Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Winfix 2005 VX2 [RESOLVED]

Started by DeadMagicBox , Aug 11 2005 01:19 PM

This topic is locked

#1
DeadMagicBox

Posted 11 August 2005 - 01:19 PM

Member

Member
12 posts

I followed the instructions I read on some other posts and cant seem to get rid of the pop ups. I have run AVG, CWshredder, Adaware, and I am still getting the pop ups. Here is my HJT log. Thanks for any info.

Logfile of HijackThis v1.99.1
Scan saved at 3:17:33 PM, on 8/11/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\System32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
D:\WINDOWS\System32\odchsgh.exe
D:\WINDOWS\System32\eoou.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\Documents and Settings\Trey\Desktop\HijackThis\HijackThis.exe
D:\WINDOWS\system32\NOTEPAD.EXE
D:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.worldofwarcraft.com/
F2 - REG:system.ini: Shell=Explorer.exe D:\WINDOWS\Nail.exe
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [gsjabb] D:\WINDOWS\System32\odchsgh.exe r
O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} (ActiveX Control) - http://www.icannnews.../ST/ActiveX.ocx
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by17fd.bay17....es/MsnPUpld.cab
O16 - DPF: {972BB342-14A7-4660-83C1-51DDBEE171DB} - http://www.pacimedia...ll/pcs_0006.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - d:\windows\SvcProc.exe

#2
Rawe

Posted 16 August 2005 - 06:49 AM

Visiting Staff

Member
4,746 posts

Hello and welcome!

Sorry about the late reply. Can you post another HiJackThis log for me here, since one of your infections is changing names on us on each reboot.

But just before doing so.. Let's see if we can get anything up with Ad-aware;

IF your version of Ad-aware is 1.06 (the latest one), do the following;

1. Launch Ad-Aware SE and run the WebUpdate feature. (Click on the Globe icon, Click "connect", Click "OK", Click "Finish".)

IF you are having problems with the updating, get the manual updates here; http://download.lava...public/defs.zip

2. Set up the Configurations as follows:

Click the Gear wheel at the top of the Ad-Aware window
Click General > Safety & Settings: Check (Green) all three.
Click Tweak > Cleaning Engine > UNcheck "Always try to unload modules before deletion".

3. Click on "Proceed"
4. Click on "Scan Now"
5. Deselect "Search for negligible risk entries" as negligible risk entries (MRU's) are not considered to be a threat.
6. Select "Search for low-risk threats"
7. Run the scanner using the Full Scan (Perform full system scan) mode.
8. When the scan has completed, select Next.
9. In the Scanning Results window, select the "Scan Summary" tab.
10. Check the box next to every "target family" for removal.
11. Click "Next", Click "OK".
12. Reboot.

IF you have an older version, can you uninstall your current one, then delete this folder;
D:\Program Files\Lavasoft

Then delete it from the recycle bin and get the latest one here;
http://www.download....4-10045910.html

Then just proceed with the scanning.

After you have done that, post a fresh HiJackThis log to this thread.

Don't reboot unless I ask you to!

- Rawe :tazz:

Edited by Rawe, 16 August 2005 - 07:30 AM.

#3
DeadMagicBox

Posted 16 August 2005 - 07:54 AM

Member

Topic Starter
Member
12 posts

No problem on the late reply, I cant imagine how much traffic you get. Here is the fresh HJT log

Logfile of HijackThis v1.99.1
Scan saved at 9:53:36 AM, on 8/16/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\System32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\WINDOWS\System32\mtnsct.exe
D:\Program Files\ruoo\eoou.exe
D:\WINDOWS\System32\wbem\wmiapsrv.exe
D:\Documents and Settings\Trey\Desktop\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.worldofwarcraft.com/
F2 - REG:system.ini: Shell=Explorer.exe D:\WINDOWS\Nail.exe
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [bekyol] D:\WINDOWS\System32\mtnsct.exe r
O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} (ActiveX Control) - http://www.icannnews.../ST/ActiveX.ocx
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by17fd.bay17....es/MsnPUpld.cab
O16 - DPF: {972BB342-14A7-4660-83C1-51DDBEE171DB} - http://www.pacimedia...ll/pcs_0006.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - d:\windows\SvcProc.exe

#4
Rawe

Posted 16 August 2005 - 08:01 AM

Visiting Staff

Member
4,746 posts

Ok, let's hunt Aurora down. :tazz:

Please print these instructions out, or write them down, as you can't read them during the fix.

First;

Please download Ewido Security Suite it is a free version of the program.

Install Ewido Security Suite
When installing, under "Additional Options" uncheck..
- Install background guard
- Install scan via context menu
Launch Ewido, there should be an icon on your desktop, double-click it.
The program will now open to the main screen.
When you run Ewido for the first time, you will get a warning "Database could not be found!" Click OK. We will fix this in a moment.
You will need to update Ewido to the latest definition files.
- On the left hand side of the main screen click update.
- Then click on Start Update.
The update will start and a progress bar will show the updates being installed.
(the status bar at the bottom will display "Update successful")
Exit Ewido. DO NOT run a scan yet.

If you are having problems with the updater, you can use this link to manually update Ewido.
ewido manual updates

Download CleanUp
Install the program, dont run it yet, we will later.

Please download this file: the Nailfix Utility
Save it to your desktop.
DO NOT run it yet.

Please download APT and unzip the contents to a new folder on your desktop.

Open the folder you just created and click on apt.exe and search in the window for mtnsct.exe.
Open your D:\Windows\system32 folder and search for D:\WINDOWS\System32\mtnsct.exe.
Don't delete it yet, just leave the system32 folder open so you can see the bad file.
In APT again, Select mtnsct.exe and Click Kill3
Then immediately delete D:\WINDOWS\System32\mtnsct.exe from your system32 folder.

Close APT.

Launch Notepad, copy & paste the following text from the code box below, into a empty text file (Starting from @Echo);

@ECHO OFF
cd\windows
Nail.exe /FULLREMOVE
sc config SvcProc start= disabled
sc stop SvcProc
sc delete SvcProc
attrib -s -r -h nail.exe
attrib -s -r -h svcproc.exe
del nail.exe
del svcproc.exe
exit

Save the file to the desktop as remove.bat and make sure the "Save as type" field says "All files".

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

Once in Safe Mode, please double-click on remove.bat

A window should open and close very quickly --- this is normal.

Next please double-click on nailfix.exe.
Click "Next" in the setup, then make sure "Run Nailfix" is checked and click "Finish".
Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

Now open Ewido and do a scan of your system.

Click on scanner
Click on Complete System Scan and the scan will begin.
Clean anything it finds.
Once the scan has completed, there will be a button located on the bottom of the screen named Save report
Click Save report.
Save the report .txt file to your desktop or a location where you can find it easily.

Close Ewido.

Now scan with HJT and place a checkmark next to each of the following objects IF PRESENT:
F2 - REG:system.ini: Shell=Explorer.exe D:\WINDOWS\Nail.exe
O4 - HKLM\..\Run: [bekyol] D:\WINDOWS\System32\mtnsct.exe r
O16 - DPF: {972BB342-14A7-4660-83C1-51DDBEE171DB} - http://www.pacimedia...ll/pcs_0006.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - d:\windows\SvcProc.exe

Close all open windows except for HJT, then click the Fix Checked button. Close HJT.

Enable show hidden files and folders:

Go to My Computer >Tools >Folder Options >View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing / visible. Uncheck the Hide protected operating system files - option.

Now using Windows Explorer locate the following files and delete if present;

D:\WINDOWS\Nail.exe
D:\WINDOWS\System32\mtnsct.exe
d:\windows\SvcProc.exe

Now run the CleanUp program:

*IMPORTANT NOTE*
CleanUp deletes EVERYTHING out of your temp/temporary folders, it does not make backups.
If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp

Running CleanUp

Start CleanUp by double-clicking the icon on your desktop (or from the Start > All Programs menu).
When CleanUp starts go to the Options button (right side of CleanUp screen)
Move the arrow down to "Custom CleanUp!"
Now place a checkmark next to the following (Make sure nothing else is checked!):
- Delete Cookies
  This is optional, if you leave the box checked it will remove all of your cookies, at this point removing cookies is a good idea
- Empty Recycle Bins
- Delete Prefetch files
- Cleanup! All Users
Click OK
Then click on the CleanUp button. This will take a short while, let it do its thing.
When asked to reboot system select No
Close CleanUp

Finally, restart your computer back into Normal Mode and please post a new HJT log, as well as the ewido report log from the Ewido scan by using Add Reply

- Rawe

#5
DeadMagicBox

Posted 16 August 2005 - 09:08 AM

Member

Topic Starter
Member
12 posts

Here is the HJT log. I checked the following boxes

F2 - REG:system.ini: Shell=Explorer.exe D:\WINDOWS\Nail.exe
O16 - DPF: {972BB342-14A7-4660-83C1-51DDBEE171DB} - http://www.pacimedia...ll/pcs_0006.exe

Logfile of HijackThis v1.99.1
Scan saved at 10:50:01 AM, on 8/16/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\Explorer.exe
D:\WINDOWS\explorer.exe
D:\Documents and Settings\Trey\Desktop\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.worldofwarcraft.com/
F2 - REG:system.ini: Shell=Explorer.exe D:\WINDOWS\Nail.exe
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - D:\WINDOWS\dsr.dll (file missing)
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} (ActiveX Control) - http://www.icannnews.../ST/ActiveX.ocx
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by17fd.bay17....es/MsnPUpld.cab
O16 - DPF: {972BB342-14A7-4660-83C1-51DDBEE171DB} - http://www.pacimedia...ll/pcs_0006.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido\security suite\ewidoctrl.exe

Here is the Ewido log

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 10:49:38 AM, 8/16/2005
+ Report-Checksum: F33A2952

+ Scan result:

HKLM\SOFTWARE\Classes\AppID\{0DC5CD7C-F653-4417-AA43-D457BE3A9622} -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{417386C3-8D4A-4611-9B91-E57E89D603AC} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7C559105-9ECF-42b8-B3F7-832E75EDD959} -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B5AB638F-D76C-415B-A8F2-F3CEAC502212} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{10D7DB96-56DC-4617-8EAB-EC506ABE6C7E} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{6CDC3337-01F7-4A79-A4AF-0B19303CC0BE} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{795398D0-DC2F-4118-A69C-592273BA9C2B} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{B288F21C-A144-4CA2-9B70-8AFA1FAE4B06} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\ISTx.Installer -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Classes\ISTx.Installer\CLSID -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Classes\PopOops2.PopOops -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\PopOops2.PopOops\Clsid -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\SWLAD1.SWLAD -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\SWLAD1.SWLAD\Clsid -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{D0C29A75-7146-4737-98EE-BC4D7CF44AF9} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{E0D3B292-A0B0-4640-975C-2F882E039F52} -> Spyware.AdDestroyer : Cleaned with backup
[2012] D:\WINDOWS\jvzffq.exe -> Adware.BetterInternet : Cleaned with backup
[132] D:\WINDOWS\System32\onzbzw.exe -> Trojan.Agent.cp : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP585\snapshot\MFEX-1.DAT -> Spyware.WebSearch : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP586\snapshot\MFEX-1.DAT -> Spyware.WebSearch : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP586\A0257495.exe -> Adware.eXact : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP586\A0257497.vxd/C:/WINDOWS/System32/nvms.dll -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP586\A0257497.vxd/C:/Program Files/NaviSearch/bin/nls.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP586\A0257498.vxd/C:/WINDOWS/System32/exdl.exe -> Adware.eXact : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP586\A0257498.vxd/C:/WINDOWS/System32/mqexdlm.srg -> Adware.eXact : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP586\A0257498.vxd/C:/WINDOWS/System32/exul.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP586\A0257498.vxd/C:/WINDOWS/System32/javexulm.vxd -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP586\A0257498.vxd/C:/WINDOWS/System32/bbchk.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP586\A0257498.vxd/C:/WINDOWS/System32/msexreg.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP586\A0257498.vxd/C:/WINDOWS/System32/instsrv.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP586\A0257499.exe -> Adware.eXact : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP586\A0257501.ax/C:/WINDOWS/System32/mscb.dll -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP586\A0257501.ax/C:/Program Files/CashBack/bin/cashback.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP586\A0257501.ax/C:/Program Files/CashBack/bin/cb.exe -> Spyware.CashBack : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP586\A0257501.ax/C:/Program Files/CashBack/bin/flash.exe -> Spyware.CashBack : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP586\A0257502.exe -> Adware.eXact : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP586\A0257511.dll -> Adware.Gator : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP587\snapshot\MFEX-1.DAT -> Spyware.WebSearch : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP587\A0257541.exe -> Adware.eXact : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP587\A0257543.vxd/C:/WINDOWS/System32/nvms.dll -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP587\A0257543.vxd/C:/Program Files/NaviSearch/bin/nls.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP587\A0257544.vxd/C:/WINDOWS/System32/exdl.exe -> Adware.eXact : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP587\A0257544.vxd/C:/WINDOWS/System32/mqexdlm.srg -> Adware.eXact : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP587\A0257544.vxd/C:/WINDOWS/System32/exul.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP587\A0257544.vxd/C:/WINDOWS/System32/javexulm.vxd -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP587\A0257544.vxd/C:/WINDOWS/System32/bbchk.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP587\A0257544.vxd/C:/WINDOWS/System32/msexreg.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP587\A0257544.vxd/C:/WINDOWS/System32/instsrv.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP587\A0257545.exe -> Adware.eXact : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP587\A0257547.ax/C:/WINDOWS/System32/mscb.dll -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP587\A0257547.ax/C:/Program Files/CashBack/bin/cashback.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP587\A0257547.ax/C:/Program Files/CashBack/bin/cb.exe -> Spyware.CashBack : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP587\A0257547.ax/C:/Program Files/CashBack/bin/flash.exe -> Spyware.CashBack : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP587\A0257548.exe -> Adware.eXact : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP588\A0258429.exe -> Adware.eXact : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP588\A0258431.vxd/C:/WINDOWS/System32/nvms.dll -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP588\A0258431.vxd/C:/Program Files/NaviSearch/bin/nls.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP588\A0258432.vxd/C:/WINDOWS/System32/exdl.exe -> Adware.eXact : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP588\A0258432.vxd/C:/WINDOWS/System32/mqexdlm.srg -> Adware.eXact : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP588\A0258432.vxd/C:/WINDOWS/System32/exul.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP588\A0258432.vxd/C:/WINDOWS/System32/javexulm.vxd -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP588\A0258432.vxd/C:/WINDOWS/System32/bbchk.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP588\A0258432.vxd/C:/WINDOWS/System32/msexreg.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP588\A0258432.vxd/C:/WINDOWS/System32/instsrv.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP588\A0258433.exe -> Adware.eXact : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP588\A0258435.ax/C:/WINDOWS/System32/mscb.dll -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP588\A0258435.ax/C:/Program Files/CashBack/bin/cashback.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP588\A0258435.ax/C:/Program Files/CashBack/bin/cb.exe -> Spyware.CashBack : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP588\A0258435.ax/C:/Program Files/CashBack/bin/flash.exe -> Spyware.CashBack : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP588\A0258436.exe -> Adware.eXact : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP582\snapshot\MFEX-1.DAT -> Adware.eXact : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP582\A0242298.srg -> Adware.eXact : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP582\A0247307.exe -> Spyware.WebSearch : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP582\A0247308.exe -> Adware.eXact : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP582\A0247310.exe -> Adware.eXact : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP582\A0247317.ax/C:/WINDOWS/System32/mscb.dll -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP582\A0247317.ax/C:/Program Files/CashBack/bin/cashback.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP582\A0247317.ax/C:/Program Files/CashBack/bin/cb.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP582\A0247317.ax/C:/Program Files/CashBack/bin/flash.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP582\A0247318.exe -> Adware.eXact : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP582\A0247319.vxd/C:/WINDOWS/System32/exdl.exe -> Adware.eXact : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP582\A0247319.vxd/C:/WINDOWS/System32/mqexdlm.srg -> Adware.eXact : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP582\A0247319.vxd/C:/WINDOWS/System32/exul.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP582\A0247319.vxd/C:/WINDOWS/System32/javexulm.vxd -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP582\A0247319.vxd/C:/WINDOWS/System32/bbchk.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP582\A0247319.vxd/C:/WINDOWS/System32/msexreg.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP582\A0247319.vxd/C:/WINDOWS/System32/instsrv.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP582\A0248305.exe -> Spyware.WebSearch : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP582\A0248308.exe -> Adware.eXact : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP582\A0248312.vxd/C:/WINDOWS/System32/nvms.dll -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP582\A0248312.vxd/C:/Program Files/NaviSearch/bin/nls.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP582\A0248313.vxd/C:/WINDOWS/System32/exdl.exe -> Adware.eXact : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP582\A0248313.vxd/C:/WINDOWS/System32/mqexdlm.srg -> Adware.eXact : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP582\A0248313.vxd/C:/WINDOWS/System32/exul.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP582\A0248313.vxd/C:/WINDOWS/System32/javexulm.vxd -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP582\A0248313.vxd/C:/WINDOWS/System32/bbchk.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP582\A0248313.vxd/C:/WINDOWS/System32/msexreg.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP582\A0248313.vxd/C:/WINDOWS/System32/instsrv.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP582\A0248349.exe -> Spyware.WebSearch : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP583\A0249349.exe -> Spyware.WebSearch : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP583\A0250350.exe -> Spyware.WebSearch : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP583\A0250365.exe -> Spyware.WebSearch : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP583\A0251365.exe -> Spyware.WebSearch : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP583\A0252365.exe -> Spyware.WebSearch : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP583\A0252366.exe -> Adware.eXact : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP583\A0252370.exe -> Adware.eXact : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP583\A0253365.exe -> Spyware.WebSearch : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP583\A0253367.exe -> Adware.eXact : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP583\A0253368.exe -> Adware.eXact : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP583\A0253373.exe -> Adware.eXact : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP583\A0255365.exe -> Spyware.WebSearch : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP583\A0255367.exe -> Adware.eXact : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP583\A0255368.exe -> Adware.eXact : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP583\A0255373.exe -> Adware.eXact : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP583\A0255376.vxd/C:/WINDOWS/System32/nvms.dll -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP583\A0255376.vxd/C:/Program Files/NaviSearch/bin/nls.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP583\A0255378.vxd/C:/WINDOWS/System32/exdl.exe -> Adware.eXact : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP583\A0255378.vxd/C:/WINDOWS/System32/mqexdlm.srg -> Adware.eXact : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP583\A0255378.vxd/C:/WINDOWS/System32/exul.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP583\A0255378.vxd/C:/WINDOWS/System32/javexulm.vxd -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP583\A0255378.vxd/C:/WINDOWS/System32/bbchk.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP583\A0255378.vxd/C:/WINDOWS/System32/msexreg.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP583\A0255378.vxd/C:/WINDOWS/System32/instsrv.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP583\A0255385.dll -> Spyware.AproposMedia : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP583\A0255387.dll -> Spyware.AproposMedia : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP583\A0256358.exe -> Spyware.WebSearch : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP583\A0256371.exe -> Spyware.WebSearch : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP583\A0256383.exe -> Adware.eXact : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP583\A0256385.exe -> Adware.eXact : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP583\A0256390.exe -> Adware.eXact : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP583\A0256397.vxd/C:/WINDOWS/System32/nvms.dll -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP583\A0256397.vxd/C:/Program Files/NaviSearch/bin/nls.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP583\A0256399.vxd/C:/WINDOWS/System32/exdl.exe -> Adware.eXact : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP583\A0256399.vxd/C:/WINDOWS/System32/mqexdlm.srg -> Adware.eXact : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP583\A0256399.vxd/C:/WINDOWS/System32/exul.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP583\A0256399.vxd/C:/WINDOWS/System32/javexulm.vxd -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP583\A0256399.vxd/C:/WINDOWS/System32/bbchk.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP583\A0256399.vxd/C:/WINDOWS/System32/msexreg.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP583\A0256399.vxd/C:/WINDOWS/System32/instsrv.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP583\A0256408.ax/C:/WINDOWS/System32/mscb.dll -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP583\A0256408.ax/C:/Program Files/CashBack/bin/cashback.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP583\A0256408.ax/C:/Program Files/CashBack/bin/cb.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP583\A0256408.ax/C:/Program Files/CashBack/bin/flash.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP583\A0256413.dll -> Spyware.AproposMedia : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP583\A0256417.dll -> Spyware.AproposMedia : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP583\A0256418.exe -> Spyware.Apropos : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP583\A0256455.dll -> Spyware.TotalVelocity : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP583\A0256456.exe -> Spyware.TotalVelocity : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP583\A0257379.exe -> Spyware.WebSearch : Cleaned with backup
C:\System Volume Information\_restore{64DBCB73-862E-492B-8C17-A222E950834E}\RP583\A0257388.dll -> Spyware.WebSearch : Cleaned with backup
C:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP2\A0003519.exe -> Spyware.BargainBuddy.n : Cleaned with backup
C:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP2\A0003577.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP2\A0003682.dll -> Spyware.WildTangent : Cleaned with backup
C:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP2\A0003701.dll -> Spyware.WildTangent : Cleaned with backup
C:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP2\A0007476.exe -> Adware.eXact : Cleaned with backup
C:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP2\A0007484.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP2\A0007492.dll -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP2\A0007493.exe -> Adware.eXact : Cleaned with backup
C:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP2\A0007494.exe -> Adware.eXact : Cleaned with backup
C:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP2\A0007495.exe -> Adware.eXact : Cleaned with backup
C:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP2\A0007505.exe -> Trojan.Small.i : Cleaned with backup
C:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP2\A0007508.vxd/C:/WINDOWS/System32/nvms.dll -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP2\A0007508.vxd/C:/Program Files/NaviSearch/bin/nls.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP2\A0007526.srg -> Adware.eXact : Cleaned with backup
C:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP2\A0007528.exe -> Trojan.Small.i : Cleaned with backup
C:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP2\A0007536.dll -> Spyware.ClientMan : Cleaned with backup
C:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP2\A0007548.ax/C:/WINDOWS/System32/mscb.dll -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP2\A0007548.ax/C:/Program Files/CashBack/bin/cashback.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP2\A0007548.ax/C:/Program Files/CashBack/bin/cb.exe -> Spyware.CashBack : Cleaned with backup
C:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP2\A0007548.ax/C:/Program Files/CashBack/bin/flash.exe -> Spyware.CashBack : Cleaned with backup
C:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP2\A0007700.vxd/C:/WINDOWS/System32/exdl.exe -> Adware.eXact : Cleaned with backup
C:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP2\A0007700.vxd/C:/WINDOWS/System32/mqexdlm.srg -> Adware.eXact : Cleaned with backup
C:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP2\A0007700.vxd/C:/WINDOWS/System32/exul.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP2\A0007700.vxd/C:/WINDOWS/System32/javexulm.vxd -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP2\A0007700.vxd/C:/WINDOWS/System32/bbchk.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP2\A0007700.vxd/C:/WINDOWS/System32/msexreg.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP2\A0007700.vxd/C:/WINDOWS/System32/instsrv.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP2\A0007702.exe -> Spyware.DealHelper : Cleaned with backup
C:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP2\A0007706.exe -> Spyware.AproposMedia : Cleaned with backup
C:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP2\A0011763.exe -> Trojan.Small.i : Cleaned with backup
D:\download\Snake.exe -> Not-A-Virus.Joke.Stupen.c : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP34\A0030656.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP34\A0031646.ocx -> Spyware.Look2Me : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP34\A0031648.dll -> Adware.BetterInternet : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP34\A0031657.exe -> Spyware.Hijacker.Generic : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP34\A0031661.exe -> Spyware.EliteBar : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP34\A0031667.exe -> Adware.BetterInternet : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP34\A0031668.exe -> TrojanDownloader.Small.asf : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP34\A0031671.exe -> Spyware.Look2Me : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP34\A0031672.exe -> Trojan.Agent.cp : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP34\A0031673.exe -> Adware.BetterInternet : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP34\A0031674.exe -> Adware.BetterInternet : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP34\A0031690.exe -> Adware.BetterInternet : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP34\A0031700.exe -> Spyware.PurityScan : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP34\A0031703.exe -> Spyware.PurityScan : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP34\A0031704.exe -> Trojan.Agent.cp : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP34\A0031711.dll -> Spyware.EliteBar : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP34\A0031713.dll -> Spyware.EliteBar : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP34\A0031715.exe -> Spyware.Look2Me : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP34\A0031722.exe -> Adware.eZula : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP34\A0031727.exe -> Spyware.PurityScan : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP34\A0031728.exe -> Trojan.Agent.cp : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP34\A0031730.exe -> Spyware.PurityScan : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP34\A0031732.dll -> Spyware.EliteBar : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP34\A0031733.dll -> Spyware.EliteBar : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP34\A0031734.exe -> Adware.BetterInternet : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP34\A0031746.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP34\A0031747.exe -> Spyware.CashBack : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP34\A0031748.exe -> Spyware.CashBack : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP34\A0031763.dll -> Adware.eZula : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP34\A0031773.exe -> Spyware.VirtualBouncer : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP34\A0031776.EXE -> Spyware.VirtualBouncer : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP34\A0031777.EXE -> Spyware.VirtualBouncer.j : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP34\A0031779.exe -> Spyware.VirtualBouncer : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP34\A0031818.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP34\A0031820.dll -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP34\A0031822.dll -> Spyware.VirtualBouncer : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP34\A0031823.dll -> Spyware.VirtualBouncer : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP34\A0031824.dll -> Spyware.VirtualBouncer : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP34\A0031825.dll -> Spyware.VirtualBouncer : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP34\A0031826.exe -> Spyware.AproposMedia : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP34\A0031830.exe -> Spyware.WinAD : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP34\A0031831.exe -> Spyware.WinAD : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP34\A0031833.EXE -> TrojanDownloader.Small.aal : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP34\A0031834.exe -> Spyware.ISearch : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP34\A0031839.exe -> Spyware.PurityScan : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP34\A0031841.dll -> Spyware.EliteBar : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP34\A0031842.DLL -> Spyware.EliteBar : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP34\A0031843.exe -> Trojan.Agent.cp : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP34\A0031845.exe -> Trojan.Agent.cp : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP34\A0031892.exe -> Adware.BetterInternet : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP34\A0031897.dll -> Spyware.E2Give : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP34\A0031898.exe -> Spyware.Hijacker.Generic : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP34\A0031899.dll -> Adware.BetterInternet : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP34\A0031900.exe -> Adware.BetterInternet : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP34\A0031907.exe -> Spyware.PurityScan : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP34\A0031909.exe -> Spyware.PurityScan : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP34\A0031911.exe -> Trojan.Agent.cp : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP34\A0031912.dll -> Spyware.EliteBar : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP34\A0031913.DLL -> Spyware.EliteBar : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP34\A0031923.exe -> Spyware.PurityScan : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP34\A0031925.exe -> Spyware.PurityScan : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP34\A0031927.exe -> Trojan.Agent.cp : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP34\A0031928.dll -> Spyware.EliteBar : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP34\A0031929.DLL -> Spyware.EliteBar : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP34\A0031932.exe -> Adware.BetterInternet : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP34\A0031935.exe -> Adware.BetterInternet : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP34\A0031942.exe -> Spyware.PurityScan : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP34\A0031943.exe -> Trojan.Agent.cp : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP34\A0031945.dll -> Spyware.EliteBar : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP34\A0031946.DLL -> Spyware.EliteBar : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP34\A0031948.exe -> Trojan.Imiserv.c : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP34\A0031950.exe -> Adware.BetterInternet : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP34\A0031961.exe -> Adware.BetterInternet : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP35\A0032258.exe -> Adware.BetterInternet : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP35\A0036284.exe -> Spyware.PurityScan : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP35\A0036293.exe -> Trojan.Agent.cp : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP35\A0036294.exe -> Trojan.Agent.cp : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP35\A0036296.dll -> Spyware.EliteBar : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP35\A0036297.DLL -> Spyware.EliteBar : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP35\A0036308.exe -> Trojan.Agent.cp : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP35\A0036310.dll -> Spyware.EliteBar : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP35\A0036311.dll -> Spyware.EliteBar : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP35\A0036317.exe -> Spyware.PurityScan : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP35\A0036318.exe -> Spyware.PurityScan : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP35\A0036323.exe -> Spyware.PurityScan : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP35\A0036324.exe -> Spyware.PurityScan : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP35\A0036327.dll -> Spyware.EliteBar : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP35\A0036328.exe -> Trojan.Agent.cp : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP35\A0036329.dll -> Spyware.EliteBar : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP35\A0036334.exe -> Adware.BetterInternet : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP35\A0036337.exe -> Adware.BetterInternet : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP35\A0036368.exe -> Spyware.PurityScan : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP35\A0036369.exe -> Spyware.PurityScan : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP35\A0036371.exe -> Trojan.Agent.cp : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP35\A0036377.exe -> Spyware.PurityScan : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP35\A0036378.exe -> Spyware.PurityScan : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP35\A0036380.exe -> Trojan.Agent.cp : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP35\A0036381.exe -> Trojan.Agent.cp : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP35\A0036383.exe -> Adware.BetterInternet : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP35\A0037378.exe -> Trojan.Agent.cp : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP35\A0037379.exe -> Spyware.PurityScan : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP35\A0037380.exe -> Adware.BetterInternet : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP35\A0037383.exe -> Adware.BetterInternet : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP36\A0037389.exe -> Adware.BetterInternet : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP36\A0037391.exe -> Spyware.PurityScan : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP36\A0038378.exe -> Trojan.Agent.cp : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP36\A0038380.exe -> Adware.BetterInternet : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP36\A0038387.exe -> Trojan.Agent.cp : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP36\A0038388.exe -> Spyware.PurityScan : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP36\A0038391.exe -> Adware.BetterInternet : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP37\A0038392.exe -> Adware.BetterInternet : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP38\A0038404.exe -> Adware.BetterInternet : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP38\A0038422.exe -> Trojan.Agent.cp : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP38\A0038423.exe -> Spyware.PurityScan : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP38\A0038424.exe -> Trojan.Agent.cp : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP38\A0038429.exe -> Adware.BetterInternet : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP38\A0038430.exe -> Adware.BetterInternet : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP38\A0038503.exe -> Trojan.Agent.cp : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP38\A0038524.exe -> Trojan.Imiserv.c : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP38\A0038526.exe -> Adware.BetterInternet : Cleaned with backup
D:\Program Files\Common Files\system32.dll/Catcher.dll -> Spyware.Maxifiles : Cleaned with backup
D:\Program Files\Common Files\system32.dll/gui.exe -> TrojanDownloader.Agent.rv : Cleaned with backup
D:\Program Files\SurfAccuracy\SAcc.exe -> Spyware.SurfAccuracy : Cleaned with backup
D:\Program Files\180searchassistant\salm.exe -> Spyware.180Solutions : Cleaned with backup
D:\Program Files\180searchassistant\saap.exe -> Spyware.180Solutions : Cleaned with backup
D:\Program Files\180searchassistant\salmhook.dll -> Spyware.180Solutions : Cleaned with backup
D:\Program Files\WinFixer 2005\df_kmd.sys -> Trojan.Rootkit.Agent.af : Cleaned with backup
D:\Program Files\SurfSideKick 3\SskBho.dll -> Spyware.SurfSide : Cleaned with backup
D:\Program Files\SurfSideKick 3\SskCore.dll -> Spyware.SurfSide : Cleaned with backup
D:\Program Files\SurfSideKick 3\Ssk.exe -> Spyware.SurfSide : Cleaned with backup
D:\Program Files\DNS\Catcher.dll -> Spyware.Maxifiles : Cleaned with backup
D:\WINDOWS\system32\drivers\df_kmd.sys -> Trojan.Rootkit.Agent.af : Cleaned with backup
D:\WINDOWS\system32\onzbzw.exe -> Trojan.Agent.gp : Cleaned with backup
D:\WINDOWS\system32\hinlpk.exe -> Trojan.Agent.gp : Cleaned with backup
D:\WINDOWS\system32\nsk51.dll -> Spyware.HotSearchBar : Cleaned with backup
D:\WINDOWS\system32\jsxxyqbb.dll -> Spyware.SafeSurfing : Cleaned with backup
D:\WINDOWS\system32\lanbrup.exe -> Spyware.SafeSurfing : Cleaned with backup
D:\WINDOWS\system32\phodim.exe -> Spyware.Apropos : Cleaned with backup
D:\WINDOWS\system32\xypdu.dll -> Spyware.PurityScan : Cleaned with backup
D:\WINDOWS\system32\jspser.exe -> TrojanSpy.VB.eh : Cleaned with backup
D:\WINDOWS\system\UpdInst.exe -> Spyware.Look2Me : Cleaned with backup
D:\WINDOWS\Temp\MediaAccessInstPack.exe -> Spyware.WinAD : Cleaned with backup
D:\WINDOWS\Temp\ei.exe -> TrojanDownloader.Small.bgl : Cleaned with backup
D:\WINDOWS\Downloaded Program Files\ActiveX.ocx -> Spyware.Look2Me : Cleaned with backup
D:\WINDOWS\cfgmgr52.dll -> Spyware.BookedSpace : Cleaned with backup
D:\WINDOWS\dsr.dll -> Spyware.Hijacker.Generic : Cleaned with backup
D:\WINDOWS\etb\nt_hide62.dll -> Spyware.EliteBar : Cleaned with backup
D:\WINDOWS\etb\xud_62.dll -> Spyware.EliteBar : Cleaned with backup
D:\WINDOWS\jvzffq.exe -> Adware.BetterInternet : Cleaned with backup
D:\WINDOWS\ru.exe -> Spyware.PurityScan : Cleaned with backup
D:\WINDOWS\dckeilvaubh.exe -> Adware.BetterInternet : Cleaned with backup
D:\WINDOWS\dinst.exe -> TrojanDownloader.Intexp.d : Cleaned with backup
D:\WINDOWS\dsr.exe -> Trojan.Imiserv.c : Cleaned with backup
D:\WINDOWS\Nail.exe -> Adware.BetterInternet : Cleaned with backup
D:\Documents and Settings\Dad\Cookies\[email protected][2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
D:\Documents and Settings\Trey\Local Settings\Temp\res36.tmp -> Spyware.180Solutions : Cleaned with backup
D:\Documents and Settings\Trey\Local Settings\Temp\temp.fr7995\MediaAccK.exe -> Spyware.WinAD : Cleaned with backup
D:\Documents and Settings\Trey\Local Settings\Temp\temp.fr7995\MediaAccess.exe -> Spyware.WinAD : Cleaned with backup
D:\Documents and Settings\Trey\Local Settings\Temp\131342_1424_1620_1164_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
D:\Documents and Settings\Trey\Local Settings\Temp\131284_1580_1828_156_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
D:\Documents and Settings\Trey\Cookies\trey@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
D:\Documents and Settings\Trey\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
D:\Documents and Settings\Trey\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
D:\Documents and Settings\Trey\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
D:\Documents and Settings\Trey\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
D:\Documents and Settings\Trey\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
D:\Documents and Settings\Trey\Cookies\trey@hypertracker[1].txt -> Spyware.Cookie.Hypertracker : Cleaned with backup
D:\Documents and Settings\Trey\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
D:\Documents and Settings\Trey\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
D:\Documents and Settings\Trey\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
D:\Documents and Settings\Trey\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
D:\Documents and Settings\Trey\Cookies\[email protected][2].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
D:\Documents and Settings\Trey\Cookies\trey@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
D:\Documents and Settings\Trey\Cookies\[email protected][1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
D:\Documents and Settings\Trey\Cookies\[email protected][2].txt -> Spyware.Cookie.Sidefind : Cleaned with backup
D:\Documents and Settings\Trey\Cookies\trey@abetterinternet[2].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
D:\Documents and Settings\Trey\Cookies\[email protected][1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
D:\Documents and Settings\Trey\Cookies\[email protected][2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
D:\Documents and Settings\Trey\Cookies\trey@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
D:\Documents and Settings\Trey\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
D:\Documents and Settings\Trey\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
D:\Documents and Settings\Trey\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
D:\Documents and Settings\Trey\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
D:\Documents and Settings\Trey\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
D:\Documents and Settings\Trey\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
D:\Documents and Settings\Trey\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
D:\Documents and Settings\Trey\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
D:\Documents and Settings\Trey\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
D:\Documents and Settings\Gabby\Local Settings\Temp\res9C.tmp -> Spyware.180Solutions : Cleaned with backup
D:\Documents and Settings\Gabby\Local Settings\Temp\199318_3684_216_1976_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
D:\Documents and Settings\Gabby\Local Settings\Temp\68254_3684_216_1032_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
D:\Documents and Settings\Gabby\Local Settings\Temp\199608_3684_216_2532_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
D:\Documents and Settings\Gabby\Local Settings\Temp&#

#6
DeadMagicBox

Posted 16 August 2005 - 09:14 AM

Member

Topic Starter
Member
12 posts

here is the rest of the Ewido report, I think it was too long. This is the line that is only half there on the above post.

D:\Documents and Settings\Gabby\Local Settings\Temp\199592_3684_216_2324_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
D:\Documents and Settings\Gabby\Local Settings\Temp\331000_3684_216_2288_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
D:\Documents and Settings\Gabby\Local Settings\Temp\134450_3684_216_2292_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
D:\Documents and Settings\Gabby\Local Settings\Temp\134510_3684_216_424_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
D:\Documents and Settings\Gabby\Local Settings\Temp\69324_3684_216_1720_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
D:\Documents and Settings\Gabby\Local Settings\Temp\1707878_2080_216_2528_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
D:\Documents and Settings\Gabby\Local Settings\Temp\135180_2080_216_4188_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
D:\Documents and Settings\Gabby\Local Settings\Temp\200726_2080_216_4192_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
D:\Documents and Settings\Gabby\Local Settings\Temp\135518_2080_216_4288_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
D:\Documents and Settings\Gabby\Local Settings\Temp\70040_2080_216_4292_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
D:\Documents and Settings\Gabby\Local Settings\Temp\135516_3684_216_4308_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
D:\Documents and Settings\Gabby\Local Settings\Temp\resF4.tmp -> Spyware.180Solutions : Cleaned with backup
D:\Documents and Settings\Gabby\Local Settings\Temp\856882_3684_216_5196_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
D:\Documents and Settings\Gabby\Local Settings\Temp\201818_3684_216_5312_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
D:\Documents and Settings\Gabby\Local Settings\Temp\70644_3684_216_5240_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
D:\Documents and Settings\Gabby\Local Settings\Temp\857390_3684_216_5916_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
D:\Documents and Settings\Gabby\Local Settings\Temp\71070_3684_216_5828_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
D:\Documents and Settings\Gabby\Local Settings\Temp\labpengs.tmp -> Spyware.SafeSurfing : Cleaned with backup
D:\Documents and Settings\Gabby\Local Settings\Temp\136794_3684_216_5924_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
D:\Documents and Settings\Gabby\Local Settings\Temp\595242_3684_216_5920_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
D:\Documents and Settings\Gabby\Local Settings\Temp\6160664_3684_216_6080_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
D:\Documents and Settings\Gabby\Local Settings\Temp\71870_3684_216_1508_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
D:\Documents and Settings\Gabby\Local Settings\Temp\137350_3684_216_932_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
D:\Documents and Settings\Gabby\Local Settings\Temp\132086_3684_216_3364_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
D:\Documents and Settings\Gabby\Local Settings\Temp\132086_3684_216_3364_62.41.tmp -> Spyware.EliteBar : Cleaned with backup
D:\Documents and Settings\Gabby\Local Settings\Temp\852672_752_216_652_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
D:\Documents and Settings\Gabby\Local Settings\Temp\852672_752_216_652_62.41.tmp -> Spyware.EliteBar : Cleaned with backup
D:\Documents and Settings\Gabby\Local Settings\Temp\852366_752_216_2988_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
D:\Documents and Settings\Gabby\Local Settings\Temp\852366_752_216_2988_62.41.tmp -> Spyware.EliteBar : Cleaned with backup
D:\Documents and Settings\Gabby\Local Settings\Temp\2621988_752_216_1180_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
D:\Documents and Settings\Gabby\Local Settings\Temp\2621988_752_216_1180_62.41.tmp -> Spyware.EliteBar : Cleaned with backup
D:\Documents and Settings\Gabby\Local Settings\Temp\655420_3684_216_1868_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
D:\Documents and Settings\Gabby\Local Settings\Temp\655420_3684_216_1868_62.41.tmp -> Spyware.EliteBar : Cleaned with backup
D:\Documents and Settings\Gabby\Local Settings\Temp\72558_3684_216_5016_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
D:\Documents and Settings\Gabby\Local Settings\Temp\917872_3684_216_2212_62.41.tmp -> Spyware.EliteBar : Cleaned with backup
D:\Documents and Settings\Gabby\Local Settings\Temp\662040_3684_216_5008_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
D:\Documents and Settings\Gabby\Local Settings\Temp\temp.exe -> Spyware.EliteBar : Cleaned with backup
D:\Documents and Settings\Gabby\Local Settings\Temp\721296_3684_216_3360_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
D:\Documents and Settings\Gabby\Local Settings\Temp\721296_3684_216_3360_62.41.tmp -> Spyware.EliteBar : Cleaned with backup
D:\Documents and Settings\Gabby\Local Settings\Temp\590330_3684_216_776_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
D:\Documents and Settings\Gabby\Local Settings\Temp\590330_3684_216_776_62.41.tmp -> Spyware.EliteBar : Cleaned with backup
D:\Documents and Settings\Gabby\Local Settings\Temp\132666_3684_216_2336_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
D:\Documents and Settings\Gabby\Local Settings\Temp\132666_3684_216_2336_62.41.tmp -> Spyware.EliteBar : Cleaned with backup
D:\Documents and Settings\Gabby\Local Settings\Temp\203428_3684_216_5080_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
D:\Documents and Settings\Gabby\Local Settings\Temp\989810_3684_216_5204_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
D:\Documents and Settings\Gabby\Local Settings\Temp\72710_3684_216_5956_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
D:\Documents and Settings\Gabby\Local Settings\Temp\918150_3684_216_3992_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
D:\Documents and Settings\Gabby\Local Settings\Temp\918150_3684_216_3992_62.41.tmp -> Spyware.EliteBar : Cleaned with backup
D:\Documents and Settings\Gabby\Local Settings\Temp\328550_3684_216_2616_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
D:\Documents and Settings\Gabby\Local Settings\Temp\328550_3684_216_2616_62.41.tmp -> Spyware.EliteBar : Cleaned with backup
D:\Documents and Settings\Gabby\Local Settings\Temp\67618_3684_216_2236_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
D:\Documents and Settings\Gabby\Local Settings\Temp\67618_3684_216_2236_62.41.tmp -> Spyware.EliteBar : Cleaned with backup
D:\Documents and Settings\Gabby\Local Settings\Temp\461004_2540_216_2828_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
D:\Documents and Settings\Gabby\Local Settings\Temp\461004_2540_216_2828_62.41.tmp -> Spyware.EliteBar : Cleaned with backup
D:\Documents and Settings\Gabby\Local Settings\Temp\395628_3684_216_3524_62.41.tmp -> Spyware.EliteBar : Cleaned with backup
D:\Documents and Settings\Gabby\Local Settings\Temp\859388_6068_216_876_62.41.tmp1 -> Spyware.EliteBar : Cleaned with backup
D:\Documents and Settings\Gabby\Local Settings\Temp\MediaAccessInstPack.exe -> Spyware.WinAD : Cleaned with backup
D:\Documents and Settings\Gabby\Local Settings\Temporary Internet Files\Content.IE5\WLSBCPE3\trk_0023[1].exe -> Spyware.Pacer : Cleaned with backup
D:\Documents and Settings\Gabby\Local Settings\Temporary Internet Files\Content.IE5\2SHCDSPU\Installer[1].exe -> Spyware.Look2Me : Cleaned with backup
D:\Documents and Settings\Gabby\Cookies\[email protected][1].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
D:\Documents and Settings\Gabby\Cookies\[email protected][2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
D:\Documents and Settings\Gabby\Cookies\gabby@paypopup[1].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
D:\Documents and Settings\Gabby\Cookies\gabby@abetterinternet[1].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
D:\Documents and Settings\Gabby\Cookies\[email protected][1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
D:\Documents and Settings\Administrator\Cookies\administrator@abetterinternet[2].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup

::Report End

#7
Rawe

Posted 16 August 2005 - 11:48 AM

Visiting Staff

Member
4,746 posts

Ok, Nail.exe didn't go :tazz:

Please download this file: the Nailfix Utility
Save it to your desktop.
DO NOT run it yet.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

Once in Safe Mode, please double-click on Nailfix.exe.
Click "Next" in the setup, then make sure "Run Nailfix" is checked and click "Finish".
Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

Now run HijackThis, click Scan, check the following objects for removal;

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe

Make sure it's checked, close ANY other open windows and click Fix Checked.

Then reboot into normal mode.

Post another HiJackThis log.

- Rawe

#8
DeadMagicBox

Posted 16 August 2005 - 03:16 PM

Member

Topic Starter
Member
12 posts

Logfile of HijackThis v1.99.1
Scan saved at 5:15:18 PM, on 8/16/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\System32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
D:\WINDOWS\System32\fhonogo.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\Program Files\ewido\security suite\ewidoctrl.exe
D:\Documents and Settings\Trey\Desktop\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.worldofwarcraft.com/
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - D:\WINDOWS\dsr.dll (file missing)
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [lrmncf] D:\WINDOWS\System32\fhonogo.exe r
O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} (ActiveX Control) - http://www.icannnews.../ST/ActiveX.ocx
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by17fd.bay17....es/MsnPUpld.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido\security suite\ewidoctrl.exe

#9
Rawe

Posted 17 August 2005 - 05:40 AM

Visiting Staff

Member
4,746 posts

Did you reboot after you posted the latest log?

#10
DeadMagicBox

Posted 17 August 2005 - 06:12 AM

Member

Topic Starter
Member
12 posts

Yeah

#11
Rawe

Posted 17 August 2005 - 06:13 AM

Visiting Staff

Member
4,746 posts

Ok, post a new log and don't reboot. :tazz:

#12
DeadMagicBox

Posted 17 August 2005 - 06:25 AM

Member

Topic Starter
Member
12 posts

Nail and svcproc are still showing. I followed the instructions to remove them they just wont go away :tazz:

Logfile of HijackThis v1.99.1
Scan saved at 8:23:05 AM, on 8/17/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\System32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
D:\WINDOWS\System32\fhonogo.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\Program Files\ewido\security suite\ewidoctrl.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe
D:\Documents and Settings\Trey\Desktop\fix stuff\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.worldofwarcraft.com/
F2 - REG:system.ini: Shell=Explorer.exe D:\WINDOWS\Nail.exe
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - D:\WINDOWS\dsr.dll (file missing)
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [lrmncf] D:\WINDOWS\System32\fhonogo.exe r
O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} (ActiveX Control) - http://www.icannnews.../ST/ActiveX.ocx
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by17fd.bay17....es/MsnPUpld.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - D:\WINDOWS\svcproc.exe

#13
Rawe

Posted 17 August 2005 - 06:32 AM

Visiting Staff

Member
4,746 posts

Ok, we need to do this again. Please follow it completely. If you have question(s), ask them before proceeding.

First;

Update Ewido to the latest definitions.

Please download this file: the Nailfix Utility
Save it to your desktop.
DO NOT run it yet.

Download dsrfix.zip
Save it to your desktop.

Unzip dsrfix.zip and extract it to your desktop.
This will create a new folder on your desktop named dsrfix.
Do Not open that folder yet.

Please download APT and unzip the contents to a new folder on your desktop.

Open the folder you just created and click on apt.exe and search in the window for fhonogo.exe.
Open your C:\Windows\system32 folder and search for D:\WINDOWS\System32\fhonogo.exe.
Don't delete it yet, just leave the system32 folder open so you can see the bad file.
In APT again, Select fhonogo.exe and Click Kill3
Then immediately delete D:\WINDOWS\System32\fhonogo.exe from your system32 folder.

Close APT.

Launch Notepad, copy & paste the following text from the code box below, into a empty text file (Starting from @ECHO);

@ECHO OFF
cd\windows
Nail.exe /FULLREMOVE
sc config SvcProc start= disabled
sc stop SvcProc
sc delete SvcProc
attrib -s -r -h nail.exe
attrib -s -r -h svcproc.exe
del nail.exe
del svcproc.exe
exit

Save the file to the desktop as remove.bat and make sure the "Save as type" field says "All files".

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

Once in Safe Mode, please double-click on nailfix.exe.
Click "Next" in the setup, then make sure "Run Nailfix" is checked and click "Finish".
Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

Then double-click on remove.bat

A window should open and close very quickly --- this is normal.

Now open Ewido and do a scan of your system.

Click on scanner
Click on Complete System Scan and the scan will begin.
Clean anything it finds.
Once the scan has completed, there will be a button located on the bottom of the screen named Save report
Click Save report.
Save the report .txt file to your desktop or a location where you can find it easily.

Close Ewido.

Now scan with HJT and place a checkmark next to each of the following items:

F2 - REG:system.ini: Shell=Explorer.exe D:\WINDOWS\Nail.exe
O4 - HKLM\..\Run: [lrmncf] D:\WINDOWS\System32\fhonogo.exe r

Close all open windows except for HJT, then click the Fix Checked button. Close HJT.

Now open the folder dsrfix on your desktop.

Double-Click on dsrfix.bat
A window will pop up briefly then close, this is normal.

Now run the CleanUp program:

*IMPORTANT NOTE*
CleanUp deletes EVERYTHING out of your temp/temporary folders, it does not make backups.
If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp

Running CleanUp

Start CleanUp by double-clicking the icon on your desktop (or from the Start > All Programs menu).
When CleanUp starts go to the Options button (right side of CleanUp screen)
Move the arrow down to "Custom CleanUp!"
Now place a checkmark next to the following (Make sure nothing else is checked!):
- Delete Cookies
  This is optional, if you leave the box checked it will remove all of your cookies, at this point removing cookies is a good idea
- Empty Recycle Bins
- Delete Prefetch files
- Cleanup! All Users
Click OK
Then click on the CleanUp button. This will take a short while, let it do its thing.
When asked to reboot system select No
Close CleanUp

Finally, restart your computer back into Normal Mode and please post a new HJT log, as well as the ewido report log from the Ewido scan by using Add Reply

- Rawe :tazz:

Edited by Rawe, 17 August 2005 - 06:33 AM.

#14
DeadMagicBox

Posted 17 August 2005 - 09:36 PM

Member

Topic Starter
Member
12 posts

Sorry for the slow reply, college started today and it was hectic.

Here is the Ewdio log

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 11:24:48 PM, 8/17/2005
+ Report-Checksum: E70C12FB

+ Scan result:

D:\RECYCLED\Dd53.exe -> Trojan.Agent.gp : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP38\A0038529.exe -> Adware.BetterInternet : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP38\A0038530.exe -> Not-A-Virus.Joke.Stupen.c : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP38\A0038531.dll/Catcher.dll -> Spyware.Maxifiles : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP38\A0038531.dll/gui.exe -> TrojanDownloader.Agent.rv : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP38\A0038532.exe -> Spyware.SurfAccuracy : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP38\A0038533.exe -> Spyware.180Solutions : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP38\A0038534.exe -> Spyware.180Solutions : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP38\A0038535.dll -> Spyware.180Solutions : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP38\A0038536.sys -> Trojan.Rootkit.Agent.af : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP38\A0038537.dll -> Spyware.SurfSide : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP38\A0038538.dll -> Spyware.SurfSide : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP38\A0038539.exe -> Spyware.SurfSide : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP38\A0038540.dll -> Spyware.Maxifiles : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP38\A0038541.sys -> Trojan.Rootkit.Agent.af : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP38\A0038542.dll -> Spyware.HotSearchBar : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP38\A0038543.dll -> Spyware.SafeSurfing : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP38\A0038544.exe -> Spyware.SafeSurfing : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP38\A0038545.exe -> Spyware.Apropos : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP38\A0038546.dll -> Spyware.PurityScan : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP38\A0038547.exe -> TrojanSpy.VB.eh : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP38\A0038548.exe -> Spyware.Look2Me : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP38\A0038549.dll -> Spyware.BookedSpace : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP38\A0038550.dll -> Spyware.Hijacker.Generic : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP38\A0038551.dll -> Spyware.EliteBar : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP38\A0038552.dll -> Spyware.EliteBar : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP38\A0038553.exe -> Spyware.PurityScan : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP38\A0038554.exe -> Adware.BetterInternet : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP38\A0038587.exe -> Adware.BetterInternet : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP38\A0038592.exe -> Trojan.Agent.gp : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP38\A0038593.exe -> Trojan.Agent.gp : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP38\A0038594.exe -> Trojan.Agent.gp : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP38\A0038596.exe -> Adware.BetterInternet : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP39\A0038599.exe -> Trojan.Agent.gp : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP39\A0038605.exe -> Trojan.Agent.gp : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP39\A0038607.exe -> Adware.BetterInternet : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP39\A0038614.exe -> Trojan.Agent.gp : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP39\A0038616.exe -> Adware.BetterInternet : Cleaned with backup
D:\System Volume Information\_restore{4A8CF204-D521-4A6B-B3F7-913275700A5B}\RP40\A0038812.exe -> Adware.BetterInternet : Cleaned with backup
D:\WINDOWS\dckeilvaubh.exe -> Adware.BetterInternet : Cleaned with backup
D:\Documents and Settings\Trey\Cookies\trey@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
D:\Documents and Settings\Trey\Cookies\[email protected][1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
D:\Documents and Settings\Trey\Cookies\trey@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
D:\Documents and Settings\Trey\Cookies\trey@qksrv[2].txt -> Spyware.Cookie.Qksrv : Cleaned with backup
D:\Documents and Settings\Trey\Cookies\[email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
D:\Documents and Settings\Trey\Cookies\trey@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
D:\Documents and Settings\Trey\Cookies\trey@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
D:\Documents and Settings\Trey\Cookies\[email protected][2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
D:\Documents and Settings\Trey\Cookies\trey@questionmarket[2].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
D:\Documents and Settings\Trey\Cookies\trey@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
D:\Documents and Settings\Trey\Cookies\[email protected][2].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
D:\Documents and Settings\Trey\Cookies\trey@centrport[2].txt -> Spyware.Cookie.Centrport : Cleaned with backup
D:\Documents and Settings\Trey\Cookies\trey@serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
D:\Documents and Settings\Trey\Cookies\trey@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
D:\Documents and Settings\Trey\Cookies\[email protected][1].txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
D:\Documents and Settings\Trey\Cookies\trey@bluestreak[1].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
D:\Documents and Settings\Trey\Cookies\trey@statcounter[2].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
D:\Documents and Settings\Trey\Cookies\[email protected][2].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
D:\Documents and Settings\Trey\Cookies\trey@abetterinternet[2].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
D:\Documents and Settings\Trey\Cookies\trey@targetnet[1].txt -> Spyware.Cookie.Targetnet : Cleaned with backup

::Report End

Here is the HJT

Logfile of HijackThis v1.99.1
Scan saved at 11:33:57 PM, on 8/17/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\System32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\Program Files\ewido\security suite\ewidoctrl.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
D:\Documents and Settings\Trey\Desktop\fix stuff\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.worldofwarcraft.com/
O2 - BHO: (no name) - {00F1D395-4744-40f0-A611-980F61AE2C59} - (no file)
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} (ActiveX Control) - http://www.icannnews.../ST/ActiveX.ocx
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by17fd.bay17....es/MsnPUpld.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido\security suite\ewidoctrl.exe

#15
Rawe

Posted 17 August 2005 - 11:06 PM

Visiting Staff

Member
4,746 posts

Update your AVG and run a complete scan with it.. Remove all it finds if anything.

Run CleanUp! but and reboot--

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):

Click the Free Trial link on the right - next to "SpySweeper for Home Computers" to download the program.
Double-click the file to install it as follows:
- Click "Next", read the agreement, Click "Next"
- Choose "Custom" click "Next".
- Leave the default installation directoy as it is, then click "Next".
- UNcheck "Run SpySweeper at Windows Startup" and "Add Sweep for Spyware to Windows Explorer Context Menu". Click "Next".
- On the following screen you can leave the e-mail address field blank, if you wish. Click "Next".
- Finally, click "Install"
Once the program is installed, it will open.
It will prompt you to update to the latest definitions, click Yes.
Disable SpySweeper Shields
- Click Shields on the left.
- Click Internet Explorer and uncheck all items.
- Click Windows System and uncheck all items.
- Click Startup Programs and uncheck all items.
Once the definitions are installed and shields disabled, click Sweep Now on the left side.
Click the Start button.
When it's done scanning, click the Next button.
Make sure everything has a check next to it, then click the Next button.
It will remove all of the items found.
Click Session Log in the upper right corner, copy everything in that window.
Click the Summary tab and click Finish.
Paste the contents of the session log you copied into your next reply.