Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Need help, bit urgent. Thanks... [CLOSED]


  • This topic is locked This topic is locked

#1
qzmicro

qzmicro

    Member

  • Member
  • PipPip
  • 16 posts
This is my hijack log. I have tried to do this myself with hijack this and a hijackthis tutorial guide from MajorGeeks, but to no avail. I need to try and have this computer ready for a customer before he goes on vacation tomorrow. Any help would be greatly appreshiated. I will check this every 10 min or so. Thanks guys.

Qz


Logfile of HijackThis v1.99.1
Scan saved at 11:42:48 AM, on 9/2/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\ProSiteFinder\prositefinder.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ProSiteFinder\prositefinderh.exe
C:\Program Files\ProSiteFinder\ProSiteFinder1\prositefinder1.exe
C:\Program Files\ProSiteFinder\prositefinder.exe
C:\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster...omeLeftPane.htm
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: (no name) - {00000000-0000-430D-A648-E8C8CBA94A19} - C:\Program Files\ProSiteFinder\ProSiteFinder.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - c:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [ProSiteFinder] C:\Program Files\ProSiteFinder\prositefinder.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyside.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

Advertisements


#2
Guse

Guse

    Visiting Staff

  • Member
  • PipPipPip
  • 624 posts
Hello and welcome to Geeks to Go. My name is Guse and I'll be helping you on this one.

Now, you only seem to have 1 major infection that I can see.

Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: (no name) - {00000000-0000-430D-A648-E8C8CBA94A19} - C:\Program Files\ProSiteFinder\ProSiteFinder.dll
O4 - HKLM\..\Run: [ProSiteFinder] C:\Program Files\ProSiteFinder\prositefinder.exe


Click on Fix Checked when finished and exit HijackThis.

Then, reboot into Safe Mode. You can get to safe mode by rebooting your computer and tapping F8 when you hear the beep from your machine.

Go to Add or Remove Programs and uninstall the following program:

ProSiteFinder (or Pro Site Finder, etc.)

*Note, also look for any references to 180Search. If found, uninstall them as well.*

Then, using Windows Explorer, navigate to and delete the following folder:

C:\Program Files\ProSiteFinder\

Reboot into Normal mode.

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Then, reply to this thread with a new HijackThis log and the Kaspersky log.
  • 0

#3
qzmicro

qzmicro

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
I'm on it... been scanning for 30 min now... it should finish soon, and I'll post both logs. Thanks. (However after unistalling proSiteFinder in safe mode and deleting the program files directory, I rebooted in normal mode, and it tried to add itself to the startup menu again. I denied it.)

I'll repost soon.

Qz
  • 0

#4
qzmicro

qzmicro

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Okay, online scan is done. Here is my results.

HijackThis Log:

Logfile of HijackThis v1.99.1
Scan saved at 2:51:28 PM, on 9/2/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster...omeLeftPane.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - c:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyside.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


WebScan Log:

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Friday, September 02, 2005 14:48:41
Operating System: Microsoft Windows XP Professional, Service Pack 1 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 2/09/2005
Kaspersky Anti-Virus database records: 147507
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 103649
Number of viruses found: 48
Number of infected objects: 213
Number of suspicious objects: 0
Duration of the scan process: 5132 sec

Infected Object Name - Virus Name
C:\Documents and Settings\ROMA\Local Settings\Temp\C27D8FEF-D7AE-42c0-82E6-F30598265639.exe Infected: Trojan.Win32.KillFiles.im
C:\Documents and Settings\ROMA\Local Settings\Temporary Internet Files\Content.IE5\G9IZ8DU3\dolphinfree[1].exe/WISE0078.BIN Infected: not-a-virus:AdWare.SaveNow.bo
C:\Documents and Settings\ROMA\Local Settings\Temporary Internet Files\Content.IE5\G9IZ8DU3\dolphinfree[1].exe/WISE0079.BIN Infected: not-a-virus:AdWare.NewDotNet
C:\Documents and Settings\ROMA\Local Settings\Temporary Internet Files\Content.IE5\G9IZ8DU3\dolphinfree[1].exe/WISE0080.BIN/WhAgent.exe Infected: not-a-virus:AdWare.WebHancer
C:\Documents and Settings\ROMA\Local Settings\Temporary Internet Files\Content.IE5\G9IZ8DU3\dolphinfree[1].exe/WISE0080.BIN/whInstaller.exe Infected: not-a-virus:AdWare.WebHancer
C:\Documents and Settings\ROMA\Local Settings\Temporary Internet Files\Content.IE5\G9IZ8DU3\dolphinfree[1].exe/WISE0080.BIN/WhSurvey.exe Infected: not-a-virus:AdWare.WebHancer
C:\Documents and Settings\ROMA\Local Settings\Temporary Internet Files\Content.IE5\G9IZ8DU3\dolphinfree[1].exe/WISE0080.BIN/Webhdll.dll Infected: not-a-virus:AdWare.WebHancer
C:\Documents and Settings\ROMA\Local Settings\Temporary Internet Files\Content.IE5\G9IZ8DU3\dolphinfree[1].exe/WISE0080.BIN/whiehlpr.dll Infected: not-a-virus:AdWare.WebHancer
C:\Documents and Settings\ROMA\Local Settings\Temporary Internet Files\Content.IE5\G9IZ8DU3\dolphinfree[1].exe/WISE0080.BIN Infected: not-a-virus:AdWare.WebHancer
C:\Documents and Settings\ROMA\Local Settings\Temporary Internet Files\Content.IE5\G9IZ8DU3\dolphinfree[1].exe/WISE0081.BIN Infected: not-a-virus:Server-Proxy.Win32.MarketScore.h
C:\Documents and Settings\ROMA\Local Settings\Temporary Internet Files\Content.IE5\G9IZ8DU3\dolphinfree[1].exe/WISE0082.BIN Infected: not-a-virus:Server-Proxy.Win32.MarketScore.k
C:\Documents and Settings\ROMA\Local Settings\Temporary Internet Files\Content.IE5\G9IZ8DU3\dolphinfree[1].exe Infected: not-a-virus:Server-Proxy.Win32.MarketScore.k
C:\Documents and Settings\ROMA\Local Settings\Temporary Internet Files\Content.IE5\G9IZ8DU3\MyFunCardsFWBInitialSetup1.0.0.8[1].cab/f3Setup1.exe Infected: not-a-virus:AdWare.ToolBar.MyWebSearch
C:\Documents and Settings\ROMA\Local Settings\Temporary Internet Files\Content.IE5\G9IZ8DU3\MyFunCardsFWBInitialSetup1.0.0.8[1].cab Infected: not-a-virus:AdWare.ToolBar.MyWebSearch
C:\Documents and Settings\ROMA\Local Settings\Temporary Internet Files\Content.IE5\G9IZ8DU3\spamblockerutility[1].cab/hbinstie.dll Infected: not-a-virus:AdWare.HotBar.ap
C:\Documents and Settings\ROMA\Local Settings\Temporary Internet Files\Content.IE5\G9IZ8DU3\spamblockerutility[1].cab Infected: not-a-virus:AdWare.HotBar.ap
C:\Hijack This\backups\backup-20050902-113124-228.dll Infected: not-a-virus:AdWare.ClearSearch.y
C:\Hijack This\backups\backup-20050902-125631-335.dll Infected: not-a-virus:AdWare.ClearSearch.y
C:\Program Files\Afckx\Xryl.exe.tcf Infected: Trojan.Win32.Small.cy
C:\Program Files\SpamBlockerUtility\bin\4.6.1.0\SbCoreSrv.dll Infected: not-a-virus:AdWare.HotBar.an
C:\Program Files\SpamBlockerUtility\bin\4.6.1.0\SbOEAddOn.exe.tcf Infected: not-a-virus:AdWare.ToolBar.Hotbar.ar
C:\Program Files\SpamBlockerUtility\bin\4.6.1.0\SbShprRprt.exe.tcf/stream/data0001 Infected: not-a-virus:AdWare.ToolBar.Shopper.c
C:\Program Files\SpamBlockerUtility\bin\4.6.1.0\SbShprRprt.exe.tcf/stream Infected: not-a-virus:AdWare.ToolBar.Shopper.c
C:\Program Files\SpamBlockerUtility\bin\4.6.1.0\SbShprRprt.exe.tcf Infected: not-a-virus:AdWare.ToolBar.Shopper.c
C:\Program Files\SpamBlockerUtility\bin\4.6.1.0\sbuinst.exe.tcf/stream/data0012/stream/data0001 Infected: not-a-virus:AdWare.ToolBar.Shopper.c
C:\Program Files\SpamBlockerUtility\bin\4.6.1.0\sbuinst.exe.tcf/stream/data0012/stream Infected: not-a-virus:AdWare.ToolBar.Shopper.c
C:\Program Files\SpamBlockerUtility\bin\4.6.1.0\sbuinst.exe.tcf/stream/data0012 Infected: not-a-virus:AdWare.ToolBar.Shopper.c
C:\Program Files\SpamBlockerUtility\bin\4.6.1.0\sbuinst.exe.tcf/stream Infected: not-a-virus:AdWare.ToolBar.Shopper.c
C:\Program Files\SpamBlockerUtility\bin\4.6.1.0\sbuinst.exe.tcf Infected: not-a-virus:AdWare.ToolBar.Shopper.c
C:\Program Files\SpamBlockerUtility\bin\4.6.1.0\SbWallpaper.dll.tcf Infected: not-a-virus:AdWare.ToolBar.Hotbar.an
C:\Program Files\SpamBlockerUtility\bin\4.6.1.0\SbWeatherOnTray.exe Infected: not-a-virus:AdWare.ToolBar.Hotbar.an
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP69\A0008435.exe Infected: not-a-virus:AdWare.RK.a
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP70\A0008496.exe Infected: not-a-virus:AdWare.RK.a
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP76\A0009716.exe Infected: not-a-virus:AdWare.RK.a
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP76\A0009730.dll Infected: not-a-virus:AdWare.RK.a
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP77\A0010014.dll Infected: not-a-virus:AdWare.ClearSearch.z
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP77\A0010015.exe Infected: not-a-virus:AdWare.ClearSearch.ac
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP77\A0010037.dll Infected: not-a-virus:AdWare.ClearSearch.z
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP77\A0010038.exe Infected: not-a-virus:AdWare.ClearSearch.ac
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP77\A0010066.dll Infected: not-a-virus:AdWare.ClearSearch.z
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP77\A0010067.exe Infected: not-a-virus:AdWare.ClearSearch.ac
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP77\A0010090.dll Infected: not-a-virus:AdWare.ClearSearch.z
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP77\A0010091.exe Infected: not-a-virus:AdWare.ClearSearch.ac
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP77\A0010123.dll Infected: not-a-virus:AdWare.ClearSearch.z
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP77\A0010124.exe Infected: not-a-virus:AdWare.ClearSearch.ac
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP77\A0010174.dll Infected: not-a-virus:AdWare.ClearSearch.z
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP77\A0010175.exe Infected: not-a-virus:AdWare.ClearSearch.ac
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP77\A0010207.dll Infected: not-a-virus:AdWare.ClearSearch.y
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP77\A0010209.dll Infected: not-a-virus:AdWare.ClearSearch.z
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP77\A0010210.exe Infected: not-a-virus:AdWare.ClearSearch.ac
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP77\A0010227.dll Infected: not-a-virus:AdWare.ClearSearch.z
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP77\A0010228.exe Infected: not-a-virus:AdWare.ClearSearch.ac
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP78\A0010317.dll Infected: not-a-virus:AdWare.ClearSearch.z
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP78\A0010318.exe Infected: not-a-virus:AdWare.ClearSearch.ac
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP78\A0010361.dll Infected: not-a-virus:AdWare.ClearSearch.z
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP78\A0010362.exe Infected: not-a-virus:AdWare.ClearSearch.ac
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP78\A0010386.dll Infected: not-a-virus:AdWare.ClearSearch.z
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP78\A0010387.exe Infected: not-a-virus:AdWare.ClearSearch.ac
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP78\A0010475.dll Infected: not-a-virus:AdWare.ClearSearch.z
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP78\A0010476.exe Infected: not-a-virus:AdWare.ClearSearch.ac
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP78\A0010521.dll Infected: not-a-virus:AdWare.ClearSearch.y
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP78\A0010523.dll Infected: not-a-virus:AdWare.ClearSearch.z
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP78\A0010524.exe Infected: not-a-virus:AdWare.ClearSearch.ac
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP79\A0010526.exe Infected: not-a-virus:AdWare.WebRebates.k
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP79\A0010527.exe Infected: not-a-virus:AdWare.WebRebates.k
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP79\A0010592.exe Infected: not-a-virus:AdWare.WebRebates.b
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP79\A0010593.exe Infected: not-a-virus:AdWare.HelpExpress
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP79\A0010594.exe Infected: not-a-virus:AdWare.WebRebates.b
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP79\A0010598.dll Infected: not-a-virus:AdWare.ClearSearch.z
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP79\A0010599.exe Infected: not-a-virus:AdWare.ClearSearch.ac
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP79\A0010634.exe Infected: not-a-virus:AdWare.WebRebates.b
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP79\A0010635.exe Infected: not-a-virus:AdWare.HelpExpress
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP79\A0010637.exe Infected: not-a-virus:AdWare.WebRebates.b
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP79\A0010646.dll Infected: not-a-virus:AdWare.ClearSearch.z
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP79\A0010647.exe Infected: not-a-virus:AdWare.ClearSearch.ac
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP79\A0010685.exe Infected: not-a-virus:AdWare.WebRebates.b
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP79\A0010686.exe Infected: not-a-virus:AdWare.HelpExpress
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP79\A0010687.exe Infected: not-a-virus:AdWare.WebRebates.b
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP79\A0010690.dll Infected: not-a-virus:AdWare.ClearSearch.y
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP79\A0010692.dll Infected: not-a-virus:AdWare.ClearSearch.z
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP79\A0010693.exe Infected: not-a-virus:AdWare.ClearSearch.ac
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP80\A0010709.exe Infected: not-a-virus:AdWare.WebRebates.b
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP80\A0010710.exe Infected: not-a-virus:AdWare.HelpExpress
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP80\A0010711.exe Infected: not-a-virus:AdWare.WebRebates.b
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP80\A0010748.exe Infected: not-a-virus:AdWare.WebRebates.b
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP80\A0010759.dll Infected: not-a-virus:AdWare.ClearSearch.z
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP80\A0010760.exe Infected: not-a-virus:AdWare.ClearSearch.ac
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP80\A0010774.exe Infected: not-a-virus:AdWare.WebRebates.b
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP80\A0010775.exe Infected: not-a-virus:AdWare.HelpExpress
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP80\A0010791.exe Infected: not-a-virus:AdWare.WebRebates.b
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP80\A0010792.exe Infected: not-a-virus:AdWare.HelpExpress
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP80\A0010793.exe Infected: not-a-virus:AdWare.WebRebates.b
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP80\A0010797.dll Infected: not-a-virus:AdWare.ClearSearch.z
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP80\A0010798.exe Infected: not-a-virus:AdWare.ClearSearch.ac
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP80\A0010833.exe Infected: not-a-virus:AdWare.WebRebates.b
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP80\A0010834.exe Infected: not-a-virus:AdWare.HelpExpress
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP80\A0010835.exe Infected: not-a-virus:AdWare.WebRebates.b
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP80\A0010840.dll Infected: not-a-virus:AdWare.ClearSearch.z
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP80\A0010841.exe Infected: not-a-virus:AdWare.ClearSearch.ac
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP80\A0010879.exe Infected: not-a-virus:AdWare.WebRebates.b
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP80\A0010880.exe Infected: not-a-virus:AdWare.HelpExpress
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP80\A0010881.exe Infected: not-a-virus:AdWare.WebRebates.b
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP80\A0010889.dll Infected: not-a-virus:AdWare.ClearSearch.z
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP80\A0010890.exe Infected: not-a-virus:AdWare.ClearSearch.ac
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP80\A0010905.exe Infected: not-a-virus:AdWare.WebRebates.b
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP80\A0010906.exe Infected: not-a-virus:AdWare.HelpExpress
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP80\A0010907.exe Infected: not-a-virus:AdWare.WebRebates.b
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP80\A0010911.dll Infected: not-a-virus:AdWare.ClearSearch.z
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP80\A0010912.exe Infected: not-a-virus:AdWare.ClearSearch.ac
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP80\A0010930.exe Infected: not-a-virus:AdWare.WebRebates.b
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP80\A0010931.exe Infected: not-a-virus:AdWare.HelpExpress
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP80\A0010932.exe Infected: not-a-virus:AdWare.WebRebates.b
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP80\A0010944.dll Infected: not-a-virus:AdWare.ClearSearch.z
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP80\A0010945.exe Infected: not-a-virus:AdWare.ClearSearch.ac
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP80\A0010990.exe Infected: not-a-virus:AdWare.WebRebates.b
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP80\A0010991.exe Infected: not-a-virus:AdWare.HelpExpress
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP80\A0010993.exe Infected: not-a-virus:AdWare.WebRebates.b
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP80\A0010998.dll Infected: not-a-virus:AdWare.ClearSearch.z
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP80\A0010999.exe Infected: not-a-virus:AdWare.ClearSearch.ac
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP80\A0011046.dll Infected: not-a-virus:AdWare.ClearSearch.z
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP80\A0011047.exe Infected: not-a-virus:AdWare.ClearSearch.ac
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP80\A0011069.exe Infected: not-a-virus:AdWare.HelpExpress
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP80\A0011070.exe Infected: not-a-virus:AdWare.WebRebates.b
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP80\A0011074.exe Infected: not-a-virus:AdWare.WebRebates.b
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP80\A0011091.dll Infected: not-a-virus:AdWare.ClearSearch.z
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP80\A0011092.exe Infected: not-a-virus:AdWare.ClearSearch.ac
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP81\A0011096.scr Infected: not-a-virus:AdWare.ToolBar.MyWebSearch
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP81\A0011097.DLL Infected: not-a-virus:AdWare.FunWeb.d
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP81\A0011098.DLL Infected: not-a-virus:AdWare.ToolBar.MyWebSearch
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP81\A0011099.DLL Infected: not-a-virus:AdWare.ToolBar.MyWebSearch
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP81\A0011100.DLL Infected: not-a-virus:AdWare.ToolBar.MyWebSearch.l
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP81\A0011101.SCR Infected: not-a-virus:AdWare.ToolBar.MyWebSearch
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP81\A0011102.DLL Infected: not-a-virus:AdWare.ToolBar.MyWebSearch.e
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP81\A0011103.DLL Infected: not-a-virus:AdWare.ToolBar.MyWebSearch
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP81\A0011104.EXE Infected: not-a-virus:AdWare.ToolBar.MyWebSearch
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP81\A0011105.DLL Infected: not-a-virus:AdWare.ToolBar.MyWebSearch.l
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP81\A0011106.DLL Infected: not-a-virus:AdWare.ToolBar.MyWebSearch
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP81\A0011107.DLL Infected: not-a-virus:AdWare.ToolBar.MyWebSearch.f
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP81\A0011108.DLL Infected: not-a-virus:AdWare.ToolBar.MyWebSearch
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP81\A0011109.DLL Infected: not-a-virus:AdWare.ToolBar.MyWebSearch.g
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP81\A0011110.DLL Infected: not-a-virus:AdWare.ToolBar.MyWebSearch
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP81\A0011111.EXE Infected: not-a-virus:AdWare.ToolBar.MyWebSearch
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP81\A0011112.DLL Infected: not-a-virus:AdWare.ToolBar.MyWebSearch.e
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP81\A0011113.DLL Infected: not-a-virus:AdWare.ToolBar.MyWebSearch
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP81\A0011114.DLL Infected: not-a-virus:AdWare.ToolBar.MyWebSearch.i
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP81\A0011117.exe Infected: not-a-virus:AdWare.180Solutions
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP81\A0011118.dll Infected: not-a-virus:AdWare.180Solutions.j
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP81\A0011120.exe Infected: not-a-virus:AdWare.180Solutions.g
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP81\A0011122.DLL Infected: not-a-virus:AdWare.ToolBar.MyWebSearch
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP81\A0011123.DLL Infected: not-a-virus:AdWare.ToolBar.MyWebSearch.h
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP81\A0011131.dll Infected: not-a-virus:AdWare.ClearSearch.z
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP81\A0011132.exe Infected: not-a-virus:AdWare.ClearSearch.ac
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP81\A0011134.dll Infected: not-a-virus:AdWare.ClearSearch.y
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP81\A0011135.exe Infected: not-a-virus:AdWare.WinAD.bf
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP81\A0011136.dll Infected: Trojan-Downloader.Win32.Dyfuca.gen
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP81\A0011137.dll Infected: Trojan-Downloader.Win32.Dyfuca.dt
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP81\A0011138.exe Infected: Trojan-Downloader.Win32.Dyfuca.de
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP81\A0011139.exe Infected: Trojan-Downloader.Win32.Dyfuca.de
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP81\A0011140.exe Infected: Trojan-Downloader.Win32.Dyfuca.dp
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP81\A0011141.exe Infected: Trojan-Downloader.Win32.Dyfuca.dp
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP81\A0011142.exe Infected: Trojan-Downloader.Win32.Dyfuca.ei
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP81\A0011143.exe Infected: Trojan.Win32.Small.cy
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP81\A0011145.exe Infected: not-a-virus:AdWare.SaveNow.v
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP81\A0011146.exe Infected: not-a-virus:AdWare.SaveNow.v
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP81\A0011147.dll Infected: not-a-virus:AdWare.ToolBar.Hotbar.q
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP81\A0011148.exe Infected: not-a-virus:AdWare.HotBar.an
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP81\A0011149.exe Infected: not-a-virus:AdWare.HotBar.an
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP81\A0011151.dll Infected: not-a-virus:AdWare.ToolBar.Shopper.c
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP81\A0011153.exe Infected: not-a-virus:AdWare.SaveNow.bc
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP81\A0011154.exe Infected: not-a-virus:AdWare.SaveNow.bc
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP81\A0011155.exe Infected: not-a-virus:AdWare.Sahat.ah
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP81\A0011156.exe Infected: not-a-virus:AdWare.Sahat.ai
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP81\A0011157.exe Infected: not-a-virus:AdWare.Sahat.f
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP81\A0011158.dll Infected: not-a-virus:AdWare.Sahat.ad
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP81\A0011161.exe Infected: not-a-virus:AdWare.WebRebates.k
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP81\A0011165.exe Infected: not-a-virus:AdWare.WebRebates.k
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP81\A0011167.dll Infected: not-a-virus:AdWare.ToolBar.MyWebSearch.h
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP81\A0011173.dll Infected: not-a-virus:AdWare.ClearSearch.z
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP81\A0011174.exe Infected: not-a-virus:AdWare.ClearSearch.ac
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP81\A0011175.exe Infected: Trojan.Win32.Small.cy
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP81\A0011178.exe Infected: not-a-virus:AdWare.ToolBar.Hotbar.ar
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP81\A0011179.exe/stream/data0001 Infected: not-a-virus:AdWare.ToolBar.Shopper.c
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP81\A0011179.exe/stream Infected: not-a-virus:AdWare.ToolBar.Shopper.c
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP81\A0011179.exe Infected: not-a-virus:AdWare.ToolBar.Shopper.c
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP81\A0011180.exe/stream/data0012/stream/data0001 Infected: not-a-virus:AdWare.ToolBar.Shopper.c
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP81\A0011180.exe/stream/data0012/stream Infected: not-a-virus:AdWare.ToolBar.Shopper.c
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP81\A0011180.exe/stream/data0012 Infected: not-a-virus:AdWare.ToolBar.Shopper.c
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP81\A0011180.exe/stream Infected: not-a-virus:AdWare.ToolBar.Shopper.c
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP81\A0011180.exe Infected: not-a-virus:AdWare.ToolBar.Shopper.c
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP81\A0011181.dll Infected: not-a-virus:AdWare.ToolBar.Hotbar.an
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP81\A0011183.exe/stream/data0012/stream/data0001 Infected: not-a-virus:AdWare.ToolBar.Shopper.c
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP81\A0011183.exe/stream/data0012/stream Infected: not-a-virus:AdWare.ToolBar.Shopper.c
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP81\A0011183.exe/stream/data0012 Infected: not-a-virus:AdWare.ToolBar.Shopper.c
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP81\A0011183.exe/stream Infected: not-a-virus:AdWare.ToolBar.Shopper.c
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP81\A0011183.exe Infected: not-a-virus:AdWare.ToolBar.Shopper.c
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP81\A0011184.exe Infected: not-a-virus:AdWare.NewDotNet
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP81\A0011192.dll Infected: not-a-virus:AdWare.NewDotNet
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP81\A0011201.dll Infected: not-a-virus:AdWare.ClearSearch.y
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP81\A0011203.exe Infected: not-a-virus:AdWare.ClearSearch.ac
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP81\A0011208.dll Infected: not-a-virus:AdWare.ClearSearch.z
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP81\A0011209.exe Infected: not-a-virus:AdWare.ClearSearch.ac
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP81\A0011212.DLL Infected: not-a-virus:AdWare.ClearSearch.ae
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP81\A0011213.DLL Infected: not-a-virus:AdWare.ClaerSearch.ab
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP81\A0011214.dll Infected: not-a-virus:AdWare.ClearSearch.y
C:\System Volume Information\_restore{B3675813-51EC-4F91-81F9-89204506E761}\RP81\A0011215.exe Infected: not-a-virus:AdWare.ClearSearch.aa
C:\WINDOWS\NDNuninstall6_38.exe Infected: not-a-virus:AdWare.NewDotNet
C:\WINDOWS\system32\dfcs3spm.ini Infected: not-a-virus:AdWare.Sahat.ao
C:\WINDOWS\system32\qfrcciss.exe.tcf/stream/data0012/stream/data0001 Infected: not-a-virus:AdWare.ToolBar.Shopper.c
C:\WINDOWS\system32\qfrcciss.exe.tcf/stream/data0012/stream Infected: not-a-virus:AdWare.ToolBar.Shopper.c
C:\WINDOWS\system32\qfrcciss.exe.tcf/stream/data0012 Infected: not-a-virus:AdWare.ToolBar.Shopper.c
C:\WINDOWS\system32\qfrcciss.exe.tcf/stream Infected: not-a-virus:AdWare.ToolBar.Shopper.c
C:\WINDOWS\system32\qfrcciss.exe.tcf Infected: not-a-virus:AdWare.ToolBar.Shopper.c
C:\WINDOWS\system32\rlls.dll Infected: not-a-virus:AdWare.RK.b

Scan process completed.
  • 0

#5
Guse

Guse

    Visiting Staff

  • Member
  • PipPipPip
  • 624 posts
You look like you're pretty well off. There are a couple of things we should do.

First off, we should clear out your Temp files...

Download CleanUp

Now run the CleanUp program:

*IMPORTANT NOTE*
CleanUp deletes EVERYTHING out of your temp/temporary folders, it does not make backups.
If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp

Running CleanUp
  • Start CleanUp by double-clicking the icon on your desktop (or from the Start > All Programs menu).
  • When CleanUp starts go to the Options button (right side of CleanUp screen)
  • Move the arrow down to "Custom CleanUp!"
  • Now place a checkmark next to the following (Make sure nothing else is checked!):
    • Delete Cookies
      This is optional, if you leave the box checked it will remove all of your cookies, at this point removing cookies is a good idea
    • Empty Recycle Bins
    • Delete Prefetch files
    • Cleanup! All Users
  • Click OK
  • Then click on the CleanUp button. This will take a short while, let it do its thing.
  • When asked to reboot system select No
  • Close CleanUp
Now, let's reset your restore points:

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(Windows XP)
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

How to Turn On and Turn Off System Restore in Windows XP
http://support.micro...kb;en-us;310405

Then, run another Kaspersky scan and post the log from that and HijackThis in your next post.
  • 0

#6
Guse

Guse

    Visiting Staff

  • Member
  • PipPipPip
  • 624 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP