Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

popups [RESOLVED]


  • This topic is locked This topic is locked

#1
tazz1964

tazz1964

    Member

  • Member
  • PipPipPip
  • 608 posts
Hi all
Can someone help me out on this one i had nail.exe. I think i got it all. but I still getting all these popups. Here is the last hijack this log.

Logfile of HijackThis v1.99.1
Scan saved at 7:29:26 AM, on 8/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\tsaycf.exe
C:\Program Files\America Online 8.0\aoltray.exe
C:\Program Files\AOL Companion\companion.exe
C:\WINDOWS\system32\tsaycf.exe
C:\Program Files\Apoint\Apntex.exe
C:\repair tools\Hijackthis\HijackThis.exe

O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2p...oscript=1&rand=[RAND]"></iframe] c:\WINDOWS\System32\document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2p...oscript=1&rand=[RAND]"></iframe>');
O4 - HKLM\..\Run: [document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2p...oscript=1&rand=[RAND]"></ilayer] c:\WINDOWS\System32\document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2p...oscript=1&rand=[RAND]"></ilayer>');
O4 - HKLM\..\Run: [<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2p...oscript=1&rand=[RAND]"></iframe></noscr] c:\WINDOWS\System32\<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2p...oscript=1&rand=[RAND]"></iframe></noscript>
O4 - HKLM\..\Run: [awVGQwEw] C:\PROGRA~1\wttswqpw\GIgCGkhM.exe
O4 - HKCU\..\Run: [document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2p...oscript=1&rand=[RAND]"></iframe] c:\WINDOWS\System32\document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2p...oscript=1&rand=[RAND]"></iframe>');
O4 - HKCU\..\Run: [document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2p...oscript=1&rand=[RAND]"></ilayer] c:\WINDOWS\System32\document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2p...oscript=1&rand=[RAND]"></ilayer>');
O4 - HKCU\..\Run: [<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2p...oscript=1&rand=[RAND]"></iframe></noscr] c:\WINDOWS\System32\<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2p...oscript=1&rand=[RAND]"></iframe></noscript>
O4 - HKCU\..\Run: [tsaycf] C:\WINDOWS\system32\tsaycf.exe
O4 - HKCU\..\RunOnce: [tsaycf] C:\WINDOWS\system32\tsaycf.exe
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1123603265443
O20 - Winlogon Notify: Uninstall - C:\WINDOWS\system32\tJpi32.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\Photo Server\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Thank you :tazz:
  • 0

Advertisements


#2
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Hiya Tazz..

Yep, I can definetely see few things we need to take care of.

Can you run this online scan first and post it's results here;
Panda Activescan

- Rawe :tazz:
  • 0

#3
tazz1964

tazz1964

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 608 posts
Hi
Here is the log you asked for

Incident Status Location

Virus:Trj/Downloader.AEE Disinfected C:\counter.cab
Possible Virus. No disinfected C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\4RAYQDEF\!update-2344[1].0000
Possible Virus. No disinfected C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8L6R01UZ\!update-2324[1].0000
Possible Virus. No disinfected C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\SB2PGL0Z\!update-2364[1].0000
Adware:Adware/ConsumerAlertSystemNo disinfected C:\Program Files\CMAPP\Client\cmappmf.dll
Possible Virus. No disinfected C:\Program Files\sami\emia.exe
Spyware:Spyware/CommonName No disinfected C:\Program Files\wttswqpw\cnml.exe
Spyware:Spyware/CommonName No disinfected C:\Program Files\wttswqpw\GIgCGkhM.dll
Spyware:Spyware/CommonName No disinfected C:\RECYCLER\S-1-5-21-2183733546-2082251267-1832045169-1003\Dc1\cnml.exe
Spyware:Spyware/CommonName No disinfected C:\RECYCLER\S-1-5-21-2183733546-2082251267-1832045169-1003\Dc1\GIgCGkhM.dll
Adware:adware/bookedspace No disinfected C:\WINDOWS\cfgmgr52.ini
Adware:Adware/HelpExpress No disinfected C:\WINDOWS\emsw.exe
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\etb\xml\images\casino.bmp
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\etb\xml\images\dating.bmp
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\etb\xml\images\drugs.bmp
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\etb\xml\images\fav.bmp
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\etb\xml\images\virus.bmp
Adware:Adware/IEDriver No disinfected C:\WINDOWS\system32\avwav973.exe
Adware:adware/keenvalue No disinfected C:\WINDOWS\system32\drivers\etc\hosts.bho
Hacktool:Hacktool/Rootkit.M No disinfected C:\WINDOWS\system32\drivers\winik.sys
Adware:Adware/Iagold No disinfected C:\WINDOWS\system32\hrfegvla.dll
Dialer:dialer.vz No disinfected C:\WINDOWS\system32\html.dat
Adware:Adware/Iagold No disinfected C:\WINDOWS\system32\jjj.exe
Adware:Adware/PurityScan No disinfected C:\WINDOWS\system32\qlovaza.dll
Adware:Adware/PurityScan No disinfected C:\WINDOWS\system32\Shex.exe
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\szarddlg.dll
Adware:Adware/Iagold No disinfected C:\WINDOWS\system32\xbsnfqrc.dll
  • 0

#4
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Ok, let's get started. Print these instructions out.. So you have an access to them during the whole process.

First;
Please download Ewido Security Suite it is a free version of the program.
  • Install Ewido Security Suite
  • When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu
  • Launch Ewido, there should be an icon on your desktop, double-click it.
  • The program will now open to the main screen.
  • When you run Ewido for the first time, you will get a warning "Database could not be found!" Click OK. We will fix this in a moment.
  • You will need to update Ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display "Update successful")
  • Exit Ewido. DO NOT run a scan yet.
If you are having problems with the updater, you can use this link to manually update Ewido.
ewido manual updates

Download CleanUp
Install the program, dont run it yet, we will later.

Now boot up into Safe Mode.

Show hidden files..

Go to My Computer >Tools >Folder Options >View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing / visible. Uncheck the Hide protected operating system files - option.

Using Windows Explorer, locate the following files and delete completely if present;

C:\counter.cab
C:\Program Files\CMAPP\Client\cmappmf.dll
C:\Program Files\sami\emia.exe
C:\Program Files\wttswqpw\cnml.exe
C:\Program Files\wttswqpw\GIgCGkhM.dll
C:\WINDOWS\cfgmgr52.ini
C:\WINDOWS\emsw.exe
C:\WINDOWS\etb\xml\images\casino.bmp
C:\WINDOWS\etb\xml\images\dating.bmp
C:\WINDOWS\etb\xml\images\drugs.bmp
C:\WINDOWS\etb\xml\images\fav.bmp
C:\WINDOWS\etb\xml\images\virus.bmp
C:\WINDOWS\system32\avwav973.exe
C:\WINDOWS\system32\drivers\etc\hosts.bho
C:\WINDOWS\system32\drivers\winik.sys
C:\WINDOWS\system32\hrfegvla.dll
C:\WINDOWS\system32\html.dat
C:\WINDOWS\system32\jjj.exe
C:\WINDOWS\system32\qlovaza.dll
C:\WINDOWS\system32\Shex.exe
C:\WINDOWS\system32\szarddlg.dll
C:\WINDOWS\system32\xbsnfqrc.dll


Then locate this folder;

C:\RECYCLER\

Delete all of it's content, not the folder itself.

Now open Ewido and do a scan of your system.
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • Clean anything it finds.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.
Close Ewido.

Launch CleanUp!
run it & reboot when prompted. Boot up into normal mode.

Post a fresh HiJackThis log along with the Ewido log and let me know how things went.

- Rawe :tazz:
  • 0

#5
tazz1964

tazz1964

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 608 posts
Hi
I can not delete there files its tells me error deleting access is denied full,write proteced or currently in use.
C:\Program Files\wttswqpw\cnml.exe
C:\Program Files\wttswqpw\GIgCGkhM.dll
C:\WINDOWS\system32\drivers\winik.sys
C:\RECYCLER\
This one not found
C:\counter.cab
I have stop at this point of tring to delete to see if you can help on getting there files deleted
:tazz:
  • 0

#6
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Try this;

1) Please download the Killbox.
Unzip it to the desktop but do NOT run it yet.

2) Then please reboot into Safe Mode by restarting your computer and pressing F8 as your computer is booting up. Then select the Safe Mode option.

3) Once in Safe Mode, please run Killbox.

4) Select "Delete on Reboot".

5) Open the text file with these instructions in it, and copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\Program Files\wttswqpw\cnml.exe
C:\Program Files\wttswqpw\GIgCGkhM.dll
C:\WINDOWS\system32\drivers\winik.sys
C:\counter.cab


6) Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

7) Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here to download and run missingfilesetup.exe. Then try TheKillbox again..

Let the system reboot.

Then follow the rest of the earlier fix. If you can't delete this files content;
C:\RECYCLER\

Then just leave it for now.

Just to check.. You are in Safe Mode when you're deleting the files?

- Rawe :tazz:
  • 0

#7
tazz1964

tazz1964

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 608 posts
Hi
I was was able to delete the files with killbox and all in recycler but one here are the two new logs I have a win fixer 2005 poping up Too.
Logfile of HijackThis v1.99.1
Scan saved at 7:09:54 PM, on 8/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\America Online 8.0\aoltray.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\wuauclt.exe
C:\repair tools\Hijackthis\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2p...oscript=1&rand=[RAND]"></iframe] c:\WINDOWS\System32\document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2p...oscript=1&rand=[RAND]"></iframe>');
O4 - HKLM\..\Run: [document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2p...oscript=1&rand=[RAND]"></ilayer] c:\WINDOWS\System32\document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2p...oscript=1&rand=[RAND]"></ilayer>');
O4 - HKLM\..\Run: [<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2p...oscript=1&rand=[RAND]"></iframe></noscr] c:\WINDOWS\System32\<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2p...oscript=1&rand=[RAND]"></iframe></noscript>
O4 - HKLM\..\Run: [awVGQwEw] C:\PROGRA~1\wttswqpw\GIgCGkhM.exe
O4 - HKCU\..\Run: [document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2p...oscript=1&rand=[RAND]"></iframe] c:\WINDOWS\System32\document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2p...oscript=1&rand=[RAND]"></iframe>');
O4 - HKCU\..\Run: [document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2p...oscript=1&rand=[RAND]"></ilayer] c:\WINDOWS\System32\document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2p...oscript=1&rand=[RAND]"></ilayer>');
O4 - HKCU\..\Run: [<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2p...oscript=1&rand=[RAND]"></iframe></noscr] c:\WINDOWS\System32\<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2p...oscript=1&rand=[RAND]"></iframe></noscript>
O4 - HKCU\..\Run: [tsaycf] C:\WINDOWS\system32\tsaycf.exe
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1123603265443
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O20 - Winlogon Notify: SMDEn - C:\WINDOWS\system32\tJpi32.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\Photo Server\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 6:52:22 PM, 8/10/2005
+ Report-Checksum: FE1202E2

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{3643ABC2-21BF-46B9-B230-F247DB0C6FD6} -> Spyware.E2Give : Cleaned with backup
HKLM\SOFTWARE\Classes\IeBHOs.Control -> Spyware.E2G : Cleaned with backup
HKLM\SOFTWARE\Classes\IeBHOs.Control\CLSID -> Spyware.E2G : Cleaned with backup
HKLM\SOFTWARE\Classes\IeBHOs.Control\CurVer -> Spyware.E2G : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3643ABC2-21BF-46B9-B230-F247DB0C6FD6} -> Spyware.E2Give : Cleaned with backup
HKLM\SYSTEM\CurrentControlSet\Services\WinIK -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+, -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,- -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-. -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./ -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0 -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./01 -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./012 -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123 -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$ -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$% -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%& -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&' -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'( -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'() -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()* -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+ -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+, -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,- -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-. -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./ -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0 -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./01 -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./012 -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123 -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$ -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$% -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%& -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&' -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'( -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'() -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()* -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+ -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+, -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,- -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-. -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./ -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0 -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./01 -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./012 -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123 -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$ -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$% -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%& -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&' -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'( -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'() -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()* -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+ -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+, -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,- -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-. -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./ -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0 -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./01 -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./012 -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123 -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$ -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$% -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%& -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&' -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'( -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'() -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()* -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+ -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+, -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,- -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-. -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./ -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0 -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./01 -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./012 -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123 -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$ -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$% -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%& -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&' -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'( -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'() -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()* -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+ -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+, -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,- -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-. -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./ -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0 -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./01 -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./012 -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123 -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$ -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$% -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%& -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&' -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'( -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'() -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()* -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+ -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+, -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,- -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-. -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./ -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0 -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./01 -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./012 -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123 -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$ -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$% -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%& -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&' -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'( -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'() -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()* -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+ -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+, -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,- -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-. -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./ -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0 -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./01 -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./012 -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123 -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$ -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$% -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%& -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&' -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'( -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'() -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()* -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+ -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+, -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,- -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-. -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./ -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0 -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./01 -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./012 -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123 -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$ -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$% -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%& -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&' -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'( -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'() -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()* -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+ -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+, -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,- -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-. -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./ -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0 -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./01 -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./012 -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123 -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$ -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$% -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%& -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&' -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'( -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'() -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()* -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+ -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+, -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,- -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-. -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./ -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0 -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./01 -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./012 -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123 -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$ -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$% -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%& -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&' -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'( -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'() -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()* -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+ -> Spyware.CommonName : Error during cleaning
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-.
  • 0

#8
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Whoah ok..

Please do an online scan with Kaspersky WebScanner

Next Click on Launch Kaspersky Anti-Virus Web Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Standard
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This program will start to scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
- Rawe :tazz:
  • 0

#9
tazz1964

tazz1964

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 608 posts
Hi
here is the log
------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Thursday, August 11, 2005 05:14:29
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 11/08/2005
Kaspersky Anti-Virus database records: 134654
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 45065
Number of viruses found: 55
Number of infected objects: 188
Number of suspicious objects: 0
Duration of the scan process: 1944 sec

Infected Object Name - Virus Name
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\CL630DIB\AppWrap[1].exe Infected: Trojan-Dropper.Win32.Agent.pb
C:\Program Files\Aprps\CxtPls.dll Infected: Trojan-Downloader.Win32.Apropo.ag
C:\Program Files\Aprps\CxtPls.exe Infected: Trojan-Downloader.Win32.Apropo.ag
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP38\A0026001.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP38\A0026044.exe Infected: Trojan-Downloader.Win32.Agent.qg
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP38\A0026045.exe Infected: Trojan-Downloader.Win32.Agent.qg
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP38\A0026048.exe Infected: Trojan-Downloader.Win32.Small.ayh
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP38\A0026049.exe/data0002 Infected: Trojan.Win32.Registrator.b
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP38\A0026049.exe/data0003 Infected: Trojan-Downloader.Win32.Small.ayh
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP38\A0026049.exe Infected: Trojan-Downloader.Win32.Small.ayh
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP38\A0026060.exe Infected: Trojan-Downloader.Win32.Apropo.ag
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP38\A0026061.dll Infected: Trojan-Downloader.Win32.Apropo.ag
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP38\A0026072.exe Infected: Trojan-Downloader.Win32.Apropo.ae
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP38\A0026097.cpl Infected: Trojan-Downloader.Win32.Qoologic.p
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP38\A0026098.dll Infected: Trojan-Downloader.Win32.Qoologic.p
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP38\A0026122.exe Infected: Trojan-Downloader.Win32.Small.abd
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP38\A0026123.exe Infected: Trojan-Dropper.Win32.Agent.hl
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP38\A0026154.exe Infected: Trojan-Downloader.Win32.Small.abd
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP38\A0026156.exe Infected: Trojan-Dropper.Win32.Agent.hl
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP38\A0026168.exe Infected: Trojan-Downloader.Win32.VB.hj
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP38\A0026169.exe Infected: Trojan-Downloader.Win32.VB.hj
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP38\A0026171.exe Infected: Trojan-Dropper.Win32.Agent.mu
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP38\A0026172.exe Infected: Trojan-Downloader.Win32.VB.kd
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP38\A0026209.exe Infected: Trojan-Downloader.Win32.TSUpdate.k
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP38\A0026210.exe Infected: Trojan-Downloader.Win32.TSUpdate.j
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP38\A0026211.exe Infected: Trojan-Downloader.Win32.TSUpdate.l
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP38\A0026222.SYS Infected: Rootkit.Win32.Agent.q
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP38\A0026223.exe/stream/data0002 Infected: Rootkit.Win32.Agent.q
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP38\A0026223.exe/stream/data0013 Infected: Trojan.Win32.CommonName.b
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP38\A0026223.exe/stream/data0014 Infected: Trojan.Win32.CommonName.a
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP38\A0026223.exe/stream Infected: Trojan.Win32.CommonName.a
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP38\A0026223.exe Infected: Trojan.Win32.CommonName.a
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP38\A0026229.exe Infected: Trojan.Win32.CommonName.b
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP38\A0026236.exe/stream/data0002 Infected: Rootkit.Win32.Agent.q
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP38\A0026236.exe/stream/data0013 Infected: Trojan.Win32.CommonName.b
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP38\A0026236.exe/stream/data0014 Infected: Trojan.Win32.CommonName.a
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP38\A0026236.exe/stream Infected: Trojan.Win32.CommonName.a
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP38\A0026236.exe Infected: Trojan.Win32.CommonName.a
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP38\A0026353.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP38\A0026379.dll Infected: Trojan-Downloader.Win32.IstBar.cj
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP38\A0026397.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP38\A0026412.exe Infected: Trojan-Downloader.Win32.TSUpdate.f
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP38\A0026413.exe Infected: Trojan-Downloader.Win32.TSUpdate.f
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP38\A0026414.exe Infected: Trojan-Downloader.Win32.TSUpdate.f
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP38\A0026415.exe Infected: Trojan-Downloader.Win32.TSUpdate.f
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP38\A0026439.exe Infected: Trojan-Downloader.Win32.VB.em
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP38\A0026460.exe/data0002/data0006 Infected: Trojan.Win32.DelFiles.s
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP38\A0026460.exe/data0002 Infected: Trojan.Win32.DelFiles.s
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP38\A0026460.exe Infected: Trojan.Win32.DelFiles.s
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP38\A0026665.exe/stream/data0002 Infected: Rootkit.Win32.Agent.q
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP38\A0026665.exe/stream/data0013 Infected: Trojan.Win32.CommonName.b
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP38\A0026665.exe/stream/data0014 Infected: Trojan.Win32.CommonName.a
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP38\A0026665.exe/stream Infected: Trojan.Win32.CommonName.a
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP38\A0026665.exe Infected: Trojan.Win32.CommonName.a
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP38\A0026666.exe/stream/data0010 Infected: Trojan.Win32.CommonName.a
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP38\A0026666.exe/stream/data0011 Infected: Trojan.Win32.CommonName.a
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP38\A0026666.exe/stream/data0012 Infected: Trojan.Win32.CommonName.a
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP38\A0026666.exe/stream Infected: Trojan.Win32.CommonName.a
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP38\A0026666.exe Infected: Trojan.Win32.CommonName.a
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP38\A0026677.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP39\A0028845.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP39\A0028869.exe Infected: Trojan-Clicker.Win32.Agent.ei
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP41\A0028982.exe Infected: Trojan-Downloader.Win32.TSUpdate.j
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP41\A0028983.exe Infected: Trojan-Downloader.Win32.TSUpdate.l
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP41\A0028997.exe Infected: Trojan-Dropper.Win32.Small.qn
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP41\A0029007.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP41\A0029010.exe Infected: Trojan-Downloader.Win32.PurityScan.y
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP42\A0029053.exe Infected: Trojan.Win32.TalkStocks.a
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP42\A0029061.exe Infected: Trojan-Downloader.Win32.Apropo.ae
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP42\A0029062.exe Infected: Trojan-Dropper.Win32.Agent.lu
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP42\A0029071.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP42\A0029072.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP44\A0029100.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP44\A0029181.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP44\A0029213.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP44\A0029233.exe Infected: Trojan-Downloader.Win32.PurityScan.y
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP44\A0029254.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP44\A0029261.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP44\A0029272.exe Infected: Trojan-Clicker.Win32.Agent.ei
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP44\A0029280.exe Infected: Trojan-Dropper.Win32.Agent.hl
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP44\A0029284.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP44\A0029291.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP44\A0029322.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP44\A0029334.exe Infected: Trojan-Clicker.Win32.Agent.ei
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP44\A0029340.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP44\A0029352.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP44\A0029365.exe Infected: Trojan-Downloader.Win32.Apropo.g
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP44\A0029382.exe Infected: Trojan-Downloader.Win32.Agent.ro
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP44\A0029399.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP45\A0029411.exe Infected: Trojan-Downloader.Win32.Small.abd
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP46\A0029421.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP46\A0029436.exe Infected: Trojan-Clicker.Win32.Agent.ei
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP46\A0029445.dll Infected: Trojan.Win32.Golid
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP46\A0029446.dll Infected: Trojan-Clicker.Win32.Small.ez
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP46\A0029448.scr/data0001 Infected: Trojan-Downloader.NSIS.Agent.a
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP46\A0029448.scr Infected: Trojan-Downloader.NSIS.Agent.a
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP46\A0029452.dll Infected: Trojan-Downloader.Win32.Braidupdate.d
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP46\A0029454.exe Infected: Trojan-Downloader.Win32.Benuti.b
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP46\A0029457.exe Infected: Trojan-Downloader.Win32.Benuti.a
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP46\A0029460.exe Infected: Trojan-Downloader.Win32.Small.el
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP46\A0029464.exe Infected: Trojan-Downloader.Win32.Small.en
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP46\A0029465.exe Infected: Trojan-Downloader.Win32.Small.dj
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP46\A0029466.exe Infected: Trojan-Downloader.Win32.MlFree
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP46\A0029468.exe Infected: Trojan-Downloader.Win32.Small.aal
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP46\A0029470.exe Infected: Trojan-Downloader.Win32.Qoologic.v
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP46\A0029471.dll Infected: Trojan-Downloader.Win32.Agent.mh
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP46\A0029472.DLL Infected: Trojan-Clicker.Win32.Agent.dh
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP46\A0029478.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP46\A0029488.exe Infected: Trojan-Downloader.Win32.PurityScan.y
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP46\A0029497.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP46\A0029513.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP46\A0029531.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP46\A0029547.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP46\A0029561.exe Infected: Trojan-Downloader.Win32.PurityScan.y
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP46\A0029563.exe Infected: Trojan.Win32.CommonName.a
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP46\A0029564.exe/stream/data0010 Infected: Trojan.Win32.CommonName.a
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP46\A0029564.exe/stream/data0011 Infected: Trojan.Win32.CommonName.a
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP46\A0029564.exe/stream/data0012 Infected: Trojan.Win32.CommonName.a
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP46\A0029564.exe/stream Infected: Trojan.Win32.CommonName.a
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP46\A0029564.exe Infected: Trojan.Win32.CommonName.a
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP46\A0029565.dll Infected: Trojan.Win32.CommonName.a
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP46\A0029566.exe/stream/data0010 Infected: Trojan.Win32.CommonName.a
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP46\A0029566.exe/stream/data0011 Infected: Trojan.Win32.CommonName.a
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP46\A0029566.exe/stream/data0012 Infected: Trojan.Win32.CommonName.a
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP46\A0029566.exe/stream Infected: Trojan.Win32.CommonName.a
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP46\A0029566.exe Infected: Trojan.Win32.CommonName.a
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP46\A0029567.dll Infected: Trojan.Win32.CommonName.a
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP46\A0029568.dll Infected: Trojan.Win32.CommonName.a
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP46\A0029569.dll Infected: Trojan.Win32.CommonName.a
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP46\A0029571.exe Infected: Trojan.Win32.CommonName.a
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP46\A0029572.exe Infected: Trojan.Win32.CommonName.a
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP46\A0029573.exe Infected: Trojan.Win32.CommonName.b
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP46\A0029574.exe/stream/data0010 Infected: Trojan.Win32.CommonName.a
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP46\A0029574.exe/stream/data0011 Infected: Trojan.Win32.CommonName.a
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP46\A0029574.exe/stream/data0012 Infected: Trojan.Win32.CommonName.a
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP46\A0029574.exe/stream Infected: Trojan.Win32.CommonName.a
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP46\A0029574.exe Infected: Trojan.Win32.CommonName.a
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP46\A0029575.exe Infected: Trojan.Win32.CommonName.a
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP46\A0029576.exe Infected: Trojan-Downloader.Win32.Small.abd
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP46\A0029600.exe Infected: Trojan-Downloader.Win32.VB.em
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP46\A0029601.exe Infected: Trojan-Downloader.Win32.VB.em
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP46\A0029602.exe Infected: Trojan-Downloader.Win32.VB.em
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP46\A0029603.exe Infected: Trojan-Downloader.Win32.VB.em
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP46\A0029604.exe Infected: Trojan-Downloader.Win32.VB.em
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP46\A0029605.exe Infected: Trojan-Downloader.Win32.VB.em
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP46\A0029606.exe Infected: Trojan-Downloader.Win32.VB.em
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP46\A0029607.exe Infected: Trojan-Downloader.Win32.VB.em
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP46\A0029615.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP46\A0029630.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP46\A0029659.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP46\A0029672.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP46\A0029690.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP46\A0029700.dll Infected: Trojan-Downloader.Win32.Qoologic.s
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP46\A0029701.exe Infected: Trojan-Downloader.Win32.Qoologic.u
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP46\A0029702.dll Infected: Trojan-Downloader.Win32.Qoologic.t
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP46\A0029703.exe Infected: Trojan-Downloader.Win32.Qoologic.u
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP47\A0029710.exe Infected: Trojan-Clicker.Win32.Agent.ei
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP49\A0029744.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP50\A0029880.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP50\A0029905.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP51\A0030036.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP51\A0030120.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP51\A0030134.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP51\A0030138.exe Infected: Trojan-Downloader.Win32.Qoologic.u
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP51\A0030142.SYS Infected: Rootkit.Win32.Agent.q
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP51\A0030143.exe Infected: Backdoor.Win32.Ruledor.g
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP51\A0030144.exe Infected: Trojan-Downloader.Win32.OneClickNetSearch.k
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP51\A0030145.exe Infected: Trojan-Downloader.Win32.Intexp.d
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP51\A0030148.exe Infected: Trojan-Downloader.Win32.VB.hj
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP51\A0030153.exe Infected: Trojan-Downloader.Win32.VB.hj
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP51\A0030154.dll Infected: Trojan.Win32.TalkStocks.a
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP51\A0030155.exe Infected: Trojan-Dropper.Win32.Agent.mu
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP51\A0030157.exe Infected: Trojan-Downloader.Win32.Qoologic.u
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP51\A0030160.dll Infected: Trojan-Downloader.Win32.Qoologic.s
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP51\A0030165.exe Infected: Trojan-Downloader.Win32.Qoologic.u
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP51\A0030169.cpl Infected: Trojan-Downloader.Win32.Qoologic.p
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP51\A0030170.dll Infected: Trojan-Downloader.Win32.Qoologic.t
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP51\A0030171.dll Infected: Trojan-Downloader.Win32.Qoologic.p
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP51\A0030174.exe Infected: Trojan-Downloader.Win32.VB.kd
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP51\A0030183.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP51\A0030190.exe Infected: Trojan.Win32.CommonName.b
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP51\A0030277.exe Infected: Trojan-Spy.Win32.VB.eh
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP51\A0030419.exe Infected: Trojan.Win32.Golid.h
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP51\A0030421.dll Infected: Trojan-Downloader.Win32.Agent.b
C:\System Volume Information\_restore{714C809E-5AB6-4445-9A67-94FBD9F1D08A}\RP51\A0030422.dll Infected: Trojan.Win32.Golid.k
C:\WINDOWS\system32\drivers\winik.sys Infected: Rootkit.Win32.Agent.q
C:\WINDOWS\system32\jkl.exe Infected: Trojan-Downloader.Win32.Small.iv
C:\WINDOWS\Temp\b.com Infected: Trojan-Dropper.Win32.Agent.pb

Scan process completed.


thanks for all the help on this
:tazz:
  • 0

#10
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
No problem!

Ok, let's try this way then.

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
  • Click the Free Trial link on the right - next to "SpySweeper for Home Computers" to download the program.
  • Double-click the file to install it as follows:[list]
  • Click "Next", read the agreement, Click "Next"
  • Choose "Custom" click "Next".
  • Leave the default installation directoy as it is, then click "Next".
  • UNcheck "Run SpySweeper at Windows Startup" and "Add Sweep for Spyware to Windows Explorer Context Menu". Click "Next".
  • On the following screen you can leave the e-mail address field blank, if you wish. Click "Next".
  • Finally, click "Install"
  • Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
Disable SpySweeper Shields
  • Click Shields on the left.
  • Click Internet Explorer and uncheck all items.
  • Click Windows System and uncheck all items.
  • Click Startup Programs and uncheck all items.
  • Once the definitions are installed and shields disabled, exit SpySweeper.
Run CleanUp! but don't reboot yet.

Disable System Restore;

1. Click Start > Programs > Accessories > Windows Explorer
2. Right-click My Computer, and then click Properties.
3. Click the System Restore tab.
4. Check the "Turn off System Restore"
5. Click Apply. An message shows up.
6. Click "Yes" to do this.
7. Confirm with "Ok".


Reboot into Safe Mode again.

Launch SpySweeper;
  • click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply.
After the scan (While still in Safe Mode), find the following folder and delete if present;

C:\Program Files\Aprps\

Then delete this file if present;

C:\WINDOWS\system32\tJpi32.dll

Empty recycle bin.
  • Open HiJackThis
  • Click on the configure button on the bottom right
  • Click on the tab "Misc Tools"
  • Click on "Delete File on Reboot"
  • Navigate to this file - C:\WINDOWS\system32\jkl.exe
  • Double click on that file.
  • HJT asks you if you want to reboot, now. Click "YES".
Reboot into normal mode.

Enable system restore back.

Can you now check that you have the latest windows updates (including the Malicious software removal tool) from Microsoft Update.

If you do, do the following;

Click "Start", Run and type in; MRT
Click "Ok".

Let it scan and let me know of the results.

Then post back how things went and post a fresh HiJackThis log with the SpySweeper session log.

- Rawe :tazz:
  • 0

Advertisements


#11
tazz1964

tazz1964

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 608 posts
HI
the MRT said no malicious software detected I lost the spysweeper log somewhere. here is the newest hijack log Ihave no popups right now going on and the system is running faster.
Logfile of HijackThis v1.99.1
Scan saved at 7:03:32 PM, on 8/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\America Online 8.0\aoltray.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\T3duZXIA\command.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Grisoft\AVG Free\avgemc.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\repair tools\Hijackthis\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2p...oscript=1&rand=[RAND]"></iframe] c:\WINDOWS\System32\document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2p...oscript=1&rand=[RAND]"></iframe>');
O4 - HKLM\..\Run: [document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2p...oscript=1&rand=[RAND]"></ilayer] c:\WINDOWS\System32\document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2p...oscript=1&rand=[RAND]"></ilayer>');
O4 - HKLM\..\Run: [<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2p...oscript=1&rand=[RAND]"></iframe></noscr] c:\WINDOWS\System32\<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2p...oscript=1&rand=[RAND]"></iframe></noscript>
O4 - HKLM\..\Run: [awVGQwEw] C:\PROGRA~1\wttswqpw\GIgCGkhM.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2p...oscript=1&rand=[RAND]"></iframe] c:\WINDOWS\System32\document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2p...oscript=1&rand=[RAND]"></iframe>');
O4 - HKCU\..\Run: [document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2p...oscript=1&rand=[RAND]"></ilayer] c:\WINDOWS\System32\document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2p...oscript=1&rand=[RAND]"></ilayer>');
O4 - HKCU\..\Run: [<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2p...oscript=1&rand=[RAND]"></iframe></noscr] c:\WINDOWS\System32\<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2p...oscript=1&rand=[RAND]"></iframe></noscript>
O4 - HKCU\..\Run: [tsaycf] C:\WINDOWS\system32\tsaycf.exe
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1123603265443
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\T3duZXIA\command.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\Photo Server\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Thanks for all your help on this
:tazz:
  • 0

#12
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
1) Please download the Killbox.
Unzip it to the desktop but do NOT run it yet.

2) Then please reboot into Safe Mode by restarting your computer and pressing F8 as your computer is booting up. Then select the Safe Mode option.

3) Once in Safe Mode, please run Killbox.

4) Select "Delete on Reboot".

5) Open the text file with these instructions in it, and copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\WINDOWS\system32\tsaycf.exe

6) Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

7) Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here to download and run missingfilesetup.exe. Then try TheKillbox again..

Let the system reboot.

Reboot into Safe Mode and delete this folder;

C:\PROGRA~1\wttswqpw\

Empty your recycle bin, boot back into normal mode and post a fresh HiJackThis log.

- Rawe :tazz:

Do you have any idea what these entries would be;
O4 - HKLM\..\Run: [<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2p...oscript=1&rand=[RAND]"></iframe></noscr] c:\WINDOWS\System32\<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2p...oscript=1&rand=[RAND]"></iframe></noscript>

Edited by Rawe, 12 August 2005 - 01:47 AM.

  • 0

#13
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
There is also one bad service there.. Can you do this just before posting a new log;

Click Start => Run => and type in;

services.msc

Click "OK".

In the services window find service; Command Service (cmdService)

Right-click and choose "Properties". On the "General" tab under "Service Status" click the "Stop" button to stop the service. Beside "Startup Type" in the dropdown menu select "Disabled". Click Apply then "Ok". Exit the Services utility.
  • Open HiJackThis
  • Click on the configure button on the bottom right
  • Click on the tab "Misc Tools"
  • Click on "delete an NT service"
  • Copy and paste this in: cmdService
  • Click "ok", then reboot
After the reboot fix this in HiJackThis if you can see it;

O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\T3duZXIA\command.exe

Then just delete this folder;

C:\WINDOWS\T3duZXIA\

And again, empty recycle bin.

- Rawe :tazz:

Do this just before posting a new log.. So we'll get everything with one hit.
  • 0

#14
tazz1964

tazz1964

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 608 posts
Hi
done all steps to this point.
I do not know what these are
O4 - HKLM\..\Run: [<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2p...oscript=1&rand=[RAND]"></iframe></noscr] c:\WINDOWS\System32\<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2p...oscript=1&rand=[RAND]"></iframe></noscript>
its a laptop that we are working on.
Here is the newest log
Logfile of HijackThis v1.99.1
Scan saved at 7:31:54 PM, on 8/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\America Online 8.0\aoltray.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\repair tools\Hijackthis\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2p...oscript=1&rand=[RAND]"></iframe] c:\WINDOWS\System32\document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2p...oscript=1&rand=[RAND]"></iframe>');
O4 - HKLM\..\Run: [document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2p...oscript=1&rand=[RAND]"></ilayer] c:\WINDOWS\System32\document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2p...oscript=1&rand=[RAND]"></ilayer>');
O4 - HKLM\..\Run: [<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2p...oscript=1&rand=[RAND]"></iframe></noscr] c:\WINDOWS\System32\<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2p...oscript=1&rand=[RAND]"></iframe></noscript>
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2p...oscript=1&rand=[RAND]"></iframe] c:\WINDOWS\System32\document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2p...oscript=1&rand=[RAND]"></iframe>');
O4 - HKCU\..\Run: [document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2p...oscript=1&rand=[RAND]"></ilayer] c:\WINDOWS\System32\document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2p...oscript=1&rand=[RAND]"></ilayer>');
O4 - HKCU\..\Run: [<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2p...oscript=1&rand=[RAND]"></iframe></noscr] c:\WINDOWS\System32\<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2p...oscript=1&rand=[RAND]"></iframe></noscript>
O4 - HKCU\..\Run: [tsaycf] C:\WINDOWS\system32\tsaycf.exe
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1123603265443
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\Photo Server\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

thanks :tazz:
  • 0

#15
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Hi,

run a scan with HiJackThis and check this for removal;

O4 - HKCU\..\Run: [tsaycf] C:\WINDOWS\system32\tsaycf.exe

Make sure it's checked, close any other windows and hit Fix Checked.

Reboot and delete this file if present;

C:\WINDOWS\system32\tsaycf.exe

Then empty recycle bin. Post another HiJackThis log and tell me if you have any problems now.

- Rawe :tazz:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP