't update defintions - couldn't find proxy or something. However, what I thought would start updating definitions, didn't.

I kept tapping F8 and didn't get option for Safe Mode - ran anyway. Later I ran both again when I could get into Safe Mode. The logs from before I got into Safe Mode are above. The ones from after are below.

Edited by frustratedmom, 09 July 2005 - 05:32 AM.

  • 0

#5
frustratedmom
Posted 08 July 2005 - 03:41 PM

frustratedmom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
My logs after running in Safe Mode are below. We've been using the internet since then, primarily Ebay and realtor web sites. However, although most of my problems seem to have disappeared, Spy Sweeper still catches traces of TIBS dialer, Trojans and Adware. Wondering if I can do anything more with HijackThis or if the only answer is to continually sweep and use ewida.

Edited by frustratedmom, 09 July 2005 - 05:30 AM.

  • 0

#6
frustratedmom
Posted 08 July 2005 - 05:57 PM

frustratedmom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
I'm sorry. I was able to get up in Safe Mode. Hope I didn't mess anything up by running the programs not in Safe Mode. Got to excuse me. The 21 month old has gotten into the trash twice since I started this and the 6 yr. old has woken the baby up from her nap and pestered me every two minutes - that is why I'm frustratedmom today.

So, anyway. I got into SafeMode and ran the Nail.cmd and the ewida. It caught another 248 things.

I have this post in My Favorites and don't have any trouble getting right to it anymore.

Husband home. I have some peace. Hoping to get this resolved. I've lived with these problems for 4 months because I have no time to sit here and fix. Like to get it done. I appreciate all your help.

Here are the new logs from my running nail and ewida in Safe Mode:


Logfile of HijackThis v1.99.1
Scan saved at 7:52:41 PM, on 7/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\FixforDrWatson\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\irsac.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\irsac.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\irsac.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\irsac.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
O2 - BHO: Class - {67402903-E9FC-3BCE-3676-D58D571EC50F} - C:\WINDOWS\system32\mswd.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1104793195\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\aol\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [msmc] C:\WINDOWS\system32\msmc.exe
O4 - HKLM\..\Run: [ptwbcrz] c:\windows\system32\ptwbcrz.exe
O4 - HKLM\..\Run: [sysbr.exe] C:\WINDOWS\system32\sysbr.exe
O4 - HKLM\..\Run: [etbrun] C:\windows\system32\elitevbe32.exe
O4 - HKLM\..\Run: [AutoLoaderpFqv1WbKaJaO] "C:\WINDOWS\system32\xacnify.exe" /HideDir /HideUninstall /PC="CP.KAI" /ShowLegalNote="nonbranded"
O4 - HKLM\..\Run: [regsync] C:\WINDOWS\system32\regsync.exe
O4 - HKLM\..\Run: [exp] C:\WINDOWS\system32\exp
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [ps9T3qe] objhttp.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [liconfgc] C:\WINDOWS\system32\liconfgc.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.05p.com (HKLM)
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.scoobidoo.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted IP range: 206.161.124.130 (HKLM)
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.14...tiveXImgCtl.CAB
O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\atlwy32.exe (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\aol\AOLSPY~1\\aolserv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--------------------------------


---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 7:50:21 PM, 7/8/2005
+ Report-Checksum: E1DBDD39

+ Scan result:

HKLM\SOFTWARE\AutoLoader -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\AutoLoader\pFqv1WbKaJaO -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\AutoLoader\pFqZ1WbKaJaO -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\BookedSpace.DLL -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\{0DC5CD7C-F653-4417-AA43-D457BE3A9622} -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\BookedSpace.Extension -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\BookedSpace.Extension\CLSID -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\BookedSpace.Extension\CurVer -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9} -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{05080E6B-A88A-4CFD-8C3D-9B2557670B6E} -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{0DC5CD7C-F653-4417-AA43-D457BE3A9622} -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9} -> Spyware.BookedSpace : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064298.dll -> Heuristic.Win32.Hijacker1 : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064299.exe/fastengine.cab\data\player\AOLNySEV.exe -> Heuristic.Win32.Hijacker1 : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064299.exe/fastengine.cab\data\player\AOLNySEV.exe -> Heuristic.Win32.Hijacker1 : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064300.exe -> Heuristic.Win32.Hijacker1 : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064301.exe -> Heuristic.Win32.Dialer : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064302.exe -> Heuristic.Win32.Dialer : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064303.exe -> Spyware.WinAD : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064304.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064305.exe -> Spyware.SearchSquire : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064306.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064307.dll -> Trojan.Feat : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064308.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064309.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064310.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064311.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064312.dll -> Trojan.Feat : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064313.dll -> Trojan.Feat : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064314.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064315.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064316.exe -> Trojan.Agent.em : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064317.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064318.dll -> Trojan.Feat : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064319.exe -> Trojan.Agent.em : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064320.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064321.dll:zvzhbp -> Spyware.OneMoreSearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064321.dll -> Heuristic.Win32.Hijacker1 : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064322.INI:idecb -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064323.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064324.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064325.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064326.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064327.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064328.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064329.exe:bexhd -> Trojan.Agent.em : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064329.exe -> TrojanDownloader.Agent.am : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064330.exe -> Trojan.Agent.em : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064331.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064332.dll -> Trojan.Feat : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064333.dll -> Trojan.Feat : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064334.dll -> Trojan.Feat : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064335.exe -> Trojan.Agent.em : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064336.exe -> Trojan.Agent.em : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064337.exe -> Trojan.Agent.em : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064338.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064339.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064340.dll -> Spyware.OneMoreSearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064341.exe -> Spyware.SmartPops : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064342.exe -> TrojanDownloader.Agent.ap : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064343.exe -> Trojan.Agent.em : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064344.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064345.exe -> Trojan.Agent.em : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064346.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064347.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064348.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064349.exe -> Trojan.Agent.em : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064350.exe -> Trojan.Agent.em : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064351.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064352.exe -> Trojan.Agent.em : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064353.dll -> Spyware.SearchPage : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064354.ini:mzclbg -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064355.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064356.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064357.exe -> Trojan.Agent.em : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064358.dll -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064359.dll -> Trojan.Feat : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064360.dll -> Trojan.Feat : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064361.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064362.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064363.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064364.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064365.exe -> Trojan.Agent.em : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064366.exe -> TrojanDownloader.Small.ajr : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064367.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064368.exe -> TrojanDownloader.Small.ajr : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064369.exe -> Spyware.NoName : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064370.dll -> Spyware.SearchPage : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064371.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064372.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064373.exe -> TrojanDownloader.Agent.ap : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064374.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064375.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064376.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064377.dll -> Spyware.ImiBar : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064378.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064379.exe -> Trojan.Agent.em : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064380.exe -> Trojan.Agent.em : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064381.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064382.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064383.exe -> Trojan.Agent.em : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064384.exe -> Trojan.Agent.em : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064385.exe -> Trojan.Agent.em : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064386.exe -> Trojan.Agent.em : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064387.dll -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064388.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064389.exe -> Trojan.Revop.b : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064390.DLL -> Spyware.SafeSurfing : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064391.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064392.dll -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064393.exe -> Trojan.Agent.em : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064394.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064395.exe -> Trojan.Agent.em : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064396.dll -> Trojan.Feat : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064397.dll -> Trojan.Feat : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064398.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064399.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064400.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064401.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064402.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064403.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064404.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064405.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064406.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064407.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064408.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064409.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064410.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064411.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064412.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064413.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064414.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064415.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064416.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064417.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064418.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064419.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064420.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064421.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064422.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064423.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064424.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064425.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064426.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064427.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064428.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064429.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064430.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064431.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064432.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064433.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064434.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064435.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064436.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064437.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064438.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064439.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064440.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064441.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064442.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064443.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064444.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064445.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064446.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064447.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064448.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064449.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064450.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064451.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064452.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064453.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064454.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064455.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064456.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064457.exe -> Trojan.Revop.b : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064458.exe -> TrojanDownloader.Agent.hw : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064459.exe -> Trojan.Agent.em : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064460.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064461.exe -> Trojan.Agent.em : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064462.exe -> Trojan.Agent.em : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064463.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064464.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064465.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064466.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064467.exe -> Spyware.DealHelper : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064468.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064469.exe -> Trojan.Revop.b : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064470.exe -> Spyware.WinAD : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064471.exe -> Trojan.Agent.em : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064472.dll -> Trojan.Feat : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064473.exe -> Trojan.Revop.b : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064474.exe -> TrojanDownloader.Small.ajr : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064475.dll -> Trojan.Feat : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064476.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064477.dll -> Trojan.Feat : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064478.exe -> Trojan.Agent.em : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064479.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064480.dll -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064481.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064482.exe -> Trojan.Agent.em : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064483.dll -> Trojan.Feat : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064484.exe -> Trojan.Agent.em : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064485.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064486.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064487.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064488.dll -> Trojan.Feat : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064489.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064490.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064491.exe -> Trojan.Agent.em : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064492.dll -> Trojan.Feat : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064493.exe -> Trojan.Agent.em : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064494.exe -> Trojan.Agent.em : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064495.exe -> Spyware.DealHelper : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064496.exe -> Spyware.DealHelper : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064497.exe -> Trojan.Revop.b : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064498.exe -> Trojan.Revop.b : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064499.dll -> Spyware.OneMoreSearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064500.dll -> Spyware.OneMoreSearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064501.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064502.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064503.exe -> Trojan.Agent.em : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064504.exe -> Trojan.Agent.em : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064505.dll -> Trojan.Feat : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064506.exe -> Trojan.Revop.b : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064507.exe -> Trojan.Agent.em : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064508.exe -> Trojan.Revop.b : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064509.exe -> Trojan.Revop.b : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064510.dll -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064511.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064512.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064513.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064514.exe -> Spyware.DealHelper : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064515.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064516.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064517.exe -> TrojanDownloader.Agent.gg : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064518.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064519.PIF:azxme -> Trojan.Feat : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064519.PIF:gdslh -> Trojan.Feat : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064519.PIF:ilzxy -> Trojan.Feat : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064519.PIF:jufhxr -> Trojan.Agent.em : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064519.PIF:lnvvw -> Trojan.Feat : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064519.PIF:oilrvx -> Trojan.Agent.em : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064519.PIF:pfipv -> Trojan.Feat : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064519.PIF:psckjk -> Trojan.Agent.em : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064519.PIF:qfthhf -> Trojan.Agent.em : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064519.PIF:tezzc -> Trojan.Feat : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064519.PIF:tfoit -> Trojan.Feat : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064519.PIF:utyyxo -> Trojan.Agent.em : Cleaned with backup


::Report End
  • 0

#7
ScHwErV
Posted 09 July 2005 - 08:36 PM

ScHwErV

    Member 5k

  • Retired Staff
  • 21,285 posts
  • MVP
Looking good so far. How are things running now?

Just so you know, I dont get online much from home, especially on the weekends, but I will try to get back with you as soon as I can.

Lets go after the next infection.

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

This will likely be a few step process in removing the malware that has infected your system. I encourage you to stick with it and follow my directions as closely as possible so as to avoid complicating the problem further.

You have a nasty CoolWebSearch infection. First we will need to download a few tools that will help us in the removal of your problem.

Download about:buster by RubbeRDuckY Here.
Download CWShredder Here.
Download and install CleanUp! Here

Save all of these files somewhere you will remember like to the Desktop.

Run the CleanUp! installer. You dont need to do anything with it right now.

Update About:Buster
  • Unzip the contents of AboutBuster.zip and an AboutBuster directory will be created.
  • Navigate to the AboutBuster directory and double-click on AboutBuster.exe.
  • Click "OK" at the prompt with instructions.
  • Click "Update" and then "Check For Update" to begin the update process.
  • If any updates exist please download them by clicking "Download Update" then click the X to close that window.
  • Now close About:Buster
Update CWShredder
  • Open CWShredder and click I AGREE
  • Click Check For Update
  • Close CWShredder
Boot into Safe Mode:
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Please run about:buster by RubbeRDuckY:
  • Click Start and then OK to allow AboutBuster to scan for Alternate Data Streams.
  • Click Yes to allow it to shutdown explorer.exe.
  • It will begin to check your computer for malicious files. If it asks if you would like to do a second pass, allow it to do so.
  • When it has finished, click Save Log. Make sure you save it as I may need a copy of it later.
  • Reboot your computer into safe mode again
Run about:buster again following the same instructions as above, this time without the restart at the end

Now run CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about.

Now run CleanUp!. Click CleanUp and allow it to delete all the temporary files.Reboot your computer into normal windows.

Please run an on-line virus scan at Kaspersky OnLine Scan or if that doesnt work, you can use TrendMicro or BitDefender. (Please post the results of the scan(s) in your next reply)

After all that, please post back with how things went as well as the logs requested and a new HiJackThis log.

Good Luck

ScHwErV :tazz:
  • 0

#8
frustratedmom
Posted 10 July 2005 - 07:34 AM

frustratedmom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Thanks for your reply on a weekend. Appreciate it.

When I logged on this Sunday morning, logged on as my husband (just to see what would happen). Received the Dr. Watson Postmortum Debugger error and the Internet Explorer Window was open. I deleted a folder of Favorites I didn't recognize or want. We use AOL favorites anyway. We shouldn't have any Explorer favorites.

Got your message. Followed instructions.
Went to SafeMode
Ran About Buster. Basically removed a few streams and found not much of anything terrible. Rebooted in Safe Mode, ran again. Same result - not much of anything.
Ran CW Shredder - It removed CWS Homepage and didn't find much else to remove.
Ran CleanUp - deleted about 9500 files, clearing 330 MB free space. It said some files were open so I rebooted in Safe Mode, ran again. Cleared another 88 files, approx 10mb.

AboutBuster 5.0 reference file 28
Scan started on [7/8/2005] at [2:05:01 PM]
------------------------------------------------
Removed Stream! C:\WINDOWS\AolCInUn.exe:yglcdd
Removed Stream! C:\WINDOWS\Blue Lace 16.bmp:piahha
Removed Stream! C:\WINDOWS\BOOTSTAT.DAT:hugczf
Removed Stream! C:\WINDOWS\BOOTSTAT.DAT:xxugp
Removed Stream! C:\WINDOWS\cihqy.txt:qyelj
Removed Stream! C:\WINDOWS\CLOCK.AVI:mcmuvm
Removed Stream! C:\WINDOWS\COMSETUP.LOG:hbabr
Removed Stream! C:\WINDOWS\corelpf.lrs:fdehpw
Removed Stream! C:\WINDOWS\DELL.BMP:gdxbov
Removed Stream! C:\WINDOWS\disney.ini:zwpgqf
Removed Stream! C:\WINDOWS\DtcInstall.log:jzalc
Removed Stream! C:\WINDOWS\DtcInstall.log:kzakmt
Removed Stream! C:\WINDOWS\EXPLORER.SCF:datqge
Removed Stream! C:\WINDOWS\EXPLORER.SCF:ytgox
Removed Stream! C:\WINDOWS\gbhhv.txt:tcdjte
Removed Stream! C:\WINDOWS\gnxdw.log:luoooo
Removed Stream! C:\WINDOWS\ieuninst.exe:rhdna
Removed Stream! C:\WINDOWS\INRES.DLL:jhwtv
Removed Stream! C:\WINDOWS\jautoexp.dat:bdhxjx
Removed Stream! C:\WINDOWS\jautoexp.dat:evchkq
Removed Stream! C:\WINDOWS\jnaka.txt:ijevjc
Removed Stream! C:\WINDOWS\KB821557.log:bjxadn
Removed Stream! C:\WINDOWS\KB821557.log:tucvvj
Removed Stream! C:\WINDOWS\KB821557.log:vvdcql
Removed Stream! C:\WINDOWS\KB824141.log:kbpliy
Removed Stream! C:\WINDOWS\KB825119.log:ezeda
Removed Stream! C:\WINDOWS\KB828035.log:tntfo
Removed Stream! C:\WINDOWS\KB835732.log:ndvyux
Removed Stream! C:\WINDOWS\KB835732.log:srvcno
Removed Stream! C:\WINDOWS\KB835732.log:vdteel
Removed Stream! C:\WINDOWS\KB841533.log:vticmz
Removed Stream! C:\WINDOWS\KB842773.log:fwodxh
Removed Stream! C:\WINDOWS\KB842773.log:gxenl
Removed Stream! C:\WINDOWS\KB873376.log:gulmal
Removed Stream! C:\WINDOWS\KB885835.log:jjaqjo
Removed Stream! C:\WINDOWS\KB886185.log:pwwmb
Removed Stream! C:\WINDOWS\KB888113.log:vihys
Removed Stream! C:\WINDOWS\KB888302.log:qmbbqn
Removed Stream! C:\WINDOWS\KB890923.log:pzladv
Removed Stream! C:\WINDOWS\KB891711.log:hyhzxi
Removed Stream! C:\WINDOWS\KB893066.log:iaeggx
Removed Stream! C:\WINDOWS\KB893086.log:vvkqad
Removed Stream! C:\WINDOWS\kodakpcd.John D. Nigon.ini:owdduf
Removed Stream! C:\WINDOWS\Live.bmp:xxyirs
Removed Stream! C:\WINDOWS\Live.ico:esmzdq
Removed Stream! C:\WINDOWS\Live.ico:xtfex
Removed Stream! C:\WINDOWS\lyifv.log:zpgoqa
Removed Stream! C:\WINDOWS\ModemLog_Conexant SmartHSFi V92 56K Speakerphone PCI Modem.txt:rqytsd
Removed Stream! C:\WINDOWS\MSGSOCM.LOG:xppcp
Removed Stream! C:\WINDOWS\mufak.txt:fvxnv
Removed Stream! C:\WINDOWS\ntbtlog.txt:nyzvar
Removed Stream! C:\WINDOWS\ntbtlog.txt:qqzhj
Removed Stream! C:\WINDOWS\ntdtcsetup.log:lvthq
Removed Stream! C:\WINDOWS\n_btgoes.log:qhkyd
Removed Stream! C:\WINDOWS\n_cncgcb.dat:yluvc
Removed Stream! C:\WINDOWS\n_kjdnpg.log:kqbhk
Removed Stream! C:\WINDOWS\n_lzeteo.log:uyicy
Removed Stream! C:\WINDOWS\n_mhxjzm.txt:xshoeh
Removed Stream! C:\WINDOWS\n_nfqghh.txt:cphyn
Removed Stream! C:\WINDOWS\n_oijeae.dat:lrpqo
Removed Stream! C:\WINDOWS\n_xtdrwz.log:ntzpmz
Removed Stream! C:\WINDOWS\OCMSN.LOG:gujco
Removed Stream! C:\WINDOWS\OEWABLog.txt:iocbj
Removed Stream! C:\WINDOWS\ojbov.log:mkdrhm
Removed Stream! C:\WINDOWS\orun32.isu:ecwejw
Removed Stream! C:\WINDOWS\orun32.isu:hrepcp
Removed Stream! C:\WINDOWS\orun32.isu:uexicv
Removed Stream! C:\WINDOWS\P16x.ini:kmepry
Removed Stream! C:\WINDOWS\P16x.ini:wpjho
Removed Stream! C:\WINDOWS\Prairie Wind.bmp:pdgjez
Removed Stream! C:\WINDOWS\PROTOCOL.INI:jwfaf
Removed Stream! C:\WINDOWS\pxckdlauninstall.exe:csiyzj
Removed Stream! C:\WINDOWS\Q323255.log:hezpgj
Removed Stream! C:\WINDOWS\Q323255.log:jkmiek
Removed Stream! C:\WINDOWS\Q328213.log:vtbdtu
Removed Stream! C:\WINDOWS\Q328310.log:blenyn
Removed Stream! C:\WINDOWS\Q329048.log:sfaziz
Removed Stream! C:\WINDOWS\Q330994.exe:idcish
Removed Stream! C:\WINDOWS\Q331060.log:whmzvm
Removed Stream! C:\WINDOWS\Q810565.log:tevomj
Removed Stream! C:\WINDOWS\Q810577.log:gtoad
Removed Stream! C:\WINDOWS\Q810833.log:oifepw
Removed Stream! C:\WINDOWS\Q810833.log:wzyywu
Removed Stream! C:\WINDOWS\Q814033.log:ajrfm
Removed Stream! C:\WINDOWS\Q814033.log:ozrlrf
Removed Stream! C:\WINDOWS\Q814033.log:yixsrh
Removed Stream! C:\WINDOWS\Q815021.log:hulzo
Removed Stream! C:\WINDOWS\Q817287.log:zesvki
Removed Stream! C:\WINDOWS\Q819696.log:hajqtp
Removed Stream! C:\WINDOWS\Q828026.log:zpjzwk
Removed Stream! C:\WINDOWS\QTFont.qfn:ctwmun
Removed Stream! C:\WINDOWS\QTFont.qfn:ztuvnr
Removed Stream! C:\WINDOWS\QUICKEN.INI:bgvfgv
Removed Stream! C:\WINDOWS\Rhododendron.bmp:ugnsbf
Removed Stream! C:\WINDOWS\River Sumida.bmp:giodp
Removed Stream! C:\WINDOWS\Santa Fe Stucco.bmp:mchxoj
Removed Stream! C:\WINDOWS\SBWIN.INI:yihjj
Removed Stream! C:\WINDOWS\sessmgr.setup.log:infepx
Removed Stream! C:\WINDOWS\SETUPLOG.TXT:yxzbs
Removed Stream! C:\WINDOWS\SYSTEM.INI:lmmuh
Removed Stream! C:\WINDOWS\TASKMAN.EXE:dlxppc
Removed Stream! C:\WINDOWS\TWAIN.DLL:yxdfqy
Removed Stream! C:\WINDOWS\TWUNK_32.EXE:iezdsm
Removed Stream! C:\WINDOWS\TWUNK_32.EXE:rxwlki
Removed Stream! C:\WINDOWS\uninst.exe:qdfmw
Removed Stream! C:\WINDOWS\unvise32qt.exe:jyhqmt
Removed Stream! C:\WINDOWS\UP9ASP.INI:wfezbw
Removed Stream! C:\WINDOWS\VBADDIN.INI:ofpevg
Removed Stream! C:\WINDOWS\VBADDIN.INI:zaaebs
Removed Stream! C:\WINDOWS\vminst.log:cudfu
Removed Stream! C:\WINDOWS\Windows Update.log:kbexpe
Removed Stream! C:\WINDOWS\Windows Update.log:zhaxst
Removed Stream! C:\WINDOWS\wininit.ini:ccwcrp
Removed Stream! C:\WINDOWS\wininit.ini:iqpabn
Removed Stream! C:\WINDOWS\WINNT.BMP:giodp
Removed Stream! C:\WINDOWS\WINNT.BMP:ojyof
Removed Stream! C:\WINDOWS\wmsetup.log:aiinvx
Removed Stream! C:\WINDOWS\wmsetup.log:vcphmr
Removed Stream! C:\WINDOWS\WMSysPrx.prx:fpvpwj
Removed Stream! C:\WINDOWS\WMSysPrx.prx:spdqh
Removed Stream! C:\WINDOWS\WMSysPrx.prx:vozuke
Removed Stream! C:\WINDOWS\xjkbg.txt:nvznoc
Removed Stream! C:\WINDOWS\Zapotec.bmp:iigasw
Removed Stream! C:\WINDOWS\Zapotec.bmp:xeznln
Removed Stream! C:\WINDOWS\_DEFAULT.PIF:ajrfmg
Removed Stream! C:\WINDOWS\_DEFAULT.PIF:cesiih
Removed Stream! C:\WINDOWS\_DEFAULT.PIF:cnpmzu
Removed Stream! C:\WINDOWS\_DEFAULT.PIF:dquwh
Removed Stream! C:\WINDOWS\_DEFAULT.PIF:epawnp
Removed Stream! C:\WINDOWS\_DEFAULT.PIF:gjexpz
Removed Stream! C:\WINDOWS\_DEFAULT.PIF:ifmmjp
Removed Stream! C:\WINDOWS\_DEFAULT.PIF:irwumm
Removed Stream! C:\WINDOWS\_DEFAULT.PIF:jfved
Removed Stream! C:\WINDOWS\_DEFAULT.PIF:jmzchl
Removed Stream! C:\WINDOWS\_DEFAULT.PIF:jnkpqi
Removed Stream! C:\WINDOWS\_DEFAULT.PIF:kdavow
Removed Stream! C:\WINDOWS\_DEFAULT.PIF:lrpbgv
Removed Stream! C:\WINDOWS\_DEFAULT.PIF:ltaft
Removed Stream! C:\WINDOWS\_DEFAULT.PIF:nujdrz
Removed Stream! C:\WINDOWS\_DEFAULT.PIF:okdeqo
Removed Stream! C:\WINDOWS\_DEFAULT.PIF:ooygt
Removed Stream! C:\WINDOWS\_DEFAULT.PIF:paclm
Removed Stream! C:\WINDOWS\_DEFAULT.PIF:pqepkb
Removed Stream! C:\WINDOWS\_DEFAULT.PIF:rmgwnb
Removed Stream! C:\WINDOWS\_DEFAULT.PIF:sadfm
Removed Stream! C:\WINDOWS\_DEFAULT.PIF:tmcqu
Removed Stream! C:\WINDOWS\_DEFAULT.PIF:vbbptg
Removed Stream! C:\WINDOWS\_DEFAULT.PIF:veasgq
Removed Stream! C:\WINDOWS\_DEFAULT.PIF:vjkyoe
Removed Stream! C:\WINDOWS\_DEFAULT.PIF:wgdsy
Removed Stream! C:\WINDOWS\_DEFAULT.PIF:ygoyye
Removed Stream! C:\WINDOWS\_DEFAULT.PIF:zluqlu
------------------------------------------------
Removed File! : C:\Windows\ailnk.dll
Removed File! : C:\Windows\bajjz.dat
Removed File! : C:\Windows\csiyz.dat
Removed File! : C:\Windows\ejhnm.dat
Removed File! : C:\Windows\eufgd.dll
Removed File! : C:\Windows\irsac.dll
Removed File! : C:\Windows\jgsoz.dll
Removed File! : C:\Windows\jxpaf.dat
Removed File! : C:\Windows\lytsy.dll
Removed File! : C:\Windows\mjjbc.dll
Removed File! : C:\Windows\msad32.exe.bak
Removed File! : C:\Windows\newae.dat
Removed File! : C:\Windows\ppzkf.dat
Removed File! : C:\Windows\qkvra.dat
Removed File! : C:\Windows\sdkgp.exe.bak
Removed File! : C:\Windows\shnbm.dll
Removed File! : C:\Windows\winbh.dll
Removed File! : C:\Windows\zhxul.dll
Removed File! : C:\Windows\zmrgk.dll
Removed File! : C:\Windows\System32\ajcdc.dat
Removed File! : C:\Windows\System32\apimg.dat
Removed File! : C:\Windows\System32\bowbk.dll
Removed File! : C:\Windows\System32\dinda.dll
Removed File! : C:\Windows\System32\enllu.dll
Removed File! : C:\Windows\System32\gejva.dat
Removed File! : C:\Windows\System32\hexgm.dat
Removed File! : C:\Windows\System32\hrwsy.dll
Removed File! : C:\Windows\System32\ifcyi.dat
Removed File! : C:\Windows\System32\imgqk.dll
Removed File! : C:\Windows\System32\infep.dat
Removed File! : C:\Windows\System32\llujk.dll
Removed File! : C:\Windows\System32\mfcpb32.exe
Removed File! : C:\Windows\System32\ostcc.dat
Removed File! : C:\Windows\System32\rjqxm.dat
Removed File! : C:\Windows\System32\rrxep.dll
Removed File! : C:\Windows\System32\sfqbf.dat
Removed File! : C:\Windows\System32\vaazv.dat
Removed File! : C:\Windows\System32\vdkib.dat
Removed File! : C:\Windows\System32\vxhaz.dat
Removed File! : C:\Windows\System32\wjqul.dat
Removed File! : C:\Windows\System32\yyynx.dat
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 2:05:36 PM


AboutBuster 5.0 reference file 30
Scan started on [7/10/2005] at [8:26:00 AM]
------------------------------------------------
No Ads Found!
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 8:26:20 AM


Back up in Regular Windows. Downloaded Beta Test Version of Kapernesky Anti Virus 4.0. and ran Extended Scan on My Computer. Results below:

-------------------------------------------------------------------------------
KASPERSKY ANTI-VIRUS WEB SCANNER REPORT
Sunday, July 10, 2005 10:10:38
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Anti-Virus Web Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 10/07/2005
Kaspersky Anti-Virus database records: 137593
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 58989
Number of viruses found: 47
Number of infected objects: 379
Number of suspicious objects: 4
Duration of the scan process: 2067 sec

Infected Object Name - Virus Name
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\TIBS.zip/125439.exe Suspicious: Password-protected-EXE
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\TIBS.zip Suspicious: Password-protected-EXE
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\TIBS6.zip/125439.exe Suspicious: Password-protected-EXE
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\TIBS6.zip Suspicious: Password-protected-EXE
C:\Documents and Settings\John D. Nigon\Application Data\eetu.exe Infected: not-a-virus:AdWare.PurityScan.w
C:\Documents and Settings\John D. Nigon\Application Data\ttuh.exe Infected: not-a-virus:AdWare.PurityScan.w
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\10480937.asw Infected: Trojan-Downloader.Win32.Agent.bc
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\10481468.asw Infected: Trojan-Downloader.Win32.Agent.bc
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\10481640.asw Infected: Trojan-Downloader.Win32.Agent.bc
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\10481796.asw Infected: not-a-virus:AdWare.ClientMan
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\10481906.asw Infected: Trojan-Downloader.Win32.Agent.bc
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\10482031.asw Infected: Trojan.Win32.Agent.ay
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\10482203.asw Infected: not-a-virus:AdWare.BiSpy.t
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\10482250.asw Infected: Trojan-Downloader.Win32.Agent.bc
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\10482312.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\36562966.asw Infected: not-a-virus:AdWare.ClientMan
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\36570466.asw Infected: not-a-virus:AdWare.ClientMan
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\37654532.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\37657342.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\37657502.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\37658122.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\37658902.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\37659532.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\37659682.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\37660312.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\37660782.asw Infected: Trojan-Downloader.Win32.Agent.bc
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\37661092.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\37661712.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\37662032.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\37662342.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\37663122.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\37663432.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\37663752.asw Infected: Trojan-Downloader.Win32.Agent.bc
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\37664532.asw Infected: Trojan.Win32.HideProc.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\37664842.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\37665312.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\37666252.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\37666712.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\37667032.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\37668122.asw Infected: Trojan-Downloader.Win32.Agent.bc
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\37668592.asw Infected: Trojan-Downloader.Win32.Agent.bc
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\37669372.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\37669682.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\37670462.asw Infected: Trojan-Downloader.Win32.Agent.bc
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\37671712.asw Infected: Trojan-Downloader.Win32.Tibser.c
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\37672342.asw Infected: Trojan-Downloader.Win32.Agent.ap
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\37674842.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\37675312.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\37675782.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\37676252.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\37676872.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\37677182.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\37677962.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\37679212.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\37680312.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\37682652.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\37685782.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\37686712.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\37687652.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\37689372.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\37691092.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\37692812.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\37694372.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\37695312.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\37695932.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\37696252.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\37696712.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\37697032.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\37697652.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\37698122.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\37698592.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\37699372.asw Infected: not-a-virus:AdWare.180Solutions
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\37700002.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\37700462.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\37700932.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\37701252.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\37701872.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\37702652.asw Infected: Trojan-Downloader.Win32.Agent.bc
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\37703282.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\37703592.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\37704212.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\37704532.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\37705002.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\37705462.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\37705782.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\37706252.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\37706712.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\37707182.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\37707962.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\37708432.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\37708903.asw Infected: Trojan-Downloader.Win32.Agent.bc
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\37709373.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\37709843.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\37710313.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\37710623.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\37711093.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\37711563.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\37712183.asw Infected: Trojan-Downloader.Win32.Agent.bc
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\37712963.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\37713433.asw Infected: Trojan-Downloader.Win32.Agent.bc
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\37713903.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\37714213.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\37714683.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\37715153.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\37715463.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\37716093.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\37716563.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\37722653.asw Infected: not-a-virus:AdWare.ClientMan
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\40621093.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\40622183.asw Infected: Trojan-Downloader.Win32.Agent.bc
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\40622503.asw Infected: not-a-virus:AdWare.BiSpy.t
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\40623283.asw Infected: Trojan.Win32.Agent.ay
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\40625783.asw Infected: Trojan-Downloader.Win32.Agent.bc
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\40626403.asw Infected: Trojan-Downloader.Win32.Agent.bc
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\40628753.asw Infected: not-a-virus:AdWare.ClientMan
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\40636563.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\40637653.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\40638593.asw Infected: Trojan-Downloader.Win32.Agent.bc
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\40639213.asw Infected: Trojan-Downloader.Win32.Agent.bc
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\40639843.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\40640623.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\40640933.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\40641403.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\40641713.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\40642503.asw Infected: Trojan-Downloader.Win32.Agent.bc
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\40642963.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\40643593.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\40644213.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\40644683.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\40645153.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\40645463.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\40646093.asw Infected: Trojan-Downloader.Win32.Agent.bc
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\40646563.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\40647183.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\40647503.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\40647963.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\40648593.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\40648903.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\40649533.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\40650153.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\40651253.asw Infected: Trojan-Downloader.Win32.IstBar.gj
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\40656403.asw Infected: not-a-virus:AdWare.ClientMan
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\40659533.asw Infected: Trojan.Win32.Agent.ay
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\40661093.asw Infected: not-a-virus:AdWare.BiSpy.t
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\40662503.asw Infected: not-a-virus:AdWare.BiSpy.t
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\40663433.asw Infected: not-a-virus:AdWare.BetterInternet
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\40665463.asw Infected: not-a-virus:AdWare.ClientMan
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\48047656.asw Infected: not-a-virus:AdWare.Apropos.f
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\48075316.asw Infected: not-a-virus:AdWare.Apropos.f
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\48076256.asw Infected: not-a-virus:AdWare.Apropos.f
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\48112656.asw Infected: not-a-virus:AdWare.Apropos.f
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\48121096.asw Infected: not-a-virus:AdWare.TotalVelocity.aj
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\48121876.asw Infected: not-a-virus:AdWare.TotalVelocity.v
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\48124846.asw Infected: not-a-virus:AdWare.TotalVelocity.aj
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\48131256.asw Infected: not-a-virus:AdWare.Apropos.f
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\48154066.asw Infected: not-a-virus:AdWare.Apropos.k
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\48158596.asw Infected: not-a-virus:AdWare.ClientMan
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\48169686.asw Infected: not-a-virus:AdWare.ClientMan
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\55683598.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\55684689.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\55685009.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\55685469.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\55686099.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\55686719.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\55687189.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\55687509.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\55687819.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\55689219.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\55689531.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\55689841.asw Infected: Trojan-Downloader.Win32.Agent.bc
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\55690151.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\55690931.asw Infected: Trojan-Downloader.Win32.Agent.bc
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\55691401.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\55691871.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\55692651.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\55692961.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\55693281.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\55693751.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\55694371.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\55694841.asw Infected: Trojan-Downloader.Win32.Agent.bc
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\55695311.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\55695931.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\55696251.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\55696711.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\55698121.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\55698431.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\55698901.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\55700001.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\55700311.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\55700931.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\55701251.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\55701871.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\55702651.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\55702961.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\55703591.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\55704681.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\55705001.asw Infected: Trojan-Downloader.Win32.Agent.bc
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\55705461.asw Infected: Trojan-Downloader.Win32.Agent.ap
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\55705781.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\55706871.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\55707181.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\55707651.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\55707961.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\55708281.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\55711251.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\55711711.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\55712501.asw Infected: Trojan-Downloader.Win32.Tibser.c
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\55713281.asw Infected: not-a-virus:AdWare.180Solutions
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\55714371.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\55715001.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\55715461.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\55716251.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\55716561.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\55717811.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\55718121.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\55718431.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\55720311.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\55720621.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\55720931.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\55721561.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\55722031.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\55722811.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\55723591.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\55723901.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\55724371.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\55725311.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\55725621.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\55726401.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\55727501.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\55727811.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\55728281.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\55729681.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\55730151.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\55730621.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\55731871.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\55732181.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\55732501.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\55732961.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\55733281.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\55740781.asw Infected: Trojan-Downloader.Win32.Agent.bc
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\55743901.asw Infected: Trojan-Downloader.Win32.Agent.ap
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\55745781.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\55746251.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\55754212.asw Infected: Trojan-Downloader.Win32.IstBar.gm
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\55755002.asw Infected: not-a-virus:AdWare.BiSpy.o
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\55755782.asw Infected: not-a-virus:AdWare.BiSpy.o
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\55757032.asw Infected: not-a-virus:AdWare.BiSpy.o
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\55772342.asw Infected: Trojan.Win32.HideProc.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\55773592.asw/data0001 Infected: not-a-virus:AdWare.WebRebates.g
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\55773592.asw Infected: not-a-virus:AdWare.WebRebates.g
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\55773902.asw Infected: Trojan.Win32.HideProc.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\57456715.asw Infected: not-a-virus:AdWare.ClientMan
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\57457505.asw Infected: not-a-virus:AdWare.Apropos.b
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\60443904.asw Infected: not-a-virus:AdWare.ClientMan
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\60447654.asw Infected: not-a-virus:AdWare.ClientMan
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\60450464.asw Infected: not-a-virus:AdWare.ClientMan
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\60558596.asw Infected: Trojan-Downloader.Win32.IstBar.gen
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\60686407.asw/stream/data0006 Infected: not-a-virus:AdWare.Relevance.b
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\60686407.asw/stream Infected: not-a-virus:AdWare.Relevance.b
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\60686407.asw Infected: not-a-virus:AdWare.Relevance.b
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\60687658.asw/stream/data0006 Infected: not-a-virus:AdWare.Relevance.b
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\60687658.asw/stream Infected: not-a-virus:AdWare.Relevance.b
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\60687658.asw Infected: not-a-virus:AdWare.Relevance.b
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\60720158.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\60720318.asw Infected: Trojan-Downloader.Win32.Agent.ap
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\60720788.asw Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\75434844.asw Infected: Trojan-Downloader.Win32.Agent.bc
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\75440784.asw Infected: Trojan-Downloader.Win32.Agent.bc
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\75442344.asw Infected: not-a-virus:AdWare.ClientMan
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\75446404.asw Infected: not-a-virus:AdWare.ClientMan
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\75448124.asw Infected: not-a-virus:AdWare.ClientMan
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\75450154.asw Infected: Trojan-Downloader.Win32.Agent.bc
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\75455154.asw Infected: not-a-virus:AdWare.ClientMan
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\75456404.asw Infected: Trojan-Downloader.Win32.Dyfuca.du
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\75458124.asw Infected: not-a-virus:AdWare.ClientMan
C:\Program Files\Common Files\aol\AOL Spyware Protection\Backup\QMem0628200523253563234.asw Infected: Trojan-Downloader.Win32.Small.abd
C:\Program Files\Media Access\MediaAccC.dll Infected: not-a-virus:AdWare.WinAD.bd
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP239\A0053578.isu:uexicv:$DATA Infected: Backdoor.Win32.Small.dc
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP239\A0054622.isu:hrepcp:$DATA Infected: Trojan-Downloader.Win32.Small.ajr
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP239\A0054622.isu:uexicv:$DATA Infected: Backdoor.Win32.Small.dc
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP239\A0054629.dll Infected: not-a-virus:AdWare.Ipend
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP239\A0054660.isu:hrepcp:$DATA Infected: Trojan-Downloader.Win32.Small.ajr
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP239\A0054660.isu:uexicv:$DATA Infected: Backdoor.Win32.Small.dc
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP239\A0055660.isu:hrepcp:$DATA Infected: Trojan-Downloader.Win32.Small.ajr
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP239\A0055660.isu:uexicv:$DATA Infected: Backdoor.Win32.Small.dc
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP240\A0056687.isu:hrepcp:$DATA Infected: Trojan-Downloader.Win32.Small.ajr
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP240\A0056687.isu:uexicv:$DATA Infected: Backdoor.Win32.Small.dc
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP240\A0056693.dll Infected: not-a-virus:AdWare.ToolBar.ImiBar.e
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP240\A0057675.isu:hrepcp:$DATA Infected: Trojan-Downloader.Win32.Small.ajr
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP240\A0057675.isu:uexicv:$DATA Infected: Backdoor.Win32.Small.dc
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP240\A0057771.isu:hrepcp:$DATA Infected: Trojan-Downloader.Win32.Small.ajr
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP240\A0057771.isu:uexicv:$DATA Infected: Backdoor.Win32.Small.dc
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP240\A0057831.isu:hrepcp:$DATA Infected: Trojan-Downloader.Win32.Small.ajr
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP240\A0057831.isu:uexicv:$DATA Infected: Backdoor.Win32.Small.dc
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP240\A0057838.dll Infected: not-a-virus:AdWare.Ipend
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP240\A0057889.isu:hrepcp:$DATA Infected: Trojan-Downloader.Win32.Small.ajr
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP240\A0057889.isu:uexicv:$DATA Infected: Backdoor.Win32.Small.dc
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP241\A0059937.dll Infected: not-a-virus:AdWare.ToolBar.ImiBar.e
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP243\A0060170.dll Infected: not-a-virus:AdWare.Ipend
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP243\A0060343.dll Infected: not-a-virus:AdWare.ToolBar.ImiBar.e
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP249\A0061911.isu:hrepcp:$DATA Infected: Trojan-Downloader.Win32.Small.ajr
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP249\A0061911.isu:uexicv:$DATA Infected: Backdoor.Win32.Small.dc
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP250\A0062014.ico:esmzdq:$DATA Infected: Trojan-Downloader.Win32.Small.ajr
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP250\A0062014.ico:xtfex:$DATA Infected: Trojan-Downloader.Win32.Small.ajr
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP251\A0062228.exe Infected: not-a-virus:AdWare.Apropos.f
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP251\A0062248.exe/ Infected: Trojan-Downloader.Win32.Agent.ae
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP251\A0062248.exe Infected: Trojan-Downloader.Win32.Agent.ae
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP253\A0062761.dll Infected: not-a-virus:AdWare.Ipend
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP266\A0063726.dll Infected: not-a-virus:AdWare.BookedSpace.e
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP266\A0063746.exe Infected: Trojan-Downloader.Win32.Apropo.ac
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP267\A0064024.exe Infected: Trojan.Win32.Small.i
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP267\A0064033.exe/EXE-file Infected: not-a-virus:AdWare.PurityScan.b
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP267\A0064033.exe Infected: not-a-virus:AdWare.PurityScan.b
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064135.lrs:fdehpw:$DATA Infected: Trojan-Downloader.Win32.Small.ajr
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064140.ico:esmzdq:$DATA Infected: Trojan-Downloader.Win

Edited by frustratedmom, 10 July 2005 - 08:06 AM.

  • 0

#9
frustratedmom
Posted 10 July 2005 - 08:14 AM

frustratedmom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Looks like my previous post got chopped off, maybe too long. Here's the Kapernsky log starting with System Volume Information:

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP239\A0053578.isu:uexicv:$DATA Infected: Backdoor.Win32.Small.dc
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP239\A0054622.isu:hrepcp:$DATA Infected: Trojan-Downloader.Win32.Small.ajr
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP239\A0054622.isu:uexicv:$DATA Infected: Backdoor.Win32.Small.dc
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP239\A0054629.dll Infected: not-a-virus:AdWare.Ipend
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP239\A0054660.isu:hrepcp:$DATA Infected: Trojan-Downloader.Win32.Small.ajr
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP239\A0054660.isu:uexicv:$DATA Infected: Backdoor.Win32.Small.dc
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP239\A0055660.isu:hrepcp:$DATA Infected: Trojan-Downloader.Win32.Small.ajr
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP239\A0055660.isu:uexicv:$DATA Infected: Backdoor.Win32.Small.dc
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP240\A0056687.isu:hrepcp:$DATA Infected: Trojan-Downloader.Win32.Small.ajr
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP240\A0056687.isu:uexicv:$DATA Infected: Backdoor.Win32.Small.dc
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP240\A0056693.dll Infected: not-a-virus:AdWare.ToolBar.ImiBar.e
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP240\A0057675.isu:hrepcp:$DATA Infected: Trojan-Downloader.Win32.Small.ajr
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP240\A0057675.isu:uexicv:$DATA Infected: Backdoor.Win32.Small.dc
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP240\A0057771.isu:hrepcp:$DATA Infected: Trojan-Downloader.Win32.Small.ajr
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP240\A0057771.isu:uexicv:$DATA Infected: Backdoor.Win32.Small.dc
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP240\A0057831.isu:hrepcp:$DATA Infected: Trojan-Downloader.Win32.Small.ajr
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP240\A0057831.isu:uexicv:$DATA Infected: Backdoor.Win32.Small.dc
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP240\A0057838.dll Infected: not-a-virus:AdWare.Ipend
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP240\A0057889.isu:hrepcp:$DATA Infected: Trojan-Downloader.Win32.Small.ajr
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP240\A0057889.isu:uexicv:$DATA Infected: Backdoor.Win32.Small.dc
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP241\A0059937.dll Infected: not-a-virus:AdWare.ToolBar.ImiBar.e
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP243\A0060170.dll Infected: not-a-virus:AdWare.Ipend
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP243\A0060343.dll Infected: not-a-virus:AdWare.ToolBar.ImiBar.e
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP249\A0061911.isu:hrepcp:$DATA Infected: Trojan-Downloader.Win32.Small.ajr
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP249\A0061911.isu:uexicv:$DATA Infected: Backdoor.Win32.Small.dc
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP250\A0062014.ico:esmzdq:$DATA Infected: Trojan-Downloader.Win32.Small.ajr
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP250\A0062014.ico:xtfex:$DATA Infected: Trojan-Downloader.Win32.Small.ajr
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP251\A0062228.exe Infected: not-a-virus:AdWare.Apropos.f
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP251\A0062248.exe/ Infected: Trojan-Downloader.Win32.Agent.ae
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP251\A0062248.exe Infected: Trojan-Downloader.Win32.Agent.ae
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP253\A0062761.dll Infected: not-a-virus:AdWare.Ipend
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP266\A0063726.dll Infected: not-a-virus:AdWare.BookedSpace.e
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP266\A0063746.exe Infected: Trojan-Downloader.Win32.Apropo.ac
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP267\A0064024.exe Infected: Trojan.Win32.Small.i
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP267\A0064033.exe/EXE-file Infected: not-a-virus:AdWare.PurityScan.b
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP267\A0064033.exe Infected: not-a-virus:AdWare.PurityScan.b
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064135.lrs:fdehpw:$DATA Infected: Trojan-Downloader.Win32.Small.ajr
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064140.ico:esmzdq:$DATA Infected: Trojan-Downloader.Win32.Small.ajr
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064140.ico:xtfex:$DATA Infected: Trojan-Downloader.Win32.Small.ajr
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064141.isu:hrepcp:$DATA Infected: Trojan-Downloader.Win32.Small.ajr
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064141.isu:uexicv:$DATA Infected: Backdoor.Win32.Small.dc
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064156.prx:spdqh:$DATA Infected: Trojan-Downloader.Win32.Small.ajr
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064632.exe Infected: not-a-virus:AdWare.PurityScan.cg
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064766.exe Infected: Trojan-Downloader.Win32.Agent.ed
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP268\A0064767.exe Infected: Trojan-Downloader.Win32.Apropo.ac
C:\WINDOWS\bysites.dat:wapqu:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\cfgmgr52.dll Infected: not-a-virus:AdWare.BookedSpace.e
C:\WINDOWS\Directx.log:jmnzui:$DATA Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\IIS6.LOG:icojhv:$DATA Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\KB821557Uninst.log:tgtse:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\KB823980.log:ilqur:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\KB828035.log:zrdxke:$DATA Infected: Trojan.Win32.Agent.em
C:\WINDOWS\KB835732.log:dwbdp:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\KB840987.log:neljgv:$DATA Infected: not-a-virus:AdWare.JS.OneMoreSearch.a
C:\WINDOWS\KB867282.log:bdekrd:$DATA Infected: Trojan.Win32.Agent.em
C:\WINDOWS\KB873333.log:evlce:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\KB873339.log:rqhkpe:$DATA Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\KB873376.log:lhwnw:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\KB893066.log:mzclb:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\KB893066.log:uqtlgm:$DATA Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\lu.dat:utmuz:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\MSGSOCM.LOG:iuixu:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\ntdtcsetup.log:dmvut:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\ntdtcsetup.log:nkrkf:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\n_gpopaw.log:zwywo:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\n_ivmadt.dat:egiwf:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\n_ivmadt.dat:jwfsj:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\n_kyuvgo.dat:rvwfq:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\n_nzxrdu.dat Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\n_ooqaax.log Infected: Trojan-Downloader.Win32.Agent.ap
C:\WINDOWS\n_pawvbv.dat Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\n_uqurvs.log Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\n_wkgnob.dat:fmzjn:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\n_xtdrwz.log Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\OCMSN.LOG:etpuo:$DATA Infected: Trojan-Downloader.Win32.Agent.jb
C:\WINDOWS\OCMSN.LOG:lvgwr:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\ojbov.log:sltkpv:$DATA Infected: Trojan.Win32.Agent.em
C:\WINDOWS\ojbov.log:yvchj:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\Q327979.log:aeqmgo:$DATA Infected: Trojan.Win32.Agent.em
C:\WINDOWS\Q329834.log:eaqjy:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\Q331060.log:piouq:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\Q817287.log:sxagd:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\QTFont.for:vgllt:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\REGLOCS.OLD:nhwqv:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\SETUPERR.LOG:eozbu:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\setupod.exe Infected: Trojan-Dropper.Win32.Agent.av
C:\WINDOWS\SYSTEM32\actrun.exe Infected: Trojan-Downloader.Win32.Apropo.ac
C:\WINDOWS\SYSTEM32\dun.exe Infected: not-a-virus:AdWare.DealHelper.w
C:\WINDOWS\SYSTEM32\elitedoolsav.dat Infected: not-a-virus:AdWare.ToolBar.EliteBar.z
C:\WINDOWS\SYSTEM32\eliteerror32.dat Infected: Trojan.Win32.StartPage.nk
C:\WINDOWS\SYSTEM32\InstallerV3.exe/data0001 Infected: not-a-virus:AdWare.SafeSurfing.j
C:\WINDOWS\SYSTEM32\InstallerV3.exe Infected: not-a-virus:AdWare.SafeSurfing.j
C:\WINDOWS\SYSTEM32\nsi11E.dll Infected: not-a-virus:AdWare.ToolBar.HotSearchBar.i
C:\WINDOWS\SYSTEM32\nsp105.dll Infected: not-a-virus:AdWare.ToolBar.HotSearchBar.i
C:\WINDOWS\SYSTEM32\nvwqn.exe Infected: Trojan-Downloader.Win32.Agent.ed
C:\WINDOWS\SYSTEM32\temperror32.dat Infected: Trojan.Win32.StartPage.nk
C:\WINDOWS\SYSTEM32\VBUninstall.exe/data0001 Infected: not-a-virus:AdWare.SafeSurfing.j
C:\WINDOWS\SYSTEM32\VBUninstall.exe Infected: not-a-virus:AdWare.SafeSurfing.j
C:\WINDOWS\SYSTEM32\wuwntry.exe Infected: Trojan-Downloader.Win32.Agent.ed
C:\WINDOWS\TSOC.LOG:fhpmci:$DATA Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\TSOC.LOG:hrvzl:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\WIASERVC.LOG:lqndj:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\WIASERVC.LOG:qhrhzw:$DATA Infected: Trojan.Win32.Agent.bi
C:\WINDOWS\WindowsUpdate.log:horfk:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\xmotb.log:tpqml:$DATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\WINDOWS\xpsp1hfm.log:lguvw:$DATA Infected: Trojan-Downloader.Win32.Agent.bc

Scan process completed.


I'm going to run HijackThis in SafeMode again now. I will post results in another reply so they don't get chopped off.
  • 0

#10
frustratedmom
Posted 10 July 2005 - 08:35 AM

frustratedmom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Logfile of HijackThis v1.99.1
Scan saved at 10:33:42 AM, on 7/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\FixforDrWatson\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\cfgmgr52.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1104793195\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\aol\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [ptwbcrz] c:\windows\system32\ptwbcrz.exe
O4 - HKLM\..\Run: [etbrun] C:\windows\system32\elitevbe32.exe
O4 - HKLM\..\Run: [exp] C:\WINDOWS\system32\exp
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [ps9T3qe] actrun.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.05p.com (HKLM)
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.scoobidoo.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted IP range: 206.161.124.130 (HKLM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.14...tiveXImgCtl.CAB
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\aol\AOLSPY~1\\aolserv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

------------------------
System running much smoother. Still getting Spy Sweeper alerts of files being added at startup and my Internet default page being changed. I select the options to delete and change back up. Just received a Win Alert that Geeric Host Process for Win32 Services encountered a problem, blah, blah. I always pick Don't Send report when I get these. It goes away. Still have a way to go it seems in cleaning - although experience no lock ups, or limited access to files and folders.

Thanks for all your help. Used to do software support 10 years ago - quit to have a family. I am so out of touch. Couldn't do that job now. Can't imagine having time to donate for poor wretches like me. Thank you so much for your time and effort.

Awaiting your reply.
  • 0

Advertisements

#11
ScHwErV
Posted 10 July 2005 - 09:28 AM

ScHwErV

    Member 5k

  • Retired Staff
  • 21,285 posts
  • MVP
Lets go after this manually now. Since you said you have multiple user accounts, lets just stick to one right now, then once thats clean, well get into the other accounts.

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\cfgmgr52.dll
O4 - HKLM\..\Run: [ptwbcrz] c:\windows\system32\ptwbcrz.exe
O4 - HKLM\..\Run: [etbrun] C:\windows\system32\elitevbe32.exe
O4 - HKLM\..\Run: [exp] C:\WINDOWS\system32\exp
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [ps9T3qe] actrun.exe

Now close all windows other than HiJackThis, then click Fix Checked. Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Please delete these folders using Windows Explorer(if present):

C:\Program Files\Media Access\MediaAccK.exe

Please delete these files using Windows Explorer(if present):

c:\windows\system32\ptwbcrz.exe
C:\windows\system32\elitevbe32.exe
C:\WINDOWS\system32\exp
C:\WINDOWS\system32\actrun.exe

After that, Reboot.

After that, post a fresh HiJackThis log and well go from there.

ScHwErV :tazz:
  • 0

#12
frustratedmom
Posted 10 July 2005 - 10:57 AM

frustratedmom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Followed your instructions.

HiJackThis seems to have run successfully and deleted the lines which were indicated by you.

Rebooted in Safe Mode and opened Windows Explorer to delete the files indicated. As soon as I got to the Media Access folder I was interrupted with locking Errors saying "Windows Explorer has encountered a problem and Needs to Close, blah blah, blah." I clicked Don't Send error report. Ended Tasks. Tried another time, same thing.

Rebooted in Safe Mode. Went to File Run, Browse. Looked for the files using View Details option and All Files. I was not interrupted by errors. Did not see MediaAcck.exe (sp?) or anything similar in Media Access folder. In the System32 folder, I found actrun and deleted it. However, the other files were not there. I did, however, find some files called eliteerror32, elitedoolsav, extrac32, exe2bin, exesrv.dll and wondered about them, but did not delete them.

Here is my latest Hijack this:

Logfile of HijackThis v1.99.1
Scan saved at 12:50:55 PM, on 7/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\FixforDrWatson\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\irsac.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\irsac.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\irsac.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1104793195\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\aol\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.05p.com (HKLM)
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.scoobidoo.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted IP range: 206.161.124.130 (HKLM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.14...tiveXImgCtl.CAB
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\aol\AOLSPY~1\\aolserv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Waiting your reply.
  • 0

#13
ScHwErV
Posted 11 July 2005 - 06:13 AM

ScHwErV

    Member 5k

  • Retired Staff
  • 21,285 posts
  • MVP
Ok, things are really looking good. How are they running now? Just a little more cleanup yet to go.

Right click Here and select Save As to download WinHelp2002's DelDomains.inf. Please save the file somewhere you can find it like on the desktop. To run the inf file, right click on it and select Install.

After that, post a fresh HiJackThis log and let me know how things are running for you.

ScHwErV :tazz:
  • 0

#14
frustratedmom
Posted 11 July 2005 - 07:13 AM

frustratedmom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
I'm not using Internet Explorer - using AOL. Internet Explorer was never really set up properly on our machine.

I did do a File Save As to my computer, and the file is there. But when I right click on it, there is no option to install or run. If I dbl-click on it, I only get a Window that opens with the Domains.inf list information, but I don't think it is doing anything.

I tried to manually go into the Trusted Sites list and remove them. There were none under my Log In. I Logged in as my husband and went to his Trusted Sites. The "crazy winnings" etc. were there. I removed them (or so I thought), when I go back in they are back again.

Here is the HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 8:50:08 AM, on 7/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\FixforDrWatson\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\irsac.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\irsac.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\irsac.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1104793195\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\aol\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.05p.com (HKLM)
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.scoobidoo.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted IP range: 206.161.124.130 (HKLM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.14...tiveXImgCtl.CAB
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\aol\AOLSPY~1\\aolserv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

----------------------

Also, I've been wondering if I should start deleting the files indicated in the Kapersky scan that were in Windows and System32 folders? Since I hadn't heard from you I thought I would start on that - and then I got a post from you.
  • 0

#15
ScHwErV
Posted 11 July 2005 - 07:19 AM

ScHwErV

    Member 5k

  • Retired Staff
  • 21,285 posts
  • MVP
As you go back and forth between user accounts, your machine is re-infecting itself. That is why it is back.

Please go back to post 7 and run all those instructions on every account on your computer. Stay in safe mode during the entire fix, otherwise it will just reinfect the different accounts again.

ScHwErV :tazz:
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP