Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Multiple Infections-Popups [RESOLVED]


  • This topic is locked This topic is locked

#1
suthrnpaw

suthrnpaw

    Member

  • Member
  • PipPip
  • 12 posts
Hi,

I have followed all the instructions in the "start here" thread. AdAware & Ewido found thousands of infected files. I am still having problems with popups, and I can't set my home page in IE6. The system is running better now, but still slow.

Can someone please advise me what to do next? Any help would be most appreciated.

Here are my Ewido & HiJackThis logs:


---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 5:57:31 PM, 10/9/2005
+ Report-Checksum: 513F5A62

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{01198741-DBE0-E6F4-9DBE-877B61FB1D1D} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{033935E4-A208-AB9E-DD2A-6A9B7E426D04} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{03BFEDA6-8678-C773-5452-E7082FCA1BD7} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{04D2569C-ED83-79FB-0E43-F43DFA258774} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{05BCCFDC-9678-9095-77E8-18289DB38257} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0661C16F-8ED8-1431-8A0B-2C95C6994589} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{069086B3-68BB-CAE9-C009-2AE851B01BAB} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{07A70617-8D17-A480-A5CF-0FCA3C65180D} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0AD1A770-F33D-516E-A6BD-A3AEB8568EAC} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0B2910B5-8AE6-8676-E13B-4CEC5E6A75F1} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0ECEBD98-802F-9B4D-7308-C983A18EDBEC} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{12130DCB-3DF4-96EC-27B9-61E0D766F680} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1DE20533-9118-BF9A-A6C6-F8E881A5FD4B} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1F5650BA-2C95-0E8C-5C3F-D482646BF979} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1F6A3B74-3D40-4D48-4D55-E3A0A8029CC2} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{21F8F0E0-D881-0FBC-CD1D-D1F30C3905B4} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{242A9AED-0D60-575C-1AD0-8BA38C428683} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{29B25401-5964-022D-3AC2-C7207FEFF994} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2A80D71D-33B8-3E91-8293-2130B34265A4} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2C874D56-A88C-3E88-B23F-99BEE8C67943} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2D7C78D3-F49A-8BD3-9A98-41F319D802B2} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2D99FD34-F395-DFB0-0852-36D4976F6E3D} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2D9BB7B5-D27A-5907-A874-72E04FC719E8} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{30C5202D-2CDD-8C6D-6CD3-86CBAC73988B} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{30E36B0A-CA1D-18E7-7FD2-9BA91D4D1710} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3A1550DD-FD7B-8D6E-989A-49A66DF1433F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3BAA3AE9-9C0B-E08A-A982-9818F457337E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3D1F3C37-49CA-66D3-9877-04375ADE521D} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3E8AEA49-2882-96D1-D4B0-D1EA3E4EEFD2} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3EA8A165-1EE8-2BEF-A8D1-9CDBD760FC43} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{43F226F3-3EDD-1F6E-B1F9-426F80DAB07E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{46C8C875-7053-566F-B7DF-A8735884B10E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{47B70B6F-A6B0-230A-43C3-9F9B5C710209} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4CC6B346-9934-1C2F-1EBB-53F81823D9B4} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{529D86BB-85DC-FC40-1699-BECC09038E95} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{53741D3E-19CE-5959-0908-3BB13C3C3990} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{551764CC-ABCF-335C-76F6-62283B478A0F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{5E60DAD4-D59A-D1EA-A0B3-BD226EE43523} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{676575DD-4D46-911D-8037-9B10D6EE8BB5} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{69A88C5E-04E5-741D-6CA2-9CB5374EB263} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{69C2D4B0-CE91-AAB5-0BB5-4F75B848492D} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6C652E08-1C50-09D2-7DC8-0714DB258C39} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{714C2287-DB2D-3514-4785-8EC21BA5C5F1} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{72877DD4-A7A3-8B9D-DEB7-F09CC0629D54} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{76518006-D7C5-4C71-68F4-DA79559FA482} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{792A038A-9C16-9885-5B25-CE939788172A} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7A987646-F4B5-D9FC-CC46-E95A1713F3B5} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7D1F318F-6264-F55E-366B-93087AE94B29} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7DFA112F-21B6-72CE-A5DE-09FEAF22C151} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8007F30A-ADD5-7E61-D29C-8F166BC8A3DD} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8169E4D3-2914-C956-AAFE-F49D78C929A8} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{86B29A5F-CB91-3C3D-28A2-EDA38C1F28A8} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{87766247-311C-43B4-8499-3D5FEC94A183} -> Spyware.HuntBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8E183E4D-1A0C-3195-3741-BBEABE2CBCD0} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{905BD5E4-261C-4EFD-5456-CD124D7B9D18} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{913EAD11-DA6B-5C8F-D264-E3D4FC8BA5DD} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{952AA538-C1D7-30E5-8DC6-1A12E2F736A2} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{97E37285-B9D3-035E-821F-3EBE4F849C3D} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9A711817-CADB-FD03-EBB1-4E2FC70601C2} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9CC4194D-70AD-AC3B-8852-00B56740427F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9E992732-295F-4987-8BE3-16FAC1639198} -> Spyware.FastFind : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9EDC0D8F-954E-A638-C240-D52042910A62} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A678B034-1492-1AC1-FF9B-636BC85F5643} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A6BFC374-18DF-B761-3902-53957EFA4847} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A72CAEB7-7E44-7941-564B-A741D28B01DB} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A7D90935-7D8E-3E5D-9E71-486D629FCAAD} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A8703447-9782-72D3-AA41-606A7E155CE5} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A8DEB4A5-D9EF-4D21-B4F6-921475004E7D} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A94D3AA0-A235-876E-2DCD-617E08BD8301} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A97B64CA-35C4-DD86-2890-054EE94CE844} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{AF6BCC5C-38B1-5871-226C-AC6482380057} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B1169ABC-E367-2937-9F96-3B9CB54E0F31} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B2E28203-4884-D849-F129-5F1A3C2A59D2} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B30EFD56-F6AF-2F6B-C3AB-6571E5627F1F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B33C5B98-F4B9-B550-C81A-4EE9720874BF} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B4D50626-AAF0-64AC-F1D5-8A697DD0E515} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B7ABD257-6E0C-E7F0-26F5-0315127E44C2} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B7F4D50B-EAC3-A3F3-769F-96194A8DECDE} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B91259B9-BE3B-D475-8861-62B879410E5E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BA5E5B3E-BB1D-2938-3E93-1C81F766E7AB} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BD757058-7180-2CE5-E5B6-8C70AEF236CC} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BFB13F83-4E3B-A3C3-D100-FEE3424CD9C0} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C0E27572-BE10-BE39-5F1B-F26255B8F141} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C151BF9B-FE85-EC38-A53B-AE4D2044C94E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C21C6790-58A0-81BD-58F6-11EF55D9BADF} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C2FE095E-5BA7-FBC8-5387-2878C932A44F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C75B8795-6012-883F-06EE-5F1501763CFE} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C927A651-6768-ED9E-C3ED-CBD9A6CF4B22} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C9368290-DE0B-80FF-0E2D-8933F6CA1A46} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{CAEA3DE4-DAC7-8DF9-1A53-651E63E86CDF} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{CC6A9DFF-521F-7DD3-E624-B30C0B9FF83A} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{CD283BB0-5FEA-F204-BC88-8C3CA240315D} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D063E7A9-F6B2-80F8-44B2-F8210FDEDF67} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D377FF80-B093-7377-D7F1-2D8792CCF322} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D605EAFF-2C3A-4619-43C1-4FFB062F68DE} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D75897AF-4779-FE93-0121-038FA5AA18C4} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D775F18B-70E6-FBB1-C13D-52CE71E899B3} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{DABFF8C3-DF48-F11C-290D-D7CD732B35CC} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{DB054D56-EEA3-C985-BEDB-3E646A49FA44} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{DCF499B3-5BE2-6F3F-B6C8-FB0597F0FF79} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{DFC94122-75A0-85E3-3738-430A8B983C39} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E24280F1-5872-DD80-6349-14510DFCB851} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E5C23746-741A-FEC7-C517-86E204C95729} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E647591B-D33E-72B8-A7F0-9D55C2A7369D} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E8A06DEA-6626-407D-5720-FE211C989AC1} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{EAC3A0EF-0931-C087-DD54-10E2CE664097} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{EDB7FF48-2CC7-7131-A993-53C8F83DD550} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{EDE4719B-AC04-9EE1-7AEA-7712560B2832} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{EE5F21BB-197A-041B-53A6-055C6B35DD91} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{EFF18EAC-64BF-91FF-8F1B-42B57350D99F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F2255AF4-092C-0BF6-52CF-8484B194FCC4} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F2352FD0-B78A-FC66-EE98-5DFBF99E1F48} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F2902916-5CFB-B382-CE40-C89899118D58} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F3267BA7-14CC-4368-6BFC-E59341D01507} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FBD21FB3-D80F-1A9B-2038-2D60684CDEE0} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FC92C3DE-F786-C2A4-4565-359ECF140E14} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Common.Buttons -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\E.HH\Clsid\\ -> Spyware.FastFind : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{0F2A4ADC-DABF-4980-8DB4-19F67D7B1F95} -> Spyware.ClearSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{0F2A4ADC-DABF-4980-8DB4-19F67D7B1F95}\TypeLib\\ -> Spyware.ClearSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res\WToolsB.ResProtocol -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Tldctl2.URLLink\CLSID\\ -> Spyware.NewDotNet : Cleaned with backup
HKLM\SOFTWARE\Classes\Tldctl2.URLLink.1\CLSID\\ -> Spyware.NewDotNet : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{8992B6CA-B8C9-4AED-BF89-0A17F6296A06} -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\WToolsB.ResProtocol -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\WToolsB.ResProtocol\Clsid -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\WToolsB.ResProtocol\Clsid\\ -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\FocusInteractive\Outlook\\MyWebSearch.OutlookAddin -> Spyware.MyWebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{10000000-1000-0000-1000-000000000000} -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{69753829-779C-45e7-9D8C-C79CE0989246} -> Spyware.iSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{87766247-311C-43B4-8499-3D5FEC94A183} -> Spyware.HuntBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MirrorUnder -> Spyware.ClearSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SE -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SW -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UrlSidebar -> Spyware.ClearSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinTools -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\WinTools -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\WinTools\kydmzylki -> Spyware.WebSearch : Cleaned with backup
HKU\S-1-5-21-418395487-3606906068-1935689097-1006\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{6685509E-B47B-4f47-8E16-9A5F3A62F683} -> Spyware.MoneyMaker : Cleaned with backup
HKU\S-1-5-21-418395487-3606906068-1935689097-1006\Software\Microsoft\Internet Explorer\Extensions\{6685509E-B47B-4f47-8E16-9A5F3A62F683} -> Spyware.MoneyMaker : Cleaned with backup
HKU\S-1-5-21-418395487-3606906068-1935689097-1006\Software\WinTools -> Spyware.WebSearch : Cleaned with backup
[580] C:\PROGRA~1\MYWEBS~1\bar\8.bin\mwsoestb.dll -> Spyware.MyWebSearch : Error during cleaning
[1360] C:\PROGRA~1\MYWEBS~1\bar\8.bin\mwsoestb.dll -> Spyware.MyWebSearch : Error during cleaning
[3656] C:\WINDOWS\system32\ipxl.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\John\Cookies\john@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\John\Cookies\john@atdmt[1].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\John\Cookies\john@ehg-bestbuy.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\John\Cookies\john@hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\common.cab/common.dll -> Spyware.IBIS : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\temp.fr2C91\WToolsB.dll -> Spyware.Wintol : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\temp.fr9A2D -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\temp.frAC42 -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\temp.frC56C\common.dll -> Spyware.WebSearch : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\temp.frDE2D -> TrojanDownloader.Wintool.f : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI1078.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI1078.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI1244.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI1244.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI146E.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI146E.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI14B2.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI14B2.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI1575.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI1575.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI1576.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI1576.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI167A.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI167A.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI17A1.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI17A1.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI185B.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI185B.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI196A.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI196A.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI1B34.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI1B34.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI1BB9.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI1BB9.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI1C81.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI1C81.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI1C9B.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI1C9B.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI1CA.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI1CA.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI1D5E.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI1D5E.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI1DE4.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI1DE4.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI1E.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI1E.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI1E8.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI1E8.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI2156.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI2156.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI221A.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI221A.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI22E0.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI22E0.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI25AE.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI25AE.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI268C.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI268C.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI26AE.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI26AE.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI2823.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI2823.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI29A5.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI29A5.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI2AA8.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI2AA8.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI2AF.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI2AF.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI2BAF.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI2BAF.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI2D61.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI2D61.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI2E25.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI2E25.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI2E7F.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI2E7F.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI308A.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI308A.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI3170.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI3170.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI3176.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI3176.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI3210.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI3210.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI32F0.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI32F0.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI331F.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI331F.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI3354.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI3354.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI33FD.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI33FD.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI3445.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI3445.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI3789.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI3789.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI37E4.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI37E4.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI3AA2.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI3AA2.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI3BA5.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI3BA5.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI3BC8.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI3BC8.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI3BE7.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI3BE7.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI3CAD.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI3EDE.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI3EDE.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI4062.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI4062.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI41E9.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI41E9.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI4233.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI4233.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI424A.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI424A.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI42AC.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI42AC.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI42D6.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI42D6.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI42E8.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI42E8.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI4338.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI4338.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI43F7.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI43F7.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI4457.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI4457.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI44D8.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI44D8.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI46A3.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI46A3.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI47D1.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI47D1.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI47E9.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI47E9.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI4BDF.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI4BDF.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI4D6A.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI4D6A.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI4EEF.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI4EEF.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI4F31.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI4F31.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI4FB4.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI4FB4.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI515F.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI515F.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI51DB.tmp\speer.cab/speer.dll -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI52E0.tmp\multimpp.cab/multimpp.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI52E0.tmp\multimpp.cab/preInMPP.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI5321.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI5321.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI53C.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI53C.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI5483.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI5483.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI54B1.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI54B1.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI54F2.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI54F2.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI55CD.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI55CD.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI55D6.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI55D6.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI5769.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI5769.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI59AC.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI59AC.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI5A69.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI5A69.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI5A91.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI5A91.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI604F.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI604F.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI6197.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI6197.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI62DD.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI62DD.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI62DE.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI62DE.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI641.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI641.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI6424.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI6424.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI6489.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI660F.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI660F.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI6893.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI6893.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI68C0.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI68C0.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI6962.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI698B.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI698B.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI6A05.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI6A05.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI6AD2.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI6AD2.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI6B0A.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI6B0A.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI6C3.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI6C3.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI6F63.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI6FC7.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI6FC7.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI700C.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI700C.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI716D.tmp\multimpp.cab/multimpp.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI716D.tmp\multimpp.cab/preInMPP.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI7170.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI7170.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI7213.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI7358.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI7358.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI73DC.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI73DC.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI741.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI741.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI74E1.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI74E1.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI7523.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI7523.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI76CD.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI76CD.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI78F7.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI78F7.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI79DB.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI79DB.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI7A5F.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI7A5F.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI7AC1.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI7AC1.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI7B45.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI7B45.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI7B65.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI7B65.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI7C03.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI7C03.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI7C6B.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI7C6B.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI7D2F.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI7D2F.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI7D32.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI7E97.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI7E97.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI82.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THI82.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THIBE0.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THIBE0.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THICE4.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\THICE4.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\toolbar.cab/IExploreSkins.exe -> Spyware.WebSearch : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temp\toolbar.cab/toolbar.dll -> Spyware.WebSearch : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\2L0NU5Q1\WinTA[1].cab/WToolsA.exe -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\49K7CRSB\WinTB[1].cab/WToolsB.dll -> Spyware.Wintol : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\KXUB4TAF\Toolbar3[1].cab/IExploreSkins.exe -> Spyware.WebSearch : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\MRO74RAF\WinTB[1].cab/WToolsB.dll -> Spyware.Wintol : Cleaned with backup
C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\Y5V458JQ\WinTS[1].cab/WToolsS.exe -> TrojanDownloader.Wintool.f : Cleaned with backup
C:\Program Files\IncrediFind -> Spyware.Incredifind : Cleaned with backup
C:\Program Files\IncrediFind\BHO -> Spywa
  • 0

Advertisements


#2
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Hi suthrnpaw and welcome to the Geeks to Go Forums.

My name is Trevuren and I will be helping you with your log.

1. Download and run the following HijackThis autoinstall program from Here . Please choose the default location of C:\Program Files\ as the destination. HJT needs to be in its own folder so that the program itself isn't deleted by accident. Having the backups could be VITAL to restoring your system if something went wrong in the FIX process!
  • Run HijackThis
  • Click SCAN and SAVE LOG. (a notepad window will open with the log in it when you click Save Log) (Ctrl-A to'select all', Ctrl-C to 'copy')
  • POST the log into this thread using 'Add Reply' (Ctrl-V to 'paste')

DO NOT MAKE ANY CHANGES OR CLICK "FIX CHECKED" UNTIL WE CHECK THE LOG, AS MOST OF THE FILES ARE LEGIT AND VITAL TO THE FUNCTION OF YOUR COMPUTER


Regards,

Trevuren

  • 0

#3
suthrnpaw

suthrnpaw

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Thanks so much for the assistance Trevuren! Here is my HJT log:


Logfile of HijackThis v1.99.1
Scan saved at 9:45:18 AM, on 10/10/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\netbx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\winfp32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\InstallShield Software Corporation\802.11b Wireless Lan Utility\RtlWake.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\America Online 9.0\shellmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\romkd.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\romkd.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\romkd.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.seekerbar...spx?tb_id=50154
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\romkd.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\romkd.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\romkd.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\romkd.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {88289C47-A645-EF58-D2AA-35D1F783C7D6} - C:\WINDOWS\system32\ipxl.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Class - {B1B856A8-E2CF-6D0D-E2E2-6F519F010848} - C:\WINDOWS\winfp32.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {C871E993-FDEC-292E-86CE-435FEE5CFF75} - C:\WINDOWS\addqb32.dll (file missing)
O2 - BHO: Class - {EE97177B-4907-8370-869F-6F75B86D03A0} - C:\WINDOWS\system32\syszz.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll (file missing)
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\en-us\msntb.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\8.bin\mwsoemon.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [winfp32.exe] C:\WINDOWS\winfp32.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\RunOnce: [netbx.exe] C:\WINDOWS\system32\netbx.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - Global Startup: RtlWake.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: ChatSpace Full Java Client 3.1.0.224 - http://66.28.246.1:9...va/cfs31224.cab
O16 - DPF: ChatSpace Full Java Client 3.1.0.229 - http://surechat.com:...va/cfs31229.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://i.a.cnn.net/c...cult3d/cult.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1128892214385
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {768D513A-C75B-4FAA-8452-E906CDAB6545} (FVLiteLoad Class) - http://flipviewer.co...ite/fvliteY.cab
O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave....DL_DownLoad.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O23 - Service: Workstation NetLogon Service ( 11F#`I) - Unknown owner - C:\WINDOWS\system32\addtd32.exe" /s (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

#4
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
You currently have a program New.Net on your system that is malware and is seriously compromising your internet connection. The safe removal of this program and restoration of your connection is our prime concern at the moment.

1. As precautionary measures, please do the following:

A. backup the registry by going to Start>Run> and type regedit without the quotes. Then on the file menu choose backup registry in Windows 9x and export in XP.

B. Download the LSPfix.txt and read the readme file.

C. Download LSPfix.zip or LSPfix.exe

Use this program only if you can not connect to the Internet after removing New(Dot)Net.
---------------------------------------------------------
2. Follow these steps to remove NewDotNet:

A. Go to Start -> Control Panel.

B. Uninstall NewDotNet (New.Net) from Add/Remove Programs

C. Using Windows Explorer, DELETE This folder and all its content: C:\Program Files\New.Net
------------------------
3. If there are problems:(And only if there is a problem)

If there is no uninstall program listed then do the following:
Go to http://www.newdotnet.com/removal.html ; scroll down to Procedure 4 and follow the removal instructions.

If you can not connect to the Internet after removing New(Dot)Net, please run the LSP-Fix program downloaded earlier, and click on the "Finish" button.
***To start the LSPfix....Close all windows except LSPfix

Launch LSPfix.zip and install to its own folder, then click on LSPfix.exe. Or click on LSPfix.exe and it will launch the program.
-----------------------------

4. REBOOT your system.

5. Finally, run HijackThis, click SCAN, produce a LOG and POST it in this thread for review.

Regards,

Trevuren

  • 0

#5
suthrnpaw

suthrnpaw

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
When I am in the registry editor, there is no "backup registry" option under the file menu. It only says "import", "export", "connect network registry", "print", and "exit".

When I click on export, it gives me the save option to whatever location I choose. I want to follow your instructions in order, so I wanted to check with you about this before I assume anything and do something wrong.

Please advise, and thanks again for helping me out with this.
  • 0

#6
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
1. Choose "Export"

2. Choose "Desktop" as destination.

3. Don't worry, this seldom goes wrong.

Regards,

Trevuren

  • 0

#7
suthrnpaw

suthrnpaw

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
I was able to remove New.Net through the add/remove option in the control panel. Then deleted the program file for it. Rebooted.



Logfile of HijackThis v1.99.1
Scan saved at 1:29:16 PM, on 10/10/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\netbx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\winfp32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\InstallShield Software Corporation\802.11b Wireless Lan Utility\RtlWake.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\duxxw.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\duxxw.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\duxxw.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.seekerbar...spx?tb_id=50154
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\duxxw.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\duxxw.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\duxxw.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\duxxw.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {88289C47-A645-EF58-D2AA-35D1F783C7D6} - C:\WINDOWS\system32\ipxl.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Class - {B1B856A8-E2CF-6D0D-E2E2-6F519F010848} - C:\WINDOWS\winfp32.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {C871E993-FDEC-292E-86CE-435FEE5CFF75} - C:\WINDOWS\addqb32.dll (file missing)
O2 - BHO: Class - {CB91795C-C5E7-94BD-6A20-911D7A716D78} - C:\WINDOWS\system32\addcy.dll
O2 - BHO: Class - {EE97177B-4907-8370-869F-6F75B86D03A0} - C:\WINDOWS\system32\syszz.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll (file missing)
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\en-us\msntb.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\8.bin\mwsoemon.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [winfp32.exe] C:\WINDOWS\winfp32.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\RunOnce: [netbx.exe] C:\WINDOWS\system32\netbx.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: RtlWake.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: ChatSpace Full Java Client 3.1.0.224 - http://66.28.246.1:9...va/cfs31224.cab
O16 - DPF: ChatSpace Full Java Client 3.1.0.229 - http://surechat.com:...va/cfs31229.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://i.a.cnn.net/c...cult3d/cult.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1128892214385
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {768D513A-C75B-4FAA-8452-E906CDAB6545} (FVLiteLoad Class) - http://flipviewer.co...ite/fvliteY.cab
O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave....DL_DownLoad.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O23 - Service: Workstation NetLogon Service ( 11F#`I) - Unknown owner - C:\WINDOWS\system32\addtd32.exe" /s (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

#8
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Your system is infected with a variant of the About:Blank infection.
  • First we must STOP, and Disable a bad Added Service
    • Click Start>Run and type in: services.msc
    • Click OK
    • In the Services window find: Workstation NetLogon Service
    • Select/highlight and right click the entry, and choose: Properties
    • On the General tab, under Service Status click the Stop button
    • Beside: Startup Type, in the drop menu, select: Disabled
    • Click Apply, then OK
  • Download CWShredder
    Click check for updates. Do not use it yet.

  • A. Please download AboutBuster from the attachment to this post.

    B. Create a folder on your desktop and call it AboutBuster

    C. UNZIP the AboutBuster.zip file and extract all files to this newly created AboutBUster Folder

    D. Do NOT check for updates as the host site being down , the check for updates will make the downloaded file unusable. Do not Use it Yet

    E. If by any chance , check for update is done and error is shown , just unzip the downloadable zip file again and overwrite the existing AboutBuster which will bring back the original file again

  • Download: HomeSearchfix. Unzip it to your desktop. Do not use it yet.

  • Download Killbox
    Choose save as to your desktop. Unzip the file. Do not use it yet.

    Take care: some files can be hidden, so first go to start > control panel > folder options > view (tab) > mark show hidden files en extensions >OK

    Please print out these directions for in safe mode you will have to be disconnected from the internet. You should entirely disconnect (UNPLUG) from the internet!!!

  • Reboot your system intosafe mode for all OS

  • Close all windows and open HijackThis.
    • Click "scan only in the main window
    • Put a checkmark beside the following entries and click FIX checked.

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\duxxw.dll/sp.html#37049
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\duxxw.dll/sp.html#37049
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\duxxw.dll/sp.html#37049
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.seekerbar...spx?tb_id=50154
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\duxxw.dll/sp.html#37049
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\duxxw.dll/sp.html#37049
      R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\duxxw.dll/sp.html#37049
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\duxxw.dll/sp.html#37049
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
      R3 - Default URLSearchHook is missing
      O2 - BHO: Class - {88289C47-A645-EF58-D2AA-35D1F783C7D6} - C:\WINDOWS\system32\ipxl.dll (file missing)
      O2 - BHO: Class - {B1B856A8-E2CF-6D0D-E2E2-6F519F010848} - C:\WINDOWS\winfp32.dll
      O2 - BHO: Class - {C871E993-FDEC-292E-86CE-435FEE5CFF75} - C:\WINDOWS\addqb32.dll (file missing)
      O2 - BHO: Class - {CB91795C-C5E7-94BD-6A20-911D7A716D78} - C:\WINDOWS\system32\addcy.dll
      O2 - BHO: Class - {EE97177B-4907-8370-869F-6F75B86D03A0} - C:\WINDOWS\system32\syszz.dll (file missing)
      O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\8.bin\mwsoemon.exe
      O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
      O4 - HKLM\..\Run: [winfp32.exe] C:\WINDOWS\winfp32.exe
      O4 - HKLM\..\RunOnce: [netbx.exe] C:\WINDOWS\system32\netbx.exe
      O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
      O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
      O23 - Service: Workstation NetLogon Service ( 11F#`I) - Unknown owner - C:\WINDOWS\system32\addtd32.exe" /s (file missing)

  • Run CWShredder and choose FIX

  • Start AboutBuster and press START, and then OK. The program will start scanning.

  • Doubleclick HomeSearchfix.reg to merge the info to the registry. You will be prompted to accept the merge, answer YES.

  • Start Killbox
    • Place a checkmark next to [x] Delete On Reboot.
    • Highlight the following list and Copy it (Ctrl+C) to the windows clipboard.

      C:\WINDOWS\system32\netbx.exe
      C:\WINDOWS\winfp32.exe
      C:\WINDOWS\system32\duxxw.dll
      C:\WINDOWS\SYSTEM\blank.htm
      C:\WINDOWS\system32\ipxl.dll
      C:\WINDOWS\winfp32.dll
      C:\WINDOWS\addqb32.dll
      C:\WINDOWS\system32\addcy.dll
      C:\WINDOWS\system32\syszz.dll
      C:\PROGRA~1\MYWEBS~1\bar\8.bin\mwsoemon.exe
      C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
      c:\counter.cab
      C:\WINDOWS\system32\addtd32.exe

    • Back in Killbox, go > file > paste from clipboard,
    • Click the red highlighted X button and click yes to the prompt when all the files have been pasted.
    • Then click OK
    • Exit Killbox and Reboot your PC.
  • After the reboot, Start AboutBuster AGAIN and scan AGAIN.

  • Clean temporary files:
    • Go > start > run and type cleanmgr and OK
    • Scan your system for files to remove.
    • Make sure Temporary Files, Temporary Internet Files and Recycle Bin are the only things checked.
    • Click OK to remove those files.
    • Click Yes to confirm deletion.
  • Reboot your system into normal mode.

  • Download Ewido scan
    • Check for updates.
    • Let it do a full run.
    • Copy the log. Past it to a blank Notepad file and save it to post here.
  • Finally, run HijackThis, click SCAN, produce a LOG and POST it and the EWIDOscan log in this thread for review.
Regards,

Trevuren

  • 0

#9
suthrnpaw

suthrnpaw

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
OK, I followed the fix instructions. Everything went smoothly, except when I ran the HJT scan after booting in safe mode. The files you told me to delete were all present in the log, except this one:

O23 - Service: Workstation NetLogon Service ( 11F#`I) - Unknown owner - C:\WINDOWS\system32\addtd32.exe" /s (file missing)

I went ahead and deleted all the others, and continued with the fix.

Here are the latest Ewdio & HJT logs:


---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 4:50:47 PM, 10/10/2005
+ Report-Checksum: 8DE27DC5

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{676575DD-4D46-911D-8037-9B10D6EE8BB5} -> Spyware.CoolWebSearch : Cleaned with backup
C:\Documents and Settings\John\Cookies\john@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\John\Cookies\john@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\John\Cookies\john@atdmt[1].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\John\Cookies\john@doubleclick[2].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\John\Cookies\john@e-2dj6wjk4khc5chq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\John\Cookies\john@e-2dj6wjkokoc5sbp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\John\Cookies\john@e-2dj6wjl4gmczadp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\John\Cookies\john@mediaplex[2].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\John\Cookies\john@servedby.advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\John\Cookies\john@serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\John\Cookies\john@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\John\Cookies\john@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018555.dll -> Spyware.MyWebSearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018556.EXE -> Spyware.Wesbar : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018557.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018558.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018559.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018560.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018561.SCR -> Spyware.MyWebSearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018562.DLL -> Spyware.Wesbar : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018563.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018564.DLL -> Spyware.Wesbar : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018565.DLL -> Spyware.Wesbar : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018566.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018567.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018568.exe -> Spyware.Wesbar : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018569.dll -> Spyware.MyWebSearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018570.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018571.exe -> Spyware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018572.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018580.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018581.ini:dtccxe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018581.ini:hjncc -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018582.lnk:gveqvt -> TrojanDownloader.Agent.ap : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018582.lnk:stjjgw -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018586.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018587.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018590.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018592.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018593.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018595.ini:pgbnou -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018596.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018597.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018599.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018601.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018602.INI:claikz -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018602.INI:hthtm -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018602.INI:pvsxha -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018603.INI:mozulf -> TrojanDownloader.Agent.ap : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018603.INI:shpio -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018603.INI:ytptyd -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018604.lrs:aczaih -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018604.lrs:drrzap -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018604.lrs:emreo -> TrojanDownloader.Agent.cd : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018604.lrs:glymoy -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018604.lrs:mulpzf -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018604.lrs:oyteov -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018604.lrs:qubnet -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018604.lrs:vbhcvp -> TrojanDownloader.Agent.ap : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018606.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018609.INI:ekoyhb -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018609.INI:jbyhi -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018609.INI:lbbrbh -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018609.INI:prbuuq -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018609.INI:yzqxfh -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018610.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018611.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018614.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018616.INI:alofc -> TrojanDownloader.Agent.gs : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018616.INI:lpqptp -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018616.INI:msfwkg -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018616.INI:tljvwr -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018617.ini:aeufiq -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018617.ini:aodlhg -> Spyware.SearchPage : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018617.ini:juyobn -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018618.INI:kamql -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018618.INI:pupsb -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018618.INI:vqpiyc -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018618.INI:zkizk -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018619.ini:ytopcs -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018620.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018622.dll:iiuku -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018623.ini:eespzf -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018623.ini:pcbje -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018623.ini:tfknlf -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018625.ini:ejrvwm -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018625.ini:rbprdy -> TrojanDownloader.Agent.ap : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018625.ini:zgijwg -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018627.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018628.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018629.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018630.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018632.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018635.exe:eunjb -> Trojan.Feat.2 : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018638.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018642.INI:kkbbjl -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018642.INI:yhehz -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018643.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018644.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018646.dll:lgmfd -> TrojanDownloader.Agent.ap : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018648.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018649.ini:aeigdo -> Spyware.SearchPage : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018649.ini:bejdqn -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018649.ini:javwzo -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018649.ini:jibrap -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018649.ini:mjkbwf -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018649.ini:niltvc -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018649.ini:vyxwob -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018649.ini:zgxsax -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018650.exe:pyyqj -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018651.exe -> Spyware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018652.exe -> Spyware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018653.exe:irivl -> TrojanDownloader.Agent.cd : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018653.exe -> Spyware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018654.exe:ywdih -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018654.exe -> Spyware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018655.exe -> Spyware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018656.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018657.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018658.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018659.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018665.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018666.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018667.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018669.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018670.INI:iftsa -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018670.INI:jyfieh -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018670.INI:uzhpfi -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018671.ini:dgcpoz -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018671.ini:gsxpof -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018671.ini:izjacx -> Spyware.SearchPage : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018671.ini:vzpfe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018672.isu:dsnuwi -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018672.isu:goirrb -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018672.isu:jzpmab -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018672.isu:kugwjs -> TrojanDownloader.Agent.ap : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018672.isu:mzelk -> TrojanDownloader.Agent.gs : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018673.INI:hzfoda -> TrojanDownloader.Agent.ap : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018673.INI:ltpbqh -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018673.INI:reukwk -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018673.INI:ryqesl -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018673.INI:wqoay -> TrojanDownloader.Agent.gs : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018673.INI:xjennj -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018674.sys:kwpeu -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018675.EXE:bjonhm -> TrojanDownloader.Agent.ap : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018676.OLD:bvllce -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018676.OLD:esvpl -> TrojanDownloader.Agent.ap : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018676.OLD:psgewq -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018676.OLD:reqpww -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018676.OLD:rvqqcr -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018676.OLD:uouvia -> TrojanDownloader.Agent.ap : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018677.exe:mjdiyh -> Trojan.Feat.2 : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018678.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018679.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018682.EXE:cqzkfz -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018683.old:kcmtrt -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018683.old:klidem -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018683.old:nkepdh -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018683.old:rauwgn -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018683.old:ssbnso -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018685.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018688.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018689.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018690.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018691.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018692.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018693.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018696.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018698.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018699.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018702.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018704.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018708.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018711.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018712.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018716.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018719.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018720.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018722.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018723.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018724.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018726.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018727.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018730.scr -> Spyware.MyWebSearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018732.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018733.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018734.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018738.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018739.exe -> Backdoor.Netag : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018741.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018744.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018747.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018748.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018749.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018750.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018753.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018755.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018756.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018759.dll -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018761.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018763.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018764.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018765.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018769.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018774.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018780.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018786.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018788.EXE:ncpxmt -> Spyware.OneMoreSearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018788.EXE:roafg -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018789.DLL:jplki -> TrojanDownloader.Agent.cd : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018789.DLL:jskfk -> TrojanDownloader.Agent.cd : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018790.DLL:quzcc -> TrojanDownloader.Agent.an : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018791.DLL:quzcc -> TrojanDownloader.Agent.an : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018792.DLL:quzcc -> TrojanDownloader.Agent.db : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018793.EXE:qiwia -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018793.EXE:uctfbr -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018794.EXE:doqeln -> Spyware.OneMoreSearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018795.exe:ivshe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018796.exe:edeyye -> TrojanDownloader.Agent.ap : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018796.exe:ivshe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018797.INI:jjhoc -> TrojanDownloader.Agent.cd : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018797.INI:nadymz -> Spyware.SearchPage : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018797.INI:zssocs -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018798.ini:fjpxfq -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018798.ini:lnjhtj -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018799.INI:agufxo -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018799.INI:hlmdf -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018799.INI:kwfdcl -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018799.INI:targqu -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018799.INI:ttcacv -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018800.INI:nojpfn -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018800.INI:nzrfyl -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018800.INI:zoqkfc -> Spyware.SearchPage : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018801.ico:eyhfys -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018802.ico:cuaxd -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018802.ico:gixtqh -> TrojanDownloader.Agent.ap : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018802.ico:smeia -> TrojanDownloader.Agent.cd : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018802.ico:ueckck -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018803.ini:ifyuln -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018803.ini:iuivmn -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018803.ini:vjfehw -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP60\A0018804.DLL:uvsdx -> TrojanDownlo
  • 0

#10
suthrnpaw

suthrnpaw

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Sorry for the double post. I kept getting the "page cannot be displayed" error when I tried to post my reply. I had no idea it had posted.

Could this error be related to what we are doing?

Thanks for the continuing help.

Edited by suthrnpaw, 10 October 2005 - 04:35 PM.

  • 0

Advertisements


#11
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
No, it has to do with our server.

Please post a fresh HJT log for review.

Regards,

Trevuren

  • 0

#12
suthrnpaw

suthrnpaw

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Logfile of HijackThis v1.99.1
Scan saved at 5:51:46 PM, on 10/10/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\InstallShield Software Corporation\802.11b Wireless Lan Utility\RtlWake.exe
C:\PROGRA~1\COMMON~1\AOL\110772~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\110772~1\EE\AOLServiceHost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll (file missing)
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\en-us\msntb.dll
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\8.bin\mwsoemon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\8.bin\MWSOEMON.EXE
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\8.bin\MWSOEMON.EXE
O4 - Global Startup: RtlWake.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: ChatSpace Full Java Client 3.1.0.224 - http://66.28.246.1:9...va/cfs31224.cab
O16 - DPF: ChatSpace Full Java Client 3.1.0.229 - http://surechat.com:...va/cfs31229.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://i.a.cnn.net/c...cult3d/cult.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1128892214385
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {768D513A-C75B-4FAA-8452-E906CDAB6545} (FVLiteLoad Class) - http://flipviewer.co...ite/fvliteY.cab
O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave....DL_DownLoad.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

#13
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Do you really want to keep all that MyWay stuff even though they track your activities and contain adware?

Trevuren
  • 0

#14
suthrnpaw

suthrnpaw

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
No, I don't even know for sure how it got on the system. I would love to get rid of all of it.
  • 0

#15
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.
  • First we need to make all files and folders VISIBLE:
    • Go to start>control panel>folder options>view (tab)
    • Choose to "show hidden files and folders,"
    • Uncheck the "hide protected operating system files" and the "hide extensions for know file types" boxes.
    • Close the window with ok
  • Please RUN HijackThis.
    . Click the SCAN button to produce a log.

  • Place a check mark beside each one of the following items:

    O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\8.bin\mwsoemon.exe
    O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\8.bin\MWSOEMON.EXE
    O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\8.bin\MWSOEMON.EXE


  • Now with all the items selected, and all windows closed except for HJT, delete them by clicking the FIX checked button. Close the HijackThis window.

  • Reboot Your System in Safe Mode

    How to use the F8 method to Start Your Computer in Safe Mode

    • Restart the computer.
    • As soon as BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears.
    • Use the arrow keys to select the Safe mode menu item
    • Press Enter.
  • Using Windows Explorer, locate the following files/folders, and DELETE them (if they are present):

    C:\Program Files\MyWebSearch<==Folder
  • Exit Explorer, and REBOOT BACK INTO NORMAL MODE

  • Finally, RUN Hijackthis again and produce a new HJT log. Post it in the forum so we can check how everything looks now.
Regards,

Trevuren

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP