Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

about:blank;Trek Blue Error Nuker [RESOLVED]

Started by nates2k , Aug 17 2005 10:38 AM

This topic is locked

#1
nates2k

Posted 17 August 2005 - 10:38 AM

New Member

Member
4 posts

I have followed your you must read this post to no avail. Please help me remove these items. Here are my logs from both HijackThis, and Ewido. Alot of thanks upfront.

Nate

about:blank
trek blue error nuker

Logfile of HijackThis v1.99.1
Scan saved at 11:28:50 AM, on 8/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINNT\System32\wltrysvc.exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\system32\wscntfy.exe
C:\WINNT\System32\bcmwltry.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Channel 13 First Alert Weather Wizard\TrueWeather.exe
C:\DOCUME~1\STEVER~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\idwed.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\idwed.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\idwed.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\idwed.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\idwed.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\idwed.dll/sp.html#37049
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {CAB91F49-1795-46EF-8F3E-BA3991BA7D51} - C:\WINNT\d3df32.dll
O2 - BHO: Class - {DD628CAC-5521-53A0-B511-FD483C169D76} - C:\WINNT\system32\ipkv32.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Channel 13 First Alert Weather Wizard.lnk = C:\Program Files\Common Files\Channel 13 First Alert Weather Wizard\TrueWeather.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04047354-D353-11D2-B3EB-0060B03C5581} - https://dealerconnec...ugin/hpBrSn.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab34120.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup.../bridge-c18.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/...dy.cab32846.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab32846.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1110831134640
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft....ayx_vp3_mp3.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/...ol.cab36107.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/...xy.cab35645.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v6.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINNT\System32\wltrysvc.exe

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 11:13:42 AM, 8/17/2005
+ Report-Checksum: 5F8ADA2B

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{7E562404-C395-FEAE-9587-21D1288BA8BF} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{CC44E07F-082C-7D47-DCF3-83E7E2E38EAB} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D33A173B-427D-4405-D32C-0441257CC0CE} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F61C6A80-6232-DD79-A5DA-0C16D4A99041} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SE -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SW -> Spyware.CoolWebSearch : Cleaned with backup
C:\Documents and Settings\Steve Richey\Application Data\Earthlink\6.0\[email protected]\Cookies\steve richey@-1shz2prbmdj6wvny-1sez2pra2dj6wfkoapcjckow-1dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Steve Richey\Application Data\Earthlink\6.0\[email protected]\Cookies\steve [email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Steve Richey\Application Data\Earthlink\6.0\[email protected]\Cookies\steve richey@abetterinternet[1].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\Steve Richey\Application Data\Earthlink\6.0\[email protected]\Cookies\steve [email protected][2].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Steve Richey\Application Data\Earthlink\6.0\[email protected]\Cookies\steve richey@specificpop[1].txt -> Spyware.Cookie.Specificpop : Cleaned with backup
C:\Documents and Settings\Steve Richey\Application Data\Earthlink\6.0\[email protected]\Cookies\steve [email protected][1].txt -> Spyware.Cookie.X10 : Cleaned with backup
C:\Documents and Settings\Steve Richey\Application Data\Earthlink\6.0\[email protected]\Cookies\steve richey@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkiwoc5cfowsdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Steve Richey\Application Data\Earthlink\6.0\[email protected]\Cookies\steve richey@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkocjd5whqqsdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Steve Richey\Application Data\Earthlink\6.0\[email protected]\Cookies\steve richey@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkyuodjwkowmdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Steve Richey\Application Data\Earthlink\6.0\[email protected]\Cookies\steve richey@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4eocjkcpwydj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Steve Richey\Application Data\Earthlink\6.0\[email protected]\Cookies\steve richey@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4eodzecpaudj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Steve Richey\Application Data\Earthlink\6.0\[email protected]\Cookies\steve richey@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4ogajaepasdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Steve Richey\Application Data\Earthlink\6.0\[email protected]\Cookies\steve richey@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4ogcjokogsdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Steve Richey\Application Data\Earthlink\6.0\[email protected]\Cookies\steve richey@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4ondzehqqwdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Steve Richey\Application Data\Earthlink\6.0\[email protected]\Cookies\steve richey@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkocjd5keowidj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Steve Richey\Application Data\Earthlink\6.0\[email protected]\Cookies\steve richey@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkocnd5clpqidj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Steve Richey\Application Data\Earthlink\6.0\[email protected]\Cookies\steve richey@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkooocpaepqudj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Steve Richey\Application Data\Earthlink\6.0\[email protected]\Cookies\steve richey@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkygmazogoqydj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Steve Richey\Application Data\Earthlink\6.0\[email protected]\Cookies\steve richey@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkyooazodpgwdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Steve Richey\Application Data\Earthlink\6.0\[email protected]\Cookies\steve richey@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkywgczkdog2dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Steve Richey\Application Data\Earthlink\6.0\[email protected]\Cookies\steve richey@y-1shz2prbmdj6wvny-1sez2pra2dj6wjl4qmdzwcpwsdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Steve Richey\Application Data\Earthlink\6.0\[email protected]\Cookies\steve richey@y-1shz2prbmdj6wvny-1sez2pra2dj6wjl4wjd5ehpg2dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Steve Richey\Application Data\Earthlink\6.0\[email protected]\Cookies\steve richey@y-1shz2prbmdj6wvny-1sez2pra2dj6wjliaodzgcogwdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Steve Richey\Application Data\Earthlink\6.0\[email protected]\Cookies\steve richey@y-1shz2prbmdj6wvny-1sez2pra2dj6wjloejdpkkogydj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Steve Richey\Application Data\Earthlink\6.0\[email protected]\Cookies\steve richey@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlosjcziaogidj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Steve Richey\Application Data\Earthlink\6.0\[email protected]\Cookies\steve richey@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlosjczwaqqmdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Steve Richey\Application Data\Earthlink\6.0\[email protected]\Cookies\steve richey@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlouodzkaoa6dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Steve Richey\Application Data\Earthlink\6.0\[email protected]\Cookies\steve richey@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlyalajcepwwdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Steve Richey\Application Data\Earthlink\6.0\[email protected]\Cookies\steve richey@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlyeiajakpqydj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Steve Richey\Application Data\Earthlink\6.0\[email protected]\Cookies\steve richey@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlyghdzagoqidj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Steve Richey\Application Data\Earthlink\6.0\[email protected]\Cookies\steve richey@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlyqmcpgdpgqdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Steve Richey\Application Data\Earthlink\6.0\[email protected]\Cookies\steve richey@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyciczekpgqdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Steve Richey\Application Data\Earthlink\6.0\[email protected]\Cookies\steve richey@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyelcjihpamdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Steve Richey\Application Data\Earthlink\6.0\[email protected]\Cookies\steve richey@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyogazgloqmdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Steve Richey\Application Data\Earthlink\6.0\[email protected]\Cookies\steve richey@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyojdzokqqmdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Steve Richey\Application Data\Earthlink\6.0\[email protected]\Cookies\steve richey@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnysicpagowwdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Steve Richey\Application Data\Earthlink\6.0\[email protected]\Cookies\steve richey@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyskdjkgpq2dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Steve Richey\Application Data\Earthlink\6.0\[email protected]\Cookies\steve richey@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnywjcpefoqydj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Steve Richey\Cookies\steve richey@statcounter[2].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP431\A0040687.exe -> Trojan.Small.ev : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP432\A0040691.pif:dponyy -> Spyware.SearchPage : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP432\A0040691.pif:etiin -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP432\A0040691.pif:jseat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP432\A0040691.pif:mlqkm -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP432\A0040691.pif:qujrc -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP432\A0040691.pif:rrmvz -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP432\A0040691.pif:xtzmh -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP432\A0040691.pif:ymuet -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP433\A0040721.pif:dponyy -> Spyware.SearchPage : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP433\A0040721.pif:etiin -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP433\A0040721.pif:fliwlj -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP433\A0040721.pif:hbcwzr -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP433\A0040721.pif:jseat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP433\A0040721.pif:kftfq -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP433\A0040721.pif:mlqkm -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP433\A0040721.pif:oonpac -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP433\A0040721.pif:qujrc -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP433\A0040721.pif:rrmvz -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP433\A0040721.pif:trzsx -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP433\A0040721.pif:xtzmh -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP433\A0040721.pif:ymuet -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP433\A0040721.pif:zcubb -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP433\A0040727.pif:dponyy -> Spyware.SearchPage : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP433\A0040727.pif:etiin -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP433\A0040727.pif:fliwlj -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP433\A0040727.pif:hbcwzr -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP433\A0040727.pif:jseat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP433\A0040727.pif:kftfq -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP433\A0040727.pif:lcsci -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP433\A0040727.pif:mlqkm -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP433\A0040727.pif:oonpac -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP433\A0040727.pif:qujrc -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP433\A0040727.pif:rrmvz -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP433\A0040727.pif:trzsx -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP433\A0040727.pif:xtzmh -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP433\A0040727.pif:ymuet -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP433\A0040727.pif:zcubb -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP434\A0040732.pif:aeard -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP434\A0040732.pif:dponyy -> Spyware.SearchPage : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP434\A0040732.pif:etiin -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP434\A0040732.pif:fliwlj -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP434\A0040732.pif:gospx -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP434\A0040732.pif:hbcwzr -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP434\A0040732.pif:hyllv -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP434\A0040732.pif:jseat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP434\A0040732.pif:jxyxaq -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP434\A0040732.pif:kftfq -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP434\A0040732.pif:lcsci -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP434\A0040732.pif:mlqkm -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP434\A0040732.pif:oamuw -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP434\A0040732.pif:oohcv -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP434\A0040732.pif:oonpac -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP434\A0040732.pif:qujrc -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP434\A0040732.pif:rrmvz -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP434\A0040732.pif:trzsx -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP434\A0040732.pif:xtzmh -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP434\A0040732.pif:ymuet -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP434\A0040732.pif:zcubb -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP434\A0040732.pif:ztybq -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040755.pif:aeard -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040755.pif:dponyy -> Spyware.SearchPage : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040755.pif:etiin -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040755.pif:fliwlj -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040755.pif:gospx -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040755.pif:hbcwzr -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040755.pif:hngnbw -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040755.pif:hyllv -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040755.pif:jbtsf -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040755.pif:jseat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040755.pif:jxyxaq -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040755.pif:kftfq -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040755.pif:kzugn -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040755.pif:lcsci -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040755.pif:mlqkm -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040755.pif:mngbf -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040755.pif:ndvum -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040755.pif:oamuw -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040755.pif:oohcv -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040755.pif:ooisz -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040755.pif:oonpac -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040755.pif:oskyns -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040755.pif:qjizq -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040755.pif:qujrc -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040755.pif:rrmvz -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040755.pif:sfxpt -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040755.pif:trzsx -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040755.pif:uzsxr -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040755.pif:xtzmh -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040755.pif:ymuet -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040755.pif:zcubb -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040755.pif:zoqsdg -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040755.pif:ztvije -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040755.pif:ztybq -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040764.old:ulkux -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040765.prx:gbwus -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040773.pif:aeard -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040773.pif:aqprm -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040773.pif:bdowt -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040773.pif:bdpkv -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040773.pif:byektq -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040773.pif:cjyvl -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040773.pif:coloc -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040773.pif:dbcjj -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040773.pif:dkekq -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040773.pif:dponyy -> Spyware.SearchPage : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040773.pif:dpungq -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040773.pif:dqkqu -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040773.pif:dzhli -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040773.pif:elsau -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040773.pif:epqmv -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040773.pif:eqwhq -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040773.pif:etiin -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040773.pif:ewpfu -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040773.pif:exedz -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040773.pif:fliwlj -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040773.pif:gefrz -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040773.pif:gospx -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040773.pif:gqvqj -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040773.pif:hbcwzr -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040773.pif:hngnbw -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040773.pif:hyllv -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040773.pif:iylwq -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040773.pif:iyuls -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040773.pif:jbtsf -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040773.pif:jseat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040773.pif:jxyxaq -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040773.pif:kbozu -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040773.pif:kftfq -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040773.pif:klyav -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040773.pif:kzugn -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040773.pif:lcsci -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040773.pif:ldkjn -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040773.pif:mlqkm -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040773.pif:mngbf -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040773.pif:ndvum -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040773.pif:nehbk -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040773.pif:nljdx -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040773.pif:oamuw -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040773.pif:oohcv -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040773.pif:ooisz -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040773.pif:oonpac -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040773.pif:oskyns -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040773.pif:oypul -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040773.pif:pgvqbk -> Spyware.SearchPage : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040773.pif:qjizq -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040773.pif:qujrc -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040773.pif:qzfre -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040773.pif:rlbwta -> Spyware.SearchPage : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040773.pif:rrksb -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040773.pif:rrmvz -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040776.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040782.pif:aeard -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040782.pif:aqprm -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040782.pif:bdowt -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040782.pif:bdpkv -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040782.pif:byektq -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040782.pif:cjyvl -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040782.pif:coloc -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040782.pif:dbcjj -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040782.pif:dkekq -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040782.pif:dponyy -> Spyware.SearchPage : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040782.pif:dpungq -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040782.pif:dqkqu -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040782.pif:dzhli -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040782.pif:elsau -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040782.pif:epqmv -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040782.pif:eqwhq -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040782.pif:etiin -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040782.pif:ewpfu -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040782.pif:exedz -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040782.pif:fliwlj -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040782.pif:gefrz -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040782.pif:gospx -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040782.pif:gqvqj -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040782.pif:hbcwzr -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040782.pif:hngnbw -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040782.pif:hyllv -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040782.pif:iylwq -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040782.pif:iyuls -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040782.pif:jbtsf -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040782.pif:jseat -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040782.pif:jxyxaq -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040782.pif:kbozu -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040782.pif:kftfq -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040782.pif:klyav -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040782.pif:kzugn -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040782.pif:lcsci -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040782.pif:ldkjn -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040782.pif:mlqkm -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040782.pif:mngbf -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040782.pif:ndvum -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040782.pif:nehbk -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040782.pif:nljdx -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040782.pif:oamuw -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040782.pif:oohcv -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040782.pif:ooisz -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040782.pif:oonpac -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040782.pif:oskyns -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040782.pif:oypul -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040782.pif:pgvqbk -> Spyware.SearchPage : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040782.pif:qjizq -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040782.pif:qujrc -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040782.pif:qzfre -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040782.pif:rlbwta -> Spyware.SearchPage : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040782.pif:rrksb -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP436\A0040782.pif:rrmvz -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP437\A0040790.pif:aeard -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP437\A0040790.pif:aqprm -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP437\A0040790.pif:bdowt -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP437\A0040790.pif:bdpkv -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP437\A0040790.pif:bidik -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP437\A0040790.pif:byektq -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP437\A0040790.pif:cjyvl -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP437\A0040790.pif:coloc -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP437\A0040790.pif:dbcjj -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP437\A0040790.pif:dkekq -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP437\A0040790.pif:dponyy -> Spyware.SearchPage : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP437\A0040790.pif:dpungq -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP437\A0040790.pif:dqkqu -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP437\A0040790.pif:dzhli -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP437\A0040790.pif:elsau -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP437\A0040790.pif:epqmv -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP437\A0040790.pif:eqwhq -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP437\A0040790.pif:etiin -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP437\A0040790.pif:ewpfu -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP437\A0040790.pif:exedz -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP437\A0040790.pif:fliwlj -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP437\A0040790.pif:fxmvw -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP437\A0040790.pif:gefrz -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP437\A0040790.pif:gospx -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP437\A0040790.pif:gqvqj -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP437\A0040790.pif:hbcwzr -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{657CAD57-1780-47DF-A227-8D19F3156604}\RP437\A0040790.pif:hngnbw -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_re

#2
Rawe

Posted 17 August 2005 - 10:42 AM

Visiting Staff

Member
4,746 posts

Hello and welcome!!

Please print these instructions out, or write them down, as you can't read them during the fix.

You have a nasty CoolWebSearch infection. First we will need to download a few tools that will help us in the removal of your problem.

Download about:buster by RubbeRDuckY Here.
Download CWShredder Here.
Download SpSeHjfix Here.
Download and install CleanUp! Here

Save all of these files somewhere you will remember like to the Desktop.

Unzip SpSeHjfix to its own folder (ie c:\SpSeHjfix)

Run the CleanUp! installer. You dont need to do anything with it right now.

Update About:Buster

Unzip the contents of AboutBuster.zip and an AboutBuster directory will be created.
Navigate to the AboutBuster directory and double-click on AboutBuster.exe.
Click "OK" at the prompt with instructions.
Click "Update" and then "Check For Update" to begin the update process.
If any updates exist please download them by clicking "Download Update" then click the X to close that window.
Now close About:Buster

Update CWShredder

Open CWShredder and click I AGREE
Click Check For Update
Close CWShredder

Boot into Safe Mode:
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Please run about:buster by RubbeRDuckY:

Click Start and then OK to allow AboutBuster to scan for Alternate Data Streams.
Click Yes to allow it to shutdown explorer.exe.
It will begin to check your computer for malicious files. If it asks if you would like to do a second pass, allow it to do so.
When it has finished, click Save Log. Make sure you save it as I may need a copy of it later.
Reboot your computer into safe mode again

Run about:buster again following the same instructions as above, this time without the restart at the end

Now run CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about.

Now run SpSeHjfix. A log will be saved in the same folder that you put the exe into. Please post the results of that log in your next reply.

Now run the CleanUp program:

*IMPORTANT NOTE*
CleanUp deletes EVERYTHING out of your temp/temporary folders, it does not make backups.
If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp

Running CleanUp

Start CleanUp by double-clicking the icon on your desktop (or from the Start > All Programs menu).
When CleanUp starts go to the Options button (right side of CleanUp screen)
Move the arrow down to "Custom CleanUp!"
Now place a checkmark next to the following (Make sure nothing else is checked!):
- Delete Cookies
  This is optional, if you leave the box checked it will remove all of your cookies, at this point removing cookies is a good idea
- Empty Recycle Bins
- Delete Prefetch files
- Cleanup! All Users
Click OK
Then click on the CleanUp button. This will take a short while, let it do its thing.
When asked to reboot system select No
Close CleanUp

Now reboot.

After all that, please post back with how things went as well as the logs requested and a new HiJackThis log.

- Rawe :tazz:

#3
nates2k

Posted 17 August 2005 - 03:43 PM

New Member

Topic Starter
Member
4 posts

Thanks for your quick response. I did everything you asked, and it seemed to work well. I no longer have the about:blank homepage. Here are the logs you requested.

Logfile of HijackThis v1.99.1
Scan saved at 4:39:16 PM, on 8/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\hkcmd.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Common Files\Channel 13 First Alert Weather Wizard\TrueWeather.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINNT\System32\wltrysvc.exe
C:\WINNT\System32\bcmwltry.exe
C:\WINNT\system32\wscntfy.exe
C:\DOCUME~1\STEVER~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Channel 13 First Alert Weather Wizard.lnk = C:\Program Files\Common Files\Channel 13 First Alert Weather Wizard\TrueWeather.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04047354-D353-11D2-B3EB-0060B03C5581} - https://dealerconnec...ugin/hpBrSn.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab34120.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup.../bridge-c18.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/...dy.cab32846.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab32846.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1110831134640
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft....ayx_vp3_mp3.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/...ol.cab36107.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/...xy.cab35645.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v6.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINNT\System32\wltrysvc.exe

AboutBuster 5.0 reference file 31
Scan started on [8/17/2005] at [1:32:37 PM]
------------------------------------------------
Removed Stream! C:\WINNT\acktf.dat:klntlq
Removed Stream! C:\WINNT\bsexi.dat:unqehl
Removed Stream! C:\WINNT\ckxhg.dat:vfbftj
Removed Stream! C:\WINNT\cmsetacl.log:noirbn
Removed Stream! C:\WINNT\DtcInstall.log:eitpms
Removed Stream! C:\WINNT\Greenstone.bmp:pbfajf
Removed Stream! C:\WINNT\iis6.log:hskytl
Removed Stream! C:\WINNT\KB810217.log:smvqqy
Removed Stream! C:\WINNT\KB823182.log:kmowki
Removed Stream! C:\WINNT\KB839643-DirectX9.log:goqzcp
Removed Stream! C:\WINNT\KB873333.log:qpbryc
Removed Stream! C:\WINNT\KB890859.log:fvinzg
Removed Stream! C:\WINNT\KB893066.log:zjgqju
Removed Stream! C:\WINNT\KB893756.log:qolgvb
Removed Stream! C:\WINNT\KB896358.log:klrafp
Removed Stream! C:\WINNT\KB898458.log:smfhgd
Removed Stream! C:\WINNT\KB899587.log:auzkqp
Removed Stream! C:\WINNT\MF_C425.lfa:vpbffa
Removed Stream! C:\WINNT\Q323255.log:jhifh
Removed Stream! C:\WINNT\Q810020.log:hfyomv
Removed Stream! C:\WINNT\Q811630.log:mqoux
Removed Stream! C:\WINNT\Q816982.log:pkreu
Removed Stream! C:\WINNT\regopt.log:qhlfch
Removed Stream! C:\WINNT\setupapi.log:taoqqc
Removed Stream! C:\WINNT\Soap Bubbles.bmp:omvkt
Removed Stream! C:\WINNT\Sti_Trace.log:djmisy
Removed Stream! C:\WINNT\updspapi.log:gkpbol
Removed Stream! C:\WINNT\updspapi.log:ssaxlq
Removed Stream! C:\WINNT\wiadebug.log:ipashy
Removed Stream! C:\WINNT\wiadebug.log:panjij
Removed Stream! C:\WINNT\wininit.ini:lqdlvl
Removed Stream! C:\WINNT\wininit.ini:ompbey
Removed Stream! C:\WINNT\wmsetup.log:awwah
Removed Stream! C:\WINNT\WMSysPr9.prx:insphb
Removed Stream! C:\WINNT\xpsp1hfm.log:lezaln
Removed Stream! C:\WINNT\yacs.log:lxatv
Removed Stream! C:\WINNT\_default.pif:gyzfz
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 1:33:09 PM

AboutBuster 5.0 reference file 31
Scan started on [8/17/2005] at [1:34:03 PM]
------------------------------------------------
Removed Stream! C:\WINNT\Q811630.log:sybyii
Removed Stream! C:\WINNT\_default.pif:kowzdo
Removed Stream! C:\WINNT\_default.pif:ojyycd
Removed Stream! C:\WINNT\_default.pif:pgvqbk
Removed Stream! C:\WINNT\_default.pif:rlbwta
Removed Stream! C:\WINNT\_default.pif:scfhvm
Removed Stream! C:\WINNT\_default.pif:upwzz
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 1:34:03 PM

AboutBuster 5.0 reference file 31
Scan started on [8/17/2005] at [1:36:23 PM]
------------------------------------------------
Removed Stream! C:\WINNT\_default.pif:wgclza
Removed Stream! C:\WINNT\_default.pif:wxitz
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 1:36:47 PM

(8/17/05 1:20:00 PM) SPSeHjFix started v1.1.2
(8/17/05 1:20:00 PM) OS: WinXP Service Pack 2 (5.1.2600)
(8/17/05 1:20:00 PM) Language: english
(8/17/05 1:20:00 PM) Win-Path: C:\WINNT
(8/17/05 1:20:00 PM) System-Path: C:\WINNT\system32
(8/17/05 1:20:00 PM) Temp-Path: C:\DOCUME~1\STEVER~1\LOCALS~1\Temp\

(8/17/05 1:37:52 PM) SPSeHjFix started v1.1.2
(8/17/05 1:37:52 PM) OS: WinXP Service Pack 2 (5.1.2600)
(8/17/05 1:37:52 PM) Language: english
(8/17/05 1:37:52 PM) Win-Path: C:\WINNT
(8/17/05 1:37:52 PM) System-Path: C:\WINNT\system32
(8/17/05 1:37:52 PM) Temp-Path: C:\DOCUME~1\STEVER~1\LOCALS~1\Temp\
(8/17/05 1:37:54 PM) Disinfection started
(8/17/05 1:37:54 PM) Bad-Dll(IEP): (not found)
(8/17/05 1:37:54 PM) Bad-Dll(IEP) in BHO: (not found)
(8/17/05 1:37:54 PM) UBF: 7 - UBB: 0 - UBR: 7
(8/17/05 1:37:54 PM) UBF: 7 - UBB: 0 - UBR: 7
(8/17/05 1:37:54 PM) Bad IE-pages:
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Bar:
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Page:
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Bar:
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Page:
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Default_Page_URL: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Default_Search_URL:
(8/17/05 1:37:54 PM) Stealth-String not found
(8/17/05 1:37:54 PM) Not infected->END

(8/17/05 1:40:44 PM) SPSeHjFix started v1.1.2
(8/17/05 1:40:44 PM) OS: WinXP Service Pack 2 (5.1.2600)
(8/17/05 1:40:44 PM) Language: english
(8/17/05 1:40:44 PM) Win-Path: C:\WINNT
(8/17/05 1:40:44 PM) System-Path: C:\WINNT\system32
(8/17/05 1:40:44 PM) Temp-Path: C:\DOCUME~1\STEVER~1\LOCALS~1\Temp\
(8/17/05 1:40:46 PM) Disinfection started
(8/17/05 1:40:46 PM) Bad-Dll(IEP): (not found)
(8/17/05 1:40:46 PM) Bad-Dll(IEP) in BHO: (not found)
(8/17/05 1:40:46 PM) UBF: 7 - UBB: 0 - UBR: 7
(8/17/05 1:40:46 PM) UBF: 7 - UBB: 0 - UBR: 7
(8/17/05 1:40:46 PM) Bad IE-pages: (none)
(8/17/05 1:40:46 PM) Stealth-String not found
(8/17/05 1:40:46 PM) Not infected->END

#4
Rawe

Posted 17 August 2005 - 11:10 PM

Visiting Staff

Member
4,746 posts

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):

Click the Free Trial link on the right - next to "SpySweeper for Home Computers" to download the program.
Double-click the file to install it as follows:
- Click "Next", read the agreement, Click "Next"
- Choose "Custom" click "Next".
- Leave the default installation directoy as it is, then click "Next".
- UNcheck "Run SpySweeper at Windows Startup" and "Add Sweep for Spyware to Windows Explorer Context Menu". Click "Next".
- On the following screen you can leave the e-mail address field blank, if you wish. Click "Next".
- Finally, click "Install"
Once the program is installed, it will open.
It will prompt you to update to the latest definitions, click Yes.
Disable SpySweeper Shields
- Click Shields on the left.
- Click Internet Explorer and uncheck all items.
- Click Windows System and uncheck all items.
- Click Startup Programs and uncheck all items.
Once the definitions are installed and shields disabled, click Sweep Now on the left side.
Click the Start button.
When it's done scanning, click the Next button.
Make sure everything has a check next to it, then click the Next button.
It will remove all of the items found.
Click Session Log in the upper right corner, copy everything in that window.
Click the Summary tab and click Finish.
Paste the contents of the session log you copied into your next reply.

- Rawe

#5
nates2k

Posted 18 August 2005 - 10:59 AM

New Member

Topic Starter
Member
4 posts

Here you go

********
10:54 AM: |··· Start of Session, Thursday, August 18, 2005 ···|
10:54 AM: Spy Sweeper started
10:54 AM: Sweep initiated using definitions version 519
10:54 AM: Starting Memory Sweep
10:58 AM: Memory Sweep Complete, Elapsed Time: 00:04:14
10:58 AM: Starting Registry Sweep
10:59 AM: Found Adware: cws_ns3
10:59 AM: HKCR\clsid\{676575dd-4d46-911d-8037-9b10d6ee8bb5}\ (ID = 118649)
10:59 AM: HKLM\software\classes\clsid\{676575dd-4d46-911d-8037-9b10d6ee8bb5}\ (ID = 120496)
10:59 AM: Found Adware: winad
10:59 AM: HKLM\software\microsoft\code store database\distribution units\{15ad6789-cdb4-47e1-a9da-992ee8e6bad6}\ (10 subtraces) (ID = 147185)
10:59 AM: HKLM\software\media gateway\ (8 subtraces) (ID = 359545)
10:59 AM: HKLM\software\microsoft\windows\currentversion\run\ || media gateway (ID = 359546)
10:59 AM: HKCR\mediagatewayx.installer\ (3 subtraces) (ID = 372857)
10:59 AM: HKCR\mediagatewayx.installer\clsid\ (1 subtraces) (ID = 372859)
10:59 AM: HKLM\software\classes\mediagatewayx.installer\ (3 subtraces) (ID = 398902)
10:59 AM: HKLM\software\classes\mediagatewayx.installer\clsid\ (1 subtraces) (ID = 398904)
10:59 AM: Registry Sweep Complete, Elapsed Time:00:00:34
10:59 AM: Starting Cookie Sweep
10:59 AM: Found Spy Cookie: 2o7.net cookie
10:59 AM: steve richey@2o7[1].txt (ID = 1957)
10:59 AM: Found Spy Cookie: yieldmanager cookie
10:59 AM: steve [email protected][1].txt (ID = 3751)
10:59 AM: Found Spy Cookie: adknowledge cookie
10:59 AM: steve richey@adknowledge[1].txt (ID = 2072)
10:59 AM: Found Spy Cookie: adlegend cookie
10:59 AM: steve richey@adlegend[1].txt (ID = 2074)
10:59 AM: Found Spy Cookie: belnk cookie
10:59 AM: steve [email protected][1].txt (ID = 2293)
10:59 AM: steve richey@belnk[2].txt (ID = 2292)
10:59 AM: steve [email protected][1].txt (ID = 2293)
10:59 AM: Found Spy Cookie: paycounter cookie
10:59 AM: steve richey@paycounter[1].txt (ID = 3115)
10:59 AM: Found Spy Cookie: questionmarket cookie
10:59 AM: steve richey@questionmarket[1].txt (ID = 3217)
10:59 AM: Found Spy Cookie: statcounter cookie
10:59 AM: steve richey@statcounter[1].txt (ID = 3447)
10:59 AM: Found Spy Cookie: tradedoubler cookie
10:59 AM: steve richey@tradedoubler[1].txt (ID = 3575)
10:59 AM: Found Spy Cookie: tribalfusion cookie
10:59 AM: steve richey@tribalfusion[1].txt (ID = 3589)
10:59 AM: Cookie Sweep Complete, Elapsed Time: 00:00:01
10:59 AM: Starting File Sweep
11:00 AM: Found Adware: cws-aboutblank
11:00 AM: idwed.dll (ID = 54882)
11:04 AM: Found Adware: coolwebsearch (cws)
11:04 AM: dc3.url (ID = 54454)
11:04 AM: dc2.url (ID = 54373)
11:04 AM: dc4.url (ID = 54472)
11:04 AM: File Sweep Complete, Elapsed Time: 00:05:15
11:04 AM: Full Sweep has completed. Elapsed time 00:10:15
11:04 AM: Traces Found: 51
11:10 AM: Removal process initiated
11:11 AM: Quarantining All Traces: cws_ns3
11:11 AM: Quarantining All Traces: winad
11:11 AM: Quarantining All Traces: 2o7.net cookie
11:11 AM: Quarantining All Traces: yieldmanager cookie
11:11 AM: Quarantining All Traces: adknowledge cookie
11:11 AM: Quarantining All Traces: adlegend cookie
11:11 AM: Quarantining All Traces: belnk cookie
11:11 AM: Quarantining All Traces: paycounter cookie
11:11 AM: Quarantining All Traces: questionmarket cookie
11:11 AM: Quarantining All Traces: statcounter cookie
11:11 AM: Quarantining All Traces: tradedoubler cookie
11:11 AM: Quarantining All Traces: tribalfusion cookie
11:11 AM: Quarantining All Traces: cws-aboutblank
11:11 AM: Quarantining All Traces: coolwebsearch (cws)
11:11 AM: Removal process completed. Elapsed time 00:00:27
********
10:53 AM: |··· Start of Session, Thursday, August 18, 2005 ···|
10:53 AM: Spy Sweeper started
10:54 AM: |··· End of Session, Thursday, August 18, 2005 ···|

#6
Rawe

Posted 18 August 2005 - 11:59 AM

Visiting Staff

Member
4,746 posts

Can you then post a fresh HiJackThis log please :tazz:

#7
nates2k

Posted 18 August 2005 - 12:44 PM

New Member

Topic Starter
Member
4 posts

Logfile of HijackThis v1.99.1
Scan saved at 1:43:45 PM, on 8/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\hkcmd.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Common Files\Channel 13 First Alert Weather Wizard\TrueWeather.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINNT\system32\wdfmgr.exe
C:\WINNT\System32\wltrysvc.exe
C:\WINNT\System32\bcmwltry.exe
C:\WINNT\system32\wscntfy.exe
C:\WINNT\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\DOCUME~1\STEVER~1\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Channel 13 First Alert Weather Wizard.lnk = C:\Program Files\Common Files\Channel 13 First Alert Weather Wizard\TrueWeather.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04047354-D353-11D2-B3EB-0060B03C5581} - https://dealerconnec...ugin/hpBrSn.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab34120.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/...dy.cab32846.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab32846.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1110831134640
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft....ayx_vp3_mp3.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/...ol.cab36107.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/...xy.cab35645.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v6.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINNT\System32\wltrysvc.exe

#8
Rawe

Posted 18 August 2005 - 12:46 PM

Visiting Staff

Member
4,746 posts

Great job it appears your logfile is clean :tazz:

Let's clear out your restore points now.

Disable System Restore;

1. Click Start > Programs > Accessories > Windows Explorer
2. Right-click My Computer, and then click Properties.
3. Click the System Restore tab.
4. Check the "Turn off System Restore"
5. Click Apply. An message shows up.
6. Click "Yes" to do this.
7. Confirm with "Ok".

Reboot.

Enable System Restore;

1. Click Start.
2. Right-click My Computer, and then click Properties.
3. Click the System Restore tab.
4. Uncheck the "Turn off System Restore" check box.
5. Click Apply, and then click "OK".

System Restore will now be active again.

Be sure to set a new restore point, and if you need additional help with that, here's a link; http://filext.com/in...thread.php?t=27

Here's some tips for future to prevent spyware;

Detect and Remove Programs:

How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.

Prevention Programs:

Spywareblaster <= SpywareBlaster will prevent spyware from being installed. (My favourite)
Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
Google Toolbar <= Get the free google toolbar to help stop pop up windows.

Other necessary Programs:

AntiVirus Program <= An AntiVirus program is a must! Whether it is a free version like AVG or Anti-Vir, or a shareware version like Norton or Kaspersky, this is a must have.
Firewall <= A firewall is definatley a must have. Two good free versions are Sygate and ZoneLabs.
More Secure Browser <= Internet Explorer is not the most secure and best browser. There are safer and better alternatives available. I recommend Firefox.

And also see TonyKlein's good advice;
So how did I get infected in the first place? (My favourite)

Visit;
http://www.windowsupdate.com to install all available critical updates.. After that, reboot.

- Rawe

If you want to learn how to help people with malware problems like I helped you, feel free to take a look at this thread; http://www.geekstogo...here-t4817.html

#9
Rawe

Posted 02 September 2005 - 08:05 AM

Visiting Staff

Member
4,746 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.