Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

winfixer and airline popups, freezing

Started by dsdj , Jul 25 2005 12:12 PM

  • Please log in to reply

#1
dsdj
Posted 25 July 2005 - 12:12 PM

dsdj

    New Member

  • Member
  • Pip
  • 8 posts
we have been having problems with winfixer popups appearing after winfixer installed itself. We thought we had Norton antivirus when this happened but it had been deleted. We reinstalled it and we found two adware threats, which we are trying to delete now, but neither of them was to do with winfixer. We also get numerous adverts for airline fare discounts popping up.

The more annoying thing is our computer keeps freezing on internet explorer. I’m having to type this on word and copy and paste it in to avoid all the freezing. the freezing only happens on the internet and not AIM or MSN messenger. It works fine for about 30 seconds and then freezes for about 20 seconds. When we type things they don’t appear until the freezing stops.

Here’s the hijack log, I hope I did it right


Logfile of HijackThis v1.99.1
Scan saved at 1:50:46 PM, on 7/25/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AIM\aim.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\hijackthis\HijackThis.exe

O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll (file missing)
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: C:\WINDOWS\system32\apdd.dll - {405132A4-5DD1-4BA8-A181-95C8D435093A} - C:\WINDOWS\system32\apdd.dll
O2 - BHO: MSEvents Object - {44240BB5-BD7D-4D49-A1AA-8AB0F3D3CB44} - C:\WINDOWS\AppPatch\unip.dll (file missing)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: MSEvents Object - {6F71C05E-6C91-4A3A-9146-9C19DA2E4CCE} - C:\WINDOWS\addins\asxml.dll
O2 - BHO: MSEvents Object - {9068A414-3AF9-4F79-AF1C-E6EA415BAF52} - C:\WINDOWS\repair\infowms.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\system32\msbe.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CPQHotkeys] hotkeysvc.exe
O4 - HKLM\..\Run: [CTHelper] cthelper.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\RunServices: [CPQHotkeys] hotkeysvc.exe
O4 - HKLM\..\RunServices: [CTHelper] cthelper.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [CPQHotkeys] hotkeysvc.exe
O4 - HKCU\..\Run: [CTHelper] cthelper.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [ESPN BottomLine] C:\Program Files\ESPNDeportes\bline.exe
O4 - HKCU\..\RunServices: [CPQHotkeys] hotkeysvc.exe
O4 - HKCU\..\RunServices: [CTHelper] cthelper.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll (file missing)
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O15 - Trusted Zone: *.coolwebsearch.com
O15 - Trusted Zone: *.searchmeup.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguar...ion/Install.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory....ap/PhtPkMSN.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab31267.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....rl/SymAData.cab
O16 - DPF: {D06A22B4-6087-4D3D-B7AF-82B113E9ABD4} (CPostLaunch Object) - http://www2.verizon....es/vzWebIns.CAB
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - http://entimg.msn.co...snmusax2702.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by17fd.bay17....ex/HMAtchmt.ocx
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O20 - Winlogon Notify: asxml - C:\WINDOWS\addins\asxml.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: infowms - C:\WINDOWS\repair\infowms.dll
O20 - Winlogon Notify: unip - C:\WINDOWS\AppPatch\unip.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: ZESOFT - Unknown owner - C:\WINDOWS\zeta.exe (file missing)

Thanks very much!
  • 0

Advertisements

#2
Wizard
Posted 25 July 2005 - 05:50 PM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Hi dsdj and Welcome to GeekstoGo!

That quite the unique Infection you have going on!

I hope I am up for this fight!

Lets put a couple of mean cleaners up against it first see wont this help!

Please Download the MWAV Scanner from Here

Unzip it to its predetermined Directory (C:\Kaspersky)

Locate "kavupd.exe" in the New Folder and Double Click to Update!

If you it says the signatures are more than 30 days old, keep trying!
Keep trying until you get the actual signatures!

When you see "Updates downloaded Successfully"

Please Press Enter to Continue!

It should open automatically>Leave the "Default Settings ticked" and add a "tick" "Drives">this will light up "All Drives"> Add a tick to "Scan All Files"->Click "Scan Clean" to begin!

This Scan may take Several Hours or more to Complete,Depending on the Hard Drive Size!

Please be sure it is Completed before proceeding!

Once the Scan has finished,All entries Identified as Infected will displayed in the lower pane!

Highlight everything that is inside the lower pane and press Ctrl+C at the same time to Copy!

Open a Blank Notepad Page and Paste the results (Ctrl+V) to it!

Save those Results and place them in the Next post!

Next-> Download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/

Please read Ewido Setup Instructions
Install it, and update the definitions to the newest files. Do NOT run a scan yet.


Download WinPFind:
http://www.bleepingc...es/winpfind.php

Right Click the Zip Folder and Select "Extract All"

Don't use it yet!

Reboot into SAFE MODE(Tap F8 when restarting)
Here is a link on how to boot into Safe Mode:
http://service1.syma...src=sec_doc_nam


Open Ewido and Scan the Entire System-> Clean all it finds-> Be sure to click the tab to Save a Report!


From the WinPFind Folder-> Doubleclick WinPFind.exe and Click "Start Scan"

It will scan the entire System, so please be patient!

The Report(WinPFind.txt) will be located in the WinPFind folder!

Run MSCONFIG and enable everything in the startup area. To get to MSCONFIG, click on Start -> Run -> type in MSCONFIG -> click OK!

Under the "General" Tab
Make Sure Normal Startup is Checked!!

Click Apply>>Close>>Follow the Prompts to Restart!!

Restart Normal and have the PC Scanned here:
Panda Active Scan

You will need to be using Internet Explorer for the Scan to work!

Save the Report it generates


Post back with a fresh HijackThis log and the reports from WinPFind-> MWAV-> Ewido and Panda!


And YES this Bug is that dang Sticky!!!!!!!!
  • 0

#3
dsdj
Posted 26 July 2005 - 11:40 PM

dsdj

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
ok i've done all you said! we seem to have a lot of viruses :tazz:

firstly the windpfind scan...

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...
SAHAgent 3/7/2005 12:22:12 PM 35 C:\WINDOWS\SYSTEM32\70tovmto.ini
PEC2 8/4/2004 8:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
PECompact2 7/6/2005 10:21:30 PM 1366872 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 7/6/2005 10:21:30 PM 1366872 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/4/2004 8:00:00 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 8/4/2004 8:00:00 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 8/4/2004 8:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...

Checking the Windows folder for system and hidden files within the last 60 days...
7/11/2005 10:32:28 AM 512020 C:\WINDOWS\addins\asxml.dll
7/11/2005 10:39:52 PM 501708 C:\WINDOWS\addins\lmxsa.bak1
7/25/2005 11:31:16 AM 334415 C:\WINDOWS\addins\lmxsa.bak2
7/26/2005 11:31:18 AM 336452 C:\WINDOWS\addins\lmxsa.ini
7/26/2005 1:43:02 AM 334340 C:\WINDOWS\addins\lmxsa.ini2
7/11/2005 10:32:32 AM 500127 C:\WINDOWS\Help\tunrba.tmp2
7/5/2005 4:33:24 PM 10820 C:\WINDOWS\Help\update.GID
6/25/2005 9:21:56 AM 0 C:\WINDOWS\inf\oem42.inf
7/1/2005 10:29:46 AM 516116 C:\WINDOWS\repair\infowms.dll
7/1/2005 10:46:08 AM 471883 C:\WINDOWS\repair\smwofni.bak1
7/1/2005 10:31:02 AM 472096 C:\WINDOWS\repair\smwofni.bak2
7/26/2005 1:19:28 AM 475414 C:\WINDOWS\repair\smwofni.ini
7/1/2005 10:29:42 AM 473273 C:\WINDOWS\repair\smwofni.ini2
7/26/2005 9:47:46 AM 16384 C:\WINDOWS\system32\config\default.LOG
7/26/2005 9:48:06 AM 1024 C:\WINDOWS\system32\config\SAM.LOG
7/26/2005 9:47:42 AM 16384 C:\WINDOWS\system32\config\SECURITY.LOG
7/26/2005 11:26:46 AM 1024 C:\WINDOWS\system32\config\software.LOG
7/26/2005 11:23:06 AM 1024 C:\WINDOWS\system32\config\system.LOG
7/13/2005 8:32:04 PM 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG
7/26/2005 9:46:42 AM 6 C:\WINDOWS\Tasks\SA.DAT

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
12/22/2004 10:30:44 PM 1918 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
6/18/2004 8:08:14 PM 1518 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
12/3/2004 3:41:14 PM 551 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk
2/21/2005 10:28:42 PM 1730 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...

Checking files in %USERPROFILE%\Startup folder...

Checking files in %USERPROFILE%\Application Data folder...

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\SV1
SV1 =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Yahoo! Mail
{5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton AntiVirus\NavShExt.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SoundMan SOUNDMAN.EXE
MMTray C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
CTHelper cthelper.exe
TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
Symantec NetDriver Monitor C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents
IMAIL
MAPI
MSFS

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
MSMSGS "C:\Program Files\Messenger\msmsgs.exe" /background

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\{BDEADF00-C265-11D0-BCED-00A0C90AB50F}
= C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}
=
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\{0DF44EAA-FF21-4412-828E-260A8728E7F1}
=
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\asxml
= C:\WINDOWS\addins\asxml.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui
= igfxsrvc.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\infowms
= C:\WINDOWS\repair\infowms.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\unip
= C:\WINDOWS\AppPatch\unip.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\PostBootReminder
{7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\CDBurn
{fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\WebCheck
{E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SysTray
{35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_DLLs

»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.2.4 - Log file written to "WinPFind.Txt" in the WinPFind folder.




the mwav one .....

File C:\WINDOWS\system32\apdd.dll infected by "Trojan-Downloader.Win32.Delf.lh" Virus. Action Taken: File to be deleted on reboot.
File C:\WINDOWS\system32\netut80ex.vxd tagged as not-a-virus:AdWare.BargainBuddy.q. No Action Taken.
File C:\WINDOWS\system32\q17i9a4j.exe tagged as not-a-virus:AdWare.Sahat.o. No Action Taken.
File C:\Documents and Settings\Harriet\Local Settings\Temporary Internet Files\Content.IE5\4H6JGPY3\m1984p16[1].txt infected by "Trojan-Dropper.Win32.Small.zn" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\nick\Local Settings\Temporary Internet Files\Content.IE5\28Q9ZHK8\ad79a8[1].js infected by "Trojan-Downloader.JS.Small.af" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\nick\Local Settings\Temporary Internet Files\Content.IE5\EXXIVALW\interview_of_week_[1].jpg infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Documents and Settings\Owner\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0F.dat tagged as not-a-virus:AdWare.WildTangent.b. No Action Taken.
File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\WZ7FI4P5\ysb_prompt[1].htm infected by "Exploit.HTML.CodeBaseExec" Virus. Action Taken: File Renamed.
File C:\Program Files\Norton AntiVirus\Quarantine\0CF31931.dll tagged as not-a-virus:AdWare.Apropos.f. No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0CF31931.exe infected by "Trojan-Dropper.Win32.Agent.gk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP170\A0014629.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP170\A0014630.exe infected by "Trojan-Dropper.Win32.Agent.jz" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP171\A0014698.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP171\A0014699.exe tagged as not-a-virus:AdWare.Apropos.f. No Action Taken.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP171\A0014700.exe infected by "Trojan-Downloader.Win32.Apropo.t" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP171\A0014701.exe infected by "Trojan-Downloader.Win32.Apropo.t" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP171\A0014702.exe tagged as not-a-virus:AdWare.Apropos.f. No Action Taken.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP171\A0014706.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP171\A0014720.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP172\A0014731.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP172\A0014758.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP173\A0014775.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP173\A0014818.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP174\A0014829.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP174\A0014936.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP174\A0014950.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP174\A0014960.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP174\A0014965.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP174\A0014978.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP174\A0014983.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP175\A0014996.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP175\A0015012.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP175\A0015026.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP176\A0015033.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP176\A0015112.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP177\A0015118.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP177\A0015128.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP177\A0015137.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP178\A0015139.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP178\A0015149.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP178\A0015154.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP179\A0015173.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP179\A0015212.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP180\A0015216.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP180\A0015336.exe infected by "Trojan-Dropper.Win32.Small.zn" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP180\A0015339.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP181\A0015347.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP182\A0015352.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP182\A0015356.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP182\A0015373.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP183\A0015377.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP183\A0015399.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP184\A0015409.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP184\A0015437.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP184\A0015449.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP185\A0015466.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP185\A0015506.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP185\A0015517.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP185\A0015522.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP185\A0015527.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP185\A0015544.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP186\A0015554.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP186\A0015585.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP186\A0015612.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP187\A0015622.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP187\A0015648.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP188\A0015652.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP188\A0015657.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP188\A0015660.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP188\A0015687.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP188\A0015692.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP188\A0015699.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP189\A0015703.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP189\A0016699.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP189\A0016706.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP190\A0016709.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP190\A0016721.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP191\A0016727.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP191\A0016741.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP191\A0016753.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP191\A0017753.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP191\A0017810.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP192\A0017816.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP192\A0017844.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP193\A0017852.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP193\A0017891.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP194\A0017895.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP194\A0018891.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP194\A0018898.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP194\A0018923.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP195\A0018942.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP195\A0019923.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP195\A0019928.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP196\A0019943.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP196\A0020928.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP196\A0020935.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP197\A0020947.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP197\A0020962.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP198\A0020977.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP198\A0020992.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP198\A0020997.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP199\A0021005.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP199\A0021015.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP200\A0021029.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP200\A0021037.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP200\A0022037.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP201\A0022052.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP201\A0022084.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP202\A0022094.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP202\A0022149.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP203\A0022165.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP205\A0022190.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP205\A0022204.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP206\A0022226.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP206\A0022433.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP207\A0022437.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP207\A0022475.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP207\A0022480.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP208\A0022492.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP208\A0022511.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP209\A0022523.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP209\A0023511.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP209\A0024511.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP209\A0025511.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP209\A0025528.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP209\A0025573.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP209\A0025577.exe infected by "Trojan-Dropper.Win32.Delf.jm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP209\A0025584.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP210\A0025594.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP210\A0026594.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP210\A0027594.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP211\A0027622.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP211\A0027629.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP212\A0027667.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP212\A0027671.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP212\A0027676.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP212\A0027731.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP212\A0027738.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP212\A0027745.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP212\A0027749.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP213\A0027752.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP213\A0027756.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP213\A0027762.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP214\A0027769.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP214\A0027772.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP215\A0027779.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP215\A0028779.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP216\A0028788.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP216\A0028800.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP217\A0028805.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP218\A0028807.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP218\A0028898.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP219\A0028908.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP219\A0028914.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP220\A0028919.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP220\A0028944.dll infected by "Trojan.Win32.Agent.cs" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP220\A0028972.dll infected by "Trojan-Downloader.Win32.ConHook.c" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP224\A0029166.exe tagged as not-a-virus:AdWare.Sahat.o. No Action Taken.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP224\A0029168.exe tagged as not-a-virus:AdWare.180Solutions. No Action Taken.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP224\A0029169.exe tagged as not-a-virus:AdWare.Sahat.o. No Action Taken.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP224\A0029170.dll tagged as not-a-virus:AdWare.Sahat.l. No Action Taken.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP224\A0029174.exe tagged as not-a-virus:AdWare.180Solutions. No Action Taken.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP224\A0029175.exe tagged as not-a-virus:AdWare.Sahat.o. No Action Taken.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP224\A0029176.dll tagged as not-a-virus:AdWare.Sahat.l. No Action Taken.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP224\A0029178.exe infected by "Trojan-Dropper.Win32.Delf.jm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP224\A0029179.exe infected by "Backdoor.Win32.Rbot.gen" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP224\A0029180.exe infected by "Backdoor.Win32.Rbot.km" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP236\A0031043.dll tagged as not-a-virus:AdWare.Virtumonde.l. No Action Taken.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP241\A0032659.exe tagged as not-a-virus:AdWare.BargainBuddy.l. No Action Taken.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP241\A0032660.exe tagged as not-a-virus:AdWare.BargainBuddy.y. No Action Taken.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP242\A0033055.exe infected by "Trojan-Dropper.Win32.Agent.gk" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP242\A0033056.dll tagged as not-a-virus:AdWare.Apropos.f. No Action Taken.
File C:\System Volume Information\_restore{C5941BA0-7954-431B-BB37-2E1ABEED1085}\RP250\A0035565.exe infected by "Trojan-Dropper.Win32.Agent.gk" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\drivers\etc\hosts infected by "Trojan.Win32.Qhost.r" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\netut80ex.vxd tagged as not-a-virus:AdWare.BargainBuddy.q. No Action Taken.
File C:\WINDOWS\system32\q17i9a4j.exe tagged as not-a-virus:AdWare.Sahat.o. No Action Taken.
File C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtvh.dll tagged as not-a-virus:AdWare.WildTangent.b. No Action Taken.
File C:\WINDOWS\wt\wtvh.dll tagged as not-a-virus:AdWare.WildTangent.b. No Action Taken.

ewido...

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 11:26:03 AM, 7/26/2005
+ Report-Checksum: 84B3E9F5

+ Scan result:

HKLM\SOFTWARE\Apropos -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Apropos\Client -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\AutoLoader -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\AutoLoader\AproposClient -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\AutoLoader\swoa1NTLNMLM -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\AutoLoader\swos1NTLNMLM -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Avenue Media\Internet Optimizer -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Classes\ADP.UrlCatcher -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\ADP.UrlCatcher\CLSID -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8} -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{016235BE-59D4-4CEB-ADD5-E2378282A1D9} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{205FF73B-CA67-11D5-99DD-444553540006} -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B5AB638F-D76C-415B-A8F2-F3CEAC502212} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj -> Spyware.MoneyTree : Cleaned with backup
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj\CLSID -> Spyware.MoneyTree : Cleaned with backup
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj\CurVer -> Spyware.MoneyTree : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{1C01D150-91A4-4DE0-9BF8-A35D1BDF1001} -> Spyware.SafeSurfing : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{205FF73A-CA67-11D5-99DD-444553540006} -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{8EEE58D5-130E-4CBD-9C83-35A0564E5678} -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{B548B7D8-3D03-4AED-A6A1-4251FAD00C10} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{B99A727F-0782-4A71-BCC2-6E1E66414904} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C6906A23-4717-4E1F-B6FD-F06EBED15678} -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{CABBB49A-4D7B-415B-8250-15C3B854E9FF} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Softomate.IEToolbar -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Softomate.IEToolbar\CLSID -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Softomate.IEToolbar\CurVer -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{205FF72E-CA67-11D5-99DD-444553540006} -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{40B1D454-9CA4-43CC-86AA-CB175EAC52FB} -> Spyware.MoneyTree : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{4EB7BBE8-2E15-424B-9DDB-2CDB9516B2C3} -> Spyware.NaviSearch : Cleaned with backup
HKLM\SOFTWARE\Envolo -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Envolo\AutoUpdate -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Envolo\AutoUpdate\State -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Envolo\AutoUpdate\Tasks -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\eXactUtil -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{205FF73B-CA67-11D5-99DD-444553540006} -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\70tovmto -> Spyware.SAHA : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AproposClient -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AutoUpdate -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DyFuCA -> Spyware.MoneyTree : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kapabout -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Policies\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SYSTEM\CurrentControlSet\Services\ZESOFT -> Spyware.NaviSearch : Cleaned with backup
HKLM\SYSTEM\CurrentControlSet\Services\ZESOFT\Security -> Spyware.NaviSearch : Cleaned with backup
HKLM\SYSTEM\CurrentControlSet\Services\ZESOFT\Enum -> Spyware.NaviSearch : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\[email protected][2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\harriet@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\harriet@ad-logics[1].txt -> Spyware.Cookie.Ad-logics : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\[email protected][1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\[email protected][1].txt -> Spyware.Cookie.Clickhype : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\[email protected][2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\[email protected][2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\harriet@adtech[1].txt -> Spyware.Cookie.Adtech : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\harriet@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\harriet@adviva[1].txt -> Spyware.Cookie.Adviva : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\[email protected][2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\[email protected][2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\[email protected][2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\harriet@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\harriet@bfast[2].txt -> Spyware.Cookie.Bfast : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\harriet@bluestreak[1].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\[email protected][1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\harriet@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\harriet@casalemedia[2].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\harriet@centrport[1].txt -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\[email protected][2].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\harriet@clickagents[2].txt -> Spyware.Cookie.Clickagents : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\[email protected][1].txt -> Spyware.Cookie.Hitslink : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\[email protected][1].txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\harriet@doubleclick[2].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\[email protected][2].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\[email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\[email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\[email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\harriet@euniverseads[2].txt -> Spyware.Cookie.Euniverseads : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\harriet@fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\[email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\harriet@hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\harriet@hypertracker[1].txt -> Spyware.Cookie.Hypertracker : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\harriet@linksynergy[1].txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\harriet@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\[email protected][1].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\harriet@overture[2].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\[email protected][1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\harriet@pro-market[2].txt -> Spyware.Cookie.Pro-market : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\harriet@qksrv[2].txt -> Spyware.Cookie.Qksrv : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\harriet@questionmarket[2].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Se
  • 0

#4
dsdj
Posted 26 July 2005 - 11:42 PM

dsdj

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
ewido...

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 11:26:03 AM, 7/26/2005
+ Report-Checksum: 84B3E9F5

+ Scan result:

HKLM\SOFTWARE\Apropos -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Apropos\Client -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\AutoLoader -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\AutoLoader\AproposClient -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\AutoLoader\swoa1NTLNMLM -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\AutoLoader\swos1NTLNMLM -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Avenue Media\Internet Optimizer -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Classes\ADP.UrlCatcher -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\ADP.UrlCatcher\CLSID -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8} -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{016235BE-59D4-4CEB-ADD5-E2378282A1D9} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{205FF73B-CA67-11D5-99DD-444553540006} -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B5AB638F-D76C-415B-A8F2-F3CEAC502212} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj -> Spyware.MoneyTree : Cleaned with backup
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj\CLSID -> Spyware.MoneyTree : Cleaned with backup
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj\CurVer -> Spyware.MoneyTree : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{1C01D150-91A4-4DE0-9BF8-A35D1BDF1001} -> Spyware.SafeSurfing : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{205FF73A-CA67-11D5-99DD-444553540006} -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{8EEE58D5-130E-4CBD-9C83-35A0564E5678} -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{B548B7D8-3D03-4AED-A6A1-4251FAD00C10} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{B99A727F-0782-4A71-BCC2-6E1E66414904} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C6906A23-4717-4E1F-B6FD-F06EBED15678} -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{CABBB49A-4D7B-415B-8250-15C3B854E9FF} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Softomate.IEToolbar -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Softomate.IEToolbar\CLSID -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Softomate.IEToolbar\CurVer -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{205FF72E-CA67-11D5-99DD-444553540006} -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{40B1D454-9CA4-43CC-86AA-CB175EAC52FB} -> Spyware.MoneyTree : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{4EB7BBE8-2E15-424B-9DDB-2CDB9516B2C3} -> Spyware.NaviSearch : Cleaned with backup
HKLM\SOFTWARE\Envolo -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Envolo\AutoUpdate -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Envolo\AutoUpdate\State -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Envolo\AutoUpdate\Tasks -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\eXactUtil -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{205FF73B-CA67-11D5-99DD-444553540006} -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\70tovmto -> Spyware.SAHA : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AproposClient -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AutoUpdate -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DyFuCA -> Spyware.MoneyTree : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kapabout -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Policies\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SYSTEM\CurrentControlSet\Services\ZESOFT -> Spyware.NaviSearch : Cleaned with backup
HKLM\SYSTEM\CurrentControlSet\Services\ZESOFT\Security -> Spyware.NaviSearch : Cleaned with backup
HKLM\SYSTEM\CurrentControlSet\Services\ZESOFT\Enum -> Spyware.NaviSearch : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\[email protected][2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\harriet@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\harriet@ad-logics[1].txt -> Spyware.Cookie.Ad-logics : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\[email protected][1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\[email protected][1].txt -> Spyware.Cookie.Clickhype : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\[email protected][2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\[email protected][2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\harriet@adtech[1].txt -> Spyware.Cookie.Adtech : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\harriet@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\harriet@adviva[1].txt -> Spyware.Cookie.Adviva : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\[email protected][2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\[email protected][2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\[email protected][2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\harriet@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\harriet@bfast[2].txt -> Spyware.Cookie.Bfast : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\harriet@bluestreak[1].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\[email protected][1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\harriet@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\harriet@casalemedia[2].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\harriet@centrport[1].txt -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\[email protected][2].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\harriet@clickagents[2].txt -> Spyware.Cookie.Clickagents : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\[email protected][1].txt -> Spyware.Cookie.Hitslink : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\[email protected][1].txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\harriet@doubleclick[2].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\[email protected][2].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\[email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\[email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\[email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\harriet@euniverseads[2].txt -> Spyware.Cookie.Euniverseads : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\harriet@fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\[email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\harriet@hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\harriet@hypertracker[1].txt -> Spyware.Cookie.Hypertracker : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\harriet@linksynergy[1].txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\harriet@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\[email protected][1].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\harriet@overture[2].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\[email protected][1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\harriet@pro-market[2].txt -> Spyware.Cookie.Pro-market : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\harriet@qksrv[2].txt -> Spyware.Cookie.Qksrv : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\harriet@questionmarket[2].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\harriet@revenue[1].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\[email protected][1].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\[email protected][1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\[email protected][1].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\harriet@serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\[email protected][2].txt -> Spyware.Cookie.Onestat : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\harriet@statcounter[1].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\[email protected][1].txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\harriet@targetnet[2].txt -> Spyware.Cookie.Targetnet : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\harriet@tradedoubler[2].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\harriet@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\harriet@tribalfusion[2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\[email protected][1].txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\harriet@valueclick[2].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\harriet@valueclick[3].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\[email protected][1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\[email protected][1].txt -> Spyware.Cookie.Directnetadvertising : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\[email protected][2].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\[email protected][2].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\[email protected][1].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\harriet@x10[2].txt -> Spyware.Cookie.X10 : Cleaned with backup
C:\Documents and Settings\Harriet\Cookies\[email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\nick\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\nick\Cookies\[email protected][1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\nick\Cookies\nick@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\nick\Cookies\nick@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\nick\Cookies\nick@bfast[2].txt -> Spyware.Cookie.Bfast : Cleaned with backup
C:\Documents and Settings\nick\Cookies\nick@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\nick\Cookies\nick@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\nick\Cookies\[email protected][2].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\nick\Cookies\[email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\nick\Cookies\[email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\nick\Cookies\[email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\nick\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\nick\Cookies\nick@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\nick\Cookies\nick@hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\nick\Cookies\nick@linksynergy[1].txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
C:\Documents and Settings\nick\Cookies\nick@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\nick\Cookies\nick@qksrv[2].txt -> Spyware.Cookie.Qksrv : Cleaned with backup
C:\Documents and Settings\nick\Cookies\nick@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\nick\Cookies\[email protected][1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\nick\Cookies\nick@targetnet[1].txt -> Spyware.Cookie.Targetnet : Cleaned with backup
C:\Documents and Settings\nick\Cookies\nick@tradedoubler[2].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\nick\Cookies\nick@trafficmp[2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\nick\Cookies\nick@valueclick[1].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@247realmedia[1].txt -> Spyware.Cookie.247realmedia : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@adviva[1].txt -> Spyware.Cookie.Adviva : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@bfast[1].txt -> Spyware.Cookie.Bfast : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Counted : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@bluestreak[1].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@centrport[2].txt -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@clickagents[2].txt -> Spyware.Cookie.Clickagents : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@commission-junction[1].txt -> Spyware.Cookie.Commission-junction : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Hitslink : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@findwhat[1].txt -> Spyware.Cookie.Findwhat : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@linksynergy[1].txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@qksrv[1].txt -> Spyware.Cookie.Qksrv : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@revenue[1].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@spylog[1].txt -> Spyware.Cookie.Spylog : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@statcounter[1].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@targetnet[2].txt -> Spyware.Cookie.Targetnet : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@tradedoubler[1].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@valueclick[1].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@valueclick[2].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Shopathomeselect : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wfk4snajihowwdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyukcjckpa2dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyumdpagow6dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\Y9GZK7AD\m1984p16[2].txt -> TrojanDropper.Agent.jz : Cleaned with backup
C:\WINDOWS\system32\bbchk.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\instsrv.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\netut80ex.vxd/C:/WINDOWS/system32/exdl.exe -> Spyware.BargainBuddy : Error during cleaning
C:\WINDOWS\system32\netut80ex.vxd/C:/WINDOWS/system32/exul.exe -> Spyware.BargainBuddy : Error during cleaning
C:\WINDOWS\system32\netut80ex.vxd/C:/WINDOWS/system32/javexulm.vxd -> Spyware.BargainBuddy : Error during cleaning
C:\WINDOWS\system32\netut80ex.vxd/C:/WINDOWS/system32/bbchk.exe -> Spyware.BargainBuddy : Error during cleaning
C:\WINDOWS\system32\netut80ex.vxd/C:/WINDOWS/system32/msexreg.exe -> Spyware.BargainBuddy : Error during cleaning
C:\WINDOWS\system32\netut80ex.vxd/C:/WINDOWS/system32/instsrv.exe -> Spyware.BargainBuddy : Error during cleaning
C:\WINDOWS\system32\q17i9a4j.exe -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
C:\WINDOWS\wt\wtvh.dll -> Spyware.WildTangent : Cleaned with backup


::Report End


the panda....

Incident Status Location

Adware:adware/savenow No disinfected C:\WINDOWS\SYSTEM32\ap2nqrd4.dat
Adware:adware/apropos No disinfected C:\WINDOWS\SYSTEM32\auto_update_uninstall.log
Adware:adware/sahagent No disinfected C:\WINDOWS\SYSTEM32\bqrufs5f.dat
Spyware:spyware/bargainbuddy No disinfected C:\WINDOWS\SYSTEM32\exclean.exe
Adware:adware/quicksearch No disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\Install.inf
Adware:adware/wupd No disinfected C:\PROGRAM FILES\ErrorGuard
Spyware:spyware/dyfuca No disinfected HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\AMEOPT
Spyware:spyware/virtumonde No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MSEVENTS.MSEVENTS
Adware:adware/exact.cashback No disinfected HKEY_CLASSES_ROOT\ADP.URLCATCHER.1
Adware:adware/mediatickets No disinfected HKEY_CLASSES_ROOT\Interface\{00ada225-ea6c-4fb3-82e8-68189201ccb9}
Adware:adware/ncase No disinfected HKEY_CLASSES_ROOT\TypeLib\{15696ae2-6ea4-47f4-bea6-a3d32693efc7}
Spyware:Spyware/Virtumonde No disinfected C:\Documents and Settings\Harriet\Local Settings\Temp\ssmgkvnq.exe
Spyware:Spyware/BargainBuddy No disinfected C:\Documents and Settings\Harriet\Local Settings\Temporary Internet Files\Content.IE5\PJBVXDWA\CAIX99TV.HTM
Spyware:Spyware/YourSiteBar No disinfected C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\WZ7FI4P5\CA5PXF28.HTM
Spyware:Spyware/YourSiteBar No disinfected C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\WZ7FI4P5\CA6SGPWV.HTM
Spyware:Spyware/YourSiteBar No disinfected C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\WZ7FI4P5\CAAZC9E7.HTM
Spyware:Spyware/YourSiteBar No disinfected C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\WZ7FI4P5\CACKU4JE.HTM
Spyware:Spyware/YourSiteBar No disinfected C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\WZ7FI4P5\CANKS5LJ.HTM
Adware:Adware/ExactSearch No disinfected C:\WINDOWS\system32\exclean.exe
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\netut80ex.vxd[exdl.exe]
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\netut80ex.vxd[mqexdlm.srg]
Adware:Adware/ExactSearch No disinfected C:\WINDOWS\system32\netut80ex.vxd[exul.exe]
Adware:Adware/ExactSearch No disinfected C:\WINDOWS\system32\netut80ex.vxd[javexulm.vxd]
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\netut80ex.vxd[msexreg.exe]
Adware:Adware/ExactSearch No disinfected C:\WINDOWS\system32\netut80ex.vxd[exclean.exe]


and the fresh hijackthis log...

Logfile of HijackThis v1.99.1
Scan saved at 1:37:23 AM, on 7/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\hijackthis\HijackThis.exe

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: MSEvents Object - {6F71C05E-6C91-4A3A-9146-9C19DA2E4CCE} - C:\WINDOWS\addins\asxml.dll
O2 - BHO: MSEvents Object - {9068A414-3AF9-4F79-AF1C-E6EA415BAF52} - C:\WINDOWS\repair\infowms.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CTHelper] cthelper.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\RunServices: [CTHelper] cthelper.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [CPQHotkeys] hotkeysvc.exe
O4 - HKCU\..\Run: [CTHelper] cthelper.exe
O4 - HKCU\..\RunServices: [CPQHotkeys] hotkeysvc.exe
O4 - HKCU\..\RunServices: [CTHelper] cthelper.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll (file missing)
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O15 - Trusted Zone: *.coolwebsearch.com
O15 - Trusted Zone: *.searchmeup.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory....ap/PhtPkMSN.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab31267.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....rl/SymAData.cab
O16 - DPF: {D06A22B4-6087-4D3D-B7AF-82B113E9ABD4} (CPostLaunch Object) - http://www2.verizon....es/vzWebIns.CAB
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - http://entimg.msn.co...snmusax2702.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by17fd.bay17....ex/HMAtchmt.ocx
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O20 - Winlogon Notify: asxml - C:\WINDOWS\addins\asxml.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: infowms - C:\WINDOWS\repair\infowms.dll
O20 - Winlogon Notify: unip - C:\WINDOWS\AppPatch\unip.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe



i hope this will help. right i'm off to bed :tazz:
  • 0

#5
Perculator
Posted 29 July 2005 - 05:01 PM

Perculator

    Visiting Staff

  • Member
  • PipPipPip
  • 183 posts
Hello,

Crete will be away from his computer, and I was asked to take over his log.

I See you got a nice collection on your computer.
I just need one other log from you to get started, please do the following:
  • Open HiJackThis
  • Click on the configure button on the bottom right
  • Click on the tab "Open the Misc Tools Session"
  • Click on the Box that says "Uninstall Manager"
  • Click on the button "Save list"
  • Copy and past the List from the notebook onto your post

  • 0

#6
dsdj
Posted 31 July 2005 - 12:00 AM

dsdj

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
there ya go...

Adobe Photoshop CS
Adobe Reader 6.0
America Online (Choose which version to remove)
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Connectivity Services
AOL Instant Messenger
AOL Spyware Protection
AOL Toolbar
BigFix
Canon MP Drivers
Canon MP Toolbox 4.1.1.0.mp10
ccCommon
DiamondCS APM
Digital Media Reader
Error Guard 2.5.0
ewido security suite
FinePixViewer Ver.4.1
FUJIFILM USB Driver
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB835221
HijackThis 1.99.1
ImageMixer VCD2 for FinePix
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Adapters and Drivers
InterActual Player
Internet Worm Protection
iSpQ VideoChat 7.2
Java 2 Runtime Environment, SE v1.4.2
Learn2 Player (Uninstall Only)
LiveReg (Symantec Corporation)
LiveUpdate 2.6 (Symantec Corporation)
Macromedia Shockwave Player
Medal of Honor Allied Assault
Media Pass
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Age of Empires II
Microsoft Flight Simulator 2004 A Century of Flight
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft Office XP Professional with FrontPage
Microsoft Picture It! Photo Premium 9
Microsoft Publisher 2002
Microsoft Windows Journal Viewer
Microsoft Works
MicroStaff WINASPI
MSN
MSN Messenger 7.0
MSN Music Assistant
MSN Toolbar
Multimedia Keyboard Driver
Musicmatch® Jukebox
Nero BurnRights
Nero OEM
Norton AntiVirus 2005
Norton AntiVirus 2005 (Symantec Corporation)
Norton AntiVirus Help
Norton AntiVirus Parent MSI
Norton AntiVirus SYMLT MSI
Norton WMI Update
Norton WMI Update
One-on-One Diagnostic
PowerDVD
Pure Networks Port Magic
QuickTime
RAW FILE CONVERTER LE
RealPlayer
Realtek High Definition Audio Driver
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB903235)
SoftV92 Data Fax Modem with SmartCP
Soulseek Client 152
SoulSeek Client 156c
SPBBC
Symantec
Symantec Script Blocking Installer
SymNet
Update for Windows XP (KB898461)
USB 2.0 WebCam Drivers
Verizon Online
Viewpoint Media Player
WildTangent Web Driver
Windows Backup Utility
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Yahoo! Address AutoComplete
Yahoo! extras
Yahoo! Internet Mail
Yahoo! Messenger Explorer Bar
Yahoo! Messenger with BT Communicator
  • 0

#7
Perculator
Posted 01 August 2005 - 12:51 PM

Perculator

    Visiting Staff

  • Member
  • PipPipPip
  • 183 posts
Download the Killbox.
Unzip it to the desktop
But don’t use it yet, we wil do that later on

***
Download CWShredder, update it. Then open the program and click ‘fix’.

***
  • Open HiJackThis
  • Click on the configure button on the bottom right
  • Click on the tab "Misc Tools"
  • Click on the Box that says "Uninstall Manager"
  • Click on the entry Media Pass
  • Click on Delete this entry
  • Click "Yes"
Repeat that for
PowerReg Scheduler because this programm is not so well known

Now click back in the right bottom corner of the hijack this screen
And then press scan at the left bottom corner of the hijack this screen,
And put a check at the following lines

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)

O2 - BHO: MSEvents Object - {6F71C05E-6C91-4A3A-9146-9C19DA2E4CCE} - C:\WINDOWS\addins\asxml.dll

O2 - BHO: MSEvents Object - {9068A414-3AF9-4F79-AF1C-E6EA415BAF52} - C:\WINDOWS\repair\infowms.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O4 - Startup: PowerReg Scheduler.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O20 - Winlogon Notify: asxml - C:\WINDOWS\addins\asxml.dll

O20 - Winlogon Notify: infowms - C:\WINDOWS\repair\infowms.dll

O20 - Winlogon Notify: unip - C:\WINDOWS\AppPatch\unip.dll (file missing)

now click Fix checked
and close hijack this

***
Download: deldomains.
To use: right-click and select: Install

***
Double-click on Killbox.exe to run it. Place the following lines (complete paths) in bold in the "Full Path of File to Delete" box in Killbox, and click the red button with the white X on it after each

C:\WINDOWS\addins\asxml.dll
C:\WINDOWS\repair\infowms.dll

For these file, put a mark next to "Delete on Reboot". Copy and paste each file into the file name box, then click the red button with the X after each. It will ask you if you want to reboot each time you click it, answer NO until after you've pasted the last file name, at which time you should answer Yes.

If your computer does not restart automatically, please restart it manually.

After the reboot,

Run hijack this and post a fresh log.

Good luck

Edited by Perculator, 01 August 2005 - 12:57 PM.

  • 0

#8
dsdj
Posted 01 August 2005 - 01:54 PM

dsdj

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
right, i did everything. except i couldn't find PoweRegScheduler on the uninstall manager so i couldn't delete it. thanks for all the help so far...

Logfile of HijackThis v1.99.1
Scan saved at 3:51:13 PM, on 8/1/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: MSEvents Object - {6F71C05E-6C91-4A3A-9146-9C19DA2E4CCE} - C:\WINDOWS\addins\asxml.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CTHelper] cthelper.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunServices: [CTHelper] cthelper.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [CPQHotkeys] hotkeysvc.exe
O4 - HKCU\..\Run: [CTHelper] cthelper.exe
O4 - HKCU\..\RunServices: [CPQHotkeys] hotkeysvc.exe
O4 - HKCU\..\RunServices: [CTHelper] cthelper.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll (file missing)
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory....ap/PhtPkMSN.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab31267.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....rl/SymAData.cab
O16 - DPF: {D06A22B4-6087-4D3D-B7AF-82B113E9ABD4} (CPostLaunch Object) - http://www2.verizon....es/vzWebIns.CAB
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - http://entimg.msn.co...snmusax2702.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by17fd.bay17....ex/HMAtchmt.ocx
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O20 - Winlogon Notify: asxml - C:\WINDOWS\addins\asxml.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

#9
Perculator
Posted 01 August 2005 - 03:20 PM

Perculator

    Visiting Staff

  • Member
  • PipPipPip
  • 183 posts
Please download VundoFix.zip to your desktop.
  • Double-click VundoFix.zip and extract it to your C:\ directory.
  • Copy the instructions below and paste them into Notepad for reference.
    • All other windows need to be closed while doing this fix!
  • Navigate to the new folder C:\VundoFix
  • Double click on KillVundo.bat
    • When it starts running it will tell you that you need an active internet connection then ask you to press any key once you do.
  • Please press any key to continue.
  • Wait for HiJackThis to open.
  • When HiJackThis opens, click Do a system scan only. Place a check next to the following items, if found: O2 - BHO: MSEvents Object - {6F71C05E-6C91-4A3A-9146-9C19DA2E4CCE} - C:\WINDOWS\addins\asxml.dll

    O20 - Winlogon Notify: asxml - C:\WINDOWS\addins\asxml.dll
    After you did that search for the following files
    In this folder
    C:\WINDOWS\addins

    bdcp.bak1
    bdcp.bak2
    bdcp.ini
    bdcp.ini2
    bdcp.tmp
    bdcp.tmp1
    bdcp.tmp2

    also files in that folder which got the name lmxsa with any extension
  • Once they all have a check next to them, click the FIX CHECKED button, then close HiJackThis.
You will once again be prompted to press any key. Upon doing so this time you will receive a "Blue Screen Of Death". Don't worry, this is normal! Let the computer reboot. If it doesn't boot straight to windows, manually turn the computer off and then back on.

Once the computer is rebooted post a new HiJackThis log as well as the contents of vundofix.txt which can be found in this folder: C:\VundoFix
  • 0

#10
dsdj
Posted 01 August 2005 - 08:09 PM

dsdj

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Logfile of HijackThis v1.99.1
Scan saved at 10:06:13 PM, on 8/1/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CTHelper] cthelper.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunServices: [CTHelper] cthelper.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [CPQHotkeys] hotkeysvc.exe
O4 - HKCU\..\Run: [CTHelper] cthelper.exe
O4 - HKCU\..\RunServices: [CPQHotkeys] hotkeysvc.exe
O4 - HKCU\..\RunServices: [CTHelper] cthelper.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll (file missing)
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory....ap/PhtPkMSN.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab31267.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....rl/SymAData.cab
O16 - DPF: {D06A22B4-6087-4D3D-B7AF-82B113E9ABD4} (CPostLaunch Object) - http://www2.verizon....es/vzWebIns.CAB
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - http://entimg.msn.co...snmusax2702.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by17fd.bay17....ex/HMAtchmt.ocx
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe






Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Suspending PID 748 'smss.exe'
Threads [752][3220]

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Killing PID 3180 'explorer.exe'
Killing PID 3180 'explorer.exe'
Killing PID 1476 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Error, Cannot find a process with an image name of rundll32.exe

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Killing PID 848 'winlogon.exe'
Killing PID 848 'winlogon.exe'
Killing PID 848 'winlogon.exe'
Killing PID 848 'winlogon.exe'
Killing PID 488 'winlogon.exe'


i couldn't search for the following in the folder you said because i didn't know how to run a search when the start menu wasn't there:

bdcp.bak1
bdcp.bak2
bdcp.ini
bdcp.ini2
bdcp.tmp
bdcp.tmp1
bdcp.tmp2



are we close to getting the problem fixed?
  • 0

#11
Perculator
Posted 02 August 2005 - 11:54 AM

Perculator

    Visiting Staff

  • Member
  • PipPipPip
  • 183 posts
just navigate to this folder C:\WINDOWS\addins
something like
my computer
C:
Windows
Addins


to see if those files are there

no problems anymore?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP