Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Uh oh. Got some bad stuff...m [RESOLVED]

Started by blue1420 , Jul 31 2005 05:24 PM

  • This topic is locked This topic is locked

#31
Crustyoldbloke
Posted 31 August 2005 - 08:12 AM

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Download LQfix.exe and place it on your desktop.

Doubleclick LQfix.exe and click install.

This will create a new folder called LQfix on your desktop.

Open the folder and doubleclick ClickThis.bat

Follow the prompts on the screen.

Your system will reboot afterwards.

Please be patient after reboot, because there is a script running in the background.
  • 0

Advertisements

#32
blue1420
Posted 31 August 2005 - 06:14 PM

blue1420

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Okay...done. Not sure if you need a new HJT log so just in case, here ya go....

Logfile of HijackThis v1.99.1
Scan saved at 7:19:01 PM, on 8/31/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\BCMDMMSG.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\PROGRAM FILES\ADAPTEC\GOBACK\GBPOLL.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\ORHO.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\WINDOWS\SYSTEM\SK9910DM.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\GATEWAY\GATEWAY INK MONITOR\INKWATCH.EXE
C:\WINDOWS\SYSTEM\HPZTSB02.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\E_S10IC2.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\MSN APPS\UPDATER\01.03.0000.1005\EN-US\MSNAPPAU.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 4\CREATECD\CREATECD.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\ONLINE SERVICES\MSN50\MSNDC.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\MY DOCUMENTS\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
F1 - win.ini: run=hpfsched
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [OEMRUNONCE] c:\windows\options\cabs\oemrun.exe
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [BCMDMMSG] BCMDMMSG.exe
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [Speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe
O4 - HKLM\..\Run: [InkWatch] C:\PROGRA~1\GATEWAY\GATEWA~1\InkWatch.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb02.exe
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\SYSTEM\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O7 "EPUSB1:" /M "Stylus CX3200"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r
O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evxx.exe
O4 - HKLM\..\RunServices: [GoBack Polling Service] C:\Program Files\Adaptec\GoBack\GBPoll.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [MSNIA] C:\PROGRA~1\MSN\MSNIA\MSNIASVC.EXE
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: MSN Quick View.lnk = C:\Program Files\Online Services\MSN50\MSNDC.EXE
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: MSN - {E19D474D-B5FD-11D2-AE0E-00C04FAEA83F} - C:\PROGRA~1\ONLINE~1\MSN50\OCX\MSNFORIE.DLL (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://msnmember.msn.com
O16 - DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} - http://dl.filekicker...IL/PhPSetup.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www5.incredim...er/imloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefend...can8/oscan8.cab
  • 0

#33
Crustyoldbloke
Posted 01 September 2005 - 01:18 AM

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Hello again

It's definitely still alive because it has invited a friend to join it. Well this is the next logical step.

Please download MWav to a convenient location.

This scan might take around 3+ hours to finish when set to scan everything.
Please run MWav by double-clicking on mwav.exe.
Put a check next to the following items before scanning:
  • Memory
  • Startup Folders
  • Drive - All Local Drives
  • Folder - then click "browse" to change the directory to C: (default is C:\Windows)
  • System Folders
  • Services
  • Include Sub-Directory
  • Scan All Files
Please make sure ALL of these are checked, then press the Scan button. This typically will take hours to complete.

**NOTE*** Sometimes MWav will pause and it appears to be finished, but it isn't done. Just let it run until it says it's complete.

On the bottom portion of the window, you will see the lower panel where MWav is listing "infected items". When it's done scanning, please highlight everything in that lower panel and copy them by holding CTRL + C then paste it here. The whole log will be extremely BIG so there is no way to post the log. I just need the infected items list.
  • 0

#34
blue1420
Posted 04 September 2005 - 08:47 AM

blue1420

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Ummm okay here we go. Yikes. :tazz: Here is the Mwav "virus log info" (not the entire log, but ONLY the items found in the lower window) I am guessing it found the ones tagged "not a virus" in my anti-virus software(s):

File C:\WINDOWS\FGKDFSS.DLL infecteFile C:\_RESTORE\TEMP\A0292797.CPY tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0292798.CPY tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0292799.CPY tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0292800.CPY tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0292801.CPY tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0292802.CPY tagged as "not-a-virus:AdWare.BetterInternet.d". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0292803.CPY tagged as "not-a-virus:AdWare.EZula.ak". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0292804.CPY tagged as "not-a-virus:AdWare.BetterInternet.d". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0292805.CPY tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0292808.CPY tagged as "not-a-virus:AdWare.EZula.ap". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0292809.CPY tagged as "not-a-virus:AdWare.EZula.ak". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0292811.CPY tagged as "not-a-virus:AdWare.VirtualBouncer.g". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0292812.CPY tagged as "not-a-virus:AdWare.VirtualBouncer.g". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0292813.CPY tagged as "not-a-virus:AdWare.VirtualBouncer.g". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0292814.CPY tagged as "not-a-virus:AdWare.VirtualBouncer.g". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\RUATHUNK.0 tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0292824.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0292825.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0293822.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0293829.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0293830.CPY infected by "Trojan-Downloader.Win32.PurityScan.y" Virus! Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\VXODEC32.0 tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\MGVCP60.0 tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0295042.CPY infected by "Trojan-Downloader.Win32.Apropo.g" Virus! Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0295044.CPY tagged as "not-a-virus:AdWare.WinAD.av". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0295045.CPY tagged as "not-a-virus:AdWare.WinAD.au". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0295046.CPY tagged as "not-a-virus:AdWare.WinAD.at". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0295047.CPY infected by "Trojan-Downloader.Win32.Braidupdate.d" Virus! Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0295074.CPY tagged as "not-a-virus:[bleep]-Dialer.Win32.Generic". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0295104.CPY tagged as "not-a-virus:AdWare.DelphinMedia.Viewer.f". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0295105.CPY tagged as "not-a-virus:AdWare.DelphinMediaViewer.c". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0295183.CPY tagged as "not-a-virus:AdWare.Gator.6041". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0295193.CPY tagged as "not-a-virus:AdWare.ToolBar.DashBar". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0295254.CPY tagged as "not-a-virus:AdWare.ToolBar.MyWebSearch". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0295255.CPY tagged as "not-a-virus:AdWare.ToolBar.MyWebSearch". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0295258.CPY tagged as "not-a-virus:AdWare.MyWebSearch". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0295305.CPY tagged as "not-a-virus:AdWare.Zestyfind". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0295310.CPY infected by "Trojan-Downloader.Win32.Small.abd" Virus! Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0295315.CPY infected by "Trojan-Downloader.Win32.Small.abd" Virus! Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\CQMDLG32.0 tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0295327.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0295328.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\MKASN1.0 tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0296334.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0297330.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0297331.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0297345.CPY infected by "Trojan-Downloader.Win32.Small.bem" Virus! Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0297354.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0297355.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\SPSCLASS.0 tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0297373.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0297374.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\SP2EVNT1.0 tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0297433.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0297434.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\JRVACYPT.0 tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0297452.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\DISCRIPT.0 tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0297471.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0297472.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\RFSTORRC.0 tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0297538.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0297539.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0298538.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0298545.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0298546.CPY infected by "Trojan-Downloader.Win32.PurityScan.y" Virus! Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0298562.CPY tagged as "not-a-virus:AdWare.AdURL.c". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\IASETUP.0 tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\MQJET35.0 tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\SOIMGVW.0 tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0298599.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0298600.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\AUICAP.0 tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0298862.CPY tagged as "not-a-virus:AdWare.Coupons.b". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0298863.CPY tagged as "not-a-virus:AdWare.Coupons.e". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\SQRIALUI.0 tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0298874.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0298875.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0298930.CPY infected by "Trojan-Clicker.Win32.Small.ez" Virus! Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0298931.CPY infected by "Trojan-Downloader.Win32.Small.aal" Virus! Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0298932.CPY infected by "Trojan-Dropper.Win32.Agent.hl" Virus! Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0298933.CPY infected by "Trojan-Downloader.Win32.Delmed.a" Virus! Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\AIFSIPC.0 tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0298948.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\OECACHE.0 tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0299019.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0299020.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0299037.CPY tagged as "not-a-virus:AdWare.ToolBar.EliteBar.am". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\WAASCR.0 tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\LQIMG11N.0 tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0299115.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0299123.CPY tagged as "not-a-virus:AdWare.ToolBar.EliteBar.am". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\EZID2E9B.0 tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0299162.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0299163.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0299170.CPY tagged as "not-a-virus:AdWare.ToolBar.EliteBar.am". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\MUSTERY.0 tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0299225.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0299226.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0299233.CPY tagged as "not-a-virus:AdWare.ToolBar.EliteBar.am". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\MIVCRT20.0 tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0299258.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0299259.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0299266.CPY tagged as "not-a-virus:AdWare.ToolBar.EliteBar.am". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0300258.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0300266.CPY tagged as "not-a-virus:AdWare.ToolBar.EliteBar.am". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\IE_NDI.0 tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\MGVFW32.0 tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0300296.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0300297.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0300327.CPY tagged as "not-a-virus:AdWare.DelphinMediaViewer.f". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0300328.CPY infected by "Trojan-Downloader.Win32.Braidupdate.d" Virus! Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0300329.CPY tagged as "not-a-virus:AdWare.AdURL.c". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0300330.CPY tagged as "not-a-virus:AdWare.ToolBar.EliteBar.ap". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0300333.CPY infected by "Trojan-Downloader.Win32.Adload.a" Virus! Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0300334.CPY tagged as "not-a-virus:AdWare.Gator.a". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0300335.CPY tagged as "not-a-virus:AdWare.Gator.a". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0300363.CPY tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0300364.CPY tagged as "not-a-virus:AdWare.BargainBuddy.ae". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0300365.CPY tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0300366.CPY tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0300370.CPY tagged as "not-a-virus:AdWare.BargainBuddy.y". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0300377.CPY tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0300378.CPY tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0300382.CPY tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0300393.CPY tagged as "not-a-virus:AdWare.BargainBuddy.l". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0300394.CPY tagged as "not-a-virus:AdWare.BargainBuddy.y". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0300395.CPY tagged as "not-a-virus:AdWare.CashBack.b". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0300396.CPY tagged as "not-a-virus:AdWare.CashBack.d". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0300400.CPY tagged as "not-a-virus:AdWare.BargainBuddy.l". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0300404.CPY tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0300413.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0301296.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0301297.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0301306.CPY tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0301307.CPY tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0301308.CPY tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0301315.CPY tagged as "not-a-virus:AdWare.DelphinMedia.Viewer.f". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0301354.CPY tagged as "not-a-virus:AdWare.DelphinMediaViewer.c". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0301355.CPY infected by "Trojan-Downloader.Win32.Delmed.a" Virus! Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\WVAVUSD.0 tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0302292.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0302293.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\RKPILIB.0 tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0302320.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0302331.CPY tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0302332.CPY tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0302333.CPY tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0302340.CPY tagged as "not-a-virus:AdWare.EZula.ar". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\DKCDNET.0 tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0302356.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0302357.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0302367.CPY tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0302371.CPY tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0302372.CPY tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0302387.CPY tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0302389.CPY tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0302404.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0302414.CPY tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0302419.CPY tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0302421.CPY tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0302447.CPY tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0302448.CPY tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0303404.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0303405.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0303415.CPY tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0303416.CPY tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0303417.CPY tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0303445.CPY tagged as "not-a-virus:AdWare.EZula.ar". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0303454.CPY tagged as "not-a-virus:AdWare.DelphinMedia.Viewer.f". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0303477.CPY tagged as "not-a-virus:AdWare.DelphinMedia.Viewer.f". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0303496.CPY tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0303506.CPY tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0303511.CPY tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0303516.CPY tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0303521.CPY tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0303526.CPY tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0303531.CPY tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0303536.CPY tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0303541.CPY tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0303546.CPY tagged as "not-a-virus:AdWare.BargainBuddy.l". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0303551.CPY tagged as "not-a-virus:AdWare.BargainBuddy.ae". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0303665.CPY tagged as "not-a-virus:AdWare.BargainBuddy.y". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0303666.CPY tagged as "not-a-virus:AdWare.CashBack.b". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0303667.CPY tagged as "not-a-virus:AdWare.CashBack.d". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0303677.CPY tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0303678.CPY tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0303683.CPY tagged as "not-a-virus:AdWare.BargainBuddy.y". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0303688.CPY tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0303790.CPY tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0303795.CPY tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0303800.CPY tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\VAMDBG.0 tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0303839.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0303859.CPY infected by "Trojan-Downloader.Win32.Agent.ro" Virus! Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\MTXML3R.0 tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0303880.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0303881.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0303918.CPY tagged as "not-a-virus:AdWare.Apropos.o". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0303919.CPY tagged as not-a-virus:RiskTool.Win32.Processor.20. No Action Taken.
File C:\_RESTORE\TEMP\A0303923.CPY tagged as not-a-virus:RiskTool.Win32.Processor.20. No Action Taken.
File C:\_RESTORE\TEMP\A0303936.CPY tagged as not-a-virus:RiskTool.Win32.Processor.20. No Action Taken.
File C:\_RESTORE\TEMP\SV2EVNT1.0 tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0303964.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0303965.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0303977.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0303978.CPY infected by "Trojan-Downloader.Win32.PurityScan.y" Virus! Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0303980.CPY infected by "Trojan-Dropper.Win32.Agent.lu" Virus! Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0304001.CPY tagged as "not-a-virus:AdWare.Adstart.b". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0304002.CPY tagged as "not-a-virus:AdWare.Adstart.c". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0304003.CPY tagged as "not-a-virus:AdWare.Adstart.d". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0304004.CPY tagged as "not-a-virus:AdWare.Adstart.c". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0304005.CPY tagged as "not-a-virus:AdWare.Adstart.c". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0304013.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0304019.CPY tagged as "not-a-virus:AdWare.Adstart.i". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\MIRCLR40.0 tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0304045.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0304046.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\ORHO.0 tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0305061.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\DINLOBBY.0 tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0305080.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0305081.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\IXET16.0 tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0305140.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0305141.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0305149.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0305156.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0305157.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0305158.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0305211.CPY tagged as "not-a-virus:AdWare.Adstart.c". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\TKKRHC.0 tagged as "not-a-virus:AdWare.Adstart.b". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0306138.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0306139.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0306145.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0306148.CPY tagged as "not-a-virus:AdWare.DelphinMedia.Viewer.f". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0306149.CPY tagged as "not-a-virus:AdWare.DelphinMediaViewer.f". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\ALDENC32.0 tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0306203.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\DVBENG.0 tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\MVDEMUI.0 tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0306229.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0306230.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0306273.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0306274.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\QXDWIPES.0 tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\DNMV2CLT.0 tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0306297.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0306590.CPY tagged as "not-a-virus:AdWare.EZula.ar". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\WRBCHECK.0 tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0306692.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0306693.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0306784.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0306785.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\OJBCCR32.0 tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0306803.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0306804.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0306836.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0306837.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\AXYCFILT.0 tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\WYNINET.0 tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0306886.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\MYIMSG.0 tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0306901.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0306902.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0306911.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0306921.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\MYUNI11.0 tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0306939.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\MUCPXL32.0 tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0306959.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0306960.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\IHHLPAPI.0 tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0306976.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0306977.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\MOXML3A.0 tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0307002.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0307003.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\RAUTETAB.0 tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0307019.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0307026.CPY infected by "Trojan-Dropper.Win32.Agent.lu" Virus! Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0307047.CPY infected by "Trojan-Downloader.Win32.Qoologic.ac" Virus! Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0307061.CPY infected by "Trojan-Downloader.Win32.Qoologic.ac" Virus! Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0307063.CPY infected by "Trojan-Downloader.Win32.Qoologic.ac" Virus! Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0307064.CPY infected by "Trojan-Downloader.Win32.Qoologic.ac" Virus! Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS259.CAB tagged as "not-a-virus:[bleep]-Dialer.Win32.Generic". Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS260.CAB tagged as "not-a-virus:[bleep]-Dialer.Win32.Generic". Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS266.CAB tagged as "not-a-virus:[bleep]-Dialer.Win32.Generic". Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS267.CAB tagged as "not-a-virus:[bleep]-Dialer.Win32.Generic". Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS261.CAB tagged as "not-a-virus:[bleep]-Dialer.Win32.Generic". Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS258.CAB infected by "Trojan-Downloader.Win32.Byterage" Virus! Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS262.CAB tagged as "not-a-virus:[bleep]-Dialer.Win32.Generic". Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS263.CAB tagged as "not-a-virus:[bleep]-Dialer.Win32.Generic". Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS265.CAB tagged as "not-a-virus:[bleep]-Dialer.Win32.Generic". Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS913.CAB tagged as "not-a-virus:AdWare.ToolBar.MyWebSearch". Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS1321.CAB tagged as not-a-virus:Downloader.Win32.FunWeb. No Action Taken.
File C:\_RESTORE\ARCHIVE\FS1387.CAB tagged as "not-a-virus:AdWare.Gator.1008". Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS1385.CAB tagged as "not-a-virus:AdWare.Gator.1008". Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS1475.CAB tagged as "not-a-virus:AdWare.Gator.6041". Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS1484.CAB tagged as "not-a-virus:AdWare.ToolBar.ImiBar.g". Action Taken: No Action Taken.
File C:\My Documents\hijackthis\backups\backup-20050801-185940-967.dll tagged as "not-a-virus:AdWare.Coupons.b". Action Taken: No Action Taken.
File C:\My Documents\hijackthis\backups\backup-20050801-185940-327.dll tagged as "not-a-virus:AdWare.Coupons.e". Action Taken: No Action Taken.
File C:\My Documents\hijackthis\backups\backup-20050826-113253-557.dll tagged as "not-a-virus:AdWare.Adstart.c". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\WADMPS.DLL tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\WFDMLOG.DLL tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\GXI32.DLL tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\MIPRINT.DLL tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\VSMDBG.DLL tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\RSCHED.DLL tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\SOELL.DLL tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\MCC30.DLL tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\MX3216.DLL tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\datadx.dll infected by "Trojan-Downloader.Win32.Qoologic.ad" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\conres.cpl infected by "Trojan-Downloader.Win32.Qoologic.ad" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\MASCP.DLL tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\SYRIALUI.DLL tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\APICAP32.DLL tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\DXNDI.DLL tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\orho.exe tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\AIL.DLL tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\MUIMG32.DLL tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\BBseball.dll tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\vidctrl\vidctrl.exe tagged as "not-a-virus:AdWare.DelphinMediaViewer.f". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\AXIMIAAG.DLL tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\SPRRUN.DLL tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\NMWDEV.DLL tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\rvched32.dll tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\bsifuv.dll tagged as "not-a-virus:AdWare.PurityScan.ak". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\QSV.DLL tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\wxp.dll tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\nsvsvc\nsvsvc.exe tagged as "not-a-virus:AdWare.DelphinMedia.Viewer.f". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\nsvsvc\nsvs.dll tagged as "not-a-virus:AdWare.DelphinMedia.Viewer.f". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\nsvsvc\nsv.ocx tagged as "not-a-virus:AdWare.DelphinMediaViewer.c". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\imctl.dll tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\CPICONFG.DLL tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\GTI32.DLL tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\VVODCTL.DLL tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\tkkrhd.exe tagged as "not-a-virus:AdWare.Adstart.i". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\tkkrhf.exe tagged as "not-a-virus:AdWare.Adstart.d". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\RPGWIZC.DLL tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\AUNPS2.dll infected by "Trojan-Clicker.Win32.Small.ez" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM32\Process.exe tagged as not-a-virus:RiskTool.Win32.Processor.20. No Action Taken.
File C:\WINDOWS\TEMP\b.com infected by "Trojan-Dropper.Win32.Agent.pb" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\TEMP\f1276401.exe infected by "Trojan-Downloader.Win32.Qoologic.ac" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\Start Menu\Programs\StartUp\utpd.exe infected by "Trojan-Downloader.Win32.Qoologic.ac" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\Temporary Internet Files\Content.IE5\MR4PGN45\AppWrap[1].exe infected by "Trojan-Dropper.Win32.Agent.pb" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\Temporary Internet Files\Content.IE5\O5YFG5MR\AppWrap[1].exe infected by "Trojan-Dropper.Win32.Agent.pb" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\Temporary Internet Files\main.exe infected by "Trojan-Downloader.Win32.Agent.hw" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\Temporary Internet Files\Installer.exe infected by "Trojan-Downloader.Win32.Qoologic.ad" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\Osaka.exe tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\WINDOWS\InstallAPS.exe infected by "Trojan-Dropper.Win32.Agent.lu" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\icont.exe tagged as "not-a-virus:AdWare.AdURL.c". Action Taken: No Action Taken.
File C:\WINDOWS\xd4ksl.exe infected by "Trojan-Downloader.Win32.Qoologic.ac" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\gvbqw.dat infected by "Trojan-Downloader.Win32.Qoologic.ac" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\fgkdfss.dll infected by "Trojan-Downloader.Win32.Qoologic.ac" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\xorcdbb.exe infected by "Trojan-Downloader.Win32.Qoologic.ac" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\etb\xud_62.dll tagged as "not-a-virus:AdWare.ToolBar.EliteBar.am". Action Taken: No Action Taken.
File C:\WINDOWS\ezStub.exe tagged as "not-a-virus:AdWare.EZula.ar". Action Taken: No Action Taken.
File C:\WINDOWS\rbode.dll infected by "Trojan-Downloader.Win32.Qoologic.ac" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\WrapperOuter.exe tagged as "not-a-virus:AdWare.VirtualBouncer.c". Action Taken: No Action Taken.
File C:\WINDOWS\cxtpls_loader.exe infected by "Trojan-Downloader.Win32.Apropo.ae" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\ru.exe tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\WINDOWS\SSK39.exe infected by "Trojan-Dropper.Win32.Small.qn" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\package_MARKETING49.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\WINDOWS\MTE2NzY6ODoxNg.exe tagged as "not-a-virus:AdWare.ToolBar.ISearch.d". Action Taken: No Action Taken.
File C:\WINDOWS\verticlick_3_220.exe infected by "Trojan-Downloader.Win32.Qoologic.v" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\btnetw3-254804.exe tagged as "not-a-virus:AdWare.ToolBar.HotSearchBar.i". Action Taken: No Action Taken.
File C:\Program Files\Common Files\Uninstall Information\RemoveDisplayUtility.exe tagged as "not-a-virus:AdWare.DelphinMedia.Viewer.f". Action Taken: No Action Taken.
File C:\Program Files\Aprps\CxtPls.dll infected by "Trojan-Downloader.Win32.Apropo.ag" Virus! Action Taken: No Action Taken.
File C:\Program Files\Aprps\CxtPls.exe infected by "Trojan-Downloader.Win32.Apropo.ag" Virus! Action Taken: No Action Taken.
File C:\Temp\Installer.exe tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\command.exe infected by "Trojan-Dropper.Win32.Delf.ev" Virus! Action Taken: No Action Taken.
File C:\yoff.exe tagged as "not-a-virus:AdWare.PurityScan.cz". Action Taken: No Action Taken.
  • 0

#35
blue1420
Posted 04 September 2005 - 12:13 PM

blue1420

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Phil...would it be helpful if I uninstalled Adaware and Spybot and THEN did the mwav scan?? It looks like alot of what it is finding are files from Adaware, not actual problems. Lemme know :tazz:
  • 0

#36
Crustyoldbloke
Posted 04 September 2005 - 05:35 PM

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
No its OK. Most of it is in restore so no problem there. I'll ignore the quarantines also.

Please install Killbox by Option^Explicit.

*Extract the programme to your desktop and double-click on its folder, then double-click on Killbox.exe to start the programme.
*In the Killbox programme, select the Delete on Reboot option.
*Copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\WINDOWS\SYSTEM\WADMPS.DLL
C:\WINDOWS\SYSTEM\WFDMLOG.DLL
C:\WINDOWS\SYSTEM\GXI32.DLL
C:\WINDOWS\SYSTEM\VSMDBG.DLL
C:\WINDOWS\SYSTEM\RSCHED.DLL
C:\WINDOWS\SYSTEM\SOELL.DLL
C:\WINDOWS\SYSTEM\MCC30.DLL
C:\WINDOWS\SYSTEM\MX3216.DLL
C:\WINDOWS\SYSTEM\datadx.dll
C:\WINDOWS\SYSTEM\conres.cpl
C:\WINDOWS\SYSTEM\MASCP.DLL
C:\WINDOWS\SYSTEM\SYRIALUI.DLL
C:\WINDOWS\SYSTEM\APICAP32.DLL
C:\WINDOWS\SYSTEM\DXNDI.DLL
C:\WINDOWS\SYSTEM\orho.exe
C:\WINDOWS\SYSTEM\AIL.DLL
C:\WINDOWS\SYSTEM\MUIMG32.DLL
C:\WINDOWS\SYSTEM\BBseball.dll
C:\WINDOWS\SYSTEM\vidctrl\vidctrl.exe
C:\WINDOWS\SYSTEM\AXIMIAAG
C:\WINDOWS\SYSTEM\SPRRUN.DLL
C:\WINDOWS\SYSTEM\NMWDEV.DLL
C:\WINDOWS\SYSTEM\rvched32.dll
C:\WINDOWS\SYSTEM\bsifuv.dll
C:\WINDOWS\SYSTEM\QSV.DLL
C:\WINDOWS\SYSTEM\nsvsvc\nsvsvc.exe
C:\WINDOWS\SYSTEM\nsvsvc\nsvs.dll
C:\WINDOWS\SYSTEM\nsvsvc\nsv.ocx
C:\WINDOWS\SYSTEM\imctl.dll
C:\WINDOWS\SYSTEM\CPICONFG.DLL
C:\WINDOWS\SYSTEM\GTI32.DLL
C:\WINDOWS\SYSTEM\VVODCTL.DLL
C:\WINDOWS\SYSTEM\tkkrhd.exe
C:\WINDOWS\SYSTEM\tkkrhf.exe
C:\WINDOWS\SYSTEM\RPGWIZC.DLL
C:\WINDOWS\SYSTEM\AUNPS2.dll
C:\WINDOWS\SYSTEM32\Process.exe
C:\WINDOWS\TEMP\b.com
C:\WINDOWS\TEMP\f1276401.exe
C:\WINDOWS\Start Menu\Programs\StartUp\utpd.exe
C:\WINDOWS\Temporary Internet Files\Content.IE5\MR4PGN45\AppWrap[1].exe
C:\WINDOWS\Temporary Internet Files\Content.IE5\O5YFG5MR\AppWrap[1].exe
C:\WINDOWS\Temporary Internet Files\main.exe
C:\WINDOWS\Temporary Internet Files\Installer.exe
C:\WINDOWS\Osaka.exe
C:\WINDOWS\InstallAPS.exe
C:\WINDOWS\icont.exe
C:\WINDOWS\xd4ksl.exe
C:\WINDOWS\gvbqw.dat
C:\WINDOWS\fgkdfss.dll
C:\WINDOWS\xorcdbb.exe
C:\WINDOWS\etb\xud_62.dll
C:\WINDOWS\ezStub.exe
C:\WINDOWS\rbode.dll
C:\WINDOWS\WrapperOuter.exe
C:\WINDOWS\cxtpls_loader.exe
C:\WINDOWS\ru.exe
C:\WINDOWS\SSK39.exe
C:\WINDOWS\package_MARKETING49.exe
C:\WINDOWS\MTE2NzY6ODoxNg.exe.
C:\WINDOWS\verticlick_3_220.exe.
C:\WINDOWS\btnetw3-254804.exe.
C:\Program Files\Common Files\Uninstall Information\RemoveDisplayUtility.exe
C:\Program Files\Aprps\CxtPls.dll
C:\Program Files\Aprps\\cxtpls.exe
C:\Temp\Installer.exe
C:\command.exe
C:\yoff.exe


I have checked all of the ones I didn't know - they are all bad.

*Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

*Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "Yes" at the reboot now prompt..

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click download and run missingfilesetup.exe. Then try TheKillbox again.

Reboot normally.

May I see a fesh HJT log following a reboot please.
  • 0

#37
blue1420
Posted 06 September 2005 - 02:47 PM

blue1420

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Did as you instructed. Had a hard time as everytime I clicked delete in Killbox my computer would give error messages or hang up BEROFE I could click okay in the boz that said you need to reboot to delete selected files. I would get the following messages: STMGR caused an error in kernel32.dll ALSO got an error that mentioned something like MMtask has caused an error.

The third try I *think* I got it to work as I was able to click okay on the box that said I must reboot (although I had to do a hard shutdown to turn off the computer because the error message box was up too and would not allow me to close it).

BUT upon reboot, while my desktop was loading, I got the following error messages:
error loading aunps2.dll system cannot find the file specified AND
c:\\windows\system\datadxdll windows could not find the file specified.

clicked okay on these messages and was able to go on just fine. Here is my HJT log...not feeling very hopeful, lol.

Logfile of HijackThis v1.99.1
Scan saved at 3:45:25 PM, on 9/6/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\PROGRAM FILES\ADAPTEC\GOBACK\GBPOLL.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\BCMDMMSG.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\WINDOWS\SYSTEM\SK9910DM.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\GATEWAY\GATEWAY INK MONITOR\INKWATCH.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\E_S10IC2.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\MSN APPS\UPDATER\01.03.0000.1005\EN-US\MSNAPPAU.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\GURNDA.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 4\CREATECD\CREATECD.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\ONLINE SERVICES\MSN50\MSNDC.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\MY DOCUMENTS\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
F1 - win.ini: run=hpfsched
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [OEMRUNONCE] c:\windows\options\cabs\oemrun.exe
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [BCMDMMSG] BCMDMMSG.exe
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [Speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe
O4 - HKLM\..\Run: [InkWatch] C:\PROGRA~1\GATEWAY\GATEWA~1\InkWatch.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb02.exe
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\SYSTEM\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O7 "EPUSB1:" /M "Stylus CX3200"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\gurnda.exe reg_run
O4 - HKLM\..\Run: [autoupdate] rundll32 C:\WINDOWS\SYSTEM\DATADX.DLL,SHStart
O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evxx.exe
O4 - HKLM\..\RunServices: [GoBack Polling Service] C:\Program Files\Adaptec\GoBack\GBPoll.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [MSNIA] C:\PROGRA~1\MSN\MSNIA\MSNIASVC.EXE
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: MSN Quick View.lnk = C:\Program Files\Online Services\MSN50\MSNDC.EXE
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Startup: utpd.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: MSN - {E19D474D-B5FD-11D2-AE0E-00C04FAEA83F} - C:\PROGRA~1\ONLINE~1\MSN50\OCX\MSNFORIE.DLL (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://msnmember.msn.com
O16 - DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} - http://dl.filekicker...IL/PhPSetup.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www5.incredim...er/imloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefend...can8/oscan8.cab
  • 0

#38
Crustyoldbloke
Posted 06 September 2005 - 03:10 PM

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
I've just remembered why I don't do ME systems :tazz:

Please set your system to show all files;
please see here if you're unsure how to do this.

Rescan with HijackThis. Close all programmes leaving only HijackThis running. Place a checkmark or tick against the following:

O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\gurnda.exe reg_run
O4 - HKLM\..\Run: [autoupdate] rundll32 C:\WINDOWS\SYSTEM\DATADX.DLL,SHStart
O4 - Startup: utpd.exe

Click on Fix Checked when finished and exit HijackThis.

Reboot into Safe Mode: please see here if you are not sure how to do this.

Using Windows Explorer, locate the following files and delete them:

C:\WINDOWS\GURNDA.EXE
C:\WINDOWS\SYSTEM\DATADX.DLL
utpd.exe
AUNPS2.DLL

Exit Explorer, and reboot as normal afterwards.

One more fresh HJT log please.
  • 0

#39
blue1420
Posted 08 September 2005 - 06:43 PM

blue1420

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
okay. Found everything in HJT checked it and fixed selected items. Rebooted and in Windows explorer, I did find GURNDA.EXE, but the other things you listed (datadx.dll. utpd, aunps2) I could not find. Here is my new HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 7:49:07 PM, on 9/8/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\BCMDMMSG.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\PROGRAM FILES\ADAPTEC\GOBACK\GBPOLL.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\SK9910DM.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\GATEWAY\GATEWAY INK MONITOR\INKWATCH.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\E_S10IC2.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\MSN APPS\UPDATER\01.03.0000.1005\EN-US\MSNAPPAU.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 4\CREATECD\CREATECD.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\ONLINE SERVICES\MSN50\MSNDC.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\MY DOCUMENTS\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
F1 - win.ini: run=hpfsched
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [OEMRUNONCE] c:\windows\options\cabs\oemrun.exe
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [BCMDMMSG] BCMDMMSG.exe
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [Speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe
O4 - HKLM\..\Run: [InkWatch] C:\PROGRA~1\GATEWAY\GATEWA~1\InkWatch.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb02.exe
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\SYSTEM\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O7 "EPUSB1:" /M "Stylus CX3200"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evxx.exe
O4 - HKLM\..\RunServices: [GoBack Polling Service] C:\Program Files\Adaptec\GoBack\GBPoll.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [MSNIA] C:\PROGRA~1\MSN\MSNIA\MSNIASVC.EXE
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: MSN Quick View.lnk = C:\Program Files\Online Services\MSN50\MSNDC.EXE
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: MSN - {E19D474D-B5FD-11D2-AE0E-00C04FAEA83F} - C:\PROGRA~1\ONLINE~1\MSN50\OCX\MSNFORIE.DLL (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://msnmember.msn.com
O16 - DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} - http://dl.filekicker...IL/PhPSetup.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www5.incredim...er/imloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefend...can8/oscan8.cab
  • 0

#40
Crustyoldbloke
Posted 09 September 2005 - 01:43 AM

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Congratulations! your new log is clean. :tazz: Just a little bit more to do to prevent further infection.

Reset and Re-enable your System Restore to remove bad files that have been backed up by Windows. The files in System Restore are protected to prevent any programmes changing them. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected.)

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

Windows ME:1. Close all open programmes.
2. Right-click My Computer on the Windows desktop, and then click Properties.
3. Click the Performance tab.
4. Click File System.
5. Click the Troubleshooting tab.
6. Check Disable System Restore, click OK, and then click Close.
7. Click Yes to restart. This disables the System Restore feature; when you restart your computer, it will remove all the existing Restore Points.
8. Repeat steps 1 through 7, except in step 6, uncheck Disable System Restore.
I recommend going to the following link and update as recommended by Microsoft. This adds more security and extra features including a pop-up blocker for Internet Explorer. Microsoft Update

Now that everything is fixed, I suggest that you consider getting these programmes to help keep the computer clean:

SPYWARE BLASTER - Blocks bad ActiveX items from installing on your computer.
AD-AWARE PERSONAL – A fine free malware detector and removal programme
SPYBOT S&D – Excellent free spyware detector and removal programme
GOOGLE TOOLBAR - Blocks many unwanted pop-ups in Internet Explorer.
FIREFOX - Safer alternative to the Internet Explorer web browser.
AVG ANTIVIRUS FREE EDITION - Free antivirus programme if you currently are not using one.
ZONEALARM - Free firewall programme if you currently are not using one.

Remember to update these frequently.

Please note that whilst there is nothing wrong in having more than one antispyware programmes for “on demand” scanning, having two or more antivirus systems is not recommended as they may well interfere with each other.

You may also want to read "How did I get infected in the first place" to learn how to better secure your computer.

Be sure to keep your Windows, antispyware and antivirus updated. :)

I wish your parents, happy safe surfing!
  • 0

Advertisements

#41
Crustyoldbloke
Posted 19 September 2005 - 02:25 AM

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP