Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Help me cleen up this pc plz... [RESOLVED]


  • This topic is locked This topic is locked

#1
PiTmA

PiTmA

    Member

  • Member
  • PipPip
  • 21 posts
Logfile of HijackThis v1.99.1
Scan saved at 14:50:13, on 09/04/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\fubevtl.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\BullsEye Network\bin\bargains.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\CashBack\bin\cashback.exe
C:\WINDOWS\System32\m4d9ugmv.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\svchost.exe
C:\WINDOWS\System32\CTFMON.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\roylk\xsmsek.exe
C:\WINDOWS\system32\xmvvuct\vrhv.exe
C:\WINDOWS\system32\piocu\ouwgvo.exe
C:\WINDOWS\System32\nnjdhv\yukijcg.exe
C:\WINDOWS\system32\xhvfs\gsmbmbe.exe
C:\WINDOWS\system32\gllhdkia\lvgu.exe
C:\WINDOWS\system32\vtxjxf\tgtvoffv.exe
C:\WINDOWS\system32\wowpatpc\ommdmi.exe
C:\WINDOWS\system32\oiish\jsohpr.exe
C:\WINDOWS\system32\wqgckwtt\ouxklk.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\autodrop.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\maarjkvy.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.c...pE 3yxo1VM/bEo=
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://newupdates.lz...ff5f
R3 - Default URLSearchHook is missing
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\cfgmgr52.dll
O2 - BHO: (no name) - {65FDB720-9E0D-269C-4AB4-EC61926D67F7} - C:\WINDOWS\Rxwjhbgy.dll
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll
O2 - BHO: Starware - {CA356D79-679B-4b4c-8E49-5AF97014F4C1} - C:\Program Files\Starware\bin\Starware.dll
O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll
O2 - BHO: Band Class - {D848A3CA-0BFB-4DE0-BA9E-A57F0CCA1C13} - C:\WINDOWS\dealhlpr.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
O3 - Toolbar: Search - {40F8F242-0BA4-12D7-7546-B665FD349F27} - C:\WINDOWS\Rxwjhbgy.dll
O3 - Toolbar: Starware - {D49E9D35-254C-4c6a-9D17-95018D228FF5} - C:\Program Files\Starware\bin\Starware.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [hpsysconf1] C:\WINDOWS\System32\fubevtl.exe
O4 - HKLM\..\Run: [WebInstall2] C:\Program Files\ClipGenie\WebInstall.exe /R
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [towfezv] C:\WINDOWS\Lbczxs.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [HorngTech4D] C:\PROGRA~1\MOUSES~1\bally4d.exe
O4 - HKLM\..\Run: [ewiqvdc] C:\WINDOWS\System32\lcgrxbdu\ewiqvdc.exe
O4 - HKLM\..\Run: [yukijcg] C:\WINDOWS\System32\nnjdhv\yukijcg.exe
O4 - HKLM\..\Run: [raukedp] C:\WINDOWS\System32\jolxk\raukedp.exe
O4 - HKLM\..\Run: [vbkuys] C:\WINDOWS\System32\lqsj\vbkuys.exe
O4 - HKLM\..\Run: [nxlid] C:\WINDOWS\System32\tsacg\nxlid.exe
O4 - HKLM\..\Run: [xqmdpom] C:\WINDOWS\System32\bplkleb\xqmdpom.exe
O4 - HKLM\..\Run: [vits] C:\WINDOWS\System32\ggljso\vits.exe
O4 - HKLM\..\Run: [grmweu] C:\WINDOWS\System32\butud\grmweu.exe
O4 - HKLM\..\Run: [osvijj] C:\WINDOWS\System32\khgmhwkn\osvijj.exe
O4 - HKLM\..\Run: [wnmspln] C:\WINDOWS\System32\vdrdgbe\wnmspln.exe
O4 - HKLM\..\Run: [aivdmwhm] C:\WINDOWS\System32\tngdknh\aivdmwhm.exe
O4 - HKLM\..\Run: [fefhvyvi] C:\WINDOWS\System32\clwbt\fefhvyvi.exe
O4 - HKLM\..\Run: [ehyq] C:\WINDOWS\System32\xalqxqcf\ehyq.exe
O4 - HKLM\..\Run: [ggmbrjfn] C:\WINDOWS\System32\omsaup\ggmbrjfn.exe
O4 - HKLM\..\Run: [CashBack] C:\Program Files\CashBack\bin\cashback.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [ucyf] C:\WINDOWS\System32\qrbjk\ucyf.exe
O4 - HKLM\..\Run: [dcmys] C:\WINDOWS\System32\dggfypyx\dcmys.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [ebyjfuyf] C:\WINDOWS\System32\mucnyrup\ebyjfuyf.exe
O4 - HKLM\..\Run: [tjktie] C:\WINDOWS\System32\ookenv\tjktie.exe
O4 - HKLM\..\Run: [jajgww] C:\WINDOWS\System32\ppdht\jajgww.exe
O4 - HKLM\..\Run: [rwtmm] C:\WINDOWS\System32\qdsgb\rwtmm.exe
O4 - HKLM\..\Run: [ajhxym] C:\WINDOWS\System32\nlfkxu\ajhxym.exe
O4 - HKLM\..\Run: [yeraei] C:\WINDOWS\System32\hvmr\yeraei.exe
O4 - HKLM\..\Run: [qebpddv] C:\WINDOWS\System32\bjdfeh\qebpddv.exe
O4 - HKLM\..\Run: [ailwopn] C:\WINDOWS\System32\hqicm\ailwopn.exe
O4 - HKLM\..\Run: [ejoifaov] C:\WINDOWS\System32\mehf\ejoifaov.exe
O4 - HKLM\..\Run: [mwjdfey] C:\WINDOWS\System32\pqwp\mwjdfey.exe
O4 - HKLM\..\Run: [vseifwnb] C:\WINDOWS\System32\xdlejbs\vseifwnb.exe
O4 - HKLM\..\Run: [igngiyw] C:\WINDOWS\System32\irklweef\igngiyw.exe
O4 - HKLM\..\Run: [sklumm] C:\WINDOWS\System32\eyyojv\sklumm.exe
O4 - HKLM\..\Run: [dctfgrx] C:\WINDOWS\System32\nrnshjo\dctfgrx.exe
O4 - HKLM\..\Run: [bvgjhn] C:\WINDOWS\System32\sdpmog\bvgjhn.exe
O4 - HKLM\..\Run: [chhe] C:\WINDOWS\System32\omldrr\chhe.exe
O4 - HKLM\..\Run: [brspofmt] C:\WINDOWS\System32\eynghm\brspofmt.exe
O4 - HKLM\..\Run: [oicpvxu] C:\WINDOWS\System32\aohaubol\oicpvxu.exe
O4 - HKLM\..\Run: [bbhys] C:\WINDOWS\System32\tosp\bbhys.exe
O4 - HKLM\..\Run: [cbsimut] C:\WINDOWS\System32\kmtk\cbsimut.exe
O4 - HKLM\..\Run: [cnmk] C:\WINDOWS\System32\bden\cnmk.exe
O4 - HKLM\..\Run: [afbt] C:\WINDOWS\System32\xlcxv\afbt.exe
O4 - HKLM\..\Run: [nfcjt] C:\WINDOWS\System32\wbyqtheq\nfcjt.exe
O4 - HKLM\..\Run: [yrtdgfti] C:\WINDOWS\System32\pyfvmi\yrtdgfti.exe
O4 - HKLM\..\Run: [obtyhdm] C:\WINDOWS\System32\qylk\obtyhdm.exe
O4 - HKLM\..\Run: [rnpia] C:\WINDOWS\System32\hrpr\rnpia.exe
O4 - HKLM\..\Run: [matc] C:\WINDOWS\System32\qifjq\matc.exe
O4 - HKLM\..\Run: [hgsd] C:\WINDOWS\System32\vkdnxmi\hgsd.exe
O4 - HKLM\..\Run: [m4d9ugmv] C:\WINDOWS\System32\m4d9ugmv.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [svchost] C:\WINDOWS\svchost.exe .
O4 - HKLM\..\Run: [twaqv] C:\WINDOWS\system32\jyigh\twaqv.exe
O4 - HKLM\..\Run: [ougn] C:\WINDOWS\system32\fjtyiasq\ougn.exe
O4 - HKLM\..\Run: [ouxklk] C:\WINDOWS\system32\wqgckwtt\ouxklk.exe
O4 - HKLM\..\Run: [vrhv] C:\WINDOWS\system32\xmvvuct\vrhv.exe
O4 - HKLM\..\Run: [xaai] C:\WINDOWS\system32\anwrk\xaai.exe
O4 - HKLM\..\Run: [xsmsek] C:\WINDOWS\system32\roylk\xsmsek.exe
O4 - HKLM\..\Run: [jsohpr] C:\WINDOWS\system32\oiish\jsohpr.exe
O4 - HKLM\..\Run: [ouwgvo] C:\WINDOWS\system32\piocu\ouwgvo.exe
O4 - HKLM\..\Run: [lvgu] C:\WINDOWS\system32\gllhdkia\lvgu.exe
O4 - HKLM\..\Run: [csfilyfy] C:\WINDOWS\system32\tvwk\csfilyfy.exe
O4 - HKLM\..\Run: [iidaswkw] C:\WINDOWS\system32\slred\iidaswkw.exe
O4 - HKLM\..\Run: [gsmbmbe] C:\WINDOWS\system32\xhvfs\gsmbmbe.exe
O4 - HKLM\..\Run: [ommdmi] C:\WINDOWS\system32\wowpatpc\ommdmi.exe
O4 - HKLM\..\Run: [tgtvoffv] C:\WINDOWS\system32\vtxjxf\tgtvoffv.exe
O4 - HKLM\..\Run: [oorpnhvw] C:\WINDOWS\system32\vnsho\oorpnhvw.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Whistle - {220E39C3-B081-4719-AB1A-9A884DCBD05C} - C:\Program Files\WhistleSoftware\WselServices\webband.dll
O9 - Extra button: מחקר - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...etup1.0.0.8.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1109925413343
O16 - DPF: {EC9C20C4-FF24-11D3-81B7-00902776CF54} (InstallerActiveX Class) - http://www.netex.co....e/Installer.CAB
O16 - DPF: {F59AB0C4-3443-4551-A78F-C101F9DE0215} (LauncherV1 Class) - http://irc.nana.co.i.../launcher39.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C6928589-27B6-43C0-85EA-D5E8F3221E5C}: NameServer = 62.219.186.7 192.115.106.35
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

Advertisements


#2
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Hi and welcome to GeeksToGo! My name is Sam and I will be helping you. :tazz:

Please download Ewido Security Suite it is a trial version of the program.
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • Launch ewido, there should be an icon on your desktop double-click it.
  • The program will now go to the main screen
You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Then click on Start Update
The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update ewido.
http://www.ewido.net...wnload/updates/

Once the updates are installed do the following:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • While the scan is in progress you will be prompted to clean files, click OK
  • When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop.
Now close ewido security suite.


Reboot your computer and post a new hijackthis log and the log from Ewido.
  • 0

#3
PiTmA

PiTmA

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Logfile of HijackThis v1.99.1
Scan saved at 19:53:07, on 13/04/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\WINDOWS\System32\bden\cnmk.exe
C:\WINDOWS\system32\wqgckwtt\ouxklk.exe
C:\WINDOWS\System32\vkdnxmi\hgsd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\svchost.exe
C:\WINDOWS\system32\xhvfs\gsmbmbe.exe
C:\WINDOWS\system32\jyigh\twaqv.exe
C:\WINDOWS\system32\xmvvuct\vrhv.exe
C:\WINDOWS\system32\roylk\xsmsek.exe
C:\WINDOWS\system32\piocu\ouwgvo.exe
C:\WINDOWS\system32\wowpatpc\ommdmi.exe
C:\WINDOWS\system32\vtxjxf\tgtvoffv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\HijackThis\HijackThis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {65FDB720-9E0D-269C-4AB4-EC61926D67F7} - C:\WINDOWS\Rxwjhbgy.dll (file missing)
O2 - BHO: Starware - {CA356D79-679B-4b4c-8E49-5AF97014F4C1} - C:\Program Files\Starware\bin\Starware.dll (file missing)
O3 - Toolbar: Search - {40F8F242-0BA4-12D7-7546-B665FD349F27} - C:\WINDOWS\Rxwjhbgy.dll (file missing)
O3 - Toolbar: Starware - {D49E9D35-254C-4c6a-9D17-95018D228FF5} - C:\Program Files\Starware\bin\Starware.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [hpsysconf1] C:\WINDOWS\System32\fubevtl.exe
O4 - HKLM\..\Run: [WebInstall2] C:\Program Files\ClipGenie\WebInstall.exe /R
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [towfezv] C:\WINDOWS\Lbczxs.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [HorngTech4D] C:\PROGRA~1\MOUSES~1\bally4d.exe
O4 - HKLM\..\Run: [ewiqvdc] C:\WINDOWS\System32\lcgrxbdu\ewiqvdc.exe
O4 - HKLM\..\Run: [yukijcg] C:\WINDOWS\System32\nnjdhv\yukijcg.exe
O4 - HKLM\..\Run: [raukedp] C:\WINDOWS\System32\jolxk\raukedp.exe
O4 - HKLM\..\Run: [vbkuys] C:\WINDOWS\System32\lqsj\vbkuys.exe
O4 - HKLM\..\Run: [nxlid] C:\WINDOWS\System32\tsacg\nxlid.exe
O4 - HKLM\..\Run: [xqmdpom] C:\WINDOWS\System32\bplkleb\xqmdpom.exe
O4 - HKLM\..\Run: [vits] C:\WINDOWS\System32\ggljso\vits.exe
O4 - HKLM\..\Run: [grmweu] C:\WINDOWS\System32\butud\grmweu.exe
O4 - HKLM\..\Run: [osvijj] C:\WINDOWS\System32\khgmhwkn\osvijj.exe
O4 - HKLM\..\Run: [wnmspln] C:\WINDOWS\System32\vdrdgbe\wnmspln.exe
O4 - HKLM\..\Run: [aivdmwhm] C:\WINDOWS\System32\tngdknh\aivdmwhm.exe
O4 - HKLM\..\Run: [fefhvyvi] C:\WINDOWS\System32\clwbt\fefhvyvi.exe
O4 - HKLM\..\Run: [ehyq] C:\WINDOWS\System32\xalqxqcf\ehyq.exe
O4 - HKLM\..\Run: [ggmbrjfn] C:\WINDOWS\System32\omsaup\ggmbrjfn.exe
O4 - HKLM\..\Run: [CashBack] C:\Program Files\CashBack\bin\cashback.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [ucyf] C:\WINDOWS\System32\qrbjk\ucyf.exe
O4 - HKLM\..\Run: [dcmys] C:\WINDOWS\System32\dggfypyx\dcmys.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [ebyjfuyf] C:\WINDOWS\System32\mucnyrup\ebyjfuyf.exe
O4 - HKLM\..\Run: [tjktie] C:\WINDOWS\System32\ookenv\tjktie.exe
O4 - HKLM\..\Run: [jajgww] C:\WINDOWS\System32\ppdht\jajgww.exe
O4 - HKLM\..\Run: [rwtmm] C:\WINDOWS\System32\qdsgb\rwtmm.exe
O4 - HKLM\..\Run: [ajhxym] C:\WINDOWS\System32\nlfkxu\ajhxym.exe
O4 - HKLM\..\Run: [yeraei] C:\WINDOWS\System32\hvmr\yeraei.exe
O4 - HKLM\..\Run: [qebpddv] C:\WINDOWS\System32\bjdfeh\qebpddv.exe
O4 - HKLM\..\Run: [ailwopn] C:\WINDOWS\System32\hqicm\ailwopn.exe
O4 - HKLM\..\Run: [ejoifaov] C:\WINDOWS\System32\mehf\ejoifaov.exe
O4 - HKLM\..\Run: [mwjdfey] C:\WINDOWS\System32\pqwp\mwjdfey.exe
O4 - HKLM\..\Run: [vseifwnb] C:\WINDOWS\System32\xdlejbs\vseifwnb.exe
O4 - HKLM\..\Run: [igngiyw] C:\WINDOWS\System32\irklweef\igngiyw.exe
O4 - HKLM\..\Run: [sklumm] C:\WINDOWS\System32\eyyojv\sklumm.exe
O4 - HKLM\..\Run: [dctfgrx] C:\WINDOWS\System32\nrnshjo\dctfgrx.exe
O4 - HKLM\..\Run: [bvgjhn] C:\WINDOWS\System32\sdpmog\bvgjhn.exe
O4 - HKLM\..\Run: [chhe] C:\WINDOWS\System32\omldrr\chhe.exe
O4 - HKLM\..\Run: [brspofmt] C:\WINDOWS\System32\eynghm\brspofmt.exe
O4 - HKLM\..\Run: [oicpvxu] C:\WINDOWS\System32\aohaubol\oicpvxu.exe
O4 - HKLM\..\Run: [bbhys] C:\WINDOWS\System32\tosp\bbhys.exe
O4 - HKLM\..\Run: [cbsimut] C:\WINDOWS\System32\kmtk\cbsimut.exe
O4 - HKLM\..\Run: [cnmk] C:\WINDOWS\System32\bden\cnmk.exe
O4 - HKLM\..\Run: [afbt] C:\WINDOWS\System32\xlcxv\afbt.exe
O4 - HKLM\..\Run: [nfcjt] C:\WINDOWS\System32\wbyqtheq\nfcjt.exe
O4 - HKLM\..\Run: [yrtdgfti] C:\WINDOWS\System32\pyfvmi\yrtdgfti.exe
O4 - HKLM\..\Run: [obtyhdm] C:\WINDOWS\System32\qylk\obtyhdm.exe
O4 - HKLM\..\Run: [rnpia] C:\WINDOWS\System32\hrpr\rnpia.exe
O4 - HKLM\..\Run: [matc] C:\WINDOWS\System32\qifjq\matc.exe
O4 - HKLM\..\Run: [hgsd] C:\WINDOWS\System32\vkdnxmi\hgsd.exe
O4 - HKLM\..\Run: [m4d9ugmv] C:\WINDOWS\System32\m4d9ugmv.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [svchost] C:\WINDOWS\svchost.exe .
O4 - HKLM\..\Run: [twaqv] C:\WINDOWS\system32\jyigh\twaqv.exe
O4 - HKLM\..\Run: [ougn] C:\WINDOWS\system32\fjtyiasq\ougn.exe
O4 - HKLM\..\Run: [ouxklk] C:\WINDOWS\system32\wqgckwtt\ouxklk.exe
O4 - HKLM\..\Run: [vrhv] C:\WINDOWS\system32\xmvvuct\vrhv.exe
O4 - HKLM\..\Run: [xaai] C:\WINDOWS\system32\anwrk\xaai.exe
O4 - HKLM\..\Run: [xsmsek] C:\WINDOWS\system32\roylk\xsmsek.exe
O4 - HKLM\..\Run: [jsohpr] C:\WINDOWS\system32\oiish\jsohpr.exe
O4 - HKLM\..\Run: [ouwgvo] C:\WINDOWS\system32\piocu\ouwgvo.exe
O4 - HKLM\..\Run: [lvgu] C:\WINDOWS\system32\gllhdkia\lvgu.exe
O4 - HKLM\..\Run: [csfilyfy] C:\WINDOWS\system32\tvwk\csfilyfy.exe
O4 - HKLM\..\Run: [iidaswkw] C:\WINDOWS\system32\slred\iidaswkw.exe
O4 - HKLM\..\Run: [gsmbmbe] C:\WINDOWS\system32\xhvfs\gsmbmbe.exe
O4 - HKLM\..\Run: [ommdmi] C:\WINDOWS\system32\wowpatpc\ommdmi.exe
O4 - HKLM\..\Run: [tgtvoffv] C:\WINDOWS\system32\vtxjxf\tgtvoffv.exe
O4 - HKLM\..\Run: [oorpnhvw] C:\WINDOWS\system32\vnsho\oorpnhvw.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Whistle - {220E39C3-B081-4719-AB1A-9A884DCBD05C} - C:\Program Files\WhistleSoftware\WselServices\webband.dll (file missing)
O9 - Extra button: מחקר - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1109925413343
O16 - DPF: {EC9C20C4-FF24-11D3-81B7-00902776CF54} (InstallerActiveX Class) - http://www.netex.co....e/Installer.CAB
O16 - DPF: {F59AB0C4-3443-4551-A78F-C101F9DE0215} (LauncherV1 Class) - http://irc.nana.co.i.../launcher39.cab
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


Edited by PiTmA, 01 August 2005 - 11:02 AM.

  • 0

#4
PiTmA

PiTmA

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 19:51:06, 13/04/2004
+ Report-Checksum: 661C52B

+ Scan result:

HKLM\SOFTWARE\AutoLoader -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Bargains -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\CashBack -> Spyware.CashBack : Cleaned with backup
HKLM\SOFTWARE\Classes\ADM25.ADM25 -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\ADM25.ADM25\CurVer -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\ADM4.ADM4 -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\ADM4.ADM4\CurVer -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\ADP.UrlCatcher -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\ADP.UrlCatcher\CLSID -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\adm.EXE -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\BookedSpace.DLL -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\{0DC5CD7C-F653-4417-AA43-D457BE3A9622} -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\BookedSpace.Extension -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\BookedSpace.Extension\CLSID -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\BookedSpace.Extension\CurVer -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\CB.UrlCatcher -> Spyware.NaviSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CB.UrlCatcher\CLSID -> Spyware.NaviSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9} -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{014DA6C9-189F-421a-88CD-07CFE51CFF10} -> Spyware.MySearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{27557cf1-a237-496d-8c8f-08f3844c6a8b} -> Spyware.WhistleSoftware : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{CE188402-6EE7-4022-8868-AB25173A3E14} -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D848A3CA-0BFB-4DE0-BA9E-A57F0CCA1C13} -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\Dealhlpr.Band -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\Dealhlpr.Band\CLSID -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\Dealhlpr.Band\CurVer -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{05080E6B-A88A-4CFD-8C3D-9B2557670B6E} -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{8EEE58D5-130E-4CBD-9C83-35A0564E1357} -> Spyware.NaviSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{8EEE58D5-130E-4CBD-9C83-35A0564E2468} -> Spyware.NaviSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{8EEE58D5-130E-4CBD-9C83-35A0564E5678} -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C6906A23-4717-4E1F-B6FD-F06EBED11357} -> Spyware.NaviSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C6906A23-4717-4E1F-B6FD-F06EBED12468} -> Spyware.NaviSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C6906A23-4717-4E1F-B6FD-F06EBED15678} -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{DEBA1742-2BEC-4B78-A987-5837971193F7} -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\NLS.UrlCatcher -> Spyware.NaviSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\NLS.UrlCatcher\CLSID -> Spyware.NaviSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{0DC5CD7C-F653-4417-AA43-D457BE3A9622} -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{4EB7BBE8-2E15-424B-9DDB-2CDB9516B2C3} -> Spyware.NaviSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{4EB7BBE8-2E15-424B-9DDB-2CDB9516C2E3} -> Spyware.NaviSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{4EB7BBE8-2E15-424B-9DDB-2CDB9516E2A3} -> Spyware.NaviSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{B82B9ECF-40AE-46F2-B98E-B87CF17F70D0} -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\WselServices.WselLogServices -> Spyware.Whistle : Cleaned with backup
HKLM\SOFTWARE\Classes\WselServices.WselLogServices\CLSID -> Spyware.Whistle : Cleaned with backup
HKLM\SOFTWARE\Classes\WselServices.WselLogServices\CurVer -> Spyware.Whistle : Cleaned with backup
HKLM\SOFTWARE\Classes\WselServices.WselXmlServices -> Spyware.Whistle : Cleaned with backup
HKLM\SOFTWARE\Classes\WselServices.WselXmlServices\CLSID -> Spyware.Whistle : Cleaned with backup
HKLM\SOFTWARE\Classes\WselServices.WselXmlServices\CurVer -> Spyware.Whistle : Cleaned with backup
HKLM\SOFTWARE\ClickSpring -> Spyware.PurityScan : Cleaned with backup
HKLM\SOFTWARE\eXactUtil -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Hotbar -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Hotbar\Hotbar -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Hotbar\Hotbar\Install -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Hotbar\Hotbar\MachineInfo -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Hotbar\Hotbar\PI -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Hotbar\Hotbar\PI\3.2 -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\IncrediFind -> Spyware.KeenValue : Cleaned with backup
HKLM\SOFTWARE\IncrediFind\BHO -> Spyware.KeenValue : Cleaned with backup
HKLM\SOFTWARE\IncrediFind\BHO\RedirectURLS -> Spyware.KeenValue : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -> Spyware.PopularScreensavers : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9} -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CE188402-6EE7-4022-8868-AB25173A3E14} -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D848A3CA-0BFB-4DE0-BA9E-A57F0CCA1C13} -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CashBack -> Spyware.CashBack : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LZIO Media. -> Spyware.LZIO : Cleaned with backup
HKU\S-1-5-21-343818398-1085031214-725345543-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9} -> Spyware.BookedSpace : Cleaned with backup
HKU\S-1-5-21-343818398-1085031214-725345543-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} -> Spyware.BargainBuddy : Cleaned with backup
HKU\S-1-5-21-343818398-1085031214-725345543-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CE188402-6EE7-4022-8868-AB25173A3E14} -> Spyware.BargainBuddy : Cleaned with backup
HKU\S-1-5-21-343818398-1085031214-725345543-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D848A3CA-0BFB-4DE0-BA9E-A57F0CCA1C13} -> Spyware.DealHelper : Cleaned with backup
HKU\S-1-5-21-343818398-1085031214-725345543-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} -> Spyware.BargainBuddy : Cleaned with backup
[512] C:\WINDOWS\System32\irj7656p.dll -> Adware.SAHA : Cleaned with backup
[380] C:\WINDOWS\System32\irj7656p.dll -> Adware.SAHA : Error during cleaning
[968] C:\WINDOWS\System32\fubevtl.exe -> TrojanDownloader.Vivia.l : Cleaned with backup
[1100] C:\WINDOWS\System32\nnjdhv\yukijcg.exe -> TrojanDownloader.Agent.lg : Cleaned with backup
[1696] C:\WINDOWS\System32\irj7656p.dll -> Adware.SAHA : Error during cleaning
[1644] C:\WINDOWS\System32\irj7656p.dll -> Adware.SAHA : Error during cleaning
[2052] C:\WINDOWS\System32\irj7656p.dll -> Adware.SAHA : Error during cleaning
[2124] C:\WINDOWS\system32\xhvfs\gsmbmbe.exe -> TrojanDownloader.Agent.mw : Error during cleaning
[2180] C:\WINDOWS\System32\nlfkxu\ajhxym.exe -> TrojanDownloader.Agent.mw : Error during cleaning
[2356] C:\WINDOWS\System32\irj7656p.dll -> Adware.SAHA : Error during cleaning
[2440] C:\WINDOWS\system32\oiish\jsohpr.exe -> TrojanDownloader.Vivia.s : Cleaned with backup
[2676] C:\WINDOWS\System32\irj7656p.dll -> Adware.SAHA : Error during cleaning
[2700] C:\WINDOWS\System32\xlcxv\afbt.exe -> TrojanDownloader.Agent.mw : Error during cleaning
[2736] C:\WINDOWS\System32\pyfvmi\yrtdgfti.exe -> TrojanDownloader.Agent.mw : Error during cleaning
[2756] C:\WINDOWS\System32\qylk\obtyhdm.exe -> TrojanDownloader.Agent.mw : Error during cleaning
[2808] C:\WINDOWS\System32\vkdnxmi\hgsd.exe -> TrojanDownloader.Agent.mw : Error during cleaning
[2836] C:\WINDOWS\System32\m4d9ugmv.exe -> Adware.SAHA : Cleaned with backup
[2864] C:\WINDOWS\System32\irj7656p.dll -> Adware.SAHA : Error during cleaning
[2872] C:\WINDOWS\System32\irj7656p.dll -> Adware.SAHA : Error during cleaning
[2884] C:\WINDOWS\System32\irj7656p.dll -> Adware.SAHA : Error during cleaning
[2892] C:\WINDOWS\system32\jyigh\twaqv.exe -> TrojanDownloader.Agent.mw : Error during cleaning
[2908] C:\WINDOWS\system32\xmvvuct\vrhv.exe -> TrojanDownloader.Agent.mw : Error during cleaning
[2936] C:\WINDOWS\system32\roylk\xsmsek.exe -> TrojanDownloader.Agent.mw : Error during cleaning
[2956] C:\WINDOWS\system32\piocu\ouwgvo.exe -> TrojanDownloader.Agent.mw : Error during cleaning
[3064] C:\WINDOWS\system32\wowpatpc\ommdmi.exe -> TrojanDownloader.Agent.mw : Error during cleaning
[3072] C:\WINDOWS\system32\vtxjxf\tgtvoffv.exe -> TrojanDownloader.Agent.mw : Error during cleaning
[3092] C:\WINDOWS\System32\irj7656p.dll -> Adware.SAHA : Error during cleaning
[3116] C:\WINDOWS\System32\irj7656p.dll -> Adware.SAHA : Error during cleaning
[3364] C:\WINDOWS\System32\irj7656p.dll -> Adware.SAHA : Error during cleaning
[3376] C:\Program Files\BullsEye Network\bin\bargains.exe -> Spyware.BargainBuddy : Cleaned with backup
[124] C:\Program Files\Starware\bin\Starware.dll -> Spyware.Starad : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@linksynergy[2].txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@rotator.adjuggler[1].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@server.iad.liveperson[1].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@trafficmp[2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@www.shopathomeselect[2].txt -> Spyware.Cookie.Shopathomeselect : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\maarjkvy.exe -> TrojanDownloader.Agent.lg : Cleaned with backup
C:\Documents and Settings\PC\Local Settings\Temp\bs510.tmpbsx32\sah.exe -> Adware.SAHA : Cleaned with backup
C:\Documents and Settings\PC\Local Settings\Temp\bs511.tmpbsx32\sah.exe -> Adware.SAHA : Cleaned with backup
C:\Documents and Settings\PC\Local Settings\Temp\bs512.tmpbsx32\sah.exe -> Adware.SAHA : Cleaned with backup
C:\Documents and Settings\PC\Local Settings\Temp\bs514.tmpbsx32\bbi2.exe -> TrojanDownloader.Adload.a : Cleaned with backup
C:\Documents and Settings\PC\Local Settings\Temp\bs516.tmpbsx32\bbi2.exe -> TrojanDownloader.Adload.a : Cleaned with backup
C:\Documents and Settings\PC\Local Settings\Temp\bs517.tmpbsx32\bbi2.exe -> TrojanDownloader.Adload.a : Cleaned with backup
C:\Documents and Settings\PC\Local Settings\Temp\bs518.tmpbsx32\bbi2.exe -> TrojanDownloader.Adload.a : Cleaned with backup
C:\Documents and Settings\PC\Local Settings\Temp\bs519.tmpbsx32\bbi2.exe -> TrojanDownloader.Adload.a : Cleaned with backup
C:\Documents and Settings\PC\Local Settings\Temp\bs51A.tmpbsx32\bbi2.exe -> TrojanDownloader.Adload.a : Cleaned with backup
C:\Documents and Settings\PC\Local Settings\Temp\bs51B.tmpbsx32\bbi2.exe -> TrojanDownloader.Adload.a : Cleaned with backup
C:\Documents and Settings\PC\Local Settings\Temp\bs51C.tmpbsx32\bbi2.exe -> TrojanDownloader.Adload.a : Cleaned with backup
C:\Documents and Settings\PC\Local Settings\Temp\bs51D.tmpbsx32\bbi2.exe -> TrojanDownloader.Adload.a : Cleaned with backup
C:\Documents and Settings\PC\Local Settings\Temp\bs51E.tmpbsx32\sah.exe -> Adware.SAHA : Cleaned with backup
C:\Documents and Settings\PC\Local Settings\Temp\bs51F.tmpbsx32\bbi2.exe -> TrojanDownloader.Adload.a : Cleaned with backup
C:\Documents and Settings\PC\Local Settings\Temp\bs520.tmpbsx32\sah.exe -> Adware.SAHA : Cleaned with backup
C:\Documents and Settings\PC\Local Settings\Temp\bs521.tmpbsx32\sah.exe -> Adware.SAHA : Cleaned with backup
C:\Documents and Settings\PC\Local Settings\Temp\bs522.tmpbsx32\sah.exe -> Adware.SAHA : Cleaned with backup
C:\Documents and Settings\PC\Local Settings\Temp\bs523.tmpbsx32\sah.exe -> Adware.SAHA : Cleaned with backup
C:\Documents and Settings\PC\Local Settings\Temp\bs524.tmpbsx32\sah.exe -> Adware.SAHA : Cleaned with backup
C:\Documents and Settings\PC\Local Settings\Temp\bs525.tmpbsx32\sah.exe -> Adware.SAHA : Cleaned with backup
C:\Documents and Settings\PC\Local Settings\Temp\bs527.tmpbsx32\sah.exe -> Adware.SAHA : Cleaned with backup
C:\Documents and Settings\PC\Local Settings\Temp\bs53.tmpbsx32\sah.exe -> Adware.SAHA : Cleaned with backup
C:\Documents and Settings\PC\Local Settings\Temp\bs54.tmpbsx32\sah.exe -> Adware.SAHA : Cleaned with backup
C:\Documents and Settings\PC\Local Settings\Temp\bs559.tmpbsx32\sah.exe -> Adware.SAHA : Cleaned with backup
C:\Documents and Settings\PC\Local Settings\Temp\bs56.tmpbsx32\sah.exe -> Adware.SAHA : Cleaned with backup
C:\Documents and Settings\PC\Local Settings\Temp\bs57.tmpbsx32\sah.exe -> Adware.SAHA : Cleaned with backup
C:\Documents and Settings\PC\Local Settings\Temp\bs58.tmpbsx32\sah.exe -> Adware.SAHA : Cleaned with backup
C:\Documents and Settings\PC\Local Settings\Temp\bs59.tmpbsx32\sah.exe -> Adware.SAHA : Cleaned with backup
C:\Documents and Settings\PC\Local Settings\Temp\bs5A.tmpbsx32\sah.exe -> Adware.SAHA : Cleaned with backup
C:\Documents and Settings\PC\Local Settings\Temp\bs5C.tmpbsx32\sah.exe -> Adware.SAHA : Cleaned with backup
C:\Documents and Settings\PC\Local Settings\Temp\bs5D.tmpbsx32\sah.exe -> Adware.SAHA : Cleaned with backup
C:\Documents and Settings\PC\Local Settings\Temp\bs5E.tmpbsx32\sah.exe -> Adware.SAHA : Cleaned with backup
C:\Documents and Settings\PC\Local Settings\Temp\bs5F.tmpbsx32\sah.exe -> Adware.SAHA : Cleaned with backup
C:\Documents and Settings\PC\Local Settings\Temp\Cookies\pc@ad-logics[1].txt -> Spyware.Cookie.Ad-logics : Cleaned with backup
C:\Documents and Settings\PC\Local Settings\Temp\Cookies\pc@ads07.bpath[1].txt -> Spyware.Cookie.Bpath : Cleaned with backup
C:\Documents and Settings\PC\Local Settings\Temp\Cookies\pc@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\PC\Local Settings\Temp\Cookies\pc@pro-market[1].txt -> Spyware.Cookie.Pro-market : Cleaned with backup
C:\Documents and Settings\PC\Local Settings\Temp\Cookies\pc@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\PC\Local Settings\Temp\djtopr1150.exe -> Spyware.WebRebates.g : Cleaned with backup
C:\Documents and Settings\PC\Local Settings\Temp\Fingerprint.exe -> Spyware.PurityScan : Cleaned with backup
C:\Documents and Settings\PC\Local Settings\Temp\jkill.exe -> Spyware.VX2 : Cleaned with backup
C:\Documents and Settings\PC\Local Settings\Temp\__unin__.exe -> Spyware.Altnet : Cleaned with backup
C:\Documents and Settings\PC\שולחן העבודה\ספיר\משפחה\הכל\Cookies\ספיר@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\PC\שולחן העבודה\ספיר\משפחה\הכל\Cookies\ספיר@ads.addynamix[1].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\PC\שולחן העבודה\ספיר\משפחה\הכל\Cookies\ספיר@ads18.bpath[1].txt -> Spyware.Cookie.Bpath : Cleaned with backup
C:\Documents and Settings\PC\שולחן העבודה\ספיר\משפחה\הכל\Cookies\ספיר@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\PC\שולחן העבודה\ספיר\משפחה\הכל\Cookies\ספיר@casalemedia[2].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\PC\שולחן העבודה\ספיר\משפחה\הכל\Cookies\ספיר@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\PC\שולחן העבודה\ספיר\משפחה\הכל\Cookies\ספיר@images.trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\PC\שולחן העבודה\ספיר\משפחה\הכל\Cookies\ספיר@servedby.advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\PC\שולחן העבודה\ספיר\משפחה\הכל\Cookies\ספיר@trafficmp[2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\בר\Cookies\בר@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\בר\Cookies\בר@ad-logics[1].txt -> Spyware.Cookie.Ad-logics : Cleaned with backup
C:\Documents and Settings\בר\Cookies\בר@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\בר\Cookies\בר@ads18.bpath[2].txt -> Spyware.Cookie.Bpath : Cleaned with backup
C:\Documents and Settings\בר\Cookies\בר@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\בר\Cookies\בר@as-us.falkag[1].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\בר\Cookies\בר@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\בר\Cookies\בר@bs.serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\בר\Cookies\בר@casalemedia[2].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\בר\Cookies\בר@fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\בר\Cookies\בר@linksynergy[2].txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
C:\Documents and Settings\בר\Cookies\בר@pro-market[2].txt -> Spyware.Cookie.Pro-market : Cleaned with backup
C:\Documents and Settings\בר\Cookies\בר@servedby.advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\בר\Cookies\בר@server.iad.liveperson[1].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\בר\Cookies\בר@serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\בר\Cookies\בר@statcounter[2].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\בר\Cookies\בר@statse.webtrendslive[1].txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\בר\Cookies\בר@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\בר\Cookies\בר@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\בר\Cookies\בר@www.shopathomeselect[1].txt -> Spyware.Cookie.Shopathomeselect : Cleaned with backup
C:\Documents and Settings\בר\Local Settings\Temp\qdsv.exe -> TrojanDownloader.Agent.lg : Cleaned with backup
C:\Documents and Settings\בר\Local Settings\Temp\SahUpdate\atrc8parb_.exe -> Adware.SAHA : Cleaned with backup
C:\Documents and Settings\בר\Local Settings\Temp\SahUpdate\hqrhil7kg_.exe -> Adware.SAHA : Cleaned with backup
C:\Documents and Settings\בר\Local Settings\Temp\SahUpdate\liqp7c25q_.dll -> Adware.SAHA : Cleaned with backup
C:\Documents and Settings\בר\Local Settings\Temp\SahUpdate\setup4021.cab/liqp7c25q_.dll -> Adware.SAHA : Cleaned with backup
C:\Documents and Settings\בר\Local Settings\Temp\SahUpdate\setup4021.cab/atrc8parb_.exe -> Adware.SAHA : Cleaned with backup
C:\Documents and Settings\בר\Local Settings\Temp\SahUpdate\setup4021.cab/umqltg4cl_.exe -> Adware.SAHA : Cleaned with backup
C:\Documents and Settings\בר\Local Settings\Temp\SahUpdate\setup4021.cab/hqrhil7kg_.exe -> Adware.SAHA : Cleaned with backup
C:\Documents and Settings\בר\Local Settings\Temp\SahUpdate\setup4021.cab/update.exe -> Adware.SAHA : Cleaned with backup
C:\Documents and Settings\בר\Local Settings\Temp\SahUpdate\umqltg4cl_.exe -> Adware.SAHA : Cleaned with backup
C:\Documents and Settings\בר\Local Settings\Temp\SahUpdate\update.exe -> Adware.SAHA : Cleaned with backup
C:\Documents and Settings\ספיר\Cookies\ספיר@linksynergy[1].txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
C:\Documents and Settings\ספיר\Cookies\ספיר@server.iad.liveperson[1].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\ספיר\Cookies\ספיר@www.shopathomeselect[2].txt -> Spyware.Cookie.Shopathomeselect : Cleaned with backup
C:\Documents and Settings\ספיר\Local Settings\Temp\ltsflre.exe -> TrojanDownloader.Agent.lg : Cleaned with backup
C:\Documents and Settings\ספיר בלבד\Cookies\ספיר בלבד@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\ספיר בלבד\Cookies\ספיר בלבד@ad-logics[1].txt -> Spyware.Cookie.Ad-logics : Cleaned with backup
C:\Documents and Settings\ספיר בלבד\Cookies\ספיר בלבד@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\ספיר בלבד\Cookies\ספיר בלבד@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\ספיר בלבד\Cookies\ספיר בלבד@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\ספיר בלבד\Cookies\ספיר בלבד@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\ספיר בלבד\Cookies\ספיר בלבד@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\ספיר בלבד\Cookies\ספיר בלבד@casalemedia[2].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\ספיר בלבד\Cookies\ספיר בלבד@ehg-newegg.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\ספיר בלבד\Cookies\ספיר בלבד@euniverseads[1].txt -> Spyware.Cookie.Euniverseads : Cleaned with backup
C:\Documents and Settings\ספיר בלבד\Cookies\ספיר בלבד@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\ספיר בלבד\Cookies\ספיר בלבד@hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\ספיר בלבד\Cookies\ספיר בלבד@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\ספיר בלבד\Cookies\ספיר בלבד@pro-market[2].txt -> Spyware.Cookie.Pro-market : Cleaned with backup
C:\Documents and Settings\ספיר בלבד\Cookies\ספיר בלבד@servedby.advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\ספיר בלבד\Cookies\ספיר בלבד@statcounter[2].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\ספיר בלבד\Cookies\ספיר בלבד@statse.webtrendslive[1].txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\ספיר בלבד\Cookies\ספיר בלבד@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\ספיר בלבד\Cookies\ספיר בלבד@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\ספיר בלבד\Cookies\ספיר בלבד@www.shopathomeselect[1].txt -> Spyware.Cookie.Shopathomeselect : Cleaned with backup
C:\Documents and Settings\ספיר בלבד\Local Settings\Temp\yahh.exe -> TrojanDownloader.Agent.lg : Cleaned with backup
C:\Documents and Settings\ספיר בלבד\שולחן העבודה\משפחה\הכל\Cookies\ספיר@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\ספיר בלבד\שולחן העבודה\משפחה\הכל\Cookies\ספיר@ads.addynamix[1].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\ספיר בלבד\שולחן העבודה\משפחה\הכל\Cookies\ספיר@ads18.bpath[1].txt -> Spyware.Cookie.Bpath : Cleaned with backup
C:\Documents and Settings\ספיר בלבד\שולחן העבודה\משפחה\הכל\Cookies\ספיר@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\ספיר בלבד\שולחן העבודה\משפחה\הכל\Cookies\ספיר@casalemedia[2].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\ספיר בלבד\שולחן העבודה\משפחה\הכל\Cookies\ספיר@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\ספיר בלבד\שולחן העבודה\משפחה\הכל\Cookies\ספיר@images.trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\ספיר בלבד\שולחן העבודה\משפחה\הכל\Cookies\ספיר@servedby.advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\ספיר בלבד\שולחן העבודה\משפחה\הכל\Cookies\ספיר@trafficmp[2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Program Files\BullsEye Network\bin\adv.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\BullsEye Network\bin\adx.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\BullsEye Network\bin\bargains.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\CashBack\bin\cb.exe -> Spyware.CashBack : Cleaned with backup
C:\Program Files\CashBack\bin\flash.exe -> Spyware.CashBack : Cleaned with backup
C:\Program Files\MSN Messenger\riched20.dll -> Spyware.MyWebSearch : Cleaned with backup
C:\Program Files\Screensavers.com\Installer\bin\ScreensaversInst.dll -> Spyware.Comet : Cleaned with backup
C:\Program Files\Starware\bin\Starware.dll -> Spyware.Starad : Cleaned with backup
C:\Program Files\VVSN\VVSN.exe -> Adware.SaveNow : Cleaned with backup
C:\Program Files\WhistleSoftware\WselServices\IMCUpdate.dll -> Spyware.Whistle : Cleaned with backup
C:\Program Files\WhistleSoftware\WselServices\IMCUpdateInstall.exe -> Spyware.Whistle : Cleaned with backup
C:\Program Files\WhistleSoftware\WselServices\ImcWselParser.dll -> Spyware.Whistle : Cleaned with backup
C:\Program Files\WhistleSoftware\WselServices\WebBand.dll -> Spyware.Whistle : Cleaned with backup
C:\Program Files\WhistleSoftware\WselServices\WhistleHelper.dll -> Spyware.Whistle : Cleaned with backup
C:\Program Files\WhistleSoftware\WselServices\WselServices.dll -> Spyware.Whistle : Cleaned with backup
C:\Program Files\WhistleSoftware\WselServices\WselTypeLibrary.dll -> Spyware.Whistle : Cleaned with backup
C:\RECYCLER\NPROTECT\00088447.TXT -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\RECYCLER\NPROTECT\00088776.TXT -> Spyware.Cookie.Ad-logics : Cleaned with backup
C:\RECYCLER\NPROTECT\00088957.TXT -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\NPROTECT\00089010.TXT -> Spyware.Cookie.Pro-market : Cleaned with backup
C:\RECYCLER\NPROTECT\00089011.TXT -> Spyware.Cookie.Pro-market : Cleaned with backup
C:\RECYCLER\NPROTECT\00089012.TXT -> Spyware.Cookie.Pro-market : Cleaned with backup
C:\RECYCLER\NPROTECT\00089195.TXT -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\RECYCLER\NPROTECT\00089196.TXT -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\RECYCLER\NPROTECT\00089197.TXT -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\RECYCLER\NPROTECT\00089198.TXT -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\RECYCLER\NPROTECT\00089199.TXT -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\RECYCLER\NPROTECT\00089202.TXT -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\RECYCLER\NPROTECT\00089203.TXT -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\RECYCLER\NPROTECT\00089207.TXT -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00089208.TXT -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\RECYCLER\NPROTECT\00089250.TXT -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\RECYCLER\NPROTECT\00091680.EXE -> Spyware.MDH : Cleaned with backup
C:\RECYCLER\NPROTECT\00091686.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00091687.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00091688.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00091689.TXT -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\RECYCLER\NPROTECT\00091691.EXE -> Spyware.MyWay : Cleaned with backup
C:\RECYCLER\NPROTECT\00091692.CLA -> Spyware.MyWay : Cleaned with backup
C:\RECYCLER\NPROTECT\00091693.DLL -> Spyware.MyWay : Cleaned with backup
C:\RECYCLER\NPROTECT\00091697.scr -> Spyware.MyWebSearch : Cleaned with backup
C:\RECYCLER\NPROTECT\00091699.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\RECYCLER\NPROTECT\00091700.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\RECYCLER\NPROTECT\00091702.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\RECYCLER\NPROTECT\00091703.SCR -> Spyware.MyWebSearch : Cleaned with backup
C:\RECYCLER\NPROTECT\00091704.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\RECYCLER\NPROTECT\00091708.DLL -> Spyware.Wesbar : Cleaned with backup
C:\RECYCLER\NPROTECT\00091709.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\RECYCLER\NPROTECT\00091710.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\RECYCLER\NPROTECT\00091711.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\RECYCLER\NPROTECT\00091804.TXT -> Spyware.Cookie.Ad-logics : Cleaned with backup
C:\RECYCLER\NPROTECT\00091805.TXT -> Spyware.Cookie.Ad-logics : Cleaned with backup
C:\RECYCLER\NPROTECT\00091806.TXT -> Spyware.Cookie.Ad-logics : Cleaned with backup
C:\RECYCLER\NPROTECT\00091807.TXT -> Spyware.Cookie.Ad-logics : Cleaned with backup
C:\RECYCLER\NPROTECT\00091821.exe -> Spyware.WebRebates : Cleaned with backup
C:\RECYCLER\NPROTECT\00091845.EXE -> Spyware.WebRebates : Cleaned with backup
C:\RECYCLER\S-1-5-21-343818398-1085031214-725345543-1003\Dc95\הכל\Cookies\ספיר@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\S-1-5-21-343818398-1085031214-725345543-1003\Dc95\הכל\Cookies\ספיר@ads.addynamix[1].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\RECYCLER\S-1-5-21-343818398-1085031214-725345543-1003\Dc95\הכל\Cookies\ספיר@ads18.bpath[1].txt -> Spyware.Cookie.Bpath : Cleaned with backup
C:\RECYCLER\S-1-5-21-343818398-1085031214-725345543-1003\Dc95\הכל\Cookies\ספיר@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\S-1-5-21-343818398-1085031214-725345543-1003\Dc95\הכל\Cookies\ספיר@casalemedia[2].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\RECYCLER\S-1-5-21-343818398-1085031214-725345543-1003\Dc95\הכל\Cookies\ספיר@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\RECYCLER\S-1-5-21-343818398-1085031214-725345543-1003\Dc95\הכל\Cookies\ספיר@images.trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\RECYCLER\S-1-5-21-343818398-1085031214-725345543-1003\Dc95\הכל\Cookies\ספיר@servedby.advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\S-1-5-21-343818398-1085031214-725345543-1003\Dc95\הכל\Cookies\ספיר@trafficmp[2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\WINDOWS\6qitjtd8.exe -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\cfgmgr52.dll -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\dhp2.dll -> Spyware.DealHelper : Cleaned with backup
C:\WINDOWS\MM32.exe -> TrojanDownloader.Small.aak : Cleaned with backup
C:\WINDOWS\ntoyukes.exe -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\Rxwjhbgy.dll -> Spyware.SearchBand : Cleaned with backup
C:\WINDOWS\system32\ai_loader.exe -> TrojanDownloader.Apropo.e : Cleaned with backup
C:\WINDOWS\system32\aohaubol\oicpvxu.exe -> TrojanDownloader.Agent.lg : Cleaned with backup
C:\WINDOWS\system32\augre.exe -> TrojanDownloader.Agent.lg : Cleaned with backup
C:\WINDOWS\system32\autoupgrader.exe -> Trojan.Agent.ah : Cleaned with backup
C:\WINDOWS\system32\bbchk.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\bjdfeh\qebpddv.exe -> TrojanDownloader.Vivia.s : Cleaned with backup
C:\WINDOWS\system32\bplkleb\xqmdpom.exe -> Trojan.Agent.ah : Cleaned with backup
C:\WINDOWS\system32\bs5.exe -> Spyware.BookedSpace.c : Cleaned with backup
C:\WINDOWS\system32\butud\grmweu.exe -> TrojanDownloader.Agent.lg : Cleaned with backup
C:\WINDOWS\system32\clwbt\fefhvyvi.exe -> Trojan.Agent.ah : Cleaned with backup
C:\WINDOWS\system32\cnet-ai-ss.exe -> TrojanDownloader.Vivia.o : Cleaned with backup
C:\WINDOWS\system32\cnet-dmk-ss.exe -> TrojanDownloader.Vivia.o : Cleaned with backup
C:\WINDOWS\system32\cnet-ez-ss.exe -> TrojanDownloader.Vivia.o : Cleaned with backup
C:\WINDOWS\system32\cnet-tvm-ss.exe -> TrojanDownloader.Vivia.o : Cleaned with backup
C:\WINDOWS\system32\dealhelper1.exe -> Spyware.DealHelper : Cleaned with backup
C:\WINDOWS\system32\exdl.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\exdl0.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\exdl1.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\exdl3.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\exul.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\exul1.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\exul3.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\eynghm\brspofmt.exe -> TrojanDownloader.Agent.lg : Cleaned with backup
C:\WINDOWS\system32\eyyojv\sklumm.exe -> Spyware.NoName : Cleaned with backup
C:\WINDOWS\system32\fubevtl.exe -> TrojanDownloader.Vivia.l : Cleaned with backup
C:\WINDOWS\system32\ggljso\vits.exe -> Trojan.Agent.ah : Cleaned with backup
C:\WINDOWS\system32\h9kcad1q.exe -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\system32\hqicm\ailwopn.exe -> TrojanDownloader.Vivia.s : Cleaned with backup
C:\WINDOWS\system32\hruquvdh.exe -> TrojanDownloader.Agent.lg : Cleaned with backup
C:\WINDOWS\system32\hvmr\yeraei.exe -> TrojanDownloader.Vivia.s : Cleaned with backup
C:\WINDOWS\system32\instsrv.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\irj7656p.dll -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\system32\irklweef\igngiyw.exe -> Spyware.NoName : Cleaned with backup
C:\WINDOWS\system32\javexulm.vxd -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\jolxk\raukedp.exe -> Spyware.NoName : Cleaned with backup
C:\WINDOWS\system32\khgmhwkn\osvijj.exe -> Spyware.NoName : Cleaned with backup
C:\WINDOWS\system32\kmtk\cbsimut.exe -> TrojanDownloader.Vivia.s : Cleaned with backup
C:\WINDOWS\system32\krlurt.exe -> TrojanDownloader.Agent.lg : Cleaned with backup
C:\WINDOWS\system32\kwmedia-ss.exe -> TrojanDownloader.Vivia.o : Cleaned with backup
C:\WINDOWS\system32\lbczxs.exe -> Backdoor.Agent.bg : Cleaned with backup
C:\WINDOWS\system32\lcgrxbdu\ewiqvdc.exe -> Trojan.Agent.ah : Cleaned with backup
C:\WINDOWS\system32\llfu.exe -> TrojanDownloader.Agent.lg : Cleaned with backup
C:\WINDOWS\system32\lqsj\vbkuys.exe -> TrojanDownloader.Agent.lg : Cleaned with backup
C:\WINDOWS\system32\m4d9ugmv.exe -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\system32\mehf\ejoifaov.exe -> Trojan.Agent.ah : Cleaned with backup
C:\WINDOWS\system32\meiuq.exe -> TrojanDownloader.Agent.lg : Cleaned with backup
C:\WINDOWS\system32\msbe.dll -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\mscb.dll -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\mucnyrup\ebyjfuyf.exe -> TrojanDownloader.Agent.mw : Cleaned with backup
C:\WINDOWS\system32\netut80ex.vxd/C:/WINDOWS/System32/exdl.exe -> Spyware.BargainBuddy : Error during cleaning
C:\WINDOWS\system32\netut80ex.vxd/C:/WINDOWS/System32/exul.exe -> Spyware.BargainBuddy : Error during cleaning
C:\WINDOWS\system32\netut80ex.vxd/C:/WINDOWS/System32/javexulm.vxd -> Spyware.BargainBuddy : Error during cleaning
C:\WINDOWS\system32\netut80ex.vxd/C:/WINDOWS/System32/bbchk.exe -> Spyware.BargainBuddy : Error during cleaning
C:\WINDOWS\system32\netut80ex.vxd/C:/WINDOWS/System32/instsrv.exe -> Spyware.BargainBuddy : Error during cleaning
C:\WINDOWS\system32\nnjdhv\yukijcg.exe -> TrojanDownloader.Agent.lg : Cleaned with backup
C:\WINDOWS\system32\nrnshjo\dctfgrx.exe -> Spyware.NoName : Cleaned with backup
C:\WINDOWS\system32\nvms.dll -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\oiish\jsohpr.exe -> TrojanDownloader.Vivia.s : Cleaned with backup
C:\WINDOWS\system32\omldrr\chhe.exe -> TrojanDownloader.Agent.lg : Cleaned with backup
C:\WINDOWS\system32\omsaup\ggmbrjfn.exe -> Trojan.Agent.ah : Cleaned with backup
C:\WINDOWS\system32\pqwp\mwjdfey.exe -> Trojan.Agent.ah : Cleaned with backup
C:\WINDOWS\system32\qdsgb\rwtmm.exe -> TrojanDownloader.Agent.lg : Cleaned with backup
C:\WINDOWS\system32\qrbjk\ucyf.exe -> TrojanDownloader.Agent.mw : Cleaned with backup
C:\WINDOWS\system32\sdpmog\bvgjhn.exe -> Trojan.Agent.ah : Cleaned with backup
C:\WINDOWS\system32\ssppvmkw.exe -> TrojanDownloader.Agent.lg : Cleaned with backup
C:\WINDOWS\system32\surfsidekick.exe -> TrojanDropper.SurfSide.a : Cleaned with backup
C:\WINDOWS\system32\tngdknh\aivdmwhm.exe -> Trojan.Agent.ah : Cleaned with backup
C:\WINDOWS\system32\tosp\bbhys.exe -> TrojanDownloader.Vivia.s : Cleaned with backup
C:\WINDOWS\system32\tsacg\nxlid.exe -> Spyware.NoName : Cleaned with backup
C:\WINDOWS\system32\TVM_B5.EXE -> TrojanDownloader.Small.wk : Cleaned with backup
C:\WINDOWS\system32\urhhs.exe -> TrojanDownloader.Agent.lg : Cleaned with backup
C:\WINDOWS\system32\vcsf.exe -> TrojanDownloader.Agent.lg : Cleaned with backup
C:\WINDOWS\system32\vdrdgbe\wnmspln.exe -> Trojan.Agent.ah : Cleaned with backup
C:\WINDOWS\system32\weamg.exe -> TrojanDownloader.Agent.lg : Cleaned with backup
C:\WINDOWS\system32\xalqxqcf\ehyq.exe -> Spyware.NoName : Cleaned with backup
C:\WINDOWS\system32\xdlejbs\vseifwnb.exe -> Trojan.Agent.ah : Cleaned with backup
C:\WINDOWS\system32\xnsnqxv.exe -> TrojanDownloader.Agent.lg : Cleaned with backup


::Report End


thanks...

Edited by PiTmA, 01 August 2005 - 11:03 AM.

  • 0

#5
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

O2 - BHO: (no name) - {65FDB720-9E0D-269C-4AB4-EC61926D67F7} - C:\WINDOWS\Rxwjhbgy.dll (file missing)
O2 - BHO: Starware - {CA356D79-679B-4b4c-8E49-5AF97014F4C1} - C:\Program Files\Starware\bin\Starware.dll (file missing)
O3 - Toolbar: Search - {40F8F242-0BA4-12D7-7546-B665FD349F27} - C:\WINDOWS\Rxwjhbgy.dll (file missing)
O3 - Toolbar: Starware - {D49E9D35-254C-4c6a-9D17-95018D228FF5} - C:\Program Files\Starware\bin\Starware.dll (file missing)
O4 - HKLM\..\Run: [hpsysconf1] C:\WINDOWS\System32\fubevtl.exe
O4 - HKLM\..\Run: [WebInstall2] C:\Program Files\ClipGenie\WebInstall.exe /R
O4 - HKLM\..\Run: [towfezv] C:\WINDOWS\Lbczxs.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [ewiqvdc] C:\WINDOWS\System32\lcgrxbdu\ewiqvdc.exe
O4 - HKLM\..\Run: [yukijcg] C:\WINDOWS\System32\nnjdhv\yukijcg.exe
O4 - HKLM\..\Run: [raukedp] C:\WINDOWS\System32\jolxk\raukedp.exe
O4 - HKLM\..\Run: [vbkuys] C:\WINDOWS\System32\lqsj\vbkuys.exe
O4 - HKLM\..\Run: [nxlid] C:\WINDOWS\System32\tsacg\nxlid.exe
O4 - HKLM\..\Run: [xqmdpom] C:\WINDOWS\System32\bplkleb\xqmdpom.exe
O4 - HKLM\..\Run: [vits] C:\WINDOWS\System32\ggljso\vits.exe
O4 - HKLM\..\Run: [grmweu] C:\WINDOWS\System32\butud\grmweu.exe
O4 - HKLM\..\Run: [osvijj] C:\WINDOWS\System32\khgmhwkn\osvijj.exe
O4 - HKLM\..\Run: [wnmspln] C:\WINDOWS\System32\vdrdgbe\wnmspln.exe
O4 - HKLM\..\Run: [aivdmwhm] C:\WINDOWS\System32\tngdknh\aivdmwhm.exe
O4 - HKLM\..\Run: [fefhvyvi] C:\WINDOWS\System32\clwbt\fefhvyvi.exe
O4 - HKLM\..\Run: [ehyq] C:\WINDOWS\System32\xalqxqcf\ehyq.exe
O4 - HKLM\..\Run: [ggmbrjfn] C:\WINDOWS\System32\omsaup\ggmbrjfn.exe
O4 - HKLM\..\Run: [CashBack] C:\Program Files\CashBack\bin\cashback.exe
O4 - HKLM\..\Run: [ucyf] C:\WINDOWS\System32\qrbjk\ucyf.exe
O4 - HKLM\..\Run: [dcmys] C:\WINDOWS\System32\dggfypyx\dcmys.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [ebyjfuyf] C:\WINDOWS\System32\mucnyrup\ebyjfuyf.exe
O4 - HKLM\..\Run: [tjktie] C:\WINDOWS\System32\ookenv\tjktie.exe
O4 - HKLM\..\Run: [jajgww] C:\WINDOWS\System32\ppdht\jajgww.exe
O4 - HKLM\..\Run: [rwtmm] C:\WINDOWS\System32\qdsgb\rwtmm.exe
O4 - HKLM\..\Run: [ajhxym] C:\WINDOWS\System32\nlfkxu\ajhxym.exe
O4 - HKLM\..\Run: [yeraei] C:\WINDOWS\System32\hvmr\yeraei.exe
O4 - HKLM\..\Run: [qebpddv] C:\WINDOWS\System32\bjdfeh\qebpddv.exe
O4 - HKLM\..\Run: [ailwopn] C:\WINDOWS\System32\hqicm\ailwopn.exe
O4 - HKLM\..\Run: [ejoifaov] C:\WINDOWS\System32\mehf\ejoifaov.exe
O4 - HKLM\..\Run: [mwjdfey] C:\WINDOWS\System32\pqwp\mwjdfey.exe
O4 - HKLM\..\Run: [vseifwnb] C:\WINDOWS\System32\xdlejbs\vseifwnb.exe
O4 - HKLM\..\Run: [igngiyw] C:\WINDOWS\System32\irklweef\igngiyw.exe
O4 - HKLM\..\Run: [sklumm] C:\WINDOWS\System32\eyyojv\sklumm.exe
O4 - HKLM\..\Run: [dctfgrx] C:\WINDOWS\System32\nrnshjo\dctfgrx.exe
O4 - HKLM\..\Run: [bvgjhn] C:\WINDOWS\System32\sdpmog\bvgjhn.exe
O4 - HKLM\..\Run: [chhe] C:\WINDOWS\System32\omldrr\chhe.exe
O4 - HKLM\..\Run: [brspofmt] C:\WINDOWS\System32\eynghm\brspofmt.exe
O4 - HKLM\..\Run: [oicpvxu] C:\WINDOWS\System32\aohaubol\oicpvxu.exe
O4 - HKLM\..\Run: [bbhys] C:\WINDOWS\System32\tosp\bbhys.exe
O4 - HKLM\..\Run: [cbsimut] C:\WINDOWS\System32\kmtk\cbsimut.exe
O4 - HKLM\..\Run: [cnmk] C:\WINDOWS\System32\bden\cnmk.exe
O4 - HKLM\..\Run: [afbt] C:\WINDOWS\System32\xlcxv\afbt.exe
O4 - HKLM\..\Run: [nfcjt] C:\WINDOWS\System32\wbyqtheq\nfcjt.exe
O4 - HKLM\..\Run: [yrtdgfti] C:\WINDOWS\System32\pyfvmi\yrtdgfti.exe
O4 - HKLM\..\Run: [obtyhdm] C:\WINDOWS\System32\qylk\obtyhdm.exe
O4 - HKLM\..\Run: [rnpia] C:\WINDOWS\System32\hrpr\rnpia.exe
O4 - HKLM\..\Run: [matc] C:\WINDOWS\System32\qifjq\matc.exe
O4 - HKLM\..\Run: [hgsd] C:\WINDOWS\System32\vkdnxmi\hgsd.exe
O4 - HKLM\..\Run: [m4d9ugmv] C:\WINDOWS\System32\m4d9ugmv.exe
O4 - HKLM\..\Run: [svchost] C:\WINDOWS\svchost.exe .
O4 - HKLM\..\Run: [twaqv] C:\WINDOWS\system32\jyigh\twaqv.exe
O4 - HKLM\..\Run: [ougn] C:\WINDOWS\system32\fjtyiasq\ougn.exe
O4 - HKLM\..\Run: [ouxklk] C:\WINDOWS\system32\wqgckwtt\ouxklk.exe
O4 - HKLM\..\Run: [vrhv] C:\WINDOWS\system32\xmvvuct\vrhv.exe
O4 - HKLM\..\Run: [xaai] C:\WINDOWS\system32\anwrk\xaai.exe
O4 - HKLM\..\Run: [xsmsek] C:\WINDOWS\system32\roylk\xsmsek.exe
O4 - HKLM\..\Run: [jsohpr] C:\WINDOWS\system32\oiish\jsohpr.exe
O4 - HKLM\..\Run: [ouwgvo] C:\WINDOWS\system32\piocu\ouwgvo.exe
O4 - HKLM\..\Run: [lvgu] C:\WINDOWS\system32\gllhdkia\lvgu.exe
O4 - HKLM\..\Run: [csfilyfy] C:\WINDOWS\system32\tvwk\csfilyfy.exe
O4 - HKLM\..\Run: [iidaswkw] C:\WINDOWS\system32\slred\iidaswkw.exe
O4 - HKLM\..\Run: [gsmbmbe] C:\WINDOWS\system32\xhvfs\gsmbmbe.exe
O4 - HKLM\..\Run: [ommdmi] C:\WINDOWS\system32\wowpatpc\ommdmi.exe
O4 - HKLM\..\Run: [tgtvoffv] C:\WINDOWS\system32\vtxjxf\tgtvoffv.exe
O4 - HKLM\..\Run: [oorpnhvw] C:\WINDOWS\system32\vnsho\oorpnhvw.exe


==================


Download the Pocket Killbox.

Unzip the contents of KillBox.zip to a convenient location and then double-click on KillBox.exe to launch the program.
  • Highlight the lines below and press the Ctrl key and the C key at the same time to copy them to the clipboard:

    • C:\Program Files\ClipGenie\WebInstall.exe
      C:\WINDOWS\Lbczxs.exe
      C:\Program Files\BullsEye Network\bin\bargains.exe
      C:\WINDOWS\System32\lcgrxbdu\ewiqvdc.exe
      C:\WINDOWS\System32\nnjdhv\yukijcg.exe
      C:\WINDOWS\System32\jolxk\raukedp.exe
      C:\WINDOWS\System32\lqsj\vbkuys.exe
      C:\WINDOWS\System32\tsacg\nxlid.exe
      C:\WINDOWS\System32\bplkleb\xqmdpom.exe
      C:\WINDOWS\System32\ggljso\vits.exe
      C:\WINDOWS\System32\butud\grmweu.exe
      C:\WINDOWS\System32\khgmhwkn\osvijj.exe
      C:\WINDOWS\System32\vdrdgbe\wnmspln.exe
      C:\WINDOWS\System32\tngdknh\aivdmwhm.exe
      C:\WINDOWS\System32\clwbt\fefhvyvi.exe
      C:\WINDOWS\System32\xalqxqcf\ehyq.exe
      C:\WINDOWS\System32\omsaup\ggmbrjfn.exe
      C:\Program Files\CashBack\bin\cashback.exe
      C:\WINDOWS\System32\qrbjk\ucyf.exe
      C:\WINDOWS\System32\dggfypyx\dcmys.exe
      C:\WINDOWS\cfgmgr52.dll
      C:\WINDOWS\System32\mucnyrup\ebyjfuyf.exe
      C:\WINDOWS\System32\ookenv\tjktie.exe
      C:\WINDOWS\System32\ppdht\jajgww.exe
      C:\WINDOWS\System32\qdsgb\rwtmm.exe
      C:\WINDOWS\System32\nlfkxu\ajhxym.exe
      C:\WINDOWS\System32\hvmr\yeraei.exe
      C:\WINDOWS\System32\bjdfeh\qebpddv.exe
      C:\WINDOWS\System32\hqicm\ailwopn.exe
      C:\WINDOWS\System32\mehf\ejoifaov.exe
      C:\WINDOWS\System32\pqwp\mwjdfey.exe
      C:\WINDOWS\System32\xdlejbs\vseifwnb.exe
      C:\WINDOWS\System32\irklweef\igngiyw.exe
      C:\WINDOWS\System32\eyyojv\sklumm.exe
      C:\WINDOWS\System32\nrnshjo\dctfgrx.exe
      C:\WINDOWS\System32\sdpmog\bvgjhn.exe
      C:\WINDOWS\System32\omldrr\chhe.exe
      C:\WINDOWS\System32\eynghm\brspofmt.exe
      C:\WINDOWS\System32\aohaubol\oicpvxu.exe
      C:\WINDOWS\System32\tosp\bbhys.exe
      C:\WINDOWS\System32\kmtk\cbsimut.exe
      C:\WINDOWS\System32\bden\cnmk.exe
      C:\WINDOWS\System32\xlcxv\afbt.exe
      C:\WINDOWS\System32\wbyqtheq\nfcjt.exe
      C:\WINDOWS\System32\pyfvmi\yrtdgfti.exe
      C:\WINDOWS\System32\qylk\obtyhdm.exe
      C:\WINDOWS\System32\hrpr\rnpia.exe
      C:\WINDOWS\System32\qifjq\matc.exe
      C:\WINDOWS\System32\vkdnxmi\hgsd.exe
      C:\WINDOWS\System32\m4d9ugmv.exe
      C:\WINDOWS\svchost.exe
      C:\WINDOWS\system32\jyigh\twaqv.exe
      C:\WINDOWS\system32\fjtyiasq\ougn.exe
      C:\WINDOWS\system32\wqgckwtt\ouxklk.exe
      C:\WINDOWS\system32\xmvvuct\vrhv.exe
      C:\WINDOWS\system32\anwrk\xaai.exe
      C:\WINDOWS\system32\roylk\xsmsek.exe
      C:\WINDOWS\system32\oiish\jsohpr.exe
      C:\WINDOWS\system32\piocu\ouwgvo.exe
      C:\WINDOWS\system32\gllhdkia\lvgu.exe
      C:\WINDOWS\system32\tvwk\csfilyfy.exe
      C:\WINDOWS\system32\slred\iidaswkw.exe
      C:\WINDOWS\system32\xhvfs\gsmbmbe.exe
      C:\WINDOWS\system32\wowpatpc\ommdmi.exe
      C:\WINDOWS\system32\vtxjxf\tgtvoffv.exe
      C:\WINDOWS\system32\vnsho\oorpnhvw.exe


  • Now go to the Killbox application and click on the File menu and then the Paste from Clipboard menu item. In the Full Path of File to Delete box you should see the first file. If you dropdown that box you should see the rest of them. Make sure that they are all there.
  • Click on the Delete on Reboot option and then click on the red circle with a white 'X' in to to delete the files. Killbox will tell you that all listed files will be deleted on next reboot, click YES. When it asks if you would like to Reboot now, click YES. If you get a "PendingFileRenameOperations Registry Data has been Removed by External Process!" message then just restart manually.
Your system will reboot now.


=============


Please reboot your computer in SafeMode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
* if you have trouble getting into Safe mode go here for more info.


Once in Safe mode, run a full scan with Ewido.


=============


Reboot back to normal mode and post a new hijackthis log and the log from Ewido.
  • 0

#6
PiTmA

PiTmA

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Logfile of HijackThis v1.99.1
Scan saved at 16:09:04, on 16/04/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [HorngTech4D] C:\PROGRA~1\MOUSES~1\bally4d.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Whistle - {220E39C3-B081-4719-AB1A-9A884DCBD05C} - C:\Program Files\WhistleSoftware\WselServices\webband.dll (file missing)
O9 - Extra button: מחקר - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1109925413343
O16 - DPF: {EC9C20C4-FF24-11D3-81B7-00902776CF54} (InstallerActiveX Class) - http://www.netex.co....e/Installer.CAB
O16 - DPF: {F59AB0C4-3443-4551-A78F-C101F9DE0215} (LauncherV1 Class) - http://irc.nana.co.i.../launcher39.cab
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 19:22:00, 14/04/2004
+ Report-Checksum: FB0AE53D

+ Scan result:

C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[1].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\WINDOWS\system32\netut80ex.vxd/C:/WINDOWS/System32/exdl.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\netut80ex.vxd/C:/WINDOWS/System32/exul.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\netut80ex.vxd/C:/WINDOWS/System32/javexulm.vxd -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\netut80ex.vxd/C:/WINDOWS/System32/bbchk.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\netut80ex.vxd/C:/WINDOWS/System32/instsrv.exe -> Spyware.BargainBuddy : Cleaned with backup


::Report End

  • 0

#7
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Please fix this line with Hijackthis:

R3 - Default URLSearchHook is missing


Delete these folders:

C:\Program Files\ClipGenie
C:\Program Files\CashBack
C:\Program Files\BullsEye Network
C:\WINDOWS\system32\anwrk
C:\WINDOWS\System32\aohaubol
C:\WINDOWS\System32\bden
C:\WINDOWS\System32\bjdfeh
C:\WINDOWS\System32\bplkleb
C:\WINDOWS\System32\butud
C:\WINDOWS\System32\clwbt
C:\WINDOWS\System32\dggfypyx
C:\WINDOWS\System32\eynghm
C:\WINDOWS\System32\eyyojv
C:\WINDOWS\system32\fjtyiasq
C:\WINDOWS\System32\ggljso
C:\WINDOWS\system32\gllhdkia
C:\WINDOWS\System32\hqicm
C:\WINDOWS\System32\hrpr
C:\WINDOWS\System32\hvmr
C:\WINDOWS\System32\irklweef
C:\WINDOWS\System32\jolxk
C:\WINDOWS\system32\jyigh
C:\WINDOWS\System32\khgmhwkn
C:\WINDOWS\System32\kmtk
C:\WINDOWS\System32\lcgrxbdu
C:\WINDOWS\System32\lqsj
C:\WINDOWS\System32\mehf
C:\WINDOWS\System32\mucnyrup
C:\WINDOWS\System32\nlfkxu
C:\WINDOWS\System32\nnjdhv
C:\WINDOWS\System32\nrnshjo
C:\WINDOWS\system32\oiish
C:\WINDOWS\System32\omldrr
C:\WINDOWS\System32\omsaup
C:\WINDOWS\System32\ookenv
C:\WINDOWS\system32\piocu
C:\WINDOWS\System32\ppdht
C:\WINDOWS\System32\pqwp
C:\WINDOWS\System32\pyfvmi
C:\WINDOWS\System32\qdsgb
C:\WINDOWS\System32\qifjq
C:\WINDOWS\System32\qrbjk
C:\WINDOWS\System32\qylk
C:\WINDOWS\system32\roylk
C:\WINDOWS\System32\sdpmog
C:\WINDOWS\system32\slred
C:\WINDOWS\System32\tngdknh
C:\WINDOWS\System32\tosp
C:\WINDOWS\System32\tsacg
C:\WINDOWS\system32\tvwk
C:\WINDOWS\System32\vdrdgbe
C:\WINDOWS\System32\vkdnxmi
C:\WINDOWS\system32\vnsho
C:\WINDOWS\system32\vtxjxf
C:\WINDOWS\System32\wbyqtheq
C:\WINDOWS\system32\wowpatpc
C:\WINDOWS\system32\wqgckwtt
C:\WINDOWS\System32\xalqxqcf
C:\WINDOWS\System32\xdlejbs
C:\WINDOWS\system32\xhvfs
C:\WINDOWS\System32\xlcxv
C:\WINDOWS\system32\xmvvuct




Please run Panda Online Virus Scan
  • Make sure it is set to clean automatically.
  • There may be files that this scan will not remove.
  • Please include that information in your next post.
Reboot and post a new hijackthis log and the info from your virus scan.

Let me know how things are running on your end. Any problems?

Edited by Buckeye_Sam, 04 August 2005 - 07:38 PM.

  • 0

#8
PiTmA

PiTmA

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
the site didn't gave me any log... it scaned my pc and closed IE.

Logfile of HijackThis v1.99.1
Scan saved at 16:39:06, on 06/08/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [HorngTech4D] C:\PROGRA~1\MOUSES~1\bally4d.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Whistle - {220E39C3-B081-4719-AB1A-9A884DCBD05C} - C:\Program Files\WhistleSoftware\WselServices\webband.dll (file missing)
O9 - Extra button: מחקר - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1109925413343
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {EC9C20C4-FF24-11D3-81B7-00902776CF54} (InstallerActiveX Class) - http://www.netex.co....e/Installer.CAB
O16 - DPF: {F59AB0C4-3443-4551-A78F-C101F9DE0215} (LauncherV1 Class) - http://irc.nana.co.i.../launcher39.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe



thanks man ...
  • 0

#9
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Your log looks clean to me. Are you having any problems?
  • 0

#10
PiTmA

PiTmA

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
no... Thank U!
so can/should i remove the programs i'v installed now?
  • 0

#11
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Ewido is very good and it wouldn't hurt to keep it. But you can certainly uninstall it if you wish.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Managing Windows Millenium System Restore

    or

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:tazz: ;)
  • 0

#12
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP