Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Winfixer Help [CLOSED]

Started by bob_quehonk , Aug 08 2005 08:20 PM

This topic is locked

#1
bob_quehonk

Posted 08 August 2005 - 08:20 PM

New Member

Member
7 posts

Ok, ive ran ad aware se, zonealarm Pro, spybot s and b, norton , spyware doctor and microsoft antispyware and this annoying thing comes up sayin something like files are corupted winfixer 2005. it wont stop. was hoping if someone here could help me out. thanks in advance.

Logfile of HijackThis v1.99.1
Scan saved at 10:11:14 PM, on 8/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [IEXPLORE.EXE] C:\Program Files\Internet Explorer\IEXPLORE.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [NI.UWFX5LP_0001_0803] "C:\WINDOWS\Downloaded Program Files\UWFX5LP_0001_0803NetInstaller.exe"
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab33902.cab
O16 - DPF: {CDA94496-ED6F-4C72-94C8-2C485DC63390} (VCDS Control) - http://vcds-client.n...client/vCDS.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{32C46A2A-6467-40D1-AA30-B06FBE116C78}: NameServer = 69.50.166.94,69.31.80.244
O17 - HKLM\System\CCS\Services\Tcpip\..\{5AEAFA43-DEB9-49C7-87EF-535140EF3D2C}: NameServer = 69.50.166.94,69.31.80.244
O17 - HKLM\System\CS1\Services\Tcpip\..\{32C46A2A-6467-40D1-AA30-B06FBE116C78}: NameServer = 69.50.166.94,69.31.80.244
O17 - HKLM\System\CS2\Services\Tcpip\..\{32C46A2A-6467-40D1-AA30-B06FBE116C78}: NameServer = 69.50.166.94,69.31.80.244
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates International Inc. - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: PestPatrol Remote - Computer Associates International, Inc. - C:\Program Files\Common Files\pestpatrol\ppRemoteService.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Edit: This is in safe mode

Edited by bob_quehonk, 08 August 2005 - 08:21 PM.

#2
greyknight17

Posted 08 August 2005 - 08:29 PM

Malware Expert

Visiting Consultant
16,560 posts

Welcome to GTG.

I knew that looked kind of short.

Please restart and get back to normal mode to run a new HijackThis scan. Post that log you scanned in normal mode. We never want a HijackThis in Safe Mode except under very rare circumstances.

#3
bob_quehonk

Posted 08 August 2005 - 10:56 PM

New Member

Topic Starter
Member
7 posts

Logfile of HijackThis v1.99.1
Scan saved at 12:55:29 AM, on 8/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\Downloaded Program Files\UWFX5LP_0001_0803NetInstaller.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\wυauboot.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\pestpatrol\ppRemoteService.exe
C:\Program Files\sswp\cruu.exe
C:\Program Files\Aladdin Systems\iClean\iClean.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Common Files\pestpatrol\PPMCActiveDetection.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Verizon Online\bin\mpbtn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [IEXPLORE.EXE] C:\Program Files\Internet Explorer\IEXPLORE.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [NI.UWFX5LP_0001_0803] "C:\WINDOWS\Downloaded Program Files\UWFX5LP_0001_0803NetInstaller.exe"
O4 - HKCU\..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exe
O4 - HKCU\..\Run: [Macyar] C:\WINDOWS\system32\w?Oauboot.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Cpue] C:\Program Files\sswp\cruu.exe
O4 - HKCU\..\Run: [iClean] "C:\Program Files\Aladdin Systems\iClean\iClean.exe" /I
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab33902.cab
O16 - DPF: {CDA94496-ED6F-4C72-94C8-2C485DC63390} (VCDS Control) - http://vcds-client.n...client/vCDS.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{32C46A2A-6467-40D1-AA30-B06FBE116C78}: NameServer = 69.50.166.94,69.31.80.244
O17 - HKLM\System\CCS\Services\Tcpip\..\{5AEAFA43-DEB9-49C7-87EF-535140EF3D2C}: NameServer = 69.50.166.94,69.31.80.244
O17 - HKLM\System\CS1\Services\Tcpip\..\{32C46A2A-6467-40D1-AA30-B06FBE116C78}: NameServer = 69.50.166.94,69.31.80.244
O17 - HKLM\System\CS2\Services\Tcpip\..\{32C46A2A-6467-40D1-AA30-B06FBE116C78}: NameServer = 69.50.166.94,69.31.80.244
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates International Inc. - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: PestPatrol Remote - Computer Associates International, Inc. - C:\Program Files\Common Files\pestpatrol\ppRemoteService.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Logfile of HijackThis v1.99.1
Scan saved at 12:55:29 AM, on 8/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\Downloaded Program Files\UWFX5LP_0001_0803NetInstaller.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\wυauboot.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\pestpatrol\ppRemoteService.exe
C:\Program Files\sswp\cruu.exe
C:\Program Files\Aladdin Systems\iClean\iClean.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Common Files\pestpatrol\PPMCActiveDetection.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Verizon Online\bin\mpbtn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [IEXPLORE.EXE] C:\Program Files\Internet Explorer\IEXPLORE.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [NI.UWFX5LP_0001_0803] "C:\WINDOWS\Downloaded Program Files\UWFX5LP_0001_0803NetInstaller.exe"
O4 - HKCU\..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exe
O4 - HKCU\..\Run: [Macyar] C:\WINDOWS\system32\w?Oauboot.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Cpue] C:\Program Files\sswp\cruu.exe
O4 - HKCU\..\Run: [iClean] "C:\Program Files\Aladdin Systems\iClean\iClean.exe" /I
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab33902.cab
O16 - DPF: {CDA94496-ED6F-4C72-94C8-2C485DC63390} (VCDS Control) - http://vcds-client.n...client/vCDS.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{32C46A2A-6467-40D1-AA30-B06FBE116C78}: NameServer = 69.50.166.94,69.31.80.244
O17 - HKLM\System\CCS\Services\Tcpip\..\{5AEAFA43-DEB9-49C7-87EF-535140EF3D2C}: NameServer = 69.50.166.94,69.31.80.244
O17 - HKLM\System\CS1\Services\Tcpip\..\{32C46A2A-6467-40D1-AA30-B06FBE116C78}: NameServer = 69.50.166.94,69.31.80.244
O17 - HKLM\System\CS2\Services\Tcpip\..\{32C46A2A-6467-40D1-AA30-B06FBE116C78}: NameServer = 69.50.166.94,69.31.80.244
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates International Inc. - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: PestPatrol Remote - Computer Associates International, Inc. - C:\Program Files\Common Files\pestpatrol\ppRemoteService.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

there ya go

#4
greyknight17

Posted 09 August 2005 - 08:07 AM

Malware Expert

Visiting Consultant
16,560 posts

Please download Ewido Security Suite at http://www.ewido.net/en/download/.

1. Install Ewido Security Suite.
2. When installing, under 'Additional Options' uncheck:
* Install background guard
* Install scan via context menu
3. Launch Ewido, there should be an icon on your desktop, double click it.
4. The program will now open to the main screen.
5. When you run Ewido for the first time, you will get a warning 'Database could not be found!'. Click OK. We will fix this in a moment.
6. You will need to update Ewido to the latest definition files.
* On the left hand side of the main screen click update.
* Then click on Start Update.
7. The update will start and a progress bar will show the updates being installed. The status bar at the bottom will display 'Update successful'.
8. Exit Ewido. DO NOT scan yet.

If you are having problems with the updater, you can go to http://www.ewido.net...wnload/updates/ to update manually.

CleanUp! deletes EVERYTHING out of your temp/temporary folders, it does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp!. Download CleanUp! http://cleanup.stevengould.org/ (Alternate Link if main link don't work - http://www.greyknigh...spy/CleanUp.exe ) and install it. Run CleanUp! and click on the Options button. Uncheck 'Scan local drives for temporary files'. Also uncheck those two Newsgroup entries if you don't want to delete them. Click OK and then click on the CleanUp! button. Let it run. After it's done, choose Yes to logoff.

Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work.

Now open Ewido and do a scan on your system.

* Click on scanner
* Click on Complete System Scan and the scan will begin.
* NOTE: During some scans with Ewido it is finding cases of false positives.
o You will need to step through the process of cleaning files one-by-one.
o If Ewido detects a file you KNOW to be legitimate, select none as the action.
o Do NOT select 'Perform action on all infections'
o If you are unsure of any entry found, select none for now as the action.
* Once the scan has completed, there will be a button located on the bottom of the screen named Save report
* Click Save report.
* Save the report .txt file to your desktop or a location where you can find it easily.

Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):

R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IEXPLORE.EXE] C:\Program Files\Internet Explorer\IEXPLORE.EXE
O4 - HKLM\..\Run: [NI.UWFX5LP_0001_0803] "C:\WINDOWS\Downloaded Program Files\UWFX5LP_0001_0803NetInstaller.exe"
O4 - HKCU\..\Run: [Macyar] C:\WINDOWS\system32\w?Oauboot.exe
O4 - HKCU\..\Run: [Cpue] C:\Program Files\sswp\cruu.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{32C46A2A-6467-40D1-AA30-B06FBE116C78}: NameServer = 69.50.166.94,69.31.80.244
O17 - HKLM\System\CCS\Services\Tcpip\..\{5AEAFA43-DEB9-49C7-87EF-535140EF3D2C}: NameServer = 69.50.166.94,69.31.80.244
O17 - HKLM\System\CS1\Services\Tcpip\..\{32C46A2A-6467-40D1-AA30-B06FBE116C78}: NameServer = 69.50.166.94,69.31.80.244
O17 - HKLM\System\CS2\Services\Tcpip\..\{32C46A2A-6467-40D1-AA30-B06FBE116C78}: NameServer = 69.50.166.94,69.31.80.244

Locate and delete the following:

C:\WINDOWS\system32\conime.exe
C:\WINDOWS\Downloaded Program Files\UWFX5LP_0001_0803NetInstaller.exe
C:\WINDOWS\system32\w?Oauboot.exe - the ? could be any character, probably best to do a search for this file in the system32 folder
C:\Program Files\sswp\

Finally, restart your computer and post a new HijackThis log, as well as the report log from the Ewido scan.

#5
bob_quehonk

Posted 09 August 2005 - 04:13 PM

New Member

Topic Starter
Member
7 posts

Logfile of HijackThis v1.99.1
Scan saved at 6:10:31 PM, on 8/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\wυauboot.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Aladdin Systems\iClean\iClean.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\pestpatrol\ppRemoteService.exe
C:\Program Files\Verizon Online\bin\mpbtn.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Common Files\pestpatrol\PPMCActiveDetection.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\!update.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [IEXPLORE.EXE] C:\Program Files\Internet Explorer\IEXPLORE.EXE
O4 - HKCU\..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exe
O4 - HKCU\..\Run: [Macyar] C:\WINDOWS\system32\w?Oauboot.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Cpue] C:\Program Files\sswp\cruu.exe
O4 - HKCU\..\Run: [iClean] "C:\Program Files\Aladdin Systems\iClean\iClean.exe" /I
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab33902.cab
O16 - DPF: {CDA94496-ED6F-4C72-94C8-2C485DC63390} (VCDS Control) - http://vcds-client.n...client/vCDS.CAB
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates International Inc. - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: PestPatrol Remote - Computer Associates International, Inc. - C:\Program Files\Common Files\pestpatrol\ppRemoteService.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

now heres the ewido thing:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 5:48:58 PM, 8/9/2005
+ Report-Checksum: A7AF57A

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{01198741-DBE0-E6F4-9DBE-877B61FB1D1D} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{029DB004-6BCD-0E73-3AEA-F205B565F0F8} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{05C2ECE7-AB9F-8750-F571-7DD76F135929} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{069086B3-68BB-CAE9-C009-2AE851B01BAB} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0713F0EF-F47D-A3DA-A0F3-C2ED763086A3} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{07FF232E-41D0-38A2-6073-6847AD3E6453} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0ADD4D53-B7DD-20F8-2AC9-AB9CB538A46F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0B4F9B2C-F81D-7C42-AE33-07F0FCB846EC} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0B6BE68E-B55A-5883-3DBC-30D73208D3E7} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0ECEBD98-802F-9B4D-7308-C983A18EDBEC} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{10D837D7-D6EA-8BCE-37FB-E58A2E09397B} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{12FA3D1E-6BB1-A968-D251-242CE33A798A} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1323178D-09E3-B628-CC3A-95630B64B7DA} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1674BCBE-46DE-7BAB-FBFA-CA15D9FEB632} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{16C710FD-4C93-9C02-15FC-681DF7937350} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{18BDB348-E8B0-D5A4-55F2-74FD4CB49A69} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1C1F1B09-C5DE-0C47-B128-B83F5668EB83} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1DE20533-9118-BF9A-A6C6-F8E881A5FD4B} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1F5650BA-2C95-0E8C-5C3F-D482646BF979} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{211D33BE-B506-603A-E0C1-E50E4D62779F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{252B02AB-6C7E-32B3-827D-F05DA151232D} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{26F5CDB0-3ADD-70F3-F30F-8DD2B92D52FF} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{286ECE71-3F17-089B-F6BD-0E16D255AE8A} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2A6A2EFF-2FC6-683C-5911-BB1AC07E5964} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2B284248-D0FE-C340-0D87-ABD55DD24BFA} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2CAB7717-202B-8A26-BFD7-FA41EC47A745} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2D7C78D3-F49A-8BD3-9A98-41F319D802B2} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2D9BB7B5-D27A-5907-A874-72E04FC719E8} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{32FB9A97-C47A-795A-3B47-9A97C1448DFC} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{338E88E9-D821-1C15-A00D-907AB980E988} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{33EBB320-A2D5-6FD7-6D31-BA458C872ABD} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{35CDCE87-6BD6-878A-D4C9-24118A153D34} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{36846EB6-C1B1-A145-B3CE-F5740FA22FF8} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3684B1D1-C737-AA3A-00B8-83FE7FF3C058} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{38BCC2CD-AF0A-EC41-D4CB-035F1C7378C9} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3B9E0A95-3EBA-124F-52D1-033C73734625} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3C2E0AC2-347B-07FF-761D-31083C460F98} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3D1F3C37-49CA-66D3-9877-04375ADE521D} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3EA8A165-1EE8-2BEF-A8D1-9CDBD760FC43} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4095AAF5-BAD2-A97D-D64C-566A52E35C2E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{43372D0D-6EAD-977A-99EE-8DFB043153ED} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{44CE9131-E13C-D36A-083A-FAFF61E866CA} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{452C15DF-936D-C8CB-B825-97DD4A210ABD} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4AEDA6FC-6816-F03C-12F8-CDE056451F16} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4E11A0FD-72A3-AEF3-D4E4-E168F75A238E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4F8E9FA5-37E2-683E-E18D-19AC6697532D} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4FCD2C21-6232-FD0F-36AA-4EFFC9284B2A} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{50B9D537-5DB0-52B1-FF6F-ED6C70DA477E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{57CEBAAD-4565-C660-5FAF-624E13DBE3B7} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{5932F9CB-E60E-11C7-5BA5-2CD8198CBDB4} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{59935BC1-5F4B-96F1-F3B6-C6B36821D102} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{5B9A8BE3-69A5-661B-3BB5-FA99E29D5453} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{5F32646E-6D3E-257C-2369-EFD1A3A012F8} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{5F574346-A206-D78A-7149-4C709D5204A4} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6327D790-4626-130D-8171-E0E6AB10B53B} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{65D75D06-7395-6352-09CD-E13B9059EFE9} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{67D02480-710B-80D7-0624-27BB57B32CDE} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6A389597-708B-6F9D-B6EC-8D1A3EC9DFAF} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6C652E08-1C50-09D2-7DC8-0714DB258C39} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6C69E2F6-F200-55DF-18C6-3C368029FD3E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6DDF3AF2-CB9D-199D-044C-9941E91E7CFF} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{714C2287-DB2D-3514-4785-8EC21BA5C5F1} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{76321C6A-B800-93A4-24BB-B1F318D2A8E0} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{763FC5CF-92D8-A8BE-597E-1C53C8D18D56} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{786A41BB-009D-DD27-EA3E-15DCD01EC75C} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{792E2C95-AEBD-D9B8-E958-AD1BB5A3D9BA} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7DA446BF-5485-78F9-CC9A-2A02C93519E4} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7E2B347A-52AA-597F-9371-80822A8D1263} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{81AE8953-3335-A1BB-5174-F82625372B4E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{821F62C3-1009-929C-3E89-5D066057B36D} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{826D0369-102B-4A44-F27B-D9DCC50A8EE6} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8669ABB2-7410-3460-F449-E119DCA24CC4} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{86B29A5F-CB91-3C3D-28A2-EDA38C1F28A8} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{88289CAD-8761-B286-1697-48C2E3A53747} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8D01C3C9-547A-12EE-5401-4B29F8F98176} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8E883EC3-ABB5-0CD9-EC0A-78CB81A818D1} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{932ECF21-1DCB-F962-4C70-56830E2BD255} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{952AA538-C1D7-30E5-8DC6-1A12E2F736A2} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{966FA744-197F-E95E-EB31-73BE39619DE2} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{97E37285-B9D3-035E-821F-3EBE4F849C3D} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{99B1E639-DCA2-2C21-013F-DEF4B5729CA9} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9F1D249D-1545-56CD-0C52-0C2EE115ABB1} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9FF47B90-35D9-6F6F-3BC1-027BAA23833E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A01394EE-8B14-B1D4-AE65-22E7424A71D0} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A0B249A8-05AF-32B0-992B-DB1CAFDEB3E4} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A6A537E1-A69B-6C58-00AC-B6C4E8539037} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A6BF9B01-2B57-89D9-AD1F-AF854374C992} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A6BFC374-18DF-B761-3902-53957EFA4847} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A72CAEB7-7E44-7941-564B-A741D28B01DB} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A8703447-9782-72D3-AA41-606A7E155CE5} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A9629E20-9B59-1F5F-58AE-E699D9122E1F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{ABFF8236-DCBD-E17B-0A69-6FD85FA199FE} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B1300934-5207-3933-066D-455DDE935ADD} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B26E0DA6-7964-2B58-9B4B-94CBAA3AFF83} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B4F697AE-7E58-DC0D-D012-24F83EAB9F25} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BE5DCDBC-54D3-95EA-B258-2D53BD817431} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BFB13F83-4E3B-A3C3-D100-FEE3424CD9C0} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C174CC42-7291-0DCA-CE42-7DB1C655AADD} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C2592E32-BC17-88BD-429F-D90632EDB3F1} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C2FE095E-5BA7-FBC8-5387-2878C932A44F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C3CBD491-14A8-F1D3-52CC-F2038BD5FDDE} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C53D27E6-2A68-7CD9-A09F-541EF27B2319} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C54510FE-72AA-27FF-1198-0CC47906F451} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C6984483-D454-B316-4040-575B9FB13D11} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C75B8795-6012-883F-06EE-5F1501763CFE} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C881C594-6F3E-F3F1-EA4B-72C7CEA3E7DB} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D223F02D-058E-2CFE-D02D-81826009252B} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D6C7DB36-C0AC-C91F-B408-61A55E5AB6C5} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D75897AF-4779-FE93-0121-038FA5AA18C4} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D85FBAA5-5F33-6173-D800-EFD4E38AE63E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{DA78BE1D-07FE-B346-204E-C738DF8C7F8D} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{DB054D56-EEA3-C985-BEDB-3E646A49FA44} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{DBC8BCC3-8C2E-707C-3D8D-72B88F17460E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E8C74323-6EAC-41DF-4232-E6575DCCE375} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{ECEAF197-B6EF-9E38-0846-FF3BB03983AD} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{EDB7FF48-2CC7-7131-A993-53C8F83DD550} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{EDE4719B-AC04-9EE1-7AEA-7712560B2832} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{EFF18EAC-64BF-91FF-8F1B-42B57350D99F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F1B10CDC-1975-EC0C-C522-2571525E92CF} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F7DFCD4F-46CD-BDA8-264C-0A68205F4979} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F80F0D50-2D6C-75C3-606A-3DFE0F4FC5D0} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F99D5FC9-1F47-B6F5-F1D5-55AFEAD2853A} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FB277F1B-89B6-A114-DD01-EC507A933F39} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FBA372DA-732C-2096-07DB-AA0E71833D10} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FBD21FB3-D80F-1A9B-2038-2D60684CDEE0} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FC955BB2-DAA2-E394-1DD3-E8A207B823A6} -> Spyware.BetterInternet : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FF1518B7-D821-1BF0-0368-AD32CBCF17E0} -> Spyware.CoolWebSearch : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Gummy.class-6fedcb28-339302b0.class -> Trojan.Java.Femad : Cleaned with backup
C:\WINDOWS\Active Setup Log.txt:hwiaf -> Trojan.Feat : Cleaned with backup
C:\WINDOWS\Active Setup Log.txt:twjdi -> Trojan.Feat : Cleaned with backup
C:\WINDOWS\Active Setup Log.txt:xbgrm -> Trojan.Feat : Cleaned with backup
C:\WINDOWS\ALCFDRTM.VER:azwsv -> Trojan.Feat : Cleaned with backup
C:\WINDOWS\ALCFDRTM.VER:exdjo -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\ALCFDRTM.VER:ljnox -> Trojan.Feat : Cleaned with backup
C:\WINDOWS\ALCFDRTM.VER:rhclh -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ALCFDRTM.VER:sjbuv -> Trojan.Feat : Cleaned with backup
C:\WINDOWS\Blue Lace 16.bmp:drcya -> Trojan.Feat : Cleaned with backup
C:\WINDOWS\Blue Lace 16.bmp:hxkoh -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\Blue Lace 16.bmp:jzjga -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\Blue Lace 16.bmp:ltjsf -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\Blue Lace 16.bmp:xcrfd -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\bootstat.dat:eeful -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\bootstat.dat:mwmgt -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\bootstat.dat:qaxlb -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\bootstat.dat:tgnbv -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\cdPlayer.ini:fjfwn -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\cdPlayer.ini:qykqx -> Trojan.Feat : Cleaned with backup
C:\WINDOWS\cdPlayer.ini:vwnbj -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\cdPlayer.ini:zbrzw -> Trojan.Feat : Cleaned with backup
C:\WINDOWS\chipset.log:ayxgx -> Trojan.Feat : Cleaned with backup
C:\WINDOWS\chipset.log:hfdxi -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\chipset.log:jjgny -> Trojan.Feat : Cleaned with backup
C:\WINDOWS\chipset.log:kbawi -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\chipset.log:mjymr -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\clock.avi:dcefr -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\clock.avi:fhavw -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\clock.avi:ofpui -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\clock.avi:pzexw -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\clock.avi:rgmma -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\clock.avi:tmwuv -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\clock.avi:wcqyu -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\cmsetacl.log:exuve -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\cmsetacl.log:fvhrk -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\cmsetacl.log:kbzlr -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\cmsetacl.log:pmmvd -> Trojan.Feat : Cleaned with backup
C:\WINDOWS\cmsetacl.log:sxltc -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\cmsetacl.log:zkpbf -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\Coffee Bean.bmp:bksym -> Trojan.Feat : Cleaned with backup
C:\WINDOWS\Coffee Bean.bmp:kulpj -> Trojan.Feat : Cleaned with backup
C:\WINDOWS\Coffee Bean.bmp:ludvs -> Trojan.Feat : Cleaned with backup
C:\WINDOWS\Coffee Bean.bmp:wumcb -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\comsetup.log:bbawx -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\comsetup.log:osfrw -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\comsetup.log:vrper -> Trojan.Feat : Cleaned with backup
C:\WINDOWS\comsetup.log:wlktw -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\control.ini:aqmzn -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\control.ini:hzzhf -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\control.ini:ksmpo -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\control.ini:metvd -> Trojan.Feat : Cleaned with backup
C:\WINDOWS\desktop.ini:kcckt -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\desktop.ini:lurzx -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\desktop.ini:mmtxk -> Trojan.Feat : Cleaned with backup
C:\WINDOWS\desktop.ini:sgoie -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\desktop.ini:sqrrv -> Trojan.Feat : Cleaned with backup
C:\WINDOWS\desktop.ini:szriz -> Trojan.Feat : Cleaned with backup
C:\WINDOWS\desktop.ini:thxxw -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\desktop.ini:tqzcc -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\DIIUnin.dat:aaihs -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\DIIUnin.dat:cmsub -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\DIIUnin.dat:lsizt -> Trojan.Feat : Cleaned with backup
C:\WINDOWS\DIIUnin.dat:qimns -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\DIIUnin.pif:bnuul -> Trojan.Feat : Cleaned with backup
C:\WINDOWS\DIIUnin.pif:eguvp -> Trojan.Feat : Cleaned with backup
C:\WINDOWS\DIIUnin.pif:zhane -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\DtcInstall.log:angrm -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\DtcInstall.log:aoqna -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\DtcInstall.log:faoeu -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\DtcInstall.log:mlvri -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\DtcInstall.log:wbkmk -> Trojan.Feat : Cleaned with backup
C:\WINDOWS\DtcInstall.log:wvgfp -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\eReg.dat:cagcg -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\eReg.dat:ftecr -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\eReg.dat:lsxrj -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\eReg.dat:nincf -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\eReg.dat:nupak -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\eReg.dat:othrv -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\explorer.scf:xgega -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\FaxSetup.log:aqvyk -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\FaxSetup.log:ekkvz -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\FaxSetup.log:owurt -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\FaxSetup.log:xowqg -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\FeatherTexture.bmp:dautv -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\FeatherTexture.bmp:fbuxg -> Trojan.Feat : Cleaned with backup
C:\WINDOWS\FeatherTexture.bmp:fmgxz -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\FeatherTexture.bmp:otljp -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\FeatherTexture.bmp:qojhw -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\FeatherTexture.bmp:rdjdg -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\FeatherTexture.bmp:ufdkx -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\Gone Fishing.bmp:gbdqp -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\Gone Fishing.bmp:hcnfg -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\Greenstone.bmp:nbsuc -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\Greenstone.bmp:xjzvt -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\Greenstone.bmp:zxbsr -> Trojan.Feat : Cleaned with backup
C:\WINDOWS\iesvf.dat:ldjrk -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\iesvf.dat:lgrkd -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\iesvf.dat:ocrrl -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\iesvf.dat:rntks -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\iis6.log:dprah -> Trojan.Feat : Cleaned with backup
C:\WINDOWS\iis6.log:kqjrs -> Trojan.Feat : Cleaned with backup
C:\WINDOWS\iis6.log:lryiy -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\iPlayer.INI:cmlws -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\iPlayer.INI:jlbnl -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\iPlayer.INI:rxtxlb -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\iPlayer.INI:vmepo -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\iPlayer.INI:yoolm -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\iPlayer.INI:yzyvy -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\jautoexp.dat:amdqu -> Trojan.Feat : Cleaned with backup
C:\WINDOWS\jautoexp.dat:ndkzm -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\jautoexp.dat:xducv -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\jautoexp.dat:zdubi -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB834707.log:bpmwl -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\KB834707.log:cheps -> Trojan.Feat : Cleaned with backup
C:\WINDOWS\KB834707.log:msepu -> Trojan.Feat : Cleaned with backup
C:\WINDOWS\KB834707.log:rnule -> Trojan.Feat : Cleaned with backup
C:\WINDOWS\KB834707.log:whudz -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB835221.log:ojukd -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB835221.log:sgayx -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\KB835221.log:vihow -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB835221.log:vsvko -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB867282.log:ccftd -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB867282.log:flglc -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB867282.log:nofwd -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB867282.log:rmgdd -> Trojan.Feat : Cleaned with backup
C:\WINDOWS\KB867282.log:rtvtz -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\KB867282.log:vmcft -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB867282.log:xdjtl -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB873333.log:cbxam -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB873333.log:hbleo -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\KB873333.log:uhtkz -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB873333.log:vfasq -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB873339.log:gnhal -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB873339.log:hiaaa -> Trojan.Feat : Cleaned with backup
C:\WINDOWS\KB873339.log:hmqae -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB873339.log:jirei -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB873339.log:memxh -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB885250.log:ccwjp -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\KB885250.log:fsaex -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB885250.log:hanjo -> Trojan.Feat : Cleaned with backup
C:\WINDOWS\KB885250.log:xdwxx -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB885250.log:ynyctw -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB885835.log:bpyeb -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB885835.log:fxkys -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\KB885835.log:iefus -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB885835.log:knoir -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB885835.log:mrxoi -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB885835.log:rizoc -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\KB885836.log:jeiwp -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\KB885836.log:kkobp -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\KB885836.log:njpap -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB885836.log:xupaq -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB886185.log:cnjnz -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB886185.log:dhdqt -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB886185.log:oqfbk -> Trojan.Feat : Cleaned with backup
C:\WINDOWS\KB886185.log:pquaz -> Trojan.Feat : Cleaned with backup
C:\WINDOWS\KB886185.log:wkfjw -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\KB887472.log:cuydv -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB887472.log:ghtem -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\KB887472.log:qihdm -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB887472.log:rytps -> Trojan.Feat : Cleaned with backup
C:\WINDOWS\KB887472.log:znxlw -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\KB887472.log:zorsx -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\KB887742.log:jpcdr -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB887742.log:nihno -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\KB887742.log:qjzgu -> Trojan.Feat : Cleaned with backup
C:\WINDOWS\KB887742.log:scwpl -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB887742.log:spzmm -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\KB888113.log:bnqys -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\KB888113.log:fvzul -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB888113.log:fxacf -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB888113.log:sbqbl -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB888113.log:sjekw -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB888302.log:akgdg -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB888302.log:qynip -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB890047.log:cjczy -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB890047.log:hjktw -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\KB890047.log:mymhm -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB890047.log:verul -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB890175.log:ajias -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\KB890175.log:hmqbt -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB890175.log:zevik -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB890175.log:zrqth -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB890859.log:gdnhh -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\KB890859.log:zrflw -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB890923.log:cawzp -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB890923.log:cpucu -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB890923.log:drdfj -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB890923.log:fhciu -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\KB890923.log:koiet -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB890923.log:riexi -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB891781.log:blczq -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB891781.log:chwks -> Trojan.Feat : Cleaned with backup
C:\WINDOWS\KB891781.log:klygn -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\KB891781.log:mgcig -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB891781.log:pifej -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\KB891781.log:pksah -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\KB891781.log:qezdp -> Trojan.Feat : Cleaned with backup
C:\WINDOWS\KB891781.log:ykkgk -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB893066.log:slsms -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\KB893086.log:bpwhw -> Trojan.Feat : Cleaned with backup
C:\WINDOWS\KB893086.log:gtgzt -> Trojan.Feat : Cleaned with backup
C:\WINDOWS\KB893086.log:lohoh -> Trojan.Feat : Cleaned with backup
C:\WINDOWS\KB893086.log:noxva -> Trojan.Feat : Cleaned with backup
C:\WINDOWS\KB893086.log:udplo -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\KB893803.log:ircbo -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB893803.log:rkaibh -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB893803.log:sbrxf -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\KB893803.log:sknet -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB893803v2.log:fvoip -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\KB893803v2.log:ixqad -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB893803v2.log:lllso -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\latya.log:wizzf -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\LUINSTALL.LOG:aldte -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\LUINSTALL.LOG:pqlrv -> Trojan.Feat : Cleaned with backup
C:\WINDOWS\ModemLog_SoftV92 Data Fax Modem with SmartCP.txt:afkvl -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ModemLog_SoftV92 Data Fax Modem with SmartCP.txt:ajiof -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ModemLog_SoftV92 Data Fax Modem with SmartCP.txt:eprtj -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\msdfmap.ini:dndfo -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\msdfmap.ini:fizcg -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\msdfmap.ini:msmnr -> Trojan.Feat : Cleaned with backup
C:\WINDOWS\msdfmap.ini:vduqt -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\msgsocm.log:cedavx -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\msgsocm.log:ejhat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\msgsocm.log:ixzbl -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\msgsocm.log:knici -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\msgsocm.log:ypiox -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\msnavpklog.txt:bpdlr -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\msnavpklog.txt:bwfcp -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\msnavpklog.txt:juekw -> Trojan.Feat : Cleaned with backup
C:\WINDOWS\msnavpklog.txt:rukkq -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\msnavpklog.txt:udyaq -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\NeroDigital.ini:aroks -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\NeroDigital.ini:feawk -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\NeroDigital.ini:vuxnl -> Trojan.Feat : Cleaned with backup
C:\WINDOWS\NeroDigital.ini:wqkyd -> Trojan.Feat : Cleaned with backup
C:\WINDOWS\NeroDigital.ini:wyvqp -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\NeroDigital.ini:xekmd -> Trojan.Feat : Cleaned with backup
C:\WINDOWS\net.reg:hzmiz -> Trojan.Feat : Cleaned with backup
C:\WINDOWS\New.flg:zsubj -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\nsreg.dat:cxpst -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\nsreg.dat:oqclf -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\nsreg.dat:ptpxn -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\nsreg.dat:sjuye -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\nsreg.dat:wdyxm -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\nsreg.dat:wuxkp -> Trojan.Feat : Cleaned with backup
C:\WINDOWS\ntdtcsetup.log:cqjlb -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ntdtcsetup.log:csfrx -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\ntdtcsetup.log:febkm -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ntdtcsetup.log:mrpwn -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ntdtcsetup.log:rczbd -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\ntdtcsetup.log:szdft -> Trojan.Feat : Cleaned with backup
C:\WINDOWS\ntdtcsetup.log:uvpvs -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ntdtcsetup.log:vgluf -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ntdtcsetup.log:zbgka -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\ocgen.log:bguvp -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\ocgen.log:ignwa -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ocgen.log:zrnra -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ocmsn.log:bxoph -> Trojan.Feat : Cleaned with backup
C:\WINDOWS\ocmsn.log:dkxia -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ocmsn.log:sapbw -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ODBC.INI:btmcs -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\ODBC.INI:cdjcx -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ODBC.INI:ggizk -> Trojan.Feat : Cleaned with backup
C:\WINDOWS\ODBC.INI:kmymg -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ODBC.INI:ntikt -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ODBC.INI:upwgi -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\ODBCINST.INI:cvwsw -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ODBCINST.INI:mqlhb -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ODBCINST.INI:wouai -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\ODBCINST.INI:zquly -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\OEWABLog.txt:cxqbh -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\OEWABLog.txt:fbuzt -> Trojan.Feat : Cleaned with backup
C:\WINDOWS\OEWABLog.txt:fmjsv -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\OEWABLog.txt:nqadq -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\OEWABLog.txt:upcox -> Trojan.Feat : Cleaned with backup
C:\WINDOWS\OEWABLog.txt:zwbcm -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\PICTAKER.LOG:cwlmz -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\PICTAKER.LOG:dsoqp -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\PICTAKER.LOG:giibk -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\PICTAKER.LOG:mhfol -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\PICTAKER.LOG:vzvfc -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\PowerReg.dat:bxxip -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\PowerReg.dat:uqzuc -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\PowerReg.dat:xjwzo -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\Prairie Wind.bmp:cjyem -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\Prairie Wind.bmp:myrid -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\Prairie Wind.bmp:nxsni -> Trojan.Feat : Cleaned with backup
C:\WINDOWS\Q327979.log:pwlml -> Trojan.Feat : Cleaned with backup
C:\WINDOWS\qibak.txt:wubcy -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\qibak.txt:zpfle -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\regopt.log:ilhsd -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\regopt.log:mfzbb -> Trojan.Feat : Cleaned with backup
C:\WINDOWS\regopt.log:myaal -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\regopt.log:rkmmh -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\regopt.log:xgtet -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\regopt.log:yrzif -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\Rhododendron.bmp:blfvz -> Trojan.Feat : Cleaned with backup
C:\WINDOWS\Rhododendron.bmp:urhyv -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\Rhododendron.bmp:yzvff -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\River Sumida.bmp:axofh -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\River Sumida.bmp:fedog -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\River Sumida.bmp:hwmvu -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\River Sumida.bmp:tnlbc -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\River Sumida.bmp:tomvb -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\River Sumida.bmp:ycyfr -> Trojan.Feat : Cleaned with backup
C:\WINDOWS\Santa Fe Stucco.bmp:aflna -> Trojan.Feat : Cleaned with backup
C:\WINDOWS\Santa Fe Stucco.bmp:akkuf -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\Santa Fe Stucco.bmp:fdxai -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\Santa Fe Stucco.bmp:gznrr -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\Santa Fe Stucco.bmp:ibzxq -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\Santa Fe Stucco.bmp:kexfo -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\Santa Fe Stucco.bmp:mkcuf -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\Santa Fe Stucco.bmp:pewpv -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\Santa Fe Stucco.bmp:yuwry -> Trojan.Feat : Cleaned with backup
C:\WINDOWS\Santa Fe Stucco.bmp:ywjwf -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\sb_affiliate.ini:lawcg -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\sb_affiliate.ini:pmbeh -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\sb_affiliate.ini:qffjn -> Trojan.Feat : Cleaned with backup
C:\WINDOWS\sb_affiliate.ini:yrjou -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\SchedLgU.Txt:hibcc -> Trojan.Feat : Cleaned with backup
C:\WINDOWS\SchedLgU.Txt:olrpu -> Trojan.Feat : Cleaned with backup
C:\WINDOWS\SchedLgU.Txt:pwmra -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\SchedLgU.Txt:szugb -> Trojan.Feat : Cleaned with backup
C:\WINDOWS\sessmgr.setup.log:arbdj -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\setupact.log:ftkrs -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\setupact.log:mhxln -> Trojan.Feat : Cleaned with backup
C:\WINDOWS\setupact.log:xhcmy -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\setupapi.log:dpour -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\setupapi.log:jebxo -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\setupapi.log:meigo -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\setupapi.log:qfohu -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\setuperr.log:bgjbj -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\setuperr.log:jpupc -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\setuperr.log:llssi -> Trojan.Feat : Cleaned with backup
C:\WINDOWS\setuperr.log:oedlt -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\setuplog.txt:dbxrx -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\setuplog.txt:vadxf -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\SIGVERIF.TXT:aqxbp -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\SIGVERIF.TXT:eadjd -> Trojan.Feat : Cleaned with backup
C:\WINDOWS\SIGVERIF.TXT:heloe -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\SIGVERIF.TXT:ksevg -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\SIGVERIF.TXT:ymchq -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\smscfg.ini:bjnvw -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\smscfg.ini:nguml -> Trojan.Feat : Cleaned with backup
C:\WINDOWS\smscfg.ini:vhxnx -> Trojan.Feat : Cleaned with backup
C:\WINDOWS\smscfg.ini:xjawj -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\Soap Bubbles.bmp:ijufn -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\Soap Bubbles.bmp:jneyo -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\Soap Bubbles.bmp:ntupf -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\Sti_Trace.log:ehg

#6
greyknight17

Posted 09 August 2005 - 07:42 PM

Malware Expert

Visiting Consultant
16,560 posts

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Make sure to close any open browsers. Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):

R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [IEXPLORE.EXE] C:\Program Files\Internet Explorer\IEXPLORE.EXE
O4 - HKCU\..\Run: [Macyar] C:\WINDOWS\system32\w?Oauboot.exe
O4 - HKCU\..\Run: [Cpue] C:\Program Files\sswp\cruu.exe

Delete the following Files/Folders (delete folders if no filename is specified) according to their directory (if none, just do a search for them) and delete them if they exist:

C:\WINDOWS\system32\w?Oauboot.exe - the ? could be any letter
C:\Program Files\sswp\

Restart and run a new HijackThis scan. Save the log file and post it here.

#7
greyknight17

Posted 28 August 2005 - 07:53 PM

Malware Expert

Visiting Consultant
16,560 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.