Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Ran files from Norton, now very slow -HJT log here

Started by skinnyboy77 , Sep 19 2005 04:43 PM

  • Please log in to reply

#1
skinnyboy77
Posted 19 September 2005 - 04:43 PM

skinnyboy77

    Member

  • Member
  • PipPip
  • 12 posts
My computer was running slow, especially slow with Internet Explorer. A Norton scan found spyware and recommended running two programs - FxWebsch.exe and FixBinet.exe, available from their site. Since I did that, everything has been terrible.

Loading Windows takes almost 10 minutes. Signing onto a profile and loading its settings takes another 5. Once an application is open, it runs fine (mostly), but if I were to click on a desktop icon, it'll be 45 seconds before Windows acknowledges it.

I have multiple profiles set up. The one that's worse had all of its saved e-mail, address book, and IE Favorites removed. When you log onto it, often a message comes up saying that Norton is missing files and can't run.

I've run all the recommended scans that I can (Windows XP SP1 crashes when I try to download it.) My HJT and ewido logs are below. Help!

Logfile of HijackThis v1.99.1
Scan saved at 6:36:14 PM, on 9/17/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\CallWave\IAM.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\system32\atlva32.exe
C:\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\ioagv.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ioagv.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\ioagv.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\ioagv.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ioagv.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\ioagv.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\ioagv.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Jason\Application Data\Mozilla\Profiles\default\h3fof8uf.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {143FEABC-A16B-0D44-6E7D-8D55D026D4D9} - C:\WINDOWS\crox.dll (file missing)
O2 - BHO: Class - {2D51453B-7BB4-30D4-30E3-86BD9FBD6263} - C:\WINDOWS\system32\mfcqg32.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Class - {5875E625-3086-DD24-B07D-9D3D2B64D460} - C:\WINDOWS\system32\addkx32.dll
O2 - BHO: Class - {899FFBF9-14AC-C5B8-9040-4073A21C2CF0} - C:\WINDOWS\sdkdl32.dll
O2 - BHO: Class - {A2D6BD90-8482-2594-C882-F74F6D3CE341} - C:\WINDOWS\winin.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {FEE35FFA-5707-EF25-2036-A92AB9B624CD} - C:\WINDOWS\crox.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [Rvqtre] C:\Program Files\Kmxbrg\Riiulb.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [javago32.exe] C:\WINDOWS\system32\javago32.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [IEXPLORE.EXE] C:\Program Files\Internet Explorer\IEXPLORE.EXE
O4 - HKLM\..\Run: [ielw.exe] C:\WINDOWS\ielw.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [d3so32.exe] C:\WINDOWS\system32\d3so32.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\RunOnce: [crse.exe] C:\WINDOWS\crse.exe
O4 - HKLM\..\RunOnce: [atlva32.exe] C:\WINDOWS\system32\atlva32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Internet Answering Machine.lnk = C:\Program Files\CallWave\IAM.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...e/bridge-c9.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z....iTunesSetup.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1126996063781
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1126995852375
O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave....DL_DownLoad.CAB
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\ipmu32.exe" /s (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: MD Simple Burner Service (NetMDSB) - Sony Corporation - C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe



---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 6:21:05 PM, 9/17/2005
+ Report-Checksum: E16D5F5F

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{029DB004-6BCD-0E73-3AEA-F205B565F0F8} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{031788DE-6282-F9CD-262A-AA22CDA2B068} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{04256906-BECE-83AC-2058-27ABA38B11A3} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0713F0EF-F47D-A3DA-A0F3-C2ED763086A3} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0AD1A770-F33D-516E-A6BD-A3AEB8568EAC} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{10D837D7-D6EA-8BCE-37FB-E58A2E09397B} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{12094FCA-1EE9-6EE5-5B4B-4B1EDA5F575C} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{155F178D-1B07-52BD-BF72-827F24ED9DCE} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1BD83F34-5674-FA0D-E5B2-7D7655F0D46F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1C1F1B09-C5DE-0C47-B128-B83F5668EB83} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1EA0CE66-D6D5-2CEB-D734-97906011F9A8} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1F46E851-7EAF-1A9B-E6B4-CCA46BD7BB86} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{286ECE71-3F17-089B-F6BD-0E16D255AE8A} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{30C5202D-2CDD-8C6D-6CD3-86CBAC73988B} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3E8AEA49-2882-96D1-D4B0-D1EA3E4EEFD2} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{497AEAF3-0F8F-A4B6-48F2-A80144D90604} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4A5DA6C7-CAFA-ADBE-1CBD-9DB325C4EB88} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4AD64CAF-CC40-779E-C47E-E23705C41C75} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{52343DBF-CF46-B3EA-81BB-8A3DCB6B9A64} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{57CEBAAD-4565-C660-5FAF-624E13DBE3B7} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{5B7E5C2F-7668-51A3-BA8C-F6B376755AF9} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{676575DD-4D46-911D-8037-9B10D6EE8BB5} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{76518006-D7C5-4C71-68F4-DA79559FA482} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7868EC16-8C67-1DBD-6D5A-EBB325881BD9} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7DA446BF-5485-78F9-CC9A-2A02C93519E4} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7E2B347A-52AA-597F-9371-80822A8D1263} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{817972EC-CAD1-C47C-A430-508B1E97DE0D} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8A50C2FE-C00E-0C19-DC1A-BCABABE155C3} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8C71E7E1-BD83-36A9-1144-F1D55AF23F0E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8D01C3C9-547A-12EE-5401-4B29F8F98176} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{ABFF8236-DCBD-E17B-0A69-6FD85FA199FE} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B33C5B98-F4B9-B550-C81A-4EE9720874BF} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B94F6C89-3F0F-F6B6-335A-C678A9A97D9F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C927A651-6768-ED9E-C3ED-CBD9A6CF4B22} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{CC6B2B65-2D60-CC2D-B4A6-7C0945964771} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{DCF499B3-5BE2-6F3F-B6C8-FB0597F0FF79} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E43C16BE-9904-7881-7685-DEE7D759572D} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{EA8D7DFA-04BF-99E7-595C-535DC7F0EFBA} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{EAC3A0EF-0931-C087-DD54-10E2CE664097} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{EDB041DC-4D4D-649F-F3B9-249E35ABBEF0} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F1A6A9B5-3C41-5DA5-986D-F3935E072EF1} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F1B10CDC-1975-EC0C-C522-2571525E92CF} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F2352FD0-B78A-FC66-EE98-5DFBF99E1F48} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F80F0D50-2D6C-75C3-606A-3DFE0F4FC5D0} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FB277F1B-89B6-A114-DD01-EC507A933F39} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FEBB350A-7FF3-3B6F-52F8-65F066D1DC68} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{AA4939C3-DECA-4A48-A454-97CD587C0EF5} -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{EEE4A2E5-9F56-432F-A6ED-F6F625B551E0} -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\MediaAccX.Installer -> Spyware.WinAd : Cleaned with backup
HKLM\SOFTWARE\Classes\MediaAccX.Installer\CLSID -> Spyware.WinAd : Cleaned with backup
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\YSBactivex.Installer -> Spyware.YourSiteBar : Cleaned with backup
HKLM\SOFTWARE\Classes\YSBactivex.Installer\CLSID -> Spyware.YourSiteBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SE -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SW -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinDH -> Spyware.DealHelper : Cleaned with backup
:mozilla.9:C:\Documents and Settings\James\Application Data\Mozilla\Profiles\default\whz284pd.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.10:C:\Documents and Settings\James\Application Data\Mozilla\Profiles\default\whz284pd.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.11:C:\Documents and Settings\James\Application Data\Mozilla\Profiles\default\whz284pd.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.13:C:\Documents and Settings\James\Application Data\Mozilla\Profiles\default\whz284pd.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.14:C:\Documents and Settings\James\Application Data\Mozilla\Profiles\default\whz284pd.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.15:C:\Documents and Settings\James\Application Data\Mozilla\Profiles\default\whz284pd.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.17:C:\Documents and Settings\James\Application Data\Mozilla\Profiles\default\whz284pd.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.18:C:\Documents and Settings\James\Application Data\Mozilla\Profiles\default\whz284pd.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.19:C:\Documents and Settings\James\Application Data\Mozilla\Profiles\default\whz284pd.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.20:C:\Documents and Settings\James\Application Data\Mozilla\Profiles\default\whz284pd.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.21:C:\Documents and Settings\James\Application Data\Mozilla\Profiles\default\whz284pd.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.22:C:\Documents and Settings\James\Application Data\Mozilla\Profiles\default\whz284pd.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.23:C:\Documents and Settings\James\Application Data\Mozilla\Profiles\default\whz284pd.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.24:C:\Documents and Settings\James\Application Data\Mozilla\Profiles\default\whz284pd.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.25:C:\Documents and Settings\James\Application Data\Mozilla\Profiles\default\whz284pd.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.28:C:\Documents and Settings\James\Application Data\Mozilla\Profiles\default\whz284pd.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.31:C:\Documents and Settings\James\Application Data\Mozilla\Profiles\default\whz284pd.slt\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.32:C:\Documents and Settings\James\Application Data\Mozilla\Profiles\default\whz284pd.slt\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.33:C:\Documents and Settings\James\Application Data\Mozilla\Profiles\default\whz284pd.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.34:C:\Documents and Settings\James\Application Data\Mozilla\Profiles\default\whz284pd.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\James\Cookies\[email protected][1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\James\Cookies\james@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\James\Cookies\james@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\James\Cookies\james@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\James\Cookies\[email protected][2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\James\Local Settings\Temporary Internet Files\Content.IE5\AB0R8Z6T\setdata[1].htm -> Trojan.Smitfraud : Cleaned with backup
C:\Documents and Settings\James\Local Settings\Temporary Internet Files\Content.IE5\STJ4FBJJ\setdata[1].htm -> Trojan.Smitfraud : Cleaned with backup
C:\Documents and Settings\James\Local Settings\Temporary Internet Files\Content.IE5\WX2X4NS9\setdata[1].htm -> Trojan.Smitfraud : Cleaned with backup
C:\Documents and Settings\James\Local Settings\Temporary Internet Files\Content.IE5\YZGJ4LKV\CAMBAJEH.htm -> Trojan.Smitfraud : Cleaned with backup
C:\Documents and Settings\Jason\Local Settings\Application Data\Wildtangent\Cdacache\00\00\10.dat/files\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
C:\Documents and Settings\Jason\Local Settings\Temp\temp.fr25F3 -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Jason\Local Settings\Temp\temp.fr4B20 -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Jason\Local Settings\Temp\temp.fr5BC7 -> Adware.SAHA : Cleaned with backup
C:\Documents and Settings\Jason\Local Settings\Temp\temp.fr7EC1\WToolsB.dll -> Spyware.Wintol : Cleaned with backup
C:\Documents and Settings\Jason\Local Settings\Temporary Internet Files\Content.IE5\4HGDS707\setdata[1].htm -> Trojan.Smitfraud : Cleaned with backup
C:\Documents and Settings\Jason\Local Settings\Temporary Internet Files\Content.IE5\4HGDS707\setdata[2].htm -> Trojan.Smitfraud : Cleaned with backup
C:\Documents and Settings\Jason\Local Settings\Temporary Internet Files\Content.IE5\4HGDS707\SetData[3].htm -> Trojan.Smitfraud : Cleaned with backup
C:\Documents and Settings\Jason\Local Settings\Temporary Internet Files\Content.IE5\4HGDS707\setdata[4].htm -> Trojan.Smitfraud : Cleaned with backup
C:\Documents and Settings\Jason\Local Settings\Temporary Internet Files\Content.IE5\5DIR5FHU\CA6B6Z2X.htm -> Trojan.Smitfraud : Cleaned with backup
C:\Documents and Settings\Jason\Local Settings\Temporary Internet Files\Content.IE5\5DIR5FHU\setdata[1].htm -> Trojan.Smitfraud : Cleaned with backup
C:\Documents and Settings\Jason\Local Settings\Temporary Internet Files\Content.IE5\5DIR5FHU\setdata[2].htm -> Trojan.Smitfraud : Cleaned with backup
C:\Documents and Settings\Jason\Local Settings\Temporary Internet Files\Content.IE5\5DIR5FHU\setdata[3].htm -> Trojan.Smitfraud : Cleaned with backup
C:\Documents and Settings\Jason\Local Settings\Temporary Internet Files\Content.IE5\FKKVV7KD\setdata[1].htm -> Trojan.Smitfraud : Cleaned with backup
C:\Documents and Settings\Jason\Local Settings\Temporary Internet Files\Content.IE5\FKKVV7KD\setdata[2].htm -> Trojan.Smitfraud : Cleaned with backup
C:\Documents and Settings\Jason\Local Settings\Temporary Internet Files\Content.IE5\FKKVV7KD\SetData[3].htm -> Trojan.Smitfraud : Cleaned with backup
C:\Documents and Settings\Jason\Local Settings\Temporary Internet Files\Content.IE5\FKKVV7KD\setdata[4].htm -> Trojan.Smitfraud : Cleaned with backup
C:\Documents and Settings\Jason\Local Settings\Temporary Internet Files\Content.IE5\WEP7ZI1L\CADGSB1H.htm -> Trojan.Smitfraud : Cleaned with backup
C:\Documents and Settings\Jason\Local Settings\Temporary Internet Files\Content.IE5\WEP7ZI1L\CATK0Z5D.htm -> Trojan.Smitfraud : Cleaned with backup
C:\Documents and Settings\Jason\Local Settings\Temporary Internet Files\Content.IE5\WEP7ZI1L\SetData[1].htm -> Trojan.Smitfraud : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Jim\Application Data\Mozilla\Profiles\default\e5m2kn61.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Jim\Application Data\Mozilla\Profiles\default\e5m2kn61.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Jim\Application Data\Mozilla\Profiles\default\e5m2kn61.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Jim\Application Data\Mozilla\Profiles\default\e5m2kn61.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Jim\Application Data\Mozilla\Profiles\default\e5m2kn61.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Jim\Application Data\Mozilla\Profiles\default\e5m2kn61.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Jim\Application Data\Mozilla\Profiles\default\e5m2kn61.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Jim\Application Data\Mozilla\Profiles\default\e5m2kn61.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Jim\Application Data\Mozilla\Profiles\default\e5m2kn61.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Jim\Application Data\Mozilla\Profiles\default\e5m2kn61.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Jim\Application Data\Mozilla\Profiles\default\e5m2kn61.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Jim\Application Data\Mozilla\Profiles\default\e5m2kn61.slt\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Jim\Application Data\Mozilla\Profiles\default\e5m2kn61.slt\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Jim\Application Data\Mozilla\Profiles\default\e5m2kn61.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Jim\Application Data\Mozilla\Profiles\default\e5m2kn61.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Jim\Application Data\Mozilla\Profiles\default\e5m2kn61.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Jim\Application Data\Mozilla\Profiles\default\e5m2kn61.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Program Files\MyWebSearchWB\bar\1.bin\NPMYSRWB.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\Program Files\MyWebSearchWB\bar\1.bin\W6PLUGIN.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\Program Files\Netscape\Netscape\plugins\npzango.dll -> Spyware.WinAD : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP234\A0068142.ini:agdmnn -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP234\A0068142.ini:bfohp -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP234\A0068142.ini:wvrzik -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP234\A0069125.ini:agdmnn -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP234\A0069125.ini:bfohp -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP234\A0069125.ini:wvrzik -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\aawwv.dat:mfrmim -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\addgk.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\addmb.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addrv.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addry32.exe -> TrojanDownloader.Agent.uc : Cleaned with backup
C:\WINDOWS\addty.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\addxd32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\afpqb.dll -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\aieyt.dat:hgwsfq -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\ajowj.txt:stlkk -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\amsdy.txt:bagjdb -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\amsdy.txt:btlgzt -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\amvqb.dat:hsgoux -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apibc32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apick32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apicv.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\apieg32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\apiej32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apiid.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\apimq.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\apinz.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apiqi32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\apiuh32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\apiul32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\apiun.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apive32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\apiyx.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\apiza.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apizi32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\aplsw.txt:idqzsy -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\aplsw.txt:nnpzoo -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\aplsw.txt:utukwt -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\appan32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\appao32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appjc.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appof.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\appqt.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\apprs32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appxp.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlae.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlak32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\atldd.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\atlei.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlgk32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlhf.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atllm32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlrw32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlxe32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlyh32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\avewq.txt:ttette -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\avewq.txt:wjnruu -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\Blue Lace 16.bmp:ztycoa -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\bszms.dat:qzloth -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\civ.ini:gozfry -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\CLOCK.AVI:jynjau -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\CLOCK.AVI:zfzzhq -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\Coffee Bean.bmp:uvphjy -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\CONTROL.INI:bzyocf -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\CONTROL.INI:rkxxcd -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\CONTROL.INI:rxjecb -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\coopz.txt:nwimdi -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\coopz.txt:xknvuk -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crcc.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\crfu32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crgy.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crhn.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crim32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crnh32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crox.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\crqh.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crtd.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\crwr32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crxw.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crzu32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\cvupx.txt:wkhmhg -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3bh32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3fo.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\d3ig32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\d3jg.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\d3jx.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\d3lq32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3ph.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3sc32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\dahotfix.log:aovohs -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\DeLGPS.ini:blpdeg -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\DeLGPS.ini:cihswy -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\DELL.BMP:qkfiou -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\DELL.BMP:sdqmqv -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\DELL.BMP:spnukc -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\deqgn.log:tibdwd -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\DIIUnin.pif:visxya -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\DirectX.log:fetsgg -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\docfe.log:zdprar -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\doobw.dat:lfcocj -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\doobw.dat:rlevai -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\drpzq.txt:lfcocj -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\dysqa.log:kepact -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\efwwe.dat:ybqnol -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\efwwe.dat:ybxnyh -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\egghh.txt:dzypc -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\egkrl.txt:rmfpzw -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\ejmal.log:nnbwzd -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\elvfu.dat:fprvpk -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\elvfu.dat:vkhfgz -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\eoyoz.txt:amvqbi -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\eoyoz.txt:ocouph -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\eoyoz.txt:qfrxdh -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\eReg.dat:oabiq -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\EXPLORER.SCF:otmrzt -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\EXPLORER.SCF:qchtbr -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\EXPLORER.SCF:tubgtq -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\FaxSetup.log:hcgzkr -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\FaxSetup.log:jgjdfs -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\FaxSetup.log:qiwjpd -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\fcxwx.log:ibhxss -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\fcxwx.log:ntgrdk -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\fcxwx.log:uxredl -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\FeatherTexture.bmp:zjyfdh -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\FeatherTexture.bmp:ztewte -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\fkrag.dat:xrctel -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\fomfm.txt:ywhgej -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\[bleep]u.log:gzqokd -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\fxtaw.dat:ievwke -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\fxtaw.dat:psvgzv -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\gmpbz.log:agutmj -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\gmpbz.log:xuqkcr -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\Gone Fishing.bmp:fviviv -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\Gone Fishing.bmp:zsbten -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\Greenstone.bmp:auwvcy -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\Greenstone.bmp:dysrqa -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\Greenstone.bmp:rkjkxr -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\Greenstone.bmp:vabeli -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\gtptd.dat:evvyjc -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\gtptd.dat:hacfgf -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\gvqdc.txt:alnbag -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\gvqdc.txt:qvbpwt -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\gvqdc.txt:xseamr -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\gvqdc.txt:xwbicf -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\gzqok.dat:ejmalr -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\gzqok.dat:suobwi -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\gzqok.dat:wkhmhg -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\hacfg.txt:abulap -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\hacfg.txt:vrdesl -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\hacfg.txt:xwodee -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\hbbvw.dat:olzsbr -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\hivro.dat:xfyswl -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\hlcgg.txt:jmrjdr -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\hlcgg.txt:xhlfyz -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\hnkjl.log:pfjyqv -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\iaxqv.txt:qlrdk -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\iedz32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\ieee32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iefq32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iegl.exe -> TrojanDownloader.Agent.uc : Cleaned with backup
C:\WINDOWS\iekm.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iemw.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ieng32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ienx.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\ierg32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ieso32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ievj.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\iewy32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ieyy.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\iezh32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\IIS6.LOG:thzed -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\IIS6.LOG:zdkahy -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\imsins.BAK:bnjoyc -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\imsins.log:budiat -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\imsins.log:ltkruz -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\imsins.log:zunhox -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\inbox.ico:revgci -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\Instlog.lyt:pckhok -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipam.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\iped.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\ipgn.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iplb32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\ipxf32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\iqcjw.dat:jzewke -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iqkwp.dat:ejdxa -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\iyhud.dat:azqspo -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\izcmj.log:baxbmh -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\izcmj.log:wjvcce -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\javaaq32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javadc32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\javafc.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javagp.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javahz.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javaiq32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javait32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\javajb.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\javans32.exe -> TrojanDownloader.Agent.uc : Cleaned with backup
C:\WINDOWS\javaqw.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javavp.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\jclnb.txt:rsvacl -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\jconk.txt:bgckxk -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\jducj.dll -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\joagh.dat:nuivhv -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\jtmrs.dat:ofztzn -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\jtmrs.dat:vdurxz -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\jtmrs.dat:wouplf -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\jubmh.dat:fubbjf -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB817611.LOG:saixjz -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB817611.LOG:tgvqru -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB823182.LOG:fjmkpl -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\KB823182.LOG:genxrj -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB825119.LOG:fhhsau -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\KB825119.LOG:hdcmin -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB825119.LOG:ogudpq -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\KB825119.LOG:oomuoq -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB825119.LOG:twfeeb -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\KB826939.log:jmhluz -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\KB826939.log:ywonkc -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\KB826959.log:ghmrrb -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB826959.log:igzvic -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\KB826959.log:mxyjgm -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB828035.log:kmdqbv -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\KB828035.log:qwhsem -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB834030.log:bhracn -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB834030.log:vfpppv -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\KB837001.log:cfwvdf -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB837001.log:gxvlbh -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\KB837001.log:kkvvai -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\kgmws.log:nyiujg -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\kgmws.log:wubqbr -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\kgmws.log:yuuklb -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\kjsvr.txt:dloacs -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\kjsvr.txt:einhlp -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ktfaj.txt:qnnpnl -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ktfaj.txt:uxadf -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\kweyn.dat:jblger -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\kyttb.dat:ebohxm -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\lcdiv.dll -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\lfdrk.txt:tytvza -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\linkw.txt:kctzkb -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\linkw.txt:lhvaqf -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\lqbmz.txt:apyngn -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\lqbmz.txt:knvsic -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\lqbmz.txt:lymabd -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\lqbmz.txt:nbnhqb -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\lqbmz.txt:vtsaee -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\lsvwp.txt:wokdjb -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\LUINSTALL.LOG:aksfpp -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\LUINSTALL.LOG:einflp -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\LUINSTALL.LOG:seqoen -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\LUINSTALL.LOG:wtbiqf -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mcuxz.dat:tqrsax -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\mexrd.txt:sklsjr -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\mexrd.txt:tcdnud -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mexrd.txt:yyzld -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\mfcca32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\mfcnw.log:qwhdgv -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcnw.log:sshjwg -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcpb32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\mfcps32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\mfcpv.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcpz.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\mfcrp.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\mfcwm32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\mfcxk32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfczn.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfczv.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mooid.txt:dngyke -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\mozver.dat:kfibyp -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\mozver.dat:otuvkq -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\mozza.log:coyqvo -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\mozza.log:dtrpqr -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\mozza.log:eqjlhd -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\mozza.log:ievacc -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mozza.log:npovtn -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\mozza.log:rwezxd -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\mozza.log:vrdzqc -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\msax.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\msca.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\MSDFMAP.INI:jrcea -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\MSDFMAP.INI:rdthlb -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\mseu32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\msfp.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\msge.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\MSGSOCM.LOG:qrowqr -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\msir32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msix32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mskd32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\mskt.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\mslf.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msoffice.ini:bfofem -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\msoffice.ini:tqexqq -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msoz32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\msqj32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msta.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\mstd32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\myluk.dat:exftrf -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\myluk.dat:liyqcq -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netah.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\netbl32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\netfs.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netgc.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\netik32.exe -> Trojan.Agent.bi : Clea
  • 0

Advertisements

#2
Armodeluxe
Posted 23 September 2005 - 09:43 PM

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Hi skinnyboy77, welcome to GeeksToGo

You have a nasty CWS infection. Every time you use Internet Explorer and/or Windows Explorer the infection regenerates and becomes worse. Please avoid using any of those two and use an alternate browser for the downloads and browsing. From your Ewido log I see that you have Mozilla, please use that.

Right now I'm going through your log and I will be back with a fix.

Regards,

Armodeluxe
  • 0

#3
Armodeluxe
Posted 23 September 2005 - 10:20 PM

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Please print out this post so that you have a hard copy of these instructions. You will need to keep Internet Explorer and Windows Explorer (including My Computer) closed throughout the entire process.

First, download and install CleanUp! but do not run it yet.
*NOTE* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups.

Please download Intermute's CWShredder from here:
http://cwshredder.ne.../CWShredder.exe
Save it to the desktop but do NOT run it yet.

Then please download About:Buster from here:
http://www.bleepingc...boutBuster5.zip
Unzip it to the desktop, run it, Check for Updates, and update the files, but do NOT run a scan yet.

Open your Ewido, update the definitions to the newest files. Do NOT run a scan yet.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:
http://www.pchell.co.../safemode.shtml

Once in Safe Mode, please run CWShredder, and click Fix.

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.

If Cleanup! asks if you want to reboot, click NO

Then please run About:Buster and click Start to begin the scan. If prompted to end the Explorer.exe process, click Yes. Your desktop may disappear --- this is normal. Allow the program to scan twice, and when complete click "Save Log". This will create a text file called "AB Logfile.txt" in the folder where About:Buster is saved. I will want to see this logfile later.

Then please run Ewido, and run a full scan. Save the log from the scan for me.

Finally, please run HijackThis, click Scan, and check:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\ioagv.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ioagv.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\ioagv.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\ioagv.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ioagv.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\ioagv.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\ioagv.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {143FEABC-A16B-0D44-6E7D-8D55D026D4D9} - C:\WINDOWS\crox.dll (file missing)
O2 - BHO: Class - {2D51453B-7BB4-30D4-30E3-86BD9FBD6263} - C:\WINDOWS\system32\mfcqg32.dll
O2 - BHO: Class - {5875E625-3086-DD24-B07D-9D3D2B64D460} - C:\WINDOWS\system32\addkx32.dll
O2 - BHO: Class - {899FFBF9-14AC-C5B8-9040-4073A21C2CF0} - C:\WINDOWS\sdkdl32.dll
O2 - BHO: Class - {A2D6BD90-8482-2594-C882-F74F6D3CE341} - C:\WINDOWS\winin.dll
O2 - BHO: Class - {FEE35FFA-5707-EF25-2036-A92AB9B624CD} - C:\WINDOWS\crox.dll (file missing)
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [Rvqtre] C:\Program Files\Kmxbrg\Riiulb.exe
O4 - HKLM\..\Run: [javago32.exe] C:\WINDOWS\system32\javago32.exe
O4 - HKLM\..\Run: [IEXPLORE.EXE] C:\Program Files\Internet Explorer\IEXPLORE.EXE
O4 - HKLM\..\Run: [ielw.exe] C:\WINDOWS\ielw.exe
O4 - HKLM\..\Run: [d3so32.exe] C:\WINDOWS\system32\d3so32.exe
O4 - HKLM\..\RunOnce: [crse.exe] C:\WINDOWS\crse.exe
O4 - HKLM\..\RunOnce: [atlva32.exe] C:\WINDOWS\system32\atlva32.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...e/bridge-c9.cab
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\ipmu32.exe" /s (file missing)

Close all open windows except for HijackThis and click Fix Checked.

Go to Control Panel Add/Remove Programs and uninstall: WinTools

Then delete these folders:

C:\PROGRAM FILES\COMMON FILES\WinTools
C:\Program Files\Kmxbrg

Then please restart your computer in Normal Mode, and post a new HijackThis log, as well as the logs from AboutBuster and Ewido.
  • 0

#4
skinnyboy77
Posted 23 September 2005 - 10:35 PM

skinnyboy77

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Can't find About:Buster. Help?
  • 0

#5
Armodeluxe
Posted 23 September 2005 - 10:41 PM

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Download from here..

http://www.downloads...AboutBuster.zip
  • 0

#6
skinnyboy77
Posted 23 September 2005 - 11:02 PM

skinnyboy77

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Trying to update the AboutBuster files results in an error:

Run-time error '5':
Invalid procedure call or argument
  • 0

#7
Armodeluxe
Posted 23 September 2005 - 11:35 PM

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Try downloading the Visual Basic Runtime files:

http://www.microsoft...&displaylang=en

then try again..
  • 0

#8
skinnyboy77
Posted 24 September 2005 - 06:08 PM

skinnyboy77

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Downloaded & installed VB files - still have the same problem with AboutBuster
  • 0

#9
Armodeluxe
Posted 24 September 2005 - 06:58 PM

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Is it still the same error message you're getting? Runtime "5" error?

Please post the complete text of the message..
  • 0

#10
skinnyboy77
Posted 24 September 2005 - 07:06 PM

skinnyboy77

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Yeah, same exact error:

Run-time error '5':
Invalid procedure call or argument
  • 0

Advertisements

#11
Armodeluxe
Posted 24 September 2005 - 07:59 PM

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Ok, let's try a few more..

http://www.microsoft...&DisplayLang=en

http://www.microsoft...&displaylang=en

http://www.javacools...ngfilesetup.exe

http://www.ascentive...ib/COMCTL32.OCX

The last file, download and copy it to your C:\WINDOWS\System32 folder

Let's hope these solve the error..
  • 0

#12
skinnyboy77
Posted 25 September 2005 - 04:18 PM

skinnyboy77

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Still no luck - same error message.
  • 0

#13
Armodeluxe
Posted 26 September 2005 - 12:10 PM

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Follow the instructions without updating Aboutbuster, let's hope Ewido gets all.
  • 0

#14
skinnyboy77
Posted 28 September 2005 - 08:31 PM

skinnyboy77

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
My system refuses to boot into safe mode - I get the menu, select Safe Mode, select Windows XP (the only OS I have), and after a minute it brings up a blue screen. The pointer changes to an hourglass and it just sits there for hours. Interestingly, I also do not get any beeps when starting up. Any ideas?
  • 0

#15
Armodeluxe
Posted 28 September 2005 - 08:55 PM

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Download a fresh copy of Aboutbuster and don't try to update.

Manually disconnect from the internet. Then open Task Manager(CTRL+ALT+DEL) and kill all processes which are not indicated as SYSTEM or LOCAL SERVICE. Under your username leave only explorer.exe and taskmgr.exe.

Then try the fix in all in one go without rebooting. Reboot when finished and post a new HijackThis log.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP