Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Hijack This log

Started by Chyld989 , Jul 28 2005 02:47 PM

  • Please log in to reply

#1
Chyld989
Posted 28 July 2005 - 02:47 PM

Chyld989

    New Member

  • Member
  • Pip
  • 6 posts
Ran CleanUp, Ad-Aware, CWShredder, Spybot and a virus scan. Here's my Hijack-This log afterwards. Thanks in advance for any help you can give.

Logfile of HijackThis v1.99.1
Scan saved at 1:42:23 PM, on 7/28/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
c:\windows\system32\mejgbi.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Documents and Settings\Nancy\My Documents\Loretta\stuff\MsgPlus.exe
C:\Program Files\SurfAccuracy\SAcc.exe
C:\WINDOWS\System32\agb8n7ao.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\Xrnueu.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Nancy\My Documents\download\sunkensoul\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.fhvtvisto...tJ8ayAf386.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: (no name) - {2B0E6FAC-0DFE-D9CA-F8B1-BFEBDF4DCF99} - C:\DOCUME~1\NANCYS~1\APPLIC~1\WAYWMA~1\program third.exe
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: AuroraHandlerObj Class - {4AA870AC-8427-42a4-B92E-ECD956197489} - C:\WINDOWS\AuroraHandler.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {8DA5457F-A8AA-4CCF-A842-70E6FD274094} - C:\PROGRA~1\COMMON~1\WinTools\WToolsT.dll (file missing)
O3 - Toolbar: Pure enc - {803B944D-0BF3-B5E0-2635-52C8F3009E23} - C:\PROGRAM FILES\WAY WMA\LOCKSPEAK.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Documents and Settings\Nancy\My Documents\Loretta\stuff\MsgPlus.exe"
O4 - HKLM\..\Run: [Second 16 fork skip] C:\Documents and Settings\All Users\Application Data\Copy trans second 16\waitmedia.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [version] C:\WINDOWS\System32\Zmnark.exe
O4 - HKLM\..\Run: [agb8n7ao] C:\WINDOWS\System32\agb8n7ao.exe
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [secure] C:\WINDOWS\System32\Xrnueu.exe
O4 - HKLM\..\Run: [hhfbsef] c:\windows\system32\mejgbi.exe r
O4 - HKCU\..\Run: [2Love] C:\DOCUME~1\NANCYS~1\APPLIC~1\OPENAX~1\mfcd bias.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Documents and Settings\Nancy\My Documents\Loretta\stuff\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O9 - Extra button: Whistle - {220E39C3-B081-4719-AB1A-9A884DCBD05C} - C:\Program Files\WhistleSoftware\WselServices\webband.dll (file missing)
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\windows\system32\cdlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cdlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cdlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cdlsp.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {20048BB3-DB68-11CF-9CAF-00AA006CB425} (007installer Control) - http://download.007g...es/msnnames.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_42.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1100052581687
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v5.cab
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
  • 0

Advertisements

#2
bricat
Posted 28 July 2005 - 07:43 PM

bricat

    Visiting Staff

  • Visiting Consultant
  • 645 posts
Welcome To Geeks To Go Forum. :tazz:


Please Download LSPFix from here and Run the Program.
Disconnect from the Internet and close all Internet Explorer Windows.
Check the "I know what I'm doing" Button and move all instances of c:\windows\system32\cdlsp.dll from the left panel to the right panel then click ‘Finish’

Then :-

Step 1

Please download the trial version of Ewido Security Suite from here. Install it and update the program with the latest definitions. Setup the program following the instructions here and then close it without running a scan. We'll use it in Safe Mode.

Please download Nailfix from here.
Unzip it to the desktop but please do NOT run it yet.


Step 2

Reboot into Safe Mode and double-click Nailfix.cmd.
A window should open and close very quickly (this is normal).

Step 3

Then please run Ewido security suite, and perform a full system scan.
Remove anything found,

Once the scan has completed, there will be a button located on the bottom of the screen named Save report

* Click Save report
* Save the report to your desktop.
* I'll ask you to post the log later.


Step 4

Then click on Start | Run and type cleanmgr into the run box.
Make sure Temporary Files, Temporary Internet Files and Recycle Bin ONLY are checkmarked and click 'OK'.
Then click on Start | Run, and type %temp% and press the ok button.
This will open up the temp directory that your machine uses.
Please delete all files that are found there.

Step 5

Run HijackThis again and place a check before the following entries:-


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.fhvtvisto...tJ8ayAf386.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: (no name) - {2B0E6FAC-0DFE-D9CA-F8B1-BFEBDF4DCF99} - C:\DOCUME~1\NANCYS~1\APPLIC~1\WAYWMA~1\program third.exe
O2 - BHO: AuroraHandlerObj Class - {4AA870AC-8427-42a4-B92E-ECD956197489} - C:\WINDOWS\AuroraHandler.dll (file missing)
O2 - BHO: (no name) - {8DA5457F-A8AA-4CCF-A842-70E6FD274094} - C:\PROGRA~1\COMMON~1\WinTools\WToolsT.dll (file missing)
O3 - Toolbar: Pure enc - {803B944D-0BF3-B5E0-2635-52C8F3009E23} - C:\PROGRAM FILES\WAY WMA\LOCKSPEAK.DLL (file missing)
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Documents and Settings\Nancy\My Documents\Loretta\stuff\MsgPlus.exe"
O4 - HKLM\..\Run: [Second 16 fork skip] C:\Documents and Settings\All Users\Application Data\Copy trans second 16\waitmedia.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [version] C:\WINDOWS\System32\Zmnark.exe
O4 - HKLM\..\Run: [agb8n7ao] C:\WINDOWS\System32\agb8n7ao.exe
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [secure] C:\WINDOWS\System32\Xrnueu.exe
O4 - HKLM\..\Run: [hhfbsef] c:\windows\system32\mejgbi.exe r
O4 - HKCU\..\Run: [2Love] C:\DOCUME~1\NANCYS~1\APPLIC~1\OPENAX~1\mfcd bias.exe


Close ALL OPEN WINDOWS except for HijackThis and click Fix Checked.


Step 6

Restart your computer in normal mode and post a fresh HijackThis log and Ewido log.

Edited by bricat, 28 July 2005 - 07:44 PM.

  • 0

#3
Chyld989
Posted 29 July 2005 - 03:54 AM

Chyld989

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Okay, did what you said, here's the Ewido log, followed by the new Hijack-This log:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 2:05:38 AM, 7/29/2005
+ Report-Checksum: DB1AB0B7

+ Scan result:

HKLM\SOFTWARE\Classes\Common.Buttons -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\Radio.RadioPlayer -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\SWRT01.RT -> Spyware.SecondThought : Error during cleaning
HKLM\SOFTWARE\Classes\TBPS.PluginDownAdd -> Spyware.WebSearch : Error during cleaning
HKLM\SOFTWARE\Classes\TBPS.PluginDownAdd\Clsid -> Spyware.WebSearch : Error during cleaning
[1388] c:\windows\system32\bkzmlt.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\SYSTEM32\bkzmlt.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\SYSTEM32\cdstkbvq.exe -> Worm.Sober.G : Cleaned with backup
C:\WINDOWS\SYSTEM32\diagsys.exe -> Worm.Sober.G : Cleaned with backup
C:\WINDOWS\SYSTEM32\cdlsp.dll -> TrojanDownloader.Agent.br : Cleaned with backup
C:\WINDOWS\SYSTEM32\msnnames.exe -> TrojanDownloader.Agent.lq : Cleaned with backup
C:\WINDOWS\SYSTEM32\doerkggg.exe -> Worm.Sober.h : Cleaned with backup
C:\WINDOWS\SYSTEM32\svmhost.exe -> TrojanDownloader.Agent.lq : Cleaned with backup
C:\WINDOWS\SYSTEM32\2search.exe/getst.exe -> Spyware.2Search : Cleaned with backup
C:\WINDOWS\SYSTEM32\spoolcrypt.exe -> Worm.Sober.h : Cleaned with backup
C:\WINDOWS\SYSTEM32\webhanc.exe/whAgent.exe -> Spyware.WebHancer : Cleaned with backup
C:\WINDOWS\SYSTEM32\exactinstaller.exe -> TrojanDownloader.Adload.a : Cleaned with backup
C:\WINDOWS\SYSTEM32\MTC.dll -> TrojanDownloader.Agent.ga : Cleaned with backup
C:\WINDOWS\SYSTEM32\agb8n7ao.exe -> Adware.Saha : Cleaned with backup
C:\WINDOWS\SYSTEM32\discwinservice.exe -> Worm.Sober.E : Cleaned with backup
C:\WINDOWS\SYSTEM32\ndhaqqth.exe -> Worm.Vb.C : Cleaned with backup
C:\WINDOWS\SYSTEM32\dirwin.exe -> Worm.Vb.C : Cleaned with backup
C:\WINDOWS\SYSTEM32\spectreysb.exe -> TrojanDownloader.IstBar.is : Cleaned with backup
C:\WINDOWS\SYSTEM32\Zmnark.exe -> Spyware.DealHelper : Cleaned with backup
C:\WINDOWS\SYSTEM32\Pqicmf.exe -> Trojan.Popmon.a : Cleaned with backup
C:\WINDOWS\SYSTEM32\Im6um.dll/bi.dll -> Spyware.BiSpy : Cleaned with backup
C:\WINDOWS\SYSTEM32\Im6um.dll/biprep.exe -> Trojan.Bispy.B : Cleaned with backup
C:\WINDOWS\SYSTEM32\aud-s4f.exe -> TrojanDownloader.Vivia : Cleaned with backup
C:\WINDOWS\SYSTEM32\bud-mgr1.exe -> TrojanDownloader.Vivia.a : Cleaned with backup
C:\WINDOWS\SYSTEM32\dmkschk.exe -> TrojanDownloader.Vivia.a : Cleaned with backup
C:\WINDOWS\dsr.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\WINDOWS\swpjsr.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\dsr.dll -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\aaa1-bi-1.exe -> TrojanDownloader.Vivia.a : Cleaned with backup
C:\WINDOWS\webhdll.dll_tobedeleted -> Spyware.WebHancer : Cleaned with backup
C:\WINDOWS\msbbi.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\WINDOWS\bi.exe/bi.dll -> Trojan.Bispy.A : Cleaned with backup
C:\WINDOWS\bi.exe/biprep.exe -> Trojan.Bispy.B : Cleaned with backup
C:\WINDOWS\o16d7trd.exe -> Adware.SAHA : Cleaned with backup
C:\Program Files\Common Files\SLMSS\slmss.exe -> Trojan.SecondThought.a : Cleaned with backup
C:\Program Files\Internet Explorer\Toolbar\install.exe -> Spyware.GonnaSearch : Cleaned with backup
C:\Program Files\Internet Explorer\Toolbar\toolbar.dll -> Spyware.GonnaSearch : Cleaned with backup
C:\Program Files\C2Media\Setup.exe -> Spyware.Lop : Cleaned with backup
C:\Program Files\2search\getst.exe -> Spyware.2Search : Cleaned with backup
C:\Program Files\2search\main.exe -> Spyware.2Search : Cleaned with backup
C:\Program Files\2search\uninstall.exe -> Spyware.2Search : Cleaned with backup
C:\Program Files\2search\plugin.dll -> Spyware.2Search : Cleaned with backup
C:\Program Files\SurfAccuracy\SAcc.exe -> Spyware.SurfAccuracy : Cleaned with backup
C:\Documents and Settings\Nancy \Local Settings\Temp\WToolsA.exe -> TrojanDownloader.QDown.x : Cleaned with backup
C:\Documents and Settings\Nancy \Local Settings\Temp\temp.fr72E5\radio.exe -> Spyware.WebSearch : Cleaned with backup
C:\Documents and Settings\Nancy \Local Settings\Temp\temp.fr72E5\TBPSSvc.exe -> Spyware.WebSearch : Cleaned with backup
C:\Documents and Settings\Nancy \Local Settings\Temp\temp.fr72E5\toolbar.dll -> Spyware.WebSearch : Cleaned with backup
C:\Documents and Settings\Nancy \Local Settings\Temporary Internet Files\Content.IE5\7C8Z8HRV\download[1].htm -> Trojan.Popmon.a : Cleaned with backup
C:\Documents and Settings\Nancy \Local Settings\Temporary Internet Files\Content.IE5\7C8Z8HRV\downloaddll[1].htm -> Spyware.DealHelper : Cleaned with backup
C:\Documents and Settings\Nancy \Local Settings\Temporary Internet Files\Content.IE5\7C8Z8HRV\dun[1].exe -> Spyware.DealHelper : Cleaned with backup
C:\Documents and Settings\Nancy \Local Settings\Temporary Internet Files\Content.IE5\0PYFOTYR\downloaddll[1].htm -> Spyware.DealHelper : Cleaned with backup
C:\Documents and Settings\Nancy \Local Settings\Temporary Internet Files\Content.IE5\0PYFOTYR\download[1].htm -> Trojan.Popmon.a : Cleaned with backup
C:\Documents and Settings\Nancy \Cookies\nancy @z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Nancy \Cookies\nancy @lop[1].txt -> Spyware.Cookie.Lop : Cleaned with backup
C:\Documents and Settings\Nancy \Cookies\nancy @abetterinternet[1].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\Nancy \Cookies\nancy @tradedoubler[1].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Nancy \Cookies\nancy @revenue[1].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Documents and Settings\Nancy \Cookies\nancy @casalemedia[2].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Nancy \Cookies\nancy @trafficmp[2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Nancy \Cookies\nancy @ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Nancy \Cookies\nancy @citi.bridgetrack[2].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Nancy \Cookies\nancy @ads.addynamix[1].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Nancy \Application Data\diorhnhr.exe -> TrojanDownloader.Swizzor.cw : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP157\A0089116.exe -> Spyware.Wintol : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP157\A0089120.exe -> Spyware.Wintol : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP157\A0093118.exe -> Spyware.Wintol : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP157\A0095118.exe -> Spyware.Wintol : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP158\A0099141.exe -> Spyware.Wintol : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP158\A0099440.exe -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP159\A0099455.exe -> Spyware.Wintol : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP159\A0099466.exe -> Spyware.Wintol : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP159\A0100466.exe -> Spyware.Wintol : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP159\A0100474.exe -> Spyware.Wintol : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP160\A0100487.exe -> Spyware.Wintol : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP160\A0100493.exe -> Spyware.Wintol : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP161\A0100551.exe -> Spyware.Wintol : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP161\A0100555.exe -> Spyware.Wintol : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP161\A0100559.exe -> Spyware.Wintol : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP161\A0100567.exe -> Spyware.Wintol : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP161\A0100575.exe -> Spyware.Wintol : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP161\A0100585.exe -> Spyware.Wintol : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP162\A0100668.exe -> Spyware.Wintol : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP163\A0100681.exe -> Spyware.Wintol : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP163\A0100687.exe -> Spyware.Wintol : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP164\A0100701.exe -> Spyware.Wintol : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP164\A0100706.exe -> Spyware.Wintol : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP164\A0100714.exe -> Spyware.Wintol : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP165\A0101714.exe -> Spyware.Wintol : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP165\A0101718.exe -> Spyware.Wintol : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP165\A0101724.exe -> Spyware.Wintol : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP165\A0101731.exe -> Spyware.Wintol : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP165\A0101738.exe -> Spyware.Wintol : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP166\A0101760.exe -> Spyware.Wintol : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP167\A0101770.exe -> Spyware.Wintol : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP167\A0101775.exe -> Spyware.Wintol : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP168\A0102775.exe -> Spyware.Wintol : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP168\A0102782.exe -> Spyware.Wintol : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP168\A0103782.exe -> Spyware.Wintol : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP168\A0104787.exe -> Spyware.Wintol : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP169\A0104804.exe -> Spyware.Wintol : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP169\A0104827.exe -> Spyware.Wintol : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP170\A0104884.exe -> Spyware.Wintol : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP170\A0104885.exe -> Spyware.Wintol : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP170\A0104891.exe -> Spyware.Wintol : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0104956.dll -> Spyware.TotalVelocity : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0104957.dll -> Spyware.TotalVelocity : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105177.dll -> Spyware.WebSearch : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105178.exe -> TrojanDownloader.QDown.v : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105183.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105188.exe -> TrojanDownloader.Adload.a : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105195.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105201.exe -> Spyware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105202.dll -> Spyware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105209.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105210.exe -> TrojanDownloader.IstBar.ij : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105211.exe -> Spyware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105212.exe -> TrojanDownloader.Dyfuca.ei : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105213.exe -> Spyware.180Solutions : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105214.exe -> TrojanDownloader.IstBar : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105215.exe -> Spyware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105216.dll -> Spyware.SideFind : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105217.dll -> Spyware.SideFind : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105218.exe -> TrojanDownloader.IstBar.jm : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105219.exe -> Spyware.PowerScan : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105220.exe -> TrojanDownloader.IstBar.gi : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105222.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105223.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105224.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105228.exe -> Spyware.WebSearch : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105229.exe -> Spyware.Sqwire : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105234.dll -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105235.dll -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105240.exe -> Spyware.180Solutions : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105241.DLL -> Spyware.VX2 : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105242.dll -> Spyware.VX2 : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105243.dll -> Spyware.VX2 : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105245.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105246.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105247.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105248.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105249.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105250.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105254.exe -> TrojanDownloader.Agent.e : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105260.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105262.DLL -> Spyware.VX2 : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105263.dll -> TrojanDownloader.Agent.e : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105264.dll -> Trojan.SecondThought.ag : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105270.dll -> TrojanSpy.Idly.c : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105274.dll -> Spyware.180Solutions : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105275.exe -> Spyware.180Solutions : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105276.dll -> Spyware.VX2 : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105277.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105278.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105279.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105280.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105281.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105282.dll -> Spyware.VX2 : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105283.DLL -> Spyware.VX2 : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105284.dll -> Adware.SAHA : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105285.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105286.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105288.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105289.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105290.exe -> Adware.SAHA : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105291.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105292.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105293.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105294.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105295.EXE -> TrojanDownloader.Small.wk : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105296.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105297.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105298.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105299.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105300.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105301.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105302.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105303.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105304.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105305.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105306.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105307.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105308.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105309.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105310.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105311.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105312.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105313.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105314.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105315.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105316.exe -> TrojanDownloader.Apropo.e : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105317.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105318.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105319.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105320.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105321.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105322.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105323.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105324.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105325.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105326.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105327.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105328.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105329.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105330.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105331.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105332.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105333.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105334.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105335.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105336.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105337.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105338.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105339.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105340.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105341.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105342.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105343.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105344.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105345.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105346.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105347.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105348.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105349.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105350.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105351.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105352.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105353.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105354.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105355.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105356.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105357.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105358.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105359.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105360.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105363.dll -> Spyware.VX2 : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105364.dll -> Spyware.VX2 : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105365.dll -> Spyware.VX2 : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105366.exe -> TrojanDownloader.QDown.m : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105367.dll -> Spyware.VX2 : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105368.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105369.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105370.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105371.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105372.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105373.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105374.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105375.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105376.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105377.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105378.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105379.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105380.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105381.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105382.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105383.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105384.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105385.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105386.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105387.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105388.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105389.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105390.dll -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105391.dll -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105392.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105393.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105394.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105395.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105396.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105397.exe -> Spyware.DealHelper : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105398.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105399.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105400.exe -> Adware.SAHA : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105401.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105402.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105403.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105404.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105405.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105406.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105407.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105408.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105409.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105410.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105411.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105412.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105413.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105414.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105415.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105416.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105417.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105418.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105419.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105422.DLL -> Spyware.VX2 : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105423.DLL -> Spyware.VX2 : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105424.DLL -> Spyware.VX2 : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105425.DLL -> Spyware.VX2 : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105426.DLL -> Spyware.VX2 : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105427.DLL -> Spyware.VX2 : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105428.DLL -> Spyware.VX2 : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105429.DLL -> Spyware.VX2 : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105431.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105432.DLL -> Spyware.VX2 : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105433.DLL -> Spyware.VX2 : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105434.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105435.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105436.dll -> Spyware.F1Organizer : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105437.exe/bi.dll -> Spyware.BiSpy : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105437.exe/biprep.exe -> Trojan.Bispy.B : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105439.exe -> TrojanDownloader.Vivia : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105440.exe -> TrojanDownloader.Vivia : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105441.exe -> TrojanSpy.Briss.h : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105442.exe -> TrojanSpy.Briss.c : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105443.dll -> TrojanSpy.Briss.h : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105444.dll -> TrojanSpy.Briss.h : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105446.exe -> TrojanDownloader.Vivia.m : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105448.dll -> TrojanDownloader.Vivia.f : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105449.dll -> Spyware.BookedSpace : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105451.dll -> Spyware.BiSpy : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105453.dll -> Trojan.Bispy.A : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105454.exe -> Spyware.BiSpy : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105455.exe -> Spyware.180Solutions : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105456.EXE -> Spyware.BiSpy : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105459.exe -> Trojan.SecondThought.c : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105460.exe -> TrojanDownloader.Keenval : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105461.exe -> TrojanDownloader.Keenal : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105462.dll -> Spyware.CoolWebSearch : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105463.dll -> Spyware.CoolWebSearch : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105464.dll -> Spyware.CoolWebSearch : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105465.exe -> Spyware.SurfAccuracy : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105466.dll -> Spyware.180Solutions : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105467.exe -> TrojanDownloader.Keenval : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105468.exe -> Spyware.180Solutions : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105470.exe -> Spyware.Lop : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105477.exe -> Spyware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105480.exe -> Spyware.CashBack : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105481.exe -> Spyware.CashBack : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105486.exe -> Spyware.AproposMedia : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105487.exe -> Trojan.VB.jh : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105488.dll -> Spyware.VirtualBouncer : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105489.dll -> Spyware.VirtualBouncer : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105490.dll -> Spyware.VirtualBouncer : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105491.dll -> Spyware.VirtualBouncer : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105493.exe -> Trojan.SecondThought.a : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105496.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105497.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105516.dll -> Spyware.180Solutions : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105517.dll -> TrojanDownloader.Dyfuca : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105518.dll -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105522.dll -> Spyware.DealHelper : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105523.dll -> Spyware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105524.dll -> Spyware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105525.exe -> TrojanDownloader.QDown.v : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105526.dll -> Adware.SAHA : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105527.dll -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105528.dll -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105531.EXE -> Spyware.WebSearch : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105532.exe -> Spyware.WebSearch : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105533.DLL -> Spyware.WebSearch : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105541.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105543.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105549.dll -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP171\A0105550.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP172\A0105553.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP172\A0105558.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP172\A0105567.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP172\A0105610.EXE -> Spyware.DealHelper : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP172\A0105611.dll -> Spyware.DealHelper : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP172\A0105618.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP172\A0105623.dll -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP172\A0105624.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP172\A0105629.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP172\A0105673.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP172\A0105733.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP172\A0105737.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP172\A0105738.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP172\A0105740.dll -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP172\A0105742.exe -> Spyware.DealHelper : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP172\A0105743.exe -> TrojanDownloader.Vivia : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP172\A0105744.exe -> Trojan.Popmon.a : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP172\A0105745.dll -> Spyware.DealHelper : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP172\A0105746.exe -> Trojan.Popmon.a : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP172\A0105747.exe -> Trojan.Small.i : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP172\A0105748.dll -> TrojanDownloader.Rameh.a : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP172\A0105749.dll -> Spyware.VirtualBouncer : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP172\A0105750.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP172\A0105751.dll/bi.dll -> Trojan.Bispy.A : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP172\A0105751.dll/preInsBI.exe -> Spyware.BiSpy : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP172\A0105752.exe/bi.dll -> Trojan.Bispy.A : Cleaned with backup
C:\System Volume Information\_restore{B5617E91-B3FB-4CE2-BC74-B772B8AFFDCC}\RP172\A0105752.exe/preInsBI.exe -> Spyware.BiSpy : Cleaned with backup


::Report End


*EDIT*
Hijack-This log was cut off, will put in reply to this post

Edited by Chyld989, 29 July 2005 - 03:56 AM.

  • 0

#4
Chyld989
Posted 29 July 2005 - 03:59 AM

Chyld989

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Logfile of HijackThis v1.99.1
Scan saved at 2:48:55 AM, on 7/29/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\Documents and Settings\Nancy \My Documents\security suite\ewidoctrl.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
c:\progra~1\intern~1\iexplore.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Documents and Settings\Nancy \My Documents\download\sunkensoul\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gypisxfle..._tJ8ayAf386.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O2 - BHO: (no name) - {2B0E6FAC-0DFE-D9CA-F8B1-BFEBDF4DCF99} - (no file)
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {4AA870AC-8427-42a4-B92E-ECD956197489} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {8DA5457F-A8AA-4CCF-A842-70E6FD274094} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [pjhfyw] c:\windows\system32\bkzmlt.exe r
O4 - HKCU\..\Run: [2Love] C:\DOCUME~1\NANCYS~1\APPLIC~1\OPENAX~1\mfcd bias.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Documents and Settings\Nancy \My Documents\Loretta\stuff\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O9 - Extra button: Whistle - {220E39C3-B081-4719-AB1A-9A884DCBD05C} - C:\Program Files\WhistleSoftware\WselServices\webband.dll (file missing)
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {20048BB3-DB68-11CF-9CAF-00AA006CB425} (007installer Control) - http://download.007g...es/msnnames.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_42.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1100052581687
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v5.cab
O23 - Service: ewido security suite control - ewido networks - C:\Documents and Settings\Nancy \My Documents\security suite\ewidoctrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
  • 0

#5
bricat
Posted 29 July 2005 - 01:18 PM

bricat

    Visiting Staff

  • Visiting Consultant
  • 645 posts
You have one (or more) of these programs running on your machine and that is good.

ad watch
Winpatrol
Spywareguard
Spybot s&d (Teatimer option)

But prior to doing the fix below with hijackthis they need to be turned off.
Please do the following.

Right click the running icon of spybot's teatimer, and choose exit.
Right click the running icon of winpatrol, and choose exit.
Right click the running icon of Spywareguard, it will open the program, Menu, file, exit, and confirm the programs close.

Unless they are turned off they could interfere with the fix by hijackthis.


Rerun HJT,and put a checkmark beside these :-


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gypisxfle..._tJ8ayAf386.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O2 - BHO: (no name) - {2B0E6FAC-0DFE-D9CA-F8B1-BFEBDF4DCF99} - (no file)
O2 - BHO: (no name) - {4AA870AC-8427-42a4-B92E-ECD956197489} - (no file)
O2 - BHO: (no name) - {8DA5457F-A8AA-4CCF-A842-70E6FD274094} - (no file)
O4 - HKLM\..\Run: [pjhfyw] c:\windows\system32\bkzmlt.exe r
O4 - HKCU\..\Run: [2Love] C:\DOCUME~1\NANCYS~1\APPLIC~1\OPENAX~1\mfcd bias.exe

now close all windows and browsers and click FIX CHECKED


download and run this LOP UNINSTALLER


then reboot and post a fresh Hijackthis log.
  • 0

#6
Chyld989
Posted 02 August 2005 - 02:29 AM

Chyld989

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
New log:

Logfile of HijackThis v1.99.1
Scan saved at 1:24:18 AM, on 8/2/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\Nancy \My Documents\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE
C:\Program Files\AIM\aim.exe
c:\progra~1\intern~1\iexplore.exe
C:\Documents and Settings\Nancy \My Documents\download\sunkensoul\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll (file missing)
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Documents and Settings\Nancy \My Documents\Loretta\stuff\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O9 - Extra button: Whistle - {220E39C3-B081-4719-AB1A-9A884DCBD05C} - C:\Program Files\WhistleSoftware\WselServices\webband.dll (file missing)
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {20048BB3-DB68-11CF-9CAF-00AA006CB425} (007installer Control) - http://download.007g...es/msnnames.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_42.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1100052581687
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v5.cab
O23 - Service: ewido security suite control - ewido networks - C:\Documents and Settings\Nancy \My Documents\security suite\ewidoctrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
  • 0

#7
bricat
Posted 02 August 2005 - 03:02 AM

bricat

    Visiting Staff

  • Visiting Consultant
  • 645 posts
That's better looking :tazz:. just a bit of tidying up to do.

You have one (or more) of these programs running on your machine and that is good.

ad watch
Winpatrol
Spywareguard
Spybot s&d (Teatimer option)

But prior to doing the fix below with hijackthis they need to be turned off.
Please do the following.

Right click the running icon of spybot's teatimer, and choose exit.
Right click the running icon of winpatrol, and choose exit.
Right click the running icon of Spywareguard, it will open the program, Menu, file, exit, and confirm the programs close.

Unless they are turned off they could interfere with the fix by hijackthis.


Rerun HJT,and put a checkmark beside these :-


O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll (file missing)


now close all windows and browsers and click FIX CHECKED


If you want to keep MessengerPlus but didn’t
choose the option to refuse the advertising then please uninstall the copy you have then download
it again and when you get to the Sponsor Agreement select the option which reads,’I Refuse,
do not install the sponsor program’.


Then

Go to TOOLS\INTERNET OPTIONS. and delete all TEMP INTERNET FILES

Download CCLEANER


then run the scan under the windows tab.


then DEFRAG your C:\ drive.

to help speed up your system.

you have no anti virus, or firewall installed, that is a bit like playing russian roullette if you go on the internet.

please download and install AVG anti-virus, check for updates and run a full scan. and
SYGATE FIREWALL. both of these are free and both are easy to set up.


then let us know how the computer is running.

Edited by bricat, 02 August 2005 - 03:21 AM.

  • 0

#8
bricat
Posted 02 August 2005 - 03:04 AM

bricat

    Visiting Staff

  • Visiting Consultant
  • 645 posts
post removed,

Edited by bricat, 02 August 2005 - 03:11 AM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP