Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Spysheriff, Blue Desktop, and other problems. [RESOLVED]


  • This topic is locked This topic is locked

#1
Evan R

Evan R

    Member

  • Member
  • PipPip
  • 21 posts
Greetings, my computer is a disaster.

A few hours ago, my desktop went blue and now reads "Your system is infected". Then Spysheriff popped up and started running. Then about ten popups came in to round out the assault. I did a system restore and it looked like it got rid of Spysheriff but I just found it in my progams. Aside from that, nothing has improved. On top of that, my documents seems to open up everytime I reboot which is kind of scaring me.

I ran AVG, Adaware, Spybot, CWshredder, and CleanUp but nothing has helped.

Here is my Hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 12:39:47 AM, on 8/3/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 SP1 (5.50.4134.0600)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\PROGRAM FILES\COMMON FILES\ADAPTEC SHARED\CREATECD\CREATECD50.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\SYSTEM\HPZTSB09.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SOFTWARE UPDATE\HPWUSCHD.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOTDD01.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\IID.EXE
C:\WINSTALL.EXE
C:\WINSTALL.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\NIKON\NKVIEW6\NKVMON.EXE
C:\PROGRAM FILES\TCSR\BETT.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\HIJACK THIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yoursearch.ws/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yoursearch.ws/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yoursearch.ws/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {042A1715-AE80-BDBF-4203-193A4BAB0E5C} - C:\WINDOWS\SYSTEM\N95IO1NT.DLL (file missing)
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\CFGMGR52.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Gateway Ink Monitor] C:\Program Files\Gateway\Gateway Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\CFGMGR52.DLL,DllRun
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [System] C:\WINDOWS\SYSTEM\kernels32.exe
O4 - HKLM\..\Run: [icasServ] C:\WINDOWS\SYSTEM\ICASSERV.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\SYSTEM\kernels32.exe
O4 - HKLM\..\RunServices: [Shell] Explorer.exe C:\WINDOWS\SYSTEM\kernels32.exe
O4 - HKCU\..\Run: [Yil] \iid.exe
O4 - HKCU\..\Run: [CAS Client] "C:\Program Files\Cas\Client\casclient.exe"
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [SNInstall] C:\WINSTALL.EXE
O4 - HKCU\..\Run: [Noha] C:\Program Files\tcsr\bett.exe
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O16 - DPF: {3CC943C7-3C99-11D4-8135-0050041A5144} (RunExeActiveX.UserControl1) - file://C:\Program Files\Gateway\HelpSpot\RunExeActiveX.CAB
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.web...otoUploader.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www3.ca.com/s...an/pestscan.cab
O21 - SSODL: XiZUQFCf - {042A170F-AE80-BDA5-887F-084E4BAB0E59} - C:\WINDOWS\SYSTEM\IWKDY.DLL


Thanks so much for taking the time to look at all this madness. :tazz:
  • 0

Advertisements


#2
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Download smitRem at http://noahdfear.gee.../click.php?id=1 and save the file to your desktop.

If you have not already installed Ad-Aware SE 1.06, follow the download and setup instructions at http://rstones12.gee...areSE_setup.htm. Otherwise, check for updates. Don't run it yet!

Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work.

Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yoursearch.ws/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yoursearch.ws/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yoursearch.ws/
O2 - BHO: (no name) - {042A1715-AE80-BDBF-4203-193A4BAB0E5C} - C:\WINDOWS\SYSTEM\N95IO1NT.DLL (file missing)
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\CFGMGR52.DLL
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\CFGMGR52.DLL,DllRun
O4 - HKLM\..\Run: [System] C:\WINDOWS\SYSTEM\kernels32.exe
O4 - HKLM\..\Run: [icasServ] C:\WINDOWS\SYSTEM\ICASSERV.EXE
O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\SYSTEM\kernels32.exe
O4 - HKLM\..\RunServices: [Shell] Explorer.exe C:\WINDOWS\SYSTEM\kernels32.exe
O4 - HKCU\..\Run: [Yil] \iid.exe
O4 - HKCU\..\Run: [CAS Client] "C:\Program Files\Cas\Client\casclient.exe"
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [SNInstall] C:\WINSTALL.EXE
O4 - HKCU\..\Run: [Noha] C:\Program Files\tcsr\bett.exe
O21 - SSODL: XiZUQFCf - {042A170F-AE80-BDA5-887F-084E4BAB0E59} - C:\WINDOWS\SYSTEM\IWKDY.DLL


Run the smitRem.exe file to start the tool. Follow the prompts on the screen. Wait for the tool to complete and disk cleanup to finish.

Delete these if found:

C:\WINDOWS\SYSTEM\N95IO1NT.DLL
C:\WINDOWS\CFGMGR52.DLL
C:\WINDOWS\SYSTEM\kernels32.exe
C:\WINDOWS\SYSTEM\ICASSERV.EXE
C:\WINDOWS\SYSTEM\kernels32.exe
c:\iid.exe
C:\Program Files\Cas\
C:\winstall.exe
C:\Program Files\tcsr\
C:\WINDOWS\SYSTEM\IWKDY.DLL


The tool will create a log named smitfiles.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

Open Ad-aware and do a full scan. Remove all it finds.

Next go to Control Panel->Display->Desktop->Customize Desktop->Web-> Uncheck 'Security Info' if present.

Reboot back into Windows and go to http://www.pandasoft...n_principal.htm to do a full system scan. Make sure the autoclean box is checked. Save the scan log and post it along with a new HijackThis log, and the contents of the smitfiles.txt log.
  • 0

#3
Evan R

Evan R

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
I was unable to install Edwido because I have ME and not 2000. Should I follow your instructions without it?

Evan
  • 0

#4
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
My apologies there. I forgot to edit it out (will do it now).

Yes, follow the instructions without it, but before you do that, I want you to do this immediately/now:

Go to Start->Run and type in notepad and hit OK. Then copy and paste the following into Notepad:

copy c:\windows\system\wininet.dll c:\windows\desktop
del copy.bat


Save the file as "copy.bat". Make sure to save it with the quotes. Double click on it.

Restart your computer. Scan the desktop folder with eTrust Web Scanner. When done, make sure the box is checked for wininet.dll and click cure.

Go to Start->Run and type in notepad and hit OK. Then copy and paste the following into Notepad:

del c:\windows\system\wininet.dll
del c:\windows\system\oleadm.dll
del c:\windows\system\oleext.dll
copy c:\windows\desktop\wininet.dll c:\windows\system
del delete.bat


Save the file as "delete.bat". Make sure to save it with the quotes. Double click on it.

Then proceed with the remaining fixes.
  • 0

#5
Evan R

Evan R

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
What a day. Since following your instructions I feel like I've got ten new infections. I keep healing popups from AVG telling me I have a virus, and I got a new toolbar along with a bunch of new shortcuts. I got rid of the tool bar by downloading an uninstaller and it seems to have worked. But now when I run Adaware, it comes up with so many files it cannot delete that I can't even check the box for it to delete them when the computer resarts. I'm so frustrated.

Anyway, I followed your instructions, and my previous problems are looking better. I have my desktop back and "yoursearch" is no where to be found, but I know I have more infections. Here are my logs:


Logfile of HijackThis v1.99.1
Scan saved at 7:22:43 PM, on 8/4/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 SP1 (5.50.4134.0600)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\COMMON FILES\ADAPTEC SHARED\CREATECD\CREATECD50.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\SYSTEM\HPZTSB09.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SOFTWARE UPDATE\HPWUSCHD.EXE
C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOTDD01.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\WINDOWS\ETB\POKAPOKA62.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\NIKON\NKVIEW6\NKVMON.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\HIJACK THIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.amazon.co...8128625-8124140
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Gateway Ink Monitor] C:\Program Files\Gateway\Gateway Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [PSof1] C:\WINDOWS\SYSTEM\PSof1.exe
O4 - HKLM\..\Run: [System service62] C:\WINDOWS\ETB\POKAPOKA62.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKCU\..\Run: [Noha] C:\Program Files\tcsr\bett.exe
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O16 - DPF: {3CC943C7-3C99-11D4-8135-0050041A5144} (RunExeActiveX.UserControl1) - file://C:\Program Files\Gateway\HelpSpot\RunExeActiveX.CAB
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.web...otoUploader.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www3.ca.com/s...an/pestscan.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab



smitRem log file
version 2.3

by noahdfear


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run Files Present


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system folder ~~~




~~~ Icons in system folder ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~~ wininet.dll ~~~~

wininet.dll Present!!


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Post-run Files Present


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system folder ~~~




~~~ Icons in system folder ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~~ wininet.dll ~~~~

wininet.dll Clean!! :tazz:



Oh, that reminds me, the activescan from pandasoftware didn't reveal anything and didn't give me a log. I wasn't even sure if it was working correctly.

I think this is everything you asked for. Thanks so much for all of this, you guys are really great. ;)

Evan
  • 0

#6
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Hi Evan, careful on some of these so-called "uninstallers". Some make things worse - since they aren't really helping you remove their software, but instead are adding more junk to it.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that 'Display the contents of system folders' is checked. If you have Windows XP, the search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that 'Search system folders', 'Search hidden files and folders', and 'Search subfolders' are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Make sure to close any open browsers. Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):

O4 - HKLM\..\Run: [PSof1] C:\WINDOWS\SYSTEM\PSof1.exe
O4 - HKLM\..\Run: [System service62] C:\WINDOWS\ETB\POKAPOKA62.EXE
O4 - HKCU\..\Run: [Noha] C:\Program Files\tcsr\bett.exe


Delete the following Files/Folders (delete folders if no filename is specified) according to their directory (if none, just do a search for them) and delete them if they exist:

C:\WINDOWS\SYSTEM\PSof1.exe
C:\WINDOWS\ETB\
C:\Program Files\tcsr\


Restart and run a new HijackThis scan. Save the log file and post it here.
  • 0

#7
Evan R

Evan R

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Hello,

I followed your instructions perfectly, and things are certainly looking up, no popups or virus warnings yet. :tazz: Here's my new log:


Logfile of HijackThis v1.99.1
Scan saved at 3:12:44 PM, on 8/5/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 SP1 (5.50.4134.0600)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMMON FILES\ADAPTEC SHARED\CREATECD\CREATECD50.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\SYSTEM\HPZTSB09.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SOFTWARE UPDATE\HPWUSCHD.EXE
C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOTDD01.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\NIKON\NKVIEW6\NKVMON.EXE
C:\PROGRAM FILES\TCSR\BETT.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\HIJACK THIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.amazon.co...8128625-8124140
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Gateway Ink Monitor] C:\Program Files\Gateway\Gateway Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKCU\..\Run: [Noha] C:\Program Files\tcsr\bett.exe
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O16 - DPF: {3CC943C7-3C99-11D4-8135-0050041A5144} (RunExeActiveX.UserControl1) - file://C:\Program Files\Gateway\HelpSpot\RunExeActiveX.CAB
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.web...otoUploader.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www3.ca.com/s...an/pestscan.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab



By the way, it seems I've lost Winamp and my google toolbar, is it safe to reinstall them? Also, my AVG program refuses to update, it keeps telling me to resart my computer to complete the update but I've restarted my computer 50 times since the last update. Should I reinstall it? Thanks again.

Evan
  • 0

#8
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Hi Evan, were you able to find and delete the etb and tcrs folders?

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Make sure to close any open browsers. Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):

O4 - HKCU\..\Run: [Noha] C:\Program Files\tcsr\bett.exe

Delete the following Files/Folders (delete folders if no filename is specified) according to their directory (if none, just do a search for them) and delete them if they exist:

C:\Program Files\tcsr\

Restart and run a new HijackThis scan. Save the log file and post it here.

Yes, try reinstalling them. Uninstall them first via the Add/Remove panel if they are listed there. If not, just reinstall as usual.
  • 0

#9
Evan R

Evan R

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Hi. Yes I was able to delete everything you told me to last time and this time. Here's my log:


Logfile of HijackThis v1.99.1
Scan saved at 12:19:32 PM, on 8/6/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 SP1 (5.50.4134.0600)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\PROGRAM FILES\COMMON FILES\ADAPTEC SHARED\CREATECD\CREATECD50.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\SYSTEM\HPZTSB09.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SOFTWARE UPDATE\HPWUSCHD.EXE
C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOTDD01.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\NIKON\NKVIEW6\NKVMON.EXE
C:\PROGRAM FILES\TCSR\BETT.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\HIJACK THIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cgi.ebay.com/...1QQcmdZViewItem
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Gateway Ink Monitor] C:\Program Files\Gateway\Gateway Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKCU\..\Run: [Noha] C:\Program Files\tcsr\bett.exe
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O16 - DPF: {3CC943C7-3C99-11D4-8135-0050041A5144} (RunExeActiveX.UserControl1) - file://C:\Program Files\Gateway\HelpSpot\RunExeActiveX.CAB
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.web...otoUploader.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www3.ca.com/s...an/pestscan.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab



Thanks again. :tazz:
  • 0

#10
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
They seem to come back. Were you able to fix that tcrs O4 entry in HijackThis in Safe Mode? If it wasn't showing up in Safe Mode, fix it in Normal Mode. Delete that folder.

Restart and post a new HijackThis log. So basically, do the same fix you did earlier (except if it's not fixing it in Safe Mode, I want you to fix that O4 entry in Normal Mode instead).
  • 0

Advertisements


#11
Evan R

Evan R

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Hi. Hopefully this time its gone for good. Any idea how it keeps coming back?



Logfile of HijackThis v1.99.1
Scan saved at 8:27:42 PM, on 8/7/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 SP1 (5.50.4134.0600)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\BETT.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMMON FILES\ADAPTEC SHARED\CREATECD\CREATECD50.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\SYSTEM\HPZTSB09.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SOFTWARE UPDATE\HPWUSCHD.EXE
C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOTDD01.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\NIKON\NKVIEW6\NKVMON.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\HIJACK THIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.amazon.co...4065631-5572906
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Gateway Ink Monitor] C:\Program Files\Gateway\Gateway Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O16 - DPF: {3CC943C7-3C99-11D4-8135-0050041A5144} (RunExeActiveX.UserControl1) - file://C:\Program Files\Gateway\HelpSpot\RunExeActiveX.CAB
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.web...otoUploader.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www3.ca.com/s...an/pestscan.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab


Thanks.

Evan
  • 0

#12
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Not sure yet, but if it's gone after this one, it should be clear :tazz: Otherwise, I'll ask you to run some other programs so we can get to the bottom of this.

Download KillBox http://www.greyknigh...spy/KillBox.exe. Run KillBox and check the box that says 'End Explorer Shell While Killing File'. Next click on 'Delete on Reboot'. Copy the below files and go back to KillBox. Go to File->Paste from Clipboard and then hit the button with a red circle and white X. Confirm to delete and when asked if you want to reboot, say no:

C:\WINDOWS\SYSTEM\BETT.EXE

Restart and post, hopefully, your final HijackThis log. I will take another look.
  • 0

#13
Evan R

Evan R

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
AAArrrgggggggg!!!! It's still there! This is insane! The pop-ups keep coming and I also keep a "download file" window that keeps trying to ge me to download some crap. This sucks.



Logfile of HijackThis v1.99.1
Scan saved at 11:34:00 AM, on 8/8/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 SP1 (5.50.4134.0600)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMMON FILES\ADAPTEC SHARED\CREATECD\CREATECD50.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\SYSTEM\HPZTSB09.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SOFTWARE UPDATE\HPWUSCHD.EXE
C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOTDD01.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\NIKON\NKVIEW6\NKVMON.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\HIJACK THIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.amazon.co...4065631-5572906
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Gateway Ink Monitor] C:\Program Files\Gateway\Gateway Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKCU\..\Run: [Noha] C:\Program Files\tcsr\bett.exe
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O16 - DPF: {3CC943C7-3C99-11D4-8135-0050041A5144} (RunExeActiveX.UserControl1) - file://C:\Program Files\Gateway\HelpSpot\RunExeActiveX.CAB
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.web...otoUploader.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www3.ca.com/s...an/pestscan.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
  • 0

#14
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Try these two scans:

Run an online virus scan at TrendMicro http://uk.trendmicro...call_launch.php. Just follow the instructions on the site to run the free online scan. If any viruses/trojans are detected, try to delete or clean them in that site. If any are not cleanable, copy and paste the infected files here.

Please empty any Quarantine folder in your antivirus program and purge all recovery items in the Spybot program (if you use it) before running this tool.

Download the Mwav virus checker at http://www.mwti.net/antivirus/mwav.asp (Use Link 3)

1. Save it to a folder.
2. Reboot into Safe Mode.
3. Double click the Mwav.exe file. This is a stand alone tool and NOT just a virus checker......so it won't install anything.
4. Select all local drives, scan all files, and press SCAN. When it is completed, anything found will be displayed in the lower pane.
5. In the Virus Log Information Pane......
Left click and highlight all the information in the Lower pane --- Use &CTRL C &on your keyboard to copy everything found in the lower pane and save it to a notepad file
*Note* If prompted that a virus was found and you need to purchase the product to remove the malware, just close out the prompt and let it continue scanning. We are not going to use this to remove anything...but to ID the bad files.

Once you copy that to a Notepad file...highlight the text and copy it here.
  • 0

#15
Evan R

Evan R

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
The online virus scan identified 15 files as viruses but would not delete or clean them. Here they are:

c:\_RESTORE\TEMP\A0015501.CPY
c:\_RESTORE\TEMP\A0015506.CPY
c:\_RESTORE\TEMP\A0015507.CPY
c:\_RESTORE\TEMP\A0023677.CPY
c:\_RESTORE\TEMP\A0023742.CPY
c:\_RESTORE\TEMP\A0023753.CPY
c:\_RESTORE\TEMP\A0023944.CPY
c:\_RESTORE\TEMP\A0023953.CPY
c:\_RESTORE\TEMP\A0024049.CPY
c:\_RESTORE\TEMP\A0024052.CPY
c:\_RESTORE\TEMP\A0024102.CPY
c:\_RESTORE\TEMP\A0024106.CPY
c:\_RESTORE\TEMP\A0024184.CPY
c:\_RESTORE\TEMP\A0024187.CPY
c:\_RESTORE\TEMP\A0024285.CPY


After that, I ran the Mwav virus checker it said I had like 400 viruses. Is that possible? Here's the results from that scan:


File C:\WINDOWS\SYSTEM\DFDMO.DLL tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\MNSWCH.DLL tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\PROGRA~1\TCSR\BETT.EXE infected by "Trojan-Downloader.Win32.PurityScan.y" Virus! Action Taken: No Action Taken.
Object "AltNet Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\loadhttp.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\aucfg.ini". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\tmupdate.ini". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\runtsckl.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\patchw32.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\PCHEALTH\HelpCTR\BATCH\HELPSP~1.CAB". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP0.DIR\Drivers\SONYCD~1.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP0.DIR\Drivers\ERICDA~1.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP0.DIR\Drivers\ERICFO~1.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP0.DIR\Drivers\NOKIAG~1.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP0.DIR\Drivers\NOKIAH~1.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP0.DIR\Drivers\NOKIAT~1.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP0.DIR\Drivers\NULLFO~1.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP0.DIR\Drivers\SMARTL~1.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP0.DIR\Drivers\07_07F~1.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP0.DIR\Drivers\SAMCDM~1.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP0.DIR\Drivers\CDMA1F~1.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\TEMP\_ISTMP0.DIR\Drivers\MITSUB~1.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\SYSTEM\QuickTime\QuickTimeAuthoring.qtx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\SYSTEM\QuickTime\QuickTimeCapture.qtx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\SYSTEM\QuickTime\QuickTimeEffects.qtx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\SYSTEM\QuickTime\QuickTimeImage.qtx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\SYSTEM\QuickTime\QuickTimeMusic.qtx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\SYSTEM\QuickTimeMusicalInstruments.qtx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\SYSTEM\QuickTime\QuickTimeStreamingAuthoring.qtx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\SYSTEM\QuickTime\QuickTimeVRAuthoring.qtx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\SYSTEM\QuickTimeCheck.OCX". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\aucfg.ini". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\loadhttp.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\tmupdate.ini". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\runtsckl.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\patchw32.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\SYSTEM\pxsfs.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D3B1DE00-6B94-1069-8754-08002B2BD64F}" refers to invalid object "C:\WINDOWS\SYSTEM\disktool.dll". Action Taken: No Action Taken.
Entry "HKCR\Plenoptic.Plenoptic.1" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
Entry "HKCR\Plenoptic.Plenoptic" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
Entry "HKCR\WMDMPDAExplorer.WMDMPDAExplorer.1" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
Entry "HKCR\WMDMPDAExplorer.WMDMPDAExplorer" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
Entry "HKCR\Automap.Map.NA.8" refers to invalid object "{A49EEA00-9231-4C77-AA9E-2F89D72B4804}". Action Taken: No Action Taken.
Entry "HKCR\Automap.Map.NA" refers to invalid object "{A49EEA00-9231-4C77-AA9E-2F89D72B4804}". Action Taken: No Action Taken.
Entry "HKCR\Automap.Template.NA.8" refers to invalid object "{A49EEA00-9231-4C77-AA9E-2F89D72B4804}". Action Taken: No Action Taken.
Entry "HKCR\Main.MimeFilter.1" refers to invalid object "{8293D547-38DD-4325-B35A-F1817EDFA5FC}". Action Taken: No Action Taken.
Entry "HKCR\Main.MimeFilter" refers to invalid object "{8293D547-38DD-4325-B35A-F1817EDFA5FC}". Action Taken: No Action Taken.
File C:\WINDOWS\bjgygfet.exe tagged as "not-a-virus:AdWare.BookedSpace.e". Action Taken: No Action Taken.
File C:\WINDOWS\ru.exe tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\PNPD.DLL tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\DDVMGR32.DLL tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\WNNMM.DLL tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\IOS.DLL tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\CIUTIL.DLL tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\NWTOS.DLL tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\DBDMO.DLL tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\APVAPI32.DLL tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\CEFG95.DLL tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\RDCHED20.DLL tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\HZINK.DLL tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\VFODCTL.DLL tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\MNSWCH.DLL tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\DQ3J.DLL tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\RXUTETAB.DLL tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\THPI.DLL tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\DXUSIC16.DLL tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\XMNROLL.DLL tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\VUPODBC.DLL tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\LDCMP11n.DLL tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\mivcp71.dll tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\WPPUI.DLL tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\MNWSTR10.DLL tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\DC7VB.DLL tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\mwieftp.dll tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\muieftp.dll tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\DFDMO.DLL tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\JVMD400.DLL tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\mrjter35.dll tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\ventura-hot_246765.exe tagged as "not-a-virus:AdWare.ToolBar.HotSearchBar.i". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\bsva-egihsg52.exe tagged as "not-a-virus:AdWare.BookedSpace.e". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\thin-138-1-x-x.exe tagged as "not-a-virus:AdWare.BetterInternet". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\AVYCFILT.DLL tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\iwkdy.dll infected by "Trojan-Proxy.Win32.Agent.df" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\package_MARKETING51.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\GSM3-0511.exe infected by "Trojan.Win32.Registrator.b" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\EDowST3.exe infected by "Trojan-Downloader.Win32.QDown.z" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\wpspdmod.dll tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\bett.exe tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\WINDOWS\TEMP\!update.exe infected by "Trojan-Downloader.Win32.PurityScan.y" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\TEMP\ptf_0026.exe tagged as "not-a-virus:AdWare.Pacer.d". Action Taken: No Action Taken.
File C:\WINDOWS\TEMPOR~1\CONTENT.IE5\8LIJUDWL\TRACK26[1].CHM infected by "Trojan-Downloader.VBS.Psyme.x" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\TEMPOR~1\CONTENT.IE5\PKAIU3YA\trk_0026[1].exe tagged as "not-a-virus:AdWare.Pacer.e". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0015484.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0015485.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0015488.CPY infected by "Trojan-Downloader.Win32.PurityScan.y" Virus! Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0015492.CPY tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0015493.CPY infected by "Backdoor.Win32.CmjSpy.bt" Virus! Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0025301.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0026300.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0015501.CPY infected by "Trojan-Downloader.Win32.Small.awa" Virus! Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0015505.CPY infected by "not-virus:Hoax.Win32.Renos.j" Virus! Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0015506.CPY infected by "Trojan-Downloader.Win32.Small.agq" Virus! Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0015507.CPY infected by "Trojan-Downloader.Win32.Small.agq" Virus! Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0015513.CPY tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0015516.CPY tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0015517.CPY tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0015518.CPY tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0015519.CPY tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0015520.CPY tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0015525.CPY tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0015526.CPY tagged as "not-a-virus:AdWare.AdURL.c". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0015527.CPY tagged as "not-a-virus:AdWare.Pacer.e". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0015528.CPY tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0015529.CPY tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0001113.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0001114.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0015663.CPY tagged as "not-a-virus:AdWare.PurityScan.co". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0015664.CPY tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0015665.CPY tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0015666.CPY tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0015667.CPY tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0015728.CPY tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0015738.CPY tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0015739.CPY tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0015745.CPY tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0015747.CPY tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0015749.CPY tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0015751.CPY tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0015752.CPY tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0015753.CPY tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0015756.CPY tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0015757.CPY tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0015758.CPY tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0015762.CPY tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0015763.CPY tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0015772.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0015773.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0015780.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0015781.CPY tagged as "not-a-virus:AdWare.PurityScan.ci". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0026301.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0015852.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\DNVMGR32.0 tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0015928.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0015929.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0015931.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0015932.CPY infected by "Trojan-Clicker.Win32.Agent.ei" Virus! Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0016949.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0016950.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0016953.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0016954.CPY infected by "Trojan-Downloader.Win32.PurityScan.y" Virus! Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\AIICAP.0 tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0016965.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\IDSETUP.0 tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0017032.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0017033.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0017035.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\MGMIXMGR.0 tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0026318.CPY infected by "Trojan-Downloader.Win32.PurityScan.y" Virus! Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\AHV04W9X.0 tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0018118.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0018119.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\DRVACM.0 tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0018130.CPY infected by "Trojan-Downloader.Win32.PurityScan.y" Virus! Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0018137.CPY tagged as "not-a-virus:AdWare.Pacer.e". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0018140.CPY infected by "Trojan-Dropper.Win32.Agent.hl" Virus! Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0018149.CPY infected by "Trojan-Dropper.Win32.Agent.hl" Virus! Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0026325.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0026326.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0026329.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0018185.CPY tagged as "not-a-virus:AdWare.BargainBuddy.y". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0018198.CPY tagged as "not-a-virus:AdWare.BargainBuddy.n". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0018209.CPY tagged as "not-a-virus:AdWare.BargainBuddy.l". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0018210.CPY tagged as "not-a-virus:AdWare.BargainBuddy.y". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0018211.CPY tagged as "not-a-virus:AdWare.CashBack.b". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0018212.CPY tagged as "not-a-virus:AdWare.CashBack.d". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0018216.CPY tagged as "not-a-virus:AdWare.BargainBuddy.l". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0019118.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0019119.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0019122.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0019123.CPY infected by "Trojan-Downloader.Win32.PurityScan.y" Virus! Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0019128.CPY infected by "Trojan-Dropper.Win32.Agent.hl" Virus! Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0019131.CPY infected by "Trojan-Dropper.Win32.Agent.hl" Virus! Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0019134.CPY infected by "Trojan-Downloader.Win32.Qoologic.v" Virus! Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0020119.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0020123.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0020124.CPY infected by "Trojan-Clicker.Win32.Agent.ei" Virus! Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0020128.CPY infected by "Trojan-Dropper.Win32.Agent.hl" Virus! Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0021119.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0022118.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0022119.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0022125.CPY infected by "Trojan-Dropper.Win32.Agent.hl" Virus! Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0022127.CPY infected by "Trojan-Dropper.Win32.Agent.hl" Virus! Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0022130.CPY infected by "Trojan-Dropper.Win32.Agent.hl" Virus! Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0022134.CPY infected by "Trojan-Downloader.Win32.Qoologic.v" Virus! Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0023120.CPY tagged as "not-a-virus:AdWare.BookedSpace.e". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0023309.CPY infected by "not-virus:Hoax.Win32.Renos.j" Virus! Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0023557.CPY tagged as "not-a-virus:AdWare.BargainBuddy.y". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0023558.CPY tagged as "not-a-virus:AdWare.CashBack.b". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0023559.CPY tagged as "not-a-virus:AdWare.CashBack.d". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0023561.CPY infected by "Trojan-Downloader.Win32.PurityScan.y" Virus! Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0023569.CPY tagged as "not-a-virus:AdWare.BargainBuddy.y". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0023588.CPY tagged as "not-a-virus:AdWare.BargainBuddy.l". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\HXZL9X09.0 tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0023594.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0023595.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0023598.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0023602.CPY infected by "Trojan-Dropper.Win32.Agent.hl" Virus! Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0023605.CPY infected by "Trojan-Dropper.Win32.Agent.hl" Virus! Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0023608.CPY infected by "Trojan-Downloader.Win32.Qoologic.v" Virus! Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0023614.CPY tagged as "not-a-virus:AdWare.ToolBar.EliteBar.am". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0023677.CPY infected by "Trojan-Downloader.Win32.Apropo.ae" Virus! Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0023733.CPY infected by "Trojan.Win32.Registrator.b" Virus! Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0023742.CPY infected by "Trojan-Downloader.Win32.Small.ayh" Virus! Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0023753.CPY infected by "Trojan-Downloader.Win32.Agent.qg" Virus! Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0023895.CPY tagged as "not-a-virus:AdWare.Pacer.e". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\SDRAPI.0 tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0023903.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0023906.CPY tagged as "not-a-virus:AdWare.ToolBar.EliteBar.am". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0023915.CPY infected by "Trojan-Dropper.Win32.Agent.hl" Virus! Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0023925.CPY infected by "Trojan-Dropper.Win32.Agent.hl" Virus! Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0023934.CPY infected by "Trojan-Downloader.Win32.Qoologic.v" Virus! Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0023944.CPY infected by "Trojan-Downloader.Win32.Apropo.ae" Virus! Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0023953.CPY infected by "Trojan-Downloader.Win32.Agent.qg" Virus! Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\DYSTYLE.0 tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0023978.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0023979.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0023982.CPY tagged as "not-a-virus:AdWare.ToolBar.EliteBar.am". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0023985.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0023986.CPY infected by "Trojan-Downloader.Win32.PurityScan.y" Virus! Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0023990.CPY infected by "Trojan-Dropper.Win32.Agent.hl" Virus! Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0024001.CPY infected by "Trojan-Dropper.Win32.Agent.hl" Virus! Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0024008.CPY infected by "Trojan-Downloader.Win32.Qoologic.v" Virus! Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\SDMSCRPT.0 tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0024023.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0024027.CPY tagged as "not-a-virus:AdWare.ToolBar.EliteBar.am". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0024031.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0024033.CPY infected by "Trojan-Dropper.Win32.Agent.hl" Virus! Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0024042.CPY infected by "Trojan-Dropper.Win32.Agent.hl" Virus! Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0024045.CPY infected by "Trojan-Downloader.Win32.Qoologic.v" Virus! Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0024049.CPY infected by "Trojan-Downloader.Win32.Apropo.ae" Virus! Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0024052.CPY infected by "Trojan-Downloader.Win32.Agent.qg" Virus! Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\IRFXPPH.0 tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0024074.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0024077.CPY tagged as "not-a-virus:AdWare.ToolBar.EliteBar.am". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0024082.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0024083.CPY infected by "Trojan-Downloader.Win32.PurityScan.y" Virus! Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0024085.CPY infected by "Trojan-Dropper.Win32.Agent.hl" Virus! Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0024092.CPY infected by "Trojan-Dropper.Win32.Agent.hl" Virus! Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0024096.CPY infected by "Trojan-Downloader.Win32.Qoologic.v" Virus! Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0024102.CPY infected by "Trojan-Downloader.Win32.Apropo.ae" Virus! Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0024106.CPY infected by "Trojan-Downloader.Win32.Agent.qg" Virus! Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\LBRTREND.0 tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0024127.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0024130.CPY tagged as "not-a-virus:AdWare.ToolBar.EliteBar.am". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0024172.CPY infected by "Trojan-Dropper.Win32.Agent.hl" Virus! Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0024178.CPY infected by "Trojan-Dropper.Win32.Agent.hl" Virus! Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0024181.CPY infected by "Trojan-Downloader.Win32.Qoologic.v" Virus! Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0024184.CPY infected by "Trojan-Downloader.Win32.Apropo.ae" Virus! Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0024187.CPY infected by "Trojan-Downloader.Win32.Agent.qg" Virus! Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\CADPTPC.0 tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0024285.CPY tagged as "not-a-virus:AdWare.Pacer.j". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0024287.CPY infected by "Trojan-Downloader.Win32.PurityScan.y" Virus! Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0024288.CPY tagged as "not-a-virus:AdWare.ToolBar.EliteBar.am". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0024290.CPY tagged as "not-a-virus:AdWare.ToolBar.EliteBar.am". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\MBUNI11.0 tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0024300.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0024301.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0024304.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\CFYPTEXT.0 tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0026444.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\HTZR3209.0 tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0026486.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0026487.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0026490.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0026491.CPY infected by "Trojan-Downloader.Win32.PurityScan.y" Virus! Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\SKRIALUI.0 tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0026503.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\DUVVOX.0 tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0026523.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0026524.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0026528.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\MEG4DMOD.0 tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0026545.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0026548.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0026549.CPY infected by "Trojan-Downloader.Win32.PurityScan.y" Virus! Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\DTCNDI.0 tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0026558.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0026566.CPY tagged as "not-a-virus:AdWare.Pacer.e". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\IWWPHBK.0 tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0026573.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0026574.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0026577.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0026578.CPY infected by "Trojan-Clicker.Win32.Agent.ei" Virus! Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0026582.CPY infected by "Trojan-Downloader.Win32.PurityScan.y" Virus! Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\CTICONFG.0 tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0026590.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0026593.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\LSTGA11N.0 tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0026636.CPY tagged as "not-a-virus:AdWare.Pacer.e". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0026649.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0026650.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\RNCLTSPX.0 tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0026659.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0026660.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\LBEPS11N.0 tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0026674.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\A0026675.CPY tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\TEMP\VTSCRIPT.0 tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS6.CAB tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS5.CAB tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS3.CAB tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS4.CAB tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS8.CAB tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS7.CAB tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS13.CAB tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS10.CAB tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS9.CAB tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS1.CAB tagged as "not-a-virus:AdWare.PurityScan.ci". Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS19.CAB tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS18.CAB tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS12.CAB tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS14.CAB tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS15.CAB tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS16.CAB tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS17.CAB tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS25.CAB tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS24.CAB tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS20.CAB tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS21.CAB tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS22.CAB tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS23.CAB tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS28.CAB tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS27.CAB tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS26.CAB tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS32.CAB tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS31.CAB tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS30.CAB tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS29.CAB tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS35.CAB tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS34.CAB tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS33.CAB tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS40.CAB tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS39.CAB tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS37.CAB tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS36.CAB tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS38.CAB tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS44.CAB tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS43.CAB tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS41.CAB tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS42.CAB tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS46.CAB tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS45.CAB tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS61.CAB tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS60.CAB tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS47.CAB tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS2.CAB tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS50.CAB tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS51.CAB tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS52.CAB tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS53.CAB tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS54.CAB tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS55.CAB tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS56.CAB tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS57.CAB tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS58.CAB tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS59.CAB tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS66.CAB tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS65.CAB tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS62.CAB tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS63.CAB tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS64.CAB tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS69.CAB tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS68.CAB tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS67.CAB tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS70.CAB tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS71.CAB tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\_RESTORE\ARCHIVE\FS11.CAB tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\PNPD.DLL tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\DDVMGR32.DLL tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\WNNMM.DLL tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\IOS.DLL tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\CIUTIL.DLL tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\NWTOS.DLL tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\DBDMO.DLL tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\APVAPI32.DLL tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\CEFG95.DLL tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\RDCHED20.DLL tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\HZINK.DLL tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\VFODCTL.DLL tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\MNSWCH.DLL tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\DQ3J.DLL tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\RXUTETAB.DLL tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\THPI.DLL tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\DXUSIC16.DLL tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\XMNROLL.DLL tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\VUPODBC.DLL tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\LDCMP11n.DLL tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\mivcp71.dll tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\WPPUI.DLL tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\MNWSTR10.DLL tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\DC7VB.DLL tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\mwieftp.dll tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\muieftp.dll tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\DFDMO.DLL tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\JVMD400.DLL tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\mrjter35.dll tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\ventura-hot_246765.exe tagged as "not-a-virus:AdWare.ToolBar.HotSearchBar.i". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\bsva-egihsg52.exe tagged as "not-a-virus:AdWare.BookedSpace.e". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\thin-138-1-x-x.exe tagged as "not-a-virus:AdWare.BetterInternet". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\AVYCFILT.DLL tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\iwkdy.dll infected by "Trojan-Proxy.Win32.Agent.df" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\package_MARKETING51.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\GSM3-0511.exe infected by "Trojan.Win32.Registrator.b" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\EDowST3.exe infected by "Trojan-Downloader.Win32.QDown.z" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\wpspdmod.dll tagged as "not-a-virus:AdWare.Look2Me.ag". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\bett.exe tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\WINDOWS\TEMP\!update.exe infected by "Trojan-Downloader.Win32.PurityScan.y" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\TEMP\ptf_0026.exe tagged as "not-a-virus:AdWare.Pacer.d". Action Taken: No Action Taken.
File C:\WINDOWS\Temporary Internet Files\Content.IE5\8LIJUDWL\TRACK26[1].CHM infected by "Trojan-Downloader.VBS.Psyme.x" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\Temporary Internet Files\Content.IE5\PKAIU3YA\trk_0026[1].exe tagged as "not-a-virus:AdWare.Pacer.e". Action Taken: No Action Taken.
File C:\WINDOWS\bjgygfet.exe tagged as "not-a-virus:AdWare.BookedSpace.e". Action Taken: No Action Taken.
File C:\WINDOWS\ru.exe tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.
File C:\Program Files\Windows Media Player\wmplayer.exe tagged as "not-a-virus:AdWare.Pacer.e". Action Taken: No Action Taken.
File C:\Recycled\Q330995.exe infected by "Trojan-Downloader.Win32.Small.amb" Virus! Action Taken: No Action Taken.
File C:\temp\Installer.exe infected by "Trojan-PSW.Win32.QQspy.f" Virus! Action Taken: No Action Taken.
File C:\thin-175-1-x-x.exe tagged as "not-a-virus:AdWare.BetterInternet". Action Taken: No Action Taken.
File C:\Hijack this\backups\backup-20050804-171903-415.dll tagged as "not-a-virus:AdWare.BookedSpace.e". Action Taken: No Action Taken.
File C:\iid.exe tagged as "not-a-virus:AdWare.PurityScan.cj". Action Taken: No Action Taken.
File C:\Osaka.exe tagged as "not-a-virus:AdWare.PurityScan.w". Action Taken: No Action Taken.



This looks like complete madness to me.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP