[james worthy]

help me please
heres my hijack this log


Logfile of HijackThis v1.99.1
Scan saved at 10:38:59 PM, on 9/18/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Documents and Settings\Super Net\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.winfixer....nner_uninstall/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] D:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [IST Service] D:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [UCQ3p4] D:\WINDOWS\ewqdhy.exe
O4 - HKLM\..\Run: [Internet Optimizer] "D:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [BullsEye Network] D:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [NI.UWFX5] "D:\WINDOWS\Downloaded Program Files\UWFX5NetInstaller.exe"
O4 - HKLM\..\Run: [System Updates Service] updates.pif
O4 - HKLM\..\Run: [System service66] D:\WINDOWS\etb\pokapoka66.exe
O4 - HKLM\..\Run: [System service67] D:\WINDOWS\\etb\pokapoka67.exe
O4 - HKLM\..\Run: [Microsoft System Checkup] libsys32.exe
O4 - HKLM\..\Run: [NT Logging Service] syslog32.exe
O4 - HKLM\..\Run: [System service69] D:\WINDOWS\etb\pokapoka69.exe
O4 - HKLM\..\Run: [System service68] D:\WINDOWS\\etb\pokapoka68.exe
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] D:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [NAV CfgWiz] "D:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [AdwareAlert] D:\Program Files\AdwareAlert\AdwareAlert.Exe -boot
O4 - HKLM\..\RunServices: [System Updates Service] updates.pif
O4 - HKLM\..\RunServices: [Microsoft System Checkup] libsys32.exe
O4 - HKCU\..\Run: [System Updates Service] updates.pif
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WinFixer2005] "D:\Program Files\WinFixer2005\UWFX5.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunServices: [System Updates Service] updates.pif
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O17 - HKLM\System\CCS\Services\Tcpip\..\{1437F663-B504-4E3E-A9C3-B40A06D7590B}: NameServer = 213.131.65.20,213.131.66.246
O17 - HKLM\System\CCS\Services\Tcpip\..\{4F05B24F-165E-4464-B626-88F6D60AAB99}: NameServer = 213.131.65.20,213.131.66.246
O17 - HKLM\System\CS1\Services\Tcpip\..\{1437F663-B504-4E3E-A9C3-B40A06D7590B}: NameServer = 213.131.65.20,213.131.66.246
O17 - HKLM\System\CS2\Services\Tcpip\..\{1437F663-B504-4E3E-A9C3-B40A06D7590B}: NameServer = 213.131.65.20,213.131.66.246
O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NT login service (ntlogin32) - Unknown owner - D:\WINDOWS\System32\libsys32.exe
O23 - Service: PACSPTISVR - Sony Corporation - D:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SAVScan - Symantec Corporation - D:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - D:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

[Advertisements]

Welcome to GTG.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Please download Ewido Security Suite at http://www.ewido.net/en/download/.

1. Install Ewido Security Suite.
2. When installing, under 'Additional Options' uncheck:
* Install background guard
* Install scan via context menu
3. Launch Ewido, there should be an icon on your desktop, double click it.
4. The program will now open to the main screen.
5. When you run Ewido for the first time, you will get a warning 'Database could not be found!'. Click OK. We will fix this in a moment.
6. You will need to update Ewido to the latest definition files.
* On the left hand side of the main screen click update.
* Then click on Start Update.
7. The update will start and a progress bar will show the updates being installed. The status bar at the bottom will display 'Update successful'.
8. Exit Ewido. DO NOT scan yet.

If you are having problems with the updater, you can go to http://www.ewido.net...wnload/updates/ to update manually.

Download CleanUp! http://cleanup.stevengould.org/ (Alternate Link if main link don't work - http://www.greyknigh...spy/CleanUp.exe ) and install it. Don't run it yet.

Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work.

CleanUp! deletes EVERYTHING out of your temp/temporary folders, it does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp!. Run CleanUp! and click on the Options button. Uncheck 'Scan local drives for temporary files'. Also uncheck those two Newsgroup entries if you don't want to delete them. Click OK and then click on the CleanUp! button. Let it run. After it's done, choose Yes to logoff.

Now open Ewido and do a scan on your system.

* Click on scanner
* Click on Complete System Scan and the scan will begin.
* NOTE: During some scans with Ewido it is finding cases of false positives.
o You will need to step through the process of cleaning files one-by-one.
o If Ewido detects a file you KNOW to be legitimate, select none as the action.
o Do NOT select 'Perform action on all infections'
o If you are unsure of any entry found, select none for now as the action.
* Once the scan has completed, there will be a button located on the bottom of the screen named Save report
* Click Save report.
* Save the report .txt file to your desktop or a location where you can find it easily.

Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.winfixer....nner_uninstall/
O4 - HKLM\..\Run: [IST Service] D:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [UCQ3p4] D:\WINDOWS\ewqdhy.exe
O4 - HKLM\..\Run: [Internet Optimizer] "D:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [BullsEye Network] D:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [NI.UWFX5] "D:\WINDOWS\Downloaded Program Files\UWFX5NetInstaller.exe"
O4 - HKLM\..\Run: [System Updates Service] updates.pif
O4 - HKLM\..\Run: [System service66] D:\WINDOWS\etb\pokapoka66.exe
O4 - HKLM\..\Run: [System service67] D:\WINDOWS\\etb\pokapoka67.exe
O4 - HKLM\..\Run: [Microsoft System Checkup] libsys32.exe
O4 - HKLM\..\Run: [NT Logging Service] syslog32.exe
O4 - HKLM\..\Run: [System service69] D:\WINDOWS\etb\pokapoka69.exe
O4 - HKLM\..\Run: [System service68] D:\WINDOWS\\etb\pokapoka68.exe
O4 - HKLM\..\Run: [AdwareAlert] D:\Program Files\AdwareAlert\AdwareAlert.Exe -boot
O4 - HKLM\..\RunServices: [System Updates Service] updates.pif
O4 - HKLM\..\RunServices: [Microsoft System Checkup] libsys32.exe
O4 - HKCU\..\Run: [System Updates Service] updates.pif
O4 - HKCU\..\Run: [WinFixer2005] "D:\Program Files\WinFixer2005\UWFX5.exe" /min
O4 - HKCU\..\RunServices: [System Updates Service] updates.pif
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O23 - Service: NT login service (ntlogin32) - Unknown owner - D:\WINDOWS\System32\libsys32.exe

Uninstall these via the Add/Remove panel if listed:

AdwareAlert
BullsEye Network
ISTsvc
Internet Optimizer

Locate and delete the following:

D:\Program Files\AdwareAlert\
D:\Program Files\BullsEye Network\
D:\Program Files\Internet Optimizer\
D:\Program Files\ISTsvc\
D:\Program Files\WinFixer2005\
D:\WINDOWS\Downloaded Program Files\UWFX5NetInstaller.exe
D:\WINDOWS\etb\
D:\WINDOWS\ewqdhy.exe
D:\WINDOWS\System32\libsys32.exe
libsys32.exe
syslog32.exe
updates.pif

Restart your computer. Post the logs for HijackThis and Ewido.

[greyknight17]

Welcome to GTG.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Please download Ewido Security Suite at http://www.ewido.net/en/download/.

1. Install Ewido Security Suite.
2. When installing, under 'Additional Options' uncheck:
* Install background guard
* Install scan via context menu
3. Launch Ewido, there should be an icon on your desktop, double click it.
4. The program will now open to the main screen.
5. When you run Ewido for the first time, you will get a warning 'Database could not be found!'. Click OK. We will fix this in a moment.
6. You will need to update Ewido to the latest definition files.
* On the left hand side of the main screen click update.
* Then click on Start Update.
7. The update will start and a progress bar will show the updates being installed. The status bar at the bottom will display 'Update successful'.
8. Exit Ewido. DO NOT scan yet.

If you are having problems with the updater, you can go to http://www.ewido.net...wnload/updates/ to update manually.

Download CleanUp! http://cleanup.stevengould.org/ (Alternate Link if main link don't work - http://www.greyknigh...spy/CleanUp.exe ) and install it. Don't run it yet.

Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work.

CleanUp! deletes EVERYTHING out of your temp/temporary folders, it does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp!. Run CleanUp! and click on the Options button. Uncheck 'Scan local drives for temporary files'. Also uncheck those two Newsgroup entries if you don't want to delete them. Click OK and then click on the CleanUp! button. Let it run. After it's done, choose Yes to logoff.

Now open Ewido and do a scan on your system.

* Click on scanner
* Click on Complete System Scan and the scan will begin.
* NOTE: During some scans with Ewido it is finding cases of false positives.
o You will need to step through the process of cleaning files one-by-one.
o If Ewido detects a file you KNOW to be legitimate, select none as the action.
o Do NOT select 'Perform action on all infections'
o If you are unsure of any entry found, select none for now as the action.
* Once the scan has completed, there will be a button located on the bottom of the screen named Save report
* Click Save report.
* Save the report .txt file to your desktop or a location where you can find it easily.

Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.winfixer....nner_uninstall/
O4 - HKLM\..\Run: [IST Service] D:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [UCQ3p4] D:\WINDOWS\ewqdhy.exe
O4 - HKLM\..\Run: [Internet Optimizer] "D:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [BullsEye Network] D:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [NI.UWFX5] "D:\WINDOWS\Downloaded Program Files\UWFX5NetInstaller.exe"
O4 - HKLM\..\Run: [System Updates Service] updates.pif
O4 - HKLM\..\Run: [System service66] D:\WINDOWS\etb\pokapoka66.exe
O4 - HKLM\..\Run: [System service67] D:\WINDOWS\\etb\pokapoka67.exe
O4 - HKLM\..\Run: [Microsoft System Checkup] libsys32.exe
O4 - HKLM\..\Run: [NT Logging Service] syslog32.exe
O4 - HKLM\..\Run: [System service69] D:\WINDOWS\etb\pokapoka69.exe
O4 - HKLM\..\Run: [System service68] D:\WINDOWS\\etb\pokapoka68.exe
O4 - HKLM\..\Run: [AdwareAlert] D:\Program Files\AdwareAlert\AdwareAlert.Exe -boot
O4 - HKLM\..\RunServices: [System Updates Service] updates.pif
O4 - HKLM\..\RunServices: [Microsoft System Checkup] libsys32.exe
O4 - HKCU\..\Run: [System Updates Service] updates.pif
O4 - HKCU\..\Run: [WinFixer2005] "D:\Program Files\WinFixer2005\UWFX5.exe" /min
O4 - HKCU\..\RunServices: [System Updates Service] updates.pif
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O23 - Service: NT login service (ntlogin32) - Unknown owner - D:\WINDOWS\System32\libsys32.exe

Uninstall these via the Add/Remove panel if listed:

AdwareAlert
BullsEye Network
ISTsvc
Internet Optimizer

Locate and delete the following:

D:\Program Files\AdwareAlert\
D:\Program Files\BullsEye Network\
D:\Program Files\Internet Optimizer\
D:\Program Files\ISTsvc\
D:\Program Files\WinFixer2005\
D:\WINDOWS\Downloaded Program Files\UWFX5NetInstaller.exe
D:\WINDOWS\etb\
D:\WINDOWS\ewqdhy.exe
D:\WINDOWS\System32\libsys32.exe
libsys32.exe
syslog32.exe
updates.pif

Restart your computer. Post the logs for HijackThis and Ewido.

[james worthy]

ok i did all of this, but some items you told me to delete were not there, and win fix is still on add or remove programs here are my logs


Logfile of HijackThis v1.99.1
Scan saved at 10:16:12 AM, on 9/23/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\System32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\WINDOWS\sm56hlpr.exe
D:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
D:\WINDOWS\System32\ezSP_Px.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\Program Files\ewido\security suite\ewidoctrl.exe
D:\Program Files\Norton AntiVirus\navapsvc.exe
D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
D:\WINDOWS\System32\wuauclt.exe
D:\Documents and Settings\Super Net\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.myseachexplorer.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.myseachexplorer.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.myseachexplorer.com/sp2.php
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] D:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] D:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [NAV CfgWiz] "D:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [steam] steam.exe
O4 - HKLM\..\RunServices: [steam] steam.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
O17 - HKLM\System\CCS\Services\Tcpip\..\{1437F663-B504-4E3E-A9C3-B40A06D7590B}: NameServer = 213.131.65.20,213.131.66.246
O17 - HKLM\System\CCS\Services\Tcpip\..\{4F05B24F-165E-4464-B626-88F6D60AAB99}: NameServer = 213.131.65.20,213.131.66.246
O17 - HKLM\System\CS1\Services\Tcpip\..\{1437F663-B504-4E3E-A9C3-B40A06D7590B}: NameServer = 213.131.65.20,213.131.66.246
O17 - HKLM\System\CS2\Services\Tcpip\..\{1437F663-B504-4E3E-A9C3-B40A06D7590B}: NameServer = 213.131.65.20,213.131.66.246
O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner - D:\WINDOWS\System32\hwclock.exe (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NT login service (ntlogin32) - Unknown owner - D:\WINDOWS\System32\libsys32.exe (file missing)
O23 - Service: PACSPTISVR - Sony Corporation - D:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SAVScan - Symantec Corporation - D:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - D:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe



my ewido scan


---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 10:01:59 AM, 9/23/2005
+ Report-Checksum: E15F8E97

+ Scan result:

HKLM\SOFTWARE\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Avenue Media\Internet Optimizer -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{09F0F280-FB9A-481B-B69A-CB00DC44D027} -> Spyware.AdvancedSearchbar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C} -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{77712A64-F30B-47C8-A363-CDA1CEC7DC1B} -> Spyware.AdvancedSearchbar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{DC341F1B-EC77-47BE-8F58-96E83861CC5A} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\eXactUtil -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Gator.com -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\AppInfo -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\CMEII -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\dyn -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\dyn\GCH -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\Gator\dyn\GCH\_gs -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\ISTbar -> Spyware.ISTBar : Error during cleaning
HKLM\SOFTWARE\ISTbar\Historyfiles -> Spyware.ISTBar : Error during cleaning
HKLM\SOFTWARE\ISTbar\Historystring -> Spyware.ISTBar : Error during cleaning
HKLM\SOFTWARE\ISTsvc -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\ISTsvc\history -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DyFuCA -> Spyware.MoneyTree : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ISTsvc -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kapabout -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Policies\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\PowerScan -> Spyware.PowerScan : Cleaned with backup
HKU\.DEFAULT\Software\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup
HKU\.DEFAULT\Software\IST -> Spyware.ISTBar : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt -> Spyware.InternetOptimizer : Cleaned with backup
HKU\.DEFAULT\Software\Policies\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup
HKU\.DEFAULT\Software\PowerScan -> Spyware.PowerScan : Cleaned with backup
HKU\.DEFAULT\Software\sais -> Spyware.180Solutions : Cleaned with backup
HKU\S-1-5-21-1935655697-1060284298-725345543-1003\Software\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-21-1935655697-1060284298-725345543-1003\Software\IST -> Spyware.ISTBar : Cleaned with backup
HKU\S-1-5-18\Software\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-18\Software\IST -> Spyware.ISTBar : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt -> Spyware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-18\Software\Policies\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-18\Software\PowerScan -> Spyware.PowerScan : Cleaned with backup
HKU\S-1-5-18\Software\sais -> Spyware.180Solutions : Cleaned with backup
D:\Program Files\ISTsvc -> Spyware.ISTBar : Cleaned with backup
D:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026632.pif -> Backdoor.Rbot.pac : Cleaned with backup
D:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026633.exe -> Backdoor.SdBot : Cleaned with backup
D:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026634.exe -> Backdoor.Rbot : Cleaned with backup
D:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026635.exe -> Backdoor.SdBot : Cleaned with backup
D:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026636.exe -> Backdoor.Small.eo : Cleaned with backup
D:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026637.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026638.dll -> Spyware.Chiem : Cleaned with backup
D:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026639.exe -> TrojanDownloader.IstBar.ij : Cleaned with backup
D:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026640.exe -> Trojan.EliteBar.c : Cleaned with backup
D:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026641.exe -> Dialer.Generic : Cleaned with backup
D:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026642.exe -> TrojanDownloader.IstBar : Cleaned with backup
D:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026643.exe -> TrojanDownloader.Dyfuca.ei : Cleaned with backup
D:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026644.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026645.dll -> Spyware.Comet : Cleaned with backup
H:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026646.exe/2 -> Spyware.Chiem : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP20\A0005728.vbs -> Spyware.Krepper : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP20\A0005731.exe -> TrojanDownloader.Dyfuca.cr : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP20\A0005732.exe -> TrojanDownloader.Dyfuca.cr : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP20\A0005733.exe -> TrojanDownloader.Dyfuca.cr : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP20\A0005734.exe -> Spyware.BargainBuddy : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP20\A0005735.exe -> Spyware.BargainBuddy : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP20\A0005736.exe -> Spyware.BargainBuddy : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP20\A0005737.dll -> Spyware.BargainBuddy : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP20\A0005738.exe -> Spyware.BargainBuddy.j : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP20\A0005739.exe -> Adware.BetterInternet : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP20\A0005741.exe/cd_clint.dll -> Spyware.Cydoor : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP20\A0005743.EXE -> Adware.eXact : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP20\A0005744.exe -> Spyware.BargainBuddy : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP20\A0005745.exe -> Spyware.BargainBuddy : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP20\A0005746.exe -> Dialer.Generic : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP20\A0005747.exe -> Dialer.Generic : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP20\A0005749.exe -> Spyware.BargainBuddy : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP20\A0005750.exe -> Spyware.BargainBuddy : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP20\A0005751.exe -> Dialer.Generic : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP20\A0005753.vxd -> Spyware.BargainBuddy : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP20\A0005755.srg -> Spyware.BargainBuddy : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP20\A0005756.dll -> Spyware.BargainBuddy : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP20\A0005757.exe -> Spyware.BargainBuddy : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP20\A0005759.dll -> TrojanDownloader.Dyfuca : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP20\A0005760.dll -> TrojanDownloader.Dyfuca : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP20\A0005761.dll -> Spyware.BargainBuddy : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP20\A0005762.exe -> TrojanDownloader.Dyfuca.cy : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP20\A0005763.exe -> TrojanDownloader.Dyfuca.cy : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP20\A0005765.exe -> TrojanDownloader.Keenal : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP20\A0005768.exe -> TrojanDownloader.Keenal : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP20\A0005769.exe -> Spyware.Winpup32 : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP20\A0005770.exe -> TrojanDownloader.Keenval : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP20\A0005771.exe -> Spyware.BargainBuddy : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026647.dll -> Adware.SAHA : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026648.exe -> Adware.SAHA : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026649.exe -> Adware.SAHA : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026650.dll -> Adware.BrilliantDigital : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026651.exe -> Spyware.BargainBuddy : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026652.exe -> Adware.BrilliantDigital : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026653.dll -> Adware.BrilliantDigital : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026654.exe -> Adware.BrilliantDigital : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026655.dll -> Adware.BrilliantDigital : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026656.dll -> Adware.BrilliantDigital : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026657.dll -> Adware.BrilliantDigital : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026658.dll -> Adware.BrilliantDigital : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026659.exe -> Spyware.BargainBuddy : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026660.exe -> Spyware.Web3000 : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026661.exe -> Spyware.Web3000 : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026662.exe -> Spyware.Web3000 : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026663.exe -> Spyware.Web3000 : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026664.exe -> Spyware.Web3000 : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026665.exe -> Spyware.Web3000 : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026666.DLL -> Spyware.BargainBuddy : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026667.exe -> Spyware.BargainBuddy : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026668.vxd/C:/WINDOWS/SYSTEM/exdl.exe -> Adware.eXact : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026668.vxd/C:/WINDOWS/SYSTEM/mqexdlm.srg -> Spyware.BargainBuddy : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026668.vxd/C:/WINDOWS/SYSTEM/exul.exe -> Spyware.BargainBuddy : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026668.vxd/C:/WINDOWS/SYSTEM/javexulm.vxd -> Spyware.BargainBuddy : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026668.vxd/C:/WINDOWS/SYSTEM/bbchk.exe -> Spyware.BargainBuddy : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026668.vxd/C:/WINDOWS/SYSTEM/msexreg.exe -> Spyware.BargainBuddy : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026668.vxd/C:/WINDOWS/SYSTEM/instsrv.exe -> Spyware.BargainBuddy : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026669.exe -> Adware.Saha : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026670.dll -> Adware.SAHA : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026671.exe -> Adware.SAHA : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026672.exe -> Adware.SAHA : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026673.exe -> Adware.SAHA : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026674.exe -> Adware.SAHA : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026675.ini -> Adware.SAHA : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026676.dll -> Spyware.Cydoor : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026677.dll -> Spyware.NewDotNet : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026678.dll -> Spyware.NewDotNet : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026679.dll -> Spyware.NewDotNet : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026680.dll -> Adware.SaveNow : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026681.dll -> TrojanDownloader.IstBar : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026682.exe -> TrojanDownloader.IstBar : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026683.dll -> Spyware.SideFind : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026684.exe -> Spyware.PowerScan : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026685.dll -> Spyware.SideFind : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026686.exe -> Spyware.180Solutions : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026687.dll -> TrojanDownloader.IstBar.dh : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026688.exe -> TrojanDownloader.IstBar.fr : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026689.exe -> Not-A-Virus.Tool.Autoloader : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026690.exe -> Adware.BrilliantDigital : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026691.exe -> Adware.BrilliantDigital : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026692.dll -> Adware.BrilliantDigital : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026693.dll -> Adware.BrilliantDigital : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026694.dll -> Adware.BrilliantDigital : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026695.dll -> Adware.BrilliantDigital : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026696.exe -> Adware.BrilliantDigital : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026697.dll -> Spyware.NewDotNet : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026698.exe -> Adware.EZula : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026699.exe -> Spyware.180Solutions : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026700.exe -> Spyware.NewDotNet : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026701.exe -> Spyware.NewDotNet : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026702.exe -> Spyware.NewDotNet : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026703.exe -> Spyware.NewDotNet : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026704.exe -> Spyware.NewDotNet : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026705.exe/WUInst.dll -> Adware.SaveNow : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026705.exe/WUInst.dll -> Adware.SaveNow : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026706.exe -> Heuristic.Win32.Dialer : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026707.EXE -> Spyware.MyWay : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026708.DLL -> Spyware.MyWay : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026709.dll -> Spyware.NewDotNet : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026710.exe -> Spyware.NewDotNet : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026711.exe -> Spyware.NewDotNet : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026712.dll -> Spyware.NewDotNet : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026713.exe -> Spyware.NewDotNet : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026714.exe -> Spyware.NewDotNet : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026715.exe -> Spyware.NewDotNet : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026716.exe -> Spyware.ClipGenie : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026717.exe -> Spyware.DownloadWare : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026718.exe -> Adware.SaveNow : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026719.exe -> Adware.SaveNow : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026720.exe/vsn.exe -> Adware.SaveNow : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026720.exe/vsn.exe -> Adware.SaveNow : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026721.exe -> TrojanDownloader.IstBar.fr : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026722.exe -> TrojanDownloader.IstBar : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026723.dll -> Spyware.SideFind : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026724.dll -> Spyware.SideFind : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026725.exe -> Spyware.180Solutions : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026726.dll -> Spyware.180Solutions : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026727.exe -> Spyware.180Solutions : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026728.exe -> Spyware.BargainBuddy : Cleaned with backup
J:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026729.dll -> TrojanDownloader.IstBar.dh : Cleaned with backup
K:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026730.exe -> Spyware.Web3000 : Cleaned with backup
M:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026731.exe/askbarAA.dll -> Spyware.AskBar : Cleaned with backup
M:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026731.exe/askbarAA.dll -> Spyware.AskBar : Cleaned with backup
M:\System Volume Information\_restore{45F8686E-22D6-4B87-A006-AFB9517E291D}\RP25\A0026732.exe/Sponsor.exe -> TrojanDownloader.Swizzor.bt : Cleaned with backup


::Report End


also could you tell me how to protect myself from further infections0
thanks alot for your help

[greyknight17]

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Turn off system restore by right clicking on My Computer and go to Properties->System Restore and check the box for Turn off System Restore. Click Apply and then OK. Restart your computer and uncheck the same box to enable System Restore.

Go to Start->Run and type in regedit and hit OK. Go to File->Export and save the registry somewhere as a backup. While in the Registry Editor, navigate to:

HKEY_LOCAL_MACHINE\SOFTWARE\ and delete ISTbar

If any of the above registry keys are giving you problems deleting, right click on them and click on Permissions. Then click on the Advanced button. Make sure the first box (Inherit from parent...) is checked. Click OK and OK. Then try deleting the entry again. Once you're done, close the Registry Editor.

Check and fix these in HijackThis:

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.myseachexplorer.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.myseachexplorer.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.myseachexplorer.com/sp2.php
O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner - c:\WINDOWS\System32\hwclock.exe (file missing)
O23 - Service: NT login service (ntlogin32) - Unknown owner - c:\WINDOWS\System32\libsys32.exe (file missing)

Restart and boot into Safe Mode again. Run Ewido scan and save the log.

Restart to get back to Normal Mode. Post the Ewido log along with a new HijackThis log.

[greyknight17]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.