Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

About Blank, and all kinds of popups [RESOLVED]

Started by paint , Aug 28 2005 12:21 PM

This topic is locked

#1
paint

Posted 28 August 2005 - 12:21 PM

Member

Member
12 posts

Hi Folks,
I have my friends computer here and it has all kinds of popups
and adware, I have run aawsepersonal, CWShredder, ewido, spybotsd
TrojanHunter and been to trendmicro.

We are still having all kinds of issues with his computer, could someone please
look at this HJT log I am also posting the ewido log.

Thank you for any help you can give.

paint

HJT log :

Logfile of HijackThis v1.99.1
Scan saved at 2:06:48 PM, on 8/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\hphmon03.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Verizon Online\bin\mpbtn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\aldtu.dll/sp.html#22776
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\aldtu.dll/sp.html#22776
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\aldtu.dll/sp.html#22776
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch...spx?tb_id=50141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\aldtu.dll/sp.html#22776
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\aldtu.dll/sp.html#22776
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\aldtu.dll/sp.html#22776
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://aim.aol.com/r....adp?distID=199
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll (file missing)
O2 - BHO: (no name) - {A0F0E2D2-FBEE-BE6A-FC88-3650DC964D83} - C:\WINDOWS\system32\sdktc32.dll
O2 - BHO: (no name) - {D80FEE7E-3C7D-09E2-1B51-507D9B474CAE} - C:\WINDOWS\system32\mshk32.dll
O3 - Toolbar: &WebSearch Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll (file missing)
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [romahere] C:\WINDOWS\System32\matrixhere.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Forget Me Not.lnk = C:\Program Files\create a card\AG CreataCard\AGRemind.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {E6EB803E-DD89-11D3-80C4-0050DA2E09D0} (LightSurfUploadCtl Class) - http://picturecenter...loadControl.cab
O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\Toolbar\toolbar.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Network Security Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\ipxz32.exe (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe

-----------------------------------------------------------------------------------------------

ewido log:

ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 1:54:08 PM, 8/28/2005
+ Report-Checksum: E1A2957F

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{077B6257-5FF2-99E2-4271-626F5736BD18} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1BFC89A8-D9C3-8D1D-EA87-3F18E8BE3BA4} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2C4E6D22-B71F-491F-AAD3-B6972A650D50} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{310CC549-4541-46A9-940F-52B342A6E682} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{339BB23F-A864-48C0-A59F-29EA915965EC} -> Spyware.HuntBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{36672DD6-0E2A-B9F7-1ADF-58AE711BE2D3} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3C690BC2-7682-8F6C-CC10-E64826571544} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{5589D9AB-A0F2-680A-D323-258D1B13015E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{602C9652-36AF-DEC5-DE23-DB34295B6BA5} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{69357D4E-BF4D-4651-91E9-52ECD45A0128} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6E21F428-5617-47F7-AED8-B2E1D8FBA711} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{708BE496-E202-497B-BC31-9CF47E3BF8D6} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7A987646-F4B5-D9FC-CC46-E95A1713F3B5} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{87766247-311C-43B4-8499-3D5FEC94A183} -> Spyware.HuntBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8952A998-1E7E-4716-B23D-3DBE03910972} -> Spyware.HuntBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8B0FA130-0C3D-4CB1-AEB7-2C29DA5509A3} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8C63D038-2323-A079-1DD0-E7F346EF140E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{94BE0630-302D-D47B-F234-E1E9592B1AE6} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9A65FF84-5F62-35FE-18D6-0C43F27B7AEB} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9CD671F4-EDF9-74CB-0600-1C50A9A949DB} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A8DEB4A5-D9EF-4D21-B4F6-921475004E7D} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B2561711-375A-C5C2-DBF9-4F87C6CDEC0E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BA5E5B3E-BB1D-2938-3E93-1C81F766E7AB} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BBF122A7-8A4D-45B5-9E00-0F68BC87C904} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{CAE0999F-78C5-49DC-9F30-13142AAAABA4} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E65FC41A-89B3-21B7-1EB6-E92DA3645370} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E9AE91ED-230B-9C13-63C1-9B2A676E905B} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{EFC71F6E-8006-6787-AAD0-B50964B31181} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FF76A5DA-6158-4439-99FF-EDC1B3FE100C} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\Common.Buttons -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{234F09FB-FE89-4C6D-9203-31832FC051C3} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{365B9A54-E613-46E5-9DB1-4F91A9DE80BD} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{618BE527-B7F5-417C-BC51-98FDC2D6DE61} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{66C22569-F05C-4A70-A142-763B337E1002} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{7B8BD940-B1EF-460C-85A2-9ACAAF7F9303} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{99AA88D1-D9D3-410A-BE9E-044F94C183DA} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C380566D-F343-42AB-987B-6B38A1A35747} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{D1951679-1D52-43FC-9585-0737143585F5} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{F273D4EA-2025-4410-8408-251A0CD46BE7} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\tpro -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res\toolbar.ResProtocol -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res\WToolsB.ResProtocol -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TBPS.PluginConfig -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TBPS.PluginConfig\Clsid -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TBPS.PluginDown -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TBPS.PluginDown\Clsid -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TBPS.PluginDownAdd -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TBPS.PluginDownAdd\Clsid -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TBPS.PluginEvents -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TBPS.PluginEvents\Clsid -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TBPS.PluginInst -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TBPS.PluginInst\Clsid -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TBPS.PluginServer -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TBPS.PluginServer\Clsid -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TBPS.ToolbarScript -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TBPS.ToolbarScript\Clsid -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\toolbar.ResProtocol -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\toolbar.ResProtocol\Clsid -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{37AC49E3-E906-4BD8-AE83-D0F7FB48FD17} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{8992B6CA-B8C9-4AED-BF89-0A17F6296A06} -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{B23B3ADD-84B1-414A-92B9-0CABE5A781F4} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\WToolsB.ResProtocol -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\WToolsB.ResProtocol\Clsid -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{87766247-311C-43B4-8499-3D5FEC94A183} -> Spyware.HuntBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8952A998-1E7E-4716-B23D-3DBE03910972} -> Spyware.HuntBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\STO -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SE -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SW -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TTOOL_UNINSTALL -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinTools -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\toolbar -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\toolbar\Install -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\WinTools -> Spyware.WebSearch : Cleaned with backup
HKU\.DEFAULT\Software\toolbar -> Spyware.WebSearch : Cleaned with backup
HKU\S-1-5-21-1445276385-3802400216-3657561249-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2E9CAFF6-30C7-4208-8807-E79D4EC6F806} -> Spyware.SubmitHook : Cleaned with backup
HKU\S-1-5-21-1445276385-3802400216-3657561249-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{339BB23F-A864-48C0-A59F-29EA915965EC} -> Spyware.HuntBar : Cleaned with backup
HKU\S-1-5-21-1445276385-3802400216-3657561249-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E21F428-5617-47F7-AED8-B2E1D8FBA711} -> Spyware.IBIS : Cleaned with backup
HKU\S-1-5-21-1445276385-3802400216-3657561249-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{87766247-311C-43B4-8499-3D5FEC94A183} -> Spyware.HuntBar : Cleaned with backup
HKU\S-1-5-21-1445276385-3802400216-3657561249-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8952A998-1E7E-4716-B23D-3DBE03910972} -> Spyware.HuntBar : Cleaned with backup
HKU\S-1-5-21-1445276385-3802400216-3657561249-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8B0FA130-0C3D-4CB1-AEB7-2C29DA5509A3} -> Spyware.IBIS : Cleaned with backup
HKU\S-1-5-21-1445276385-3802400216-3657561249-1007\Software\toolbar -> Spyware.WebSearch : Cleaned with backup
HKU\S-1-5-21-1445276385-3802400216-3657561249-1007\Software\toolbar\UrlSearchHooks -> Spyware.WebSearch : Cleaned with backup
HKU\S-1-5-21-1445276385-3802400216-3657561249-1007\Software\WinTools -> Spyware.WebSearch : Cleaned with backup
HKU\S-1-5-21-1445276385-3802400216-3657561249-1007\Software\WinTools\URLSearchHooks -> Spyware.WebSearch : Cleaned with backup
HKU\S-1-5-21-1445276385-3802400216-3657561249-1007\Software\{12EE7A5E-0674-42f9-A76B-000000004D00} -> Spyware.BrowserAid : Cleaned with backup
HKU\S-1-5-18\Software\toolbar -> Spyware.WebSearch : Cleaned with backup
[1840] C:\WINDOWS\system32\E6F1873B.DLL -> TrojanDownloader.Braidupdate.d : Error during cleaning
[1848] C:\WINDOWS\system32\D0CE0C16B1.dll -> Spyware.Hijacker.Generic : Error during cleaning
C:\Documents and Settings\Jeff\Local Settings\Temporary Internet Files\Content.IE5\O7Q9ATUV\newmajorse2[1].cab/newmajorse2.txt -> Spyware.WebSearch : Cleaned with backup
C:\Documents and Settings\Jeff\Local Settings\Temporary Internet Files\Content.IE5\O7Q9ATUV\Toolbar3[1].cab/IExploreSkins.exe -> Spyware.WebSearch : Cleaned with backup
C:\Documents and Settings\Michele\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0F.dat/files\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Spyware.Wheaterbug : Cleaned with backup
C:\Program Files\Common Files\WinTools\WToolsA.exe -> Spyware.Wintol : Cleaned with backup
C:\Program Files\Screensavers.com\Installer\bin\ScreensaversInst.dll -> Spyware.Comet : Cleaned with backup
C:\Program Files\Toolbar\gykhxlmu.rmr -> Spyware.IBIS : Cleaned with backup
C:\Program Files\Toolbar\nzqlihv.wzg -> Spyware.WebSearch : Cleaned with backup
C:\Program Files\Toolbar\xlmurin.wzg -> Spyware.IBIS : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP173\A0073182.ini:kbnar -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP173\A0074016.ini:kbnar -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP173\A0074018.dll:vstpz -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP173\A0074019.ini:zupnq -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP173\A0074020.exe -> Spyware.WebSearch : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP173\A0074048.ini:kbnar -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP173\A0074050.dll:vstpz -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP173\A0074051.ini:zupnq -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP173\A0074052.exe -> Spyware.WebSearch : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP173\A0074072.ini:kbnar -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP173\A0074077.dll:vstpz -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP173\A0074078.ini:zupnq -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP173\A0074079.exe -> Spyware.WebSearch : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP173\A0074144.ini:kbnar -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP173\A0074146.dll:vstpz -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP173\A0074147.ini:zupnq -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP173\A0074148.exe -> Spyware.WebSearch : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP173\A0074182.ini:kbnar -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP173\A0074184.dll:vstpz -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP173\A0074185.ini:zupnq -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP173\A0074186.exe -> Spyware.WebSearch : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP173\A0074225.ini:kbnar -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP173\A0074227.dll:vstpz -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP173\A0074228.ini:zupnq -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP173\A0074229.exe -> Spyware.WebSearch : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP174\A0074264.dll:vstpz -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP174\A0074265.ini:zupnq -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP174\A0074268.ini:kbnar -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP174\A0075225.ini:kbnar -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP174\A0075227.dll:vstpz -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP174\A0075228.ini:zupnq -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP174\A0075229.exe -> Spyware.WebSearch : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP174\A0075253.dll -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP174\A0075265.dll -> Spyware.WebSearch : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP174\A0075271.ini:zupnq -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP174\A0075272.exe -> Spyware.WebSearch : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP174\A0075308.PIF:nlqph -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP174\A0075309.dll -> Spyware.SearchPage : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP175\A0075314.ini:zupnq -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP181\A0076269.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP181\A0076271.ini:zupnq -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP181\A0076274.exe -> Spyware.WebSearch : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP182\A0076310.ini:zupnq -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP182\A0076342.dll -> Spyware.WebSearch : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP182\A0076353.exe -> Spyware.WebSearch : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP182\A0076380.ini:zupnq -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP182\A0076401.ini:zupnq -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP182\A0076402.exe -> Spyware.WebSearch : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP182\A0076430.PIF:epiapr -> Spyware.SearchPage : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP182\A0076430.PIF:nlqph -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP183\A0076458.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP183\A0076460.ini:zupnq -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP183\A0076463.exe -> Spyware.WebSearch : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP183\A0076497.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP183\A0076499.ini:zupnq -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP183\A0076500.exe -> Spyware.WebSearch : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP183\A0076527.PIF:epiapr -> Spyware.SearchPage : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP183\A0076527.PIF:lnnpkg -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP183\A0076527.PIF:nlqph -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP183\A0076527.PIF:wgqahs -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP183\A0076543.ini:zupnq -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP183\A0076544.exe -> Spyware.WebSearch : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP183\A0076552.PIF:epiapr -> Spyware.SearchPage : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP183\A0076552.PIF:lnnpkg -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP183\A0076552.PIF:nlqph -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP183\A0076552.PIF:wgqahs -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP183\A0076605.dll -> Spyware.WebSearch : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP183\A0076610.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP183\A0076612.ini:zupnq -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP183\A0076616.exe -> Spyware.WebSearch : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP183\A0076626.PIF:epiapr -> Spyware.SearchPage : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP183\A0076626.PIF:lnnpkg -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP183\A0076626.PIF:nlqph -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP183\A0076626.PIF:wgqahs -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP183\A0076634.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP183\A0076636.ini:zupnq -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP183\A0076639.exe -> Spyware.WebSearch : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP183\A0076650.PIF:epiapr -> Spyware.SearchPage : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP183\A0076650.PIF:hjwrjg -> Spyware.SearchPage : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP183\A0076650.PIF:lnnpkg -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP183\A0076650.PIF:nlqph -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP183\A0076650.PIF:wgqahs -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP183\A0076675.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP183\A0076677.ini:zupnq -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP183\A0076681.exe -> Spyware.WebSearch : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP184\A0076717.ini:zupnq -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP184\A0076736.ini:zupnq -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP184\A0076737.exe -> Spyware.WebSearch : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP184\A0076777.dll -> Spyware.WebSearch : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP184\A0076783.ini:zupnq -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP184\A0076784.exe -> Spyware.WebSearch : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP184\A0076797.PIF:epiapr -> Spyware.SearchPage : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP184\A0076797.PIF:hjwrjg -> Spyware.SearchPage : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP184\A0076797.PIF:lnnpkg -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP184\A0076797.PIF:nintpj -> Spyware.SearchPage : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP184\A0076797.PIF:nlqph -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP184\A0076797.PIF:wgqahs -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP185\A0076815.ini:zupnq -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP185\A0076829.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP185\A0076831.ini:zupnq -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP185\A0076833.exe -> Spyware.WebSearch : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP185\A0076853.exe -> Spyware.WebSearch : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP185\A0076854.ini:zupnq -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP186\A0076954.ini:zupnq -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP186\A0076972.ini:zupnq -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP186\A0076973.exe -> Spyware.WebSearch : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP186\A0076997.PIF:avlyhl -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP186\A0076997.PIF:epiapr -> Spyware.SearchPage : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP186\A0076997.PIF:hjwrjg -> Spyware.SearchPage : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP186\A0076997.PIF:lnnpkg -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP186\A0076997.PIF:nintpj -> Spyware.SearchPage : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP186\A0076997.PIF:nlqph -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP186\A0076997.PIF:wgqahs -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP186\A0076997.PIF:wyzczs -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP187\A0077302.ini:zupnq -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP187\A0077969.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP187\A0077971.ini:zupnq -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP187\A0077975.exe -> Spyware.WebSearch : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP187\A0078006.ini:zupnq -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP187\A0078009.exe -> Spyware.WebSearch : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP188\A0078043.ini:zupnq -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP189\A0079006.ini:zupnq -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP189\A0079007.exe -> Spyware.WebSearch : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP190\A0079047.ini:zupnq -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP190\A0079049.exe -> Spyware.WebSearch : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP192\A0080047.exe -> Spyware.WebSearch : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP192\A0080048.ini:zupnq -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP193\A0080113.ini:zupnq -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP193\A0081047.ini:zupnq -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP193\A0081049.exe -> Spyware.WebSearch : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP193\A0082046.dll -> Spyware.WebSearch : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP193\A0082052.ini:zupnq -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP193\A0082053.exe -> Spyware.WebSearch : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP193\A0083052.ini:zupnq -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP193\A0083053.exe -> Spyware.WebSearch : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP193\A0083092.INI:mnjhyu -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP194\A0083141.ini:zupnq -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP194\A0084051.exe -> Spyware.WebSearch : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP194\A0084053.ini:zupnq -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP194\A0084099.ini:zupnq -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP194\A0084100.exe -> Spyware.WebSearch : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP194\A0084134.ini:zupnq -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP194\A0084135.exe -> Spyware.WebSearch : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP194\A0084171.ini:zupnq -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP194\A0084172.exe -> Spyware.WebSearch : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP195\A0084211.ini:zupnq -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP200\A0085171.exe -> Spyware.WebSearch : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP200\A0085172.ini:zupnq -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP200\A0085263.INI:mnjhyu -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP200\A0085279.ini:zupnq -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP200\A0085280.exe -> Spyware.WebSearch : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP200\A0085310.INI:mnjhyu -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP200\A0085322.exe -> Spyware.WebSearch : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP200\A0085323.ini:zupnq -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP200\A0086322.ini:zupnq -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP200\A0086323.exe -> Spyware.WebSearch : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP201\A0086357.ini:zupnq -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP206\A0087322.ini:zupnq -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP206\A0087323.exe -> Spyware.WebSearch : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP206\A0087356.INI:mnjhyu -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP206\A0087368.ini:zupnq -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP206\A0087369.exe -> Spyware.WebSearch : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP207\A0087388.ini:zupnq -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP207\A0087403.ini:zupnq -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP207\A0087404.exe -> Spyware.WebSearch : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP207\A0087416.INI:mnjhyu -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP207\A0087449.exe -> Spyware.Wintol : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP207\A0087454.exe -> Spyware.WebSearch : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP207\A0087457.exe -> Spyware.Wintol : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP207\A0087469.ini:zupnq -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP207\A0088270.exe -> Spyware.WebSearch : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP207\A0088271.exe -> Spyware.Wintol : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP207\A0088272.ini:zupnq -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP207\A0088303.dll -> Spyware.WildTangent : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP207\A0088316.dll -> Spyware.WildTangent : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP207\A0088326.dll -> Spyware.WildTangent : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP207\A0088340.dll -> Spyware.WildTangent : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP207\A0088431.exe -> Spyware.WebSearch : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP207\A0088438.exe -> Spyware.Wintol : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP207\A0088445.exe -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP207\A0088448.dll -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP207\A0088449.dll -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP207\A0088450.dll -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP207\A0088453.ini:zupnq -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP207\A0088462.exe -> Spyware.Wintol : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP207\A0088705.ini:zupnq -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP207\A0088716.PIF:avlyhl -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP207\A0088716.PIF:cbvmyd -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP207\A0088716.PIF:epiapr -> Spyware.SearchPage : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP207\A0088716.PIF:fvrkoa -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP207\A0088716.PIF:hjwrjg -> Spyware.SearchPage : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP207\A0088716.PIF:lnnpkg -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP207\A0088716.PIF:nintpj -> Spyware.SearchPage : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP207\A0088716.PIF:nlqph -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP207\A0088716.PIF:wgqahs -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP207\A0088716.PIF:wyzczs -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP207\A0088725.exe -> Spyware.Wintol : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP207\A0088727.exe -> Spyware.CometCursor : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP207\A0088732.dll -> Spyware.Comet : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP207\A0088733.dll -> Spyware.CometCursor : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP207\A0088734.dll -> Spyware.Comet : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP207\A0088737.dll -> Spyware.CometCursor : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP207\A0088738.dll -> Spyware.CometCursor : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP207\A0088741.dll -> Spyware.Comet : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP207\A0088742.dll -> Spyware.Comet : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP207\A0088754.dll -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP207\A0088761.exe -> Not-A-Virus.Pornware.Downloader.Tibsystems.a : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP207\A0088763.exe -> Not-A-Virus.Pornware.Downloader.Tibsystems.a : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP207\A0088859.exe -> Spyware.Wintol : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP207\A0088863.PIF:avlyhl -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP207\A0088863.PIF:cbvmyd -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP207\A0088863.PIF:epiapr -> Spyware.SearchPage : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP207\A0088863.PIF:fvrkoa -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP207\A0088863.PIF:gxmbaz -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP207\A0088863.PIF:hjwrjg -> Spyware.SearchPage : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP207\A0088863.PIF:lnnpkg -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP207\A0088863.PIF:nintpj -> Spyware.SearchPage : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP207\A0088863.PIF:nlqph -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP207\A0088863.PIF:oxuoyo -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP207\A0088863.PIF:ryxhuj -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP207\A0088863.PIF:wgqahs -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP207\A0088863.PIF:wyzczs -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP207\A0088863.PIF:ykaeeo -> Spyware.SearchPage : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP207\A0088864.ini:zupnq -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP208\A0088989.exe -> Spyware.Wintol : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP208\A0089050.ini:zupnq -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP208\A0089056.dll -> TrojanDownloader.Braidupdate.d : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP208\A0089064.exe -> Trojan.Krepper.p : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP208\A0089065.exe -> TrojanDownloader.Nex.b : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP208\A0089066.dll -> TrojanDownloader.Wintrim.be : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP208\A0089067.dll -> TrojanDownloader.Wintrim.be : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP208\A0089068.dll -> TrojanDownloader.Wintrim.be : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP208\A0089069.dll -> TrojanDownloader.Wintrim.be : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP208\A0089071.dll -> TrojanDownloader.Wintrim.be : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP208\A0089072.dll -> TrojanDownloader.Wintrim.be : C

#2
Trevuren

Posted 28 August 2005 - 12:56 PM

Old Dog

Retired Staff
18,699 posts

Hi pgb and welcome to the Geeks to Go Forums.

My name is Trevuren and I will be helping you with your log.

1. Go to Geeks to Go
. Click on My Controls at the top right hand corner of the window. (make sure you have signed in first)
. In the left hand column, click "View Topics"
. If you click on the title of your post, you will be taken there

2. Also, while at the My Controls page, check the box to the right of your post and then scroll down.
.Where it says "unsubscribe" click the pull-down menu and select "immediate email notification"

3. Your system is infected with a variant of the About:Blank infection.

First we must STOP, and Disable a bad Added Service
- Click Start>Run and type in: services.msc
- Click OK
- In the Services window find: Network Security Service
- Select/highlight and right click the entry, and choose: Properties
- On the General tab, under Service Status click the Stop button
- Beside: Startup Type, in the drop menu, select: Disabled
- Click Apply, then OK
Download CWShredder
Click check for updates. Do not use it yet.
Download Aboutbuster 5
Unzip the file to its own folder (C:\AB) Do not use it yet.
Download: HomeSearchfix. Unzip it to your desktop. Do not use it yet.
Download Killbox
Choose save as to your desktop. Unzip the file. Do not use it yet.

Take care: some files can be hidden, so first go to start > control panel > folder options > view (tab) > mark “show hidden files en extensions >OK

Please print out these directions for in safe mode you will have to be disconnected from the internet. You should entirely disconnect (UNPLUG) from the internet!!!
Reboot your system intosafe mode for all OS
Close all windows and open HijackThis.
- Click "scan only” in the main window
- Put a checkmark beside the following entries and click “FIX checked”.
  
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\aldtu.dll/sp.html#22776
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\aldtu.dll/sp.html#22776
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\aldtu.dll/sp.html#22776
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch...spx?tb_id=50141
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\aldtu.dll/sp.html#22776
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\aldtu.dll/sp.html#22776
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\aldtu.dll/sp.html#22776
  R3 - Default URLSearchHook is missing
  O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll (file missing)
  O2 - BHO: (no name) - {A0F0E2D2-FBEE-BE6A-FC88-3650DC964D83} - C:\WINDOWS\system32\sdktc32.dll
  O2 - BHO: (no name) - {D80FEE7E-3C7D-09E2-1B51-507D9B474CAE} - C:\WINDOWS\system32\mshk32.dll
  O3 - Toolbar: &WebSearch Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll (file missing)
  O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
  O4 - HKLM\..\Run: [romahere] C:\WINDOWS\System32\matrixhere.exe
  O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C
  O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
  O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
  O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\Toolbar\toolbar.dll (file missing)
  O23 - Service: Network Security Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\ipxz32.exe (file missing)
Run CWShredder and choose FIX
Start AboutBuster and press START, and then OK. The program will start scanning.
Doubleclick HomeSearchfix.reg to merge the info to the registry. You will be prompted to accept the merge, answer YES.
Start Killbox
- Place a checkmark next to [x] Delete On Reboot.
- Highlight the following list and Copy it (Ctrl+C) to the windows clipboard.
  
  C:\Program Files\Viewpointe
  C:\WINDOWS\aldtu.dll
  C:\PROGRA~1\Toolbar
  C:\WINDOWS\system32\sdktc32.dll
  C:\WINDOWS\system32\mshk32.dll
  C:\WINDOWS\System32\matrixhere.exe
  E6F1873B.DLL
  D0CE0C16B1
  C:\WINDOWS\system32\ipxz32.exe
- Back in Killbox, go > file > paste from clipboard,
- Click the red highlighted X button and click yes to the prompt when all the files have been pasted.
- Then click OK
- Exit Killbox and Reboot your PC.
After the reboot, Start AboutBuster AGAIN and scan AGAIN.
Clean temporary files:
- Go > start > run and type cleanmgr and OK
- Scan your system for files to remove.
- Make sure Temporary Files, Temporary Internet Files and Recycle Bin are the only things checked.
- Click OK to remove those files.
- Click Yes to confirm deletion.
Reboot your system into normal mode.
Download Ewido scan
- Check for updates.
- Let it do a full run.
- Copy the log. Past it to a blank Notepad file and save it to post here.
Finally, run HijackThis, click SCAN, produce a LOG and POST it and the EWIDOscan log in this thread for review.

Regards,

Trevuren

#3
paint

Posted 28 August 2005 - 07:49 PM

Member

Topic Starter
Member
12 posts

Hello Trevuren,
And thank for your help, here is my new HJT log as well as my new ewido log.

Once again thank you very much for your help.

paint

HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 9:43:59 PM, on 8/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\hphmon03.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Verizon Online\bin\mpbtn.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\aldtu.dll/sp.html#22776
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\aldtu.dll/sp.html#22776
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch...spx?tb_id=50141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://aim.aol.com/r....adp?distID=199
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Forget Me Not.lnk = C:\Program Files\create a card\AG CreataCard\AGRemind.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {E6EB803E-DD89-11D3-80C4-0050DA2E09D0} (LightSurfUploadCtl Class) - http://picturecenter...loadControl.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe

-----------------------------------------------------------------------------------------------

ewido log:

ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 9:42:18 PM, 8/28/2005
+ Report-Checksum: 7F488836

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{2C4E6D22-B71F-491F-AAD3-B6972A650D50} ->

Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{310CC549-4541-46A9-940F-52B342A6E682} ->

Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{676575DD-4D46-911D-8037-9B10D6EE8BB5} ->

Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{69357D4E-BF4D-4651-91E9-52ECD45A0128} ->

Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6E21F428-5617-47F7-AED8-B2E1D8FBA711} ->

Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{708BE496-E202-497B-BC31-9CF47E3BF8D6} ->

Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8B0FA130-0C3D-4CB1-AEB7-2C29DA5509A3} ->

Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BBF122A7-8A4D-45B5-9E00-0F68BC87C904} ->

Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{CAE0999F-78C5-49DC-9F30-13142AAAABA4} ->

Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FF76A5DA-6158-4439-99FF-EDC1B3FE100C} ->

Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\Common.Buttons -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{234F09FB-FE89-4C6D-9203-31832FC051C3} ->

Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{365B9A54-E613-46E5-9DB1-4F91A9DE80BD} ->

Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{618BE527-B7F5-417C-BC51-98FDC2D6DE61} ->

Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{66C22569-F05C-4A70-A142-763B337E1002} ->

Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{7B8BD940-B1EF-460C-85A2-9ACAAF7F9303} ->

Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{99AA88D1-D9D3-410A-BE9E-044F94C183DA} ->

Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C380566D-F343-42AB-987B-6B38A1A35747} ->

Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{D1951679-1D52-43FC-9585-0737143585F5} ->

Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{F273D4EA-2025-4410-8408-251A0CD46BE7} ->

Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\tpro -> Spyware.IBIS : Cleaned with

backup
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Spyware.WebSearch :

Cleaned with backup
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res\toolbar.ResProtocol ->

Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TBPS.PluginConfig -> Spyware.WebSearch : Cleaned with

backup
HKLM\SOFTWARE\Classes\TBPS.PluginConfig\Clsid -> Spyware.WebSearch : Cleaned

with backup
HKLM\SOFTWARE\Classes\TBPS.PluginDown -> Spyware.WebSearch : Cleaned with

backup
HKLM\SOFTWARE\Classes\TBPS.PluginDown\Clsid -> Spyware.WebSearch : Cleaned with

backup
HKLM\SOFTWARE\Classes\TBPS.PluginDownAdd -> Spyware.WebSearch : Cleaned with

backup
HKLM\SOFTWARE\Classes\TBPS.PluginDownAdd\Clsid -> Spyware.WebSearch : Cleaned

with backup
HKLM\SOFTWARE\Classes\TBPS.PluginEvents -> Spyware.WebSearch : Cleaned with

backup
HKLM\SOFTWARE\Classes\TBPS.PluginEvents\Clsid -> Spyware.WebSearch : Cleaned

with backup
HKLM\SOFTWARE\Classes\TBPS.PluginInst -> Spyware.WebSearch : Cleaned with

backup
HKLM\SOFTWARE\Classes\TBPS.PluginInst\Clsid -> Spyware.WebSearch : Cleaned with

backup
HKLM\SOFTWARE\Classes\TBPS.PluginServer -> Spyware.WebSearch : Cleaned with

backup
HKLM\SOFTWARE\Classes\TBPS.PluginServer\Clsid -> Spyware.WebSearch : Cleaned

with backup
HKLM\SOFTWARE\Classes\TBPS.ToolbarScript -> Spyware.WebSearch : Cleaned with

backup
HKLM\SOFTWARE\Classes\TBPS.ToolbarScript\Clsid -> Spyware.WebSearch : Cleaned

with backup
HKLM\SOFTWARE\Classes\toolbar.ResProtocol -> Spyware.WebSearch : Cleaned with

backup
HKLM\SOFTWARE\Classes\toolbar.ResProtocol\Clsid -> Spyware.WebSearch : Cleaned

with backup
HKLM\SOFTWARE\Classes\TypeLib\{37AC49E3-E906-4BD8-AE83-D0F7FB48FD17} ->

Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{B23B3ADD-84B1-414A-92B9-0CABE5A781F4} ->

Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\STO ->

Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TTOOL_UNINSTALL ->

Spyware.WebSearch : Cleaned with backup

HKU\S-1-5-21-1445276385-3802400216-3657561249-1007\Software\Microsoft\Windows\CurrentVe

rsion\Ext\Stats\{339BB23F-A864-48C0-A59F-29EA915965EC} -> Spyware.HuntBar : Cleaned

with backup

HKU\S-1-5-21-1445276385-3802400216-3657561249-1007\Software\Microsoft\Windows\CurrentVe

rsion\Ext\Stats\{8952A998-1E7E-4716-B23D-3DBE03910972} -> Spyware.HuntBar : Cleaned

with backup
HKU\S-1-5-21-1445276385-3802400216-3657561249-1007\Software\Toolbar ->

Spyware.WebSearch : Cleaned with backup
C:\System Volume

Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP208\A0089120.dll.tcf ->

Spyware.Wheaterbug : Cleaned with backup
C:\System Volume

Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP208\A0089121.exe ->

Spyware.Wintol : Cleaned with backup
C:\System Volume

Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP208\A0089122.dll ->

Spyware.Comet : Cleaned with backup
C:\System Volume

Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP208\A0089123.ini:sghql ->

TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume

Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP208\A0089130.exe ->

Trojan.Agent.bi : Cleaned with backup
C:\System Volume

Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP208\A0089135.ini:zvpdsz ->

Trojan.Agent.bi : Cleaned with backup
C:\System Volume

Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP208\A0089139.exe:ocjnc ->

TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume

Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP208\A0089139.exe:sqpyb ->

TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume

Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP208\A0089164.exe ->

Trojan.Agent.bi : Cleaned with backup
C:\System Volume

Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP208\A0089170.exe ->

Trojan.Agent.bi : Cleaned with backup
C:\System Volume

Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP208\A0089175.INI:mnjhyu ->

Trojan.Agent.bi : Cleaned with backup
C:\System Volume

Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP208\A0089190.isu:uypkk ->

TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume

Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP208\A0089191.OLD:ccoxx ->

TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume

Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP208\A0089192.dll:yhzem ->

TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume

Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP208\A0089196.old:rnbly ->

TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume

Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP208\A0089197.ini:zwpzm ->

TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume

Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP208\A0089200.exe ->

Trojan.Agent.bi : Cleaned with backup
C:\System Volume

Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP208\A0089201.exe ->

Trojan.Regger.d : Cleaned with backup
C:\System Volume

Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP208\A0089212.exe ->

Trojan.Agent.bi : Cleaned with backup
C:\System Volume

Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP208\A0089219.exe ->

Trojan.Agent.bi : Cleaned with backup
C:\System Volume

Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP208\A0089246.exe ->

Trojan.Agent.bi : Cleaned with backup
C:\System Volume

Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP208\A0089262.exe ->

Trojan.Agent.bi : Cleaned with backup
C:\System Volume

Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP208\A0089263.exe ->

Spyware.PurityScan : Cleaned with backup
C:\System Volume

Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP208\A0089264.EXE:ljzmy ->

TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume

Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP208\A0089264.EXE:ojotzt ->

TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume

Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP208\A0089265.exe:gkygte ->

TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume

Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP208\A0089266.exe:bmwwb ->

TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume

Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP208\A0089266.exe:rnmyc ->

TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume

Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP208\A0089271.prx:qteumj ->

Trojan.Agent.bi : Cleaned with backup
C:\System Volume

Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP208\A0089273.INI:yrwbo ->

TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume

Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP208\A0089274.PIF:avlyhl ->

Trojan.Agent.bi : Cleaned with backup
C:\System Volume

Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP208\A0089274.PIF:cbvmyd ->

Trojan.Agent.bi : Cleaned with backup
C:\System Volume

Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP208\A0089274.PIF:epiapr ->

Spyware.SearchPage : Cleaned with backup
C:\System Volume

Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP208\A0089274.PIF:fvrkoa ->

TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume

Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP208\A0089274.PIF:gxmbaz ->

TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume

Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP208\A0089274.PIF:hjwrjg ->

Spyware.SearchPage : Cleaned with backup
C:\System Volume

Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP208\A0089274.PIF:lnnpkg ->

Trojan.Agent.bi : Cleaned with backup
C:\System Volume

Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP208\A0089274.PIF:nintpj ->

Spyware.SearchPage : Cleaned with backup
C:\System Volume

Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP208\A0089274.PIF:nlqph ->

TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume

Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP208\A0089274.PIF:oxuoyo ->

Trojan.Agent.bi : Cleaned with backup
C:\System Volume

Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP208\A0089274.PIF:qodpxk ->

Spyware.SearchPage : Cleaned with backup
C:\System Volume

Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP208\A0089274.PIF:qpzbbz ->

TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume

Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP208\A0089274.PIF:ryxhuj ->

Trojan.Agent.bi : Cleaned with backup
C:\System Volume

Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP208\A0089274.PIF:utacjm ->

Trojan.Agent.bi : Cleaned with backup
C:\System Volume

Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP208\A0089274.PIF:wgqahs ->

TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume

Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP208\A0089274.PIF:wyzczs ->

TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume

Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP208\A0089274.PIF:xvwazj ->

TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume

Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP208\A0089274.PIF:ykaeeo ->

Spyware.SearchPage : Cleaned with backup
C:\System Volume

Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP208\A0089274.PIF:yphwgo ->

Trojan.Agent.bi : Cleaned with backup
C:\System Volume

Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP208\A0089283.exe ->

Spyware.WebSearch : Cleaned with backup
C:\System Volume

Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP208\A0089286.exe ->

Spyware.WebSearch : Cleaned with backup
C:\System Volume

Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP208\A0089288.dll ->

Spyware.Hijacker.Generic : Cleaned with backup

#4
Trevuren

Posted 28 August 2005 - 09:07 PM

Old Dog

Retired Staff
18,699 posts

Please print out these instructions or save them to your desktop as a text file with Notepad because we will be restarting into Safe Mode later on in the fix and you might not be able to access the Internet.

Prepare CWShredder for use:
- Download CWShredder.
- Save CWShredder.exe to a convenient location.
- Please do not do anything with it yet.
Prepare AboutBuster for use:
- Download AboutBuster.
- Unzip the contents of AboutBuster.zip and an AboutBuster directory will be created.
- Navigate to the AboutBuster directory and double-click on AboutBuster.exe.
- Click "OK" at the prompt with instructions.
- Click "Update" and then "Check For Update" to begin the update process.
- If any updates exist please download them by clicking "Download Update".
- You should not run the program yet so click "Exit".

Boot into Safe Mode:
Restart your computer and immediately begin tapping the F8 key on your keyboard.
If done right a Windows Advanced Options menu will appear. Select the Safe Mode option and press Enter.
To return to normal mode just restart your computer as you normally would.

Run CWShredder:
- Double-click on CWShredder.exe.
- Click "Fix ->" and click "OK" at the prompt.
- CWShredder will scan and clean your system of CWS files.
- Click "Next->" and then "Exit".
Run AboutBuster and save the logs:
- Browse to where you saved AboutBuster and run AboutBuster.exe.
- Click "OK" at the directions Read: Important! prompt.
- Click "Start" and then "OK" to allow AboutBuster to scan for Alternate Data Streams.
- Click "Yes" at the About:Buster prompt to allow it to shutdown explorer.exe.
- Please wait while AboutBuster scans your computer for malicious files. If it asks if you would like to do a second pass, allow it to do so.
- When it has finished, click "Save Log...". Make sure you save it as I will need a copy of it.
- Click "Exit" and "Exit" again to exit AboutBuster.
Clean out temporary files:
- Start | Run | type cleanmgr | OK
- Let it scan your system for files to remove.
- Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
- Click "OK" to remove them.
- Click "Yes" to confirm the deletion.
Restart your computer normally to return to normal mode.
Free TrendMicro Housecall scan:
- Vist the TrendMicro Housecall website.
- Select your country from the drop-down list and click "Go".
- Choose "Yes" at the ActiveX Security Warning prompt.
- Please wait while the Housecall engine is updated.
- Select the drives to be scanned by placing a check in their respective boxes.
- Check the "Auto Clean" box.
- Click "SCAN" in order to begin scanning your system.
- Please be patient while Housecall scans your system for malicious files.
- If not auto-cleaned, remove anything it finds.
- Click "Close" to exit the Housecall scanner.
- Choose "Yes" at the HouseCall message prompt.
Prepare your reply:
- Please post a fresh HijackThis log
- Please post the AboutBuster log.
- Please note any complications you had.

Regards,

Trevuren

#5
paint

Posted 29 August 2005 - 06:41 PM

Member

Topic Starter
Member
12 posts

Hello Trevuren,
And thank for your help, here is my new HJT log as well as my AbouBuster log.

Once again thank you very much for your help.

paint

HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 8:37:32 PM, on 8/29/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\System32\hphmon03.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\aldtu.dll/sp.html#22776
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\aldtu.dll/sp.html#22776
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch...spx?tb_id=50141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://aim.aol.com/r....adp?distID=199
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {E6EB803E-DD89-11D3-80C4-0050DA2E09D0} (LightSurfUploadCtl Class) - http://picturecenter...loadControl.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe

-----------------------------------------------------------------------------------------------

AboutBuster log:

AboutBuster 5.0 reference file 31
Scan started on [8/29/2005] at [7:23:48 PM]
------------------------------------------------
No Ads Found!
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 7:24:15 PM

#6
Trevuren

Posted 29 August 2005 - 07:31 PM

Old Dog

Retired Staff
18,699 posts

This one is confusing me. :tazz:

Please save these instructions to a text file in Wordpad or print them out because we will be restarting in Safe Mode and you will have no Internet Connection

Make sure you can view all Hidden Files
Download CWShredder.
Save CWShredder.exe to a convenient location.
Please Do Not Use It Yet.
Download AboutBuster.
Unzip AboutBuster.zip and it will install in it's own folder.
Double-click on AboutBuster.exe and then click 'OK' then 'Update'
Click "Check For Update" and then "Download Update".
Click "Exit"
Please Do Not Use It Yet.

Disconnect From The Internet

Boot into Safe Mode:
Restart your computer and tap F8 repeatedly while booting up and choose Safe Mode at the menu.

In Safe Mode Please Clean with CWShredder

Please Double-click on CWShredder.exe.
Click "Fix ->" and click "OK" at the prompt.
CWShredder will scan and clean your system of CWS files.
Click "Next->" and then "Exit".

In Safe Mode Please Use AboutBuster

Please Double-click on AboutBuster.exe.
Click "OK" then "Start" and then "OK" to allow AboutBuster to scan for all bad files.
Click "Yes" when About Buster asks if you will allow it to shutdown explorer.exe.
Allow AboutBuster to scan for all malicious files.
Repeat the scan if it asks to do another.
After the scan, click "Save Log". Post the log in your next post as it is necessary to make sure all has been cleaned
Then Click "Exit"

This infection often deletes necessary system files.
Reboot your computer back into normal mode so that we can see if any files need to be restored.

This infection deletes the windows file, shell.dll.

If you are using XP,2000, or NT please download shell.dll from here: shell-dll.zip. Once the file is downloaded uncompress the zip file and copy shell.dll to the following locations:
C:\Windows\system32
C:\Windows\system

If you are using Windows 98/ME please download shell.dll from here: shell98-dll.zip. Once the file is downloaded uncompress the zip file and copy shell.dll to the following locations
C:\Windows\system
Download the Hoster from here. Press "Restore Original Hosts" and press "OK". Exit Program. This will restore the original deleted Hosts file.
If you have Spybot S&D installed you will also need to replace one file. Go here: Merijn's Files (sdhelper) and download SDHelper.dll. Copy the file to the folder containing you Spybot S&D program (normally C:\Program Files\Spybot - Search & Destroy). Then click Start > Run > regsvr32 "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" and press the OK button
If you are using Windows 95, 98, or ME it is possible that the malware deleted your control.exe. Please check for the existence of this file by going to to Merijn Files control.exe and examine where the file should be for your operating system. If the file is missing then download the appropriate file and place it in the proper place according to this information.
There are several other files that are not targeted as often as the above, but new copies of them can be downloaded from
Merijn Files

Online Antivirus Scan

Please go to The TrendMicro Housecall website.
Allow it to scan and fix anything that it finds.

Please Clean out temporary files:
Start> Run> then type cleanmgr and click enter
Please put a check mark beside Temporary Files, Temporary Internet Files, and Recycle Bin
Let cleanmgr scan your system and remove the files indicated

Reboot and Post a New HijackThis Log and your About Buster Log in this thread, using Add Reply to see what is left to clean.

Trevuren

#7
paint

Posted 30 August 2005 - 07:51 PM

Member

Topic Starter
Member
12 posts

Hi Trevuren

Here is my new HJT log and AboutBuster log

Thanks for all your help

paint

HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 9:50:44 PM, on 8/30/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\System32\hphmon03.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://aim.aol.com/r....adp?distID=199
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {E6EB803E-DD89-11D3-80C4-0050DA2E09D0} (LightSurfUploadCtl Class) - http://picturecenter...loadControl.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe

AboutBuster log:

AboutBuster 5.0 reference file 31
Scan started on [8/29/2005] at [7:23:48 PM]
------------------------------------------------
No Ads Found!
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 7:24:15 PM

AboutBuster 5.0 reference file 31
Scan started on [8/30/2005] at [8:30:45 PM]
------------------------------------------------
No Ads Found!
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 8:31:10 PM

#8
Trevuren

Posted 30 August 2005 - 08:59 PM

Old Dog

Retired Staff
18,699 posts

It worked like a charm this time. Go figure

Please RUN HijackThis.
. Click the SCAN button to produce a log.
Place a check mark beside each one of the following items:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R3 - Default URLSearchHook is missing
Now with all the items selected, and all windows closed except for HJT, delete them by clicking the FIX checked button. Close the HijackThis window.
Reboot Your System
Finally, RUN Hijackthis again and produce a new HJT log. Post it in the forum so we can check how everything looks now. In addition, please tell me if there are any more malware problems that you are aware of.

Regards,

Trevuren

#9
paint

Posted 31 August 2005 - 05:54 PM

Member

Topic Starter
Member
12 posts

Hi Trevuren,

Here is my new HJT log, and I do not think there are any more malware
problems on the machine as far as I can tell anyways. But the computer
does seem a little slow, maybe its just me.

Thank you for all your help.

paint

Logfile of HijackThis v1.99.1
Scan saved at 7:49:08 PM, on 8/31/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\System32\hphmon03.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://aim.aol.com/r....adp?distID=199
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {E6EB803E-DD89-11D3-80C4-0050DA2E09D0} (LightSurfUploadCtl Class) - http://picturecenter...loadControl.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe

#10
Trevuren

Posted 31 August 2005 - 06:02 PM

Old Dog

Retired Staff
18,699 posts

Your log looks good. If you have no more malware-related problems that you are aware of, just give me the OK and we can start the final but essential cleanup procedures.

Here is a list of hjt items that do not need to start up automatically and be running all of the time. The Microsoft Office one is the worst for consuming system resources.

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

Trevuren

#11
paint

Posted 31 August 2005 - 06:33 PM

Member

Topic Starter
Member
12 posts

You have the OK!

Thanks
paint

PS what should I do about these

Here is a list of hjt items that do not need to start up automatically and be running all of the time. The Microsoft Office one is the worst for consuming system resources.

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

Edited by paint, 31 August 2005 - 06:34 PM.

#12
Trevuren

Posted 31 August 2005 - 06:57 PM

Old Dog

Retired Staff
18,699 posts

Please RUN HijackThis.
. Click the SCAN button to produce a log.
Place a check mark beside each one of the following items:

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
Now with all the items selected, and all windows closed except for HJT, delete them by clicking the FIX checked button. Close the HijackThis window.
Reboot Your System
Finally, RUN Hijackthis again and produce a new HJT log. Post it in the forum so we can check how everything looks now. In addition, please tell me if there are any more malware problems that you are aware of.

Regards,

Trevuren

#13
paint

Posted 31 August 2005 - 07:11 PM

Member

Topic Starter
Member
12 posts

Hi Trevuren,

Everything seems good, I think the malware is gone, here is my new HJT log.

Thank you very much for all your help

paint

HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 9:07:01 PM, on 8/31/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\hphmon03.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\HJT\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://aim.aol.com/r....adp?distID=199
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {E6EB803E-DD89-11D3-80C4-0050DA2E09D0} (LightSurfUploadCtl Class) - http://picturecenter...loadControl.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe

#14
Trevuren

Posted 31 August 2005 - 07:37 PM

Old Dog

Retired Staff
18,699 posts

Congratulations, your log shows that your SYSTEM IS CLEAN

There are a few things you must do once you are completely clean:

1. Re-hide your System Files and Folders to prevent any future accidents.

2. Reset and Re-enable your System Restore to remove bad files from the backup that Windows makes as no program is able to clean those files:

TO DISABLE SYSTEM RESTORE

Right-click "My Computer", and then left click "Properties".
Left click on "System Restore Tab"
Check box beside "Turn Off System Restore"
Left click on "Apply"

TO ENABLE SYSTEM RESTORE

Remove check mark from "Turn Off System Restore"
Click on "Apply"

Here are some tips to reduce the potential for spyware infection in the future:

Make sure you keep your Windows OS current by visiting Windows update
regularly to download and install any critical updates and service packs. With out these you are leaving the backdoor open.

I strongly recommend installing the following applications:

Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.

To protect yourself further:

Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
Google Toolbar <= Get the free google toolbar to help stop pop up windows.

And also see TonyKlein's good advice
So how did I get infected in the first place? (My Favorite)

Regards,

Trevuren

#15
Trevuren

Posted 31 August 2005 - 07:38 PM

Old Dog

Retired Staff
18,699 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.