Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Hijacklog, Pop-up Problems [RESOLVED]

Started by Special C , Dec 03 2005 07:34 PM

  • This topic is locked This topic is locked

#16
Special C
Posted 04 December 2005 - 11:47 PM

Special C

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Ok, I don't have the time to do this scan at this moment, but I will run it tommorow and post the results here. Thank you for your help thus far =)
  • 0

Advertisements

#17
Trevuren
Posted 05 December 2005 - 12:00 AM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
A lot of people choose to run it overnight because it takes sooooo long. You may want to consider that option.

Trevuren
  • 0

#18
Special C
Posted 05 December 2005 - 01:07 PM

Special C

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Here is my (rather extensive) Microworld Virus Log Information

File C:\WINDOWS\system32\alrpclip.dll infected by "Trojan.Win32.Crypt.t" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Special C\Desktop\l2mfix\backup.zip tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
File C:\Documents and Settings\Special C\Desktop\l2mfix\dlls\dn0s01d7e.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
File C:\Documents and Settings\Special C\Desktop\l2mfix\dlls\p6p6lg7s16.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
Object "searchexe Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "troj/taladra-f BackDoor" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "target saver Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "webhancer Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "weatherbug Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "imiserver ieplugin Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "redv Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "redv Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "elite toolbar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "imiserver ieplugin Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "cws.therealsearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "cws.therealsearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "target saver Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Symantec\LiveUpdate\S32LIVE1.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Symantec\LiveUpdate\S32LUIS1.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\pxwma.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\MSXML3A.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\AOL\AOL Toolbar\bullet.gid". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\cmmgr32.exe" refers to invalid object "C:\WINDOWS\System32\cmmgr32.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\ORUN32.EXE" refers to invalid object "C:\WINDOWS\ORUN32.EXE". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\sinf.exe" refers to invalid object "C:\Program Files\Common Files\AOL\System Information\sinf.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\Tfaxext.exe" refers to invalid object "C:\TOSHIBA\TFaxExt\Tfaxext.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\Toshiba Tbiosdrv Driver" refers to invalid object "C:\Documents and Settings\Owner\Local Settings\Temp\WZS1.tmp\Toshiba Tbiosdrv Driver". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\TPSMain.exe" refers to invalid object "C:\Program Files\TOSHIBA\Power Saver\TPSMain.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\OFFICE\". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".blt". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".d2i". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".d2s". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".DEC". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ess". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".m4a". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".mp1". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".mpga". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".pf". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ssm". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".svn-work". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".toc". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".w3z". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object "OpenWithList". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "America Online us". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "AOL Instant Messenger". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "ieupdate". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB820696". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB821557". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB822603". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB822624". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB823182". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB823559". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB824105". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB824141". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB824146". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB825119". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB828035". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB828741". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB833407". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB835732". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB837001". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB839643-DirectX9". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB840374". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB842773". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "LiveReg". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "oeupdate". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q327979". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q329048". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "q329112". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q329115". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q329170". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q329390". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q329441". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "q329623". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q329692". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q329834". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q331953". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q810565". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q810577". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q810583". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q810833". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q811493". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q814033". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q815021". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q816650". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q817287". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q817357". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "q817434". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q817606". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q828026". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "TOSHIBA Software Upgrades". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "webHancer Agent". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "whSurvey". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0A99FD75-B264-48FC-AE49-924A646964B8}" refers to invalid object "C:\PROGRA~1\COMMON~1\AOL\AOLTOO~1\smartbox.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0ED40800-D38D-11D3-B562-00902771A435}" refers to invalid object "C:\Program Files\Symantec\LiveUpdate\LuComServerPS.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{142FB276-7C38-4BB4-B475-3F9233B3EFF8}" refers to invalid object "C:\Program Files\Norton AntiVirus\navapsvc.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{17580E5E-7B07-11D2-BF1F-00A024D73444}" refers to invalid object "C:\Program Files\Symantec\LiveUpdate\ProductRegComPS.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{4C171D40-8277-11D5-AD55-00010333D0AD}" refers to invalid object "C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{59EC0340-7506-11D2-B05F-00C04F7F89FE}" refers to invalid object "C:\Program Files\AIM\AimApi.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{660B82AF-A571-4A19-AC54-5E6E63969676}" refers to invalid object "C:\PROGRA~1\COMMON~1\AOL\AOLTOO~1\smartbox.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{756A2CB8-EC02-4DC8-8588-296C611A5365}" refers to invalid object "C:\Program Files\Common Files\aolshare\Coach\Player\coachdm2.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{83D4679F-B6D7-11D2-BF36-00C04FB90A03}" refers to invalid object "C:\PROGRA~1\MESSEN~1\rtcimsp.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BE265956-6F5F-4790-9CAB-EDFAC64362EF}" refers to invalid object "C:\Program Files\AIM\rtvideo.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{EE7CB360-F635-449D-BBB1-0D844F2A269D}" refers to invalid object "C:\Program Files\Common Files\AOL\AOL Toolbar\AOLHelper.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{12D56325-94E3-4E74-A91B-586982151C2F}" refers to invalid object "C:\Program Files\Common Files\aolshare\Coach\Player\coachdm2.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{307DE02D-679A-49B9-B582-6E623BE9386F}" refers to invalid object "C:\Program Files\Common Files\aolshare\Coach\Player\coachdm2.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{3C2D2A1E-031F-4397-9614-87C932A848E0}" refers to invalid object "C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{5FE16E42-47D1-471A-BEFF-9C650F9F43BB}" refers to invalid object "C:\Program Files\Common Files\AOL\AOL Toolbar\AOLHelper.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{96039CF0-551B-48DC-9DC4-1D5D1E4AF98E}" refers to invalid object "C:\Program Files\AIM\rtvideo.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{D6081D20-515B-43ED-AA43-4B5578DB4C06}" refers to invalid object "C:\DOCUME~1\SPECIA~1\LOCALS~1\Temp\Excel8.0\MSForms.exd". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{DCB43485-19FB-4D6D-BB3D-73C7F48D5F00}" refers to invalid object "C:\Program Files\Messenger\rtcimsp.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{F99B46D1-9DE1-432B-8E89-D1D751341F8C}" refers to invalid object "C:\PROGRA~1\COMMON~1\AOL\AOLTOO~1\smartbox.dll". Action Taken: No Action Taken.
Entry "HKCR\.sll" refers to invalid object "SSLFile". Action Taken: No Action Taken.
Entry "HKCR\Alg.AlgSetup" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.
Entry "HKCR\Alg.AlgSetup.1" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.
Entry "HKCR\CoachDM.WebCoachDownload" refers to invalid object "{E04EAE82-14AD-41CB-BF5A-45556ABB8347}". Action Taken: No Action Taken.
Entry "HKCR\CoachDM.WebCoachDownload.1" refers to invalid object "{E04EAE82-14AD-41CB-BF5A-45556ABB8347}". Action Taken: No Action Taken.
Entry "HKCR\ComPlusMetaData.MsCorHost" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken.
Entry "HKCR\ComPlusMetaData.MsCorHost.2" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken.
Entry "HKCR\Connection Manager Profile\shell\open\command" refers to invalid object "C:\WINDOWS\System32\CMMGR32.EXE "%1"". Action Taken: No Action Taken.
Entry "HKCR\DSP.DSP" refers to invalid object "{9C123EA9-AEC9-4f75-BBC0-7565FA1398966}". Action Taken: No Action Taken.
Entry "HKCR\DSP.DSPDMOProp_Chorus.1" refers to invalid object "{6F63B172-5543-4593-91CE-EDBA65B9FACDB}". Action Taken: No Action Taken.
Entry "HKCR\Lzh-Archiv\shell\open\command" refers to invalid object ""C:\Program Files\WinAce\WinAce.exe" "%1"". Action Taken: No Action Taken.
Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken.
Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Entry "HKCR\Messenger.MessengerApp" refers to invalid object "{FB7199AB-79BF-11d2-8D94-0000F875C541}". Action Taken: No Action Taken.
Entry "HKCR\Messenger.MessengerApp.1" refers to invalid object "{FB7199AB-79BF-11d2-8D94-0000F875C541}". Action Taken: No Action Taken.
Entry "HKCR\MiniBugTransporter.MiniBugTransporterX" refers to invalid object "{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}". Action Taken: No Action Taken.
Entry "HKCR\MiniBugTransporter.MiniBugTransporterX.1" refers to invalid object "{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}". Action Taken: No Action Taken.
Entry "HKCR\msbackupfile\shell\open\command" refers to invalid object "%SystemRoot%\system32\ntbackup.exe". Action Taken: No Action Taken.
Entry "HKCR\Plenoptic.Plenoptic" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
Entry "HKCR\Plenoptic.Plenoptic.1" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
Entry "HKCR\ppifile\shell\open\command" refers to invalid object "%SystemRoot%\System32\msppcnfg.exe /Config %1". Action Taken: No Action Taken.
Entry "HKCR\RTCCore.RTCClient" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.
Entry "HKCR\RTCCore.RTCClient.1" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.
Entry "HKCR\SymWriter.pdb" refers to invalid object "{520DC67A-752E-11D3-8D56-00C04F680B2B}". Action Taken: No Action Taken.
Entry "HKCR\TesCsFile\shell\open\command" refers to invalid object "C:\Program Files\Bethesda Softworks\Morrowind\\TES3 Construction Set.exe". Action Taken: No Action Taken.
Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr.1" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
File C:\WINDOWS\system32\alrpclip.dll infected by "Trojan.Win32.Crypt.t" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\system32\sjrstr.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
File C:\Documents and Settings\Special C\Desktop\l2mfix\backup.zip tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
File C:\Documents and Settings\Special C\Desktop\l2mfix\dlls\dn0s01d7e.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
File C:\Documents and Settings\Special C\Desktop\l2mfix\dlls\p6p6lg7s16.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
File C:\Documents and Settings\Special C\My Documents\HopsterSetup.exe tagged as "not-a-virus:AdWare.Win32.WebHancer.320". Action Taken: No Action Taken.
File C:\Program Files\AnalogX\Proxy\proxy.exe tagged as not-a-virus:Server-Proxy.Win32.AnalogX.414. No Action Taken.
File C:\Program Files\mIRC\mirc.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.616. No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP345\A0117588.dll tagged as "not-a-virus:AdWare.Win32.Suggestor.o". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP345\A0117591.exe infected by "Trojan-Downloader.Win32.Small.bke" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP345\A0117596.exe infected by "Trojan-Downloader.Win32.Small.buy" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP345\A0117625.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP345\A0117633.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP345\A0117634.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP345\A0117642.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP345\A0117643.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP345\A0117652.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP345\A0117653.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP345\A0117660.exe infected by "Trojan.Win32.StartPage.aw" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP347\A0117907.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP347\A0117912.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP347\A0118907.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP347\A0118919.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP347\A0118924.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP347\A0118932.exe tagged as "not-a-virus:AdWare.Win32.WebHancer.351". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP347\A0118934.dll tagged as "not-a-virus:AdWare.Win32.WebHancer.381". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP347\A0118935.exe tagged as "not-a-virus:AdWare.Win32.WebHancer.381". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP347\A0118942.exe tagged as "not-a-virus:AdWare.Win32.WebHancer". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP347\A0118948.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP348\A0119152.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP348\A0119157.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP348\A0119160.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP348\A0119164.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP348\A0119168.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP348\A0119172.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP348\A0119177.dll tagged as "not-a-virus:AdWare.Win32.TimeSink.c". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP348\A0119178.exe tagged as "not-a-virus:AdWare.Win32.TimeSink". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP348\A0119187.dll tagged as "not-a-virus:AdWare.Win32.WebHancer". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP348\A0119189.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP348\A0119193.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP348\A0119205.exe infected by "Trojan.Win32.Crypt.t" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP348\A0119206.exe infected by "Trojan-Downloader.Win32.VB.ri" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP348\A0119207.exe infected by "Trojan-Downloader.Win32.Small.bke" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP348\A0119208.exe tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP348\A0119209.exe infected by "Trojan-Downloader.Win32.Small.buy" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP348\A0119211.exe infected by "Trojan-Downloader.Win32.TSUpdate.l" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP348\A0119213.exe infected by "Trojan-Downloader.Win32.TSUpdate.n" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP348\A0119214.exe infected by "Trojan-Downloader.Win32.TSUpdate.f" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP348\A0119215.dll tagged as "not-a-virus:AdWare.Win32.Suggestor.o". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP348\A0119216.exe infected by "Trojan-Downloader.Win32.TSUpdate.o" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP348\A0119217.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP348\A0119218.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP348\A0119219.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP348\A0119220.dll tagged as "not-a-virus:AdWare.Win32.TimeSink.c". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP348\A0119223.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP348\A0119228.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP348\A0119245.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP348\A0119249.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP348\A0119255.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP348\A0119259.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP348\A0119261.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\alrpclip.dll infected by "Trojan.Win32.Crypt.t" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\system32\sjrstr.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\45OD89ST\CA2ROF16.htm infected by "Exploit.HTML.Mht" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\KXS5IPKL\CAIBSNJC.htm infected by "Exploit.HTML.Mht" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Special C\Desktop\l2mfix\backup.zip tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
File C:\Documents and Settings\Special C\Desktop\l2mfix\dlls\dn0s01d7e.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
File C:\Documents and Settings\Special C\Desktop\l2mfix\dlls\p6p6lg7s16.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
File C:\Documents and Settings\Special C\My Documents\HopsterSetup.exe tagged as "not-a-virus:AdWare.Win32.WebHancer.320". Action Taken: No Action Taken.
File C:\Program Files\AnalogX\Proxy\proxy.exe tagged as not-a-virus:Server-Proxy.Win32.AnalogX.414. No Action Taken.
File C:\Program Files\mIRC\mirc.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.616. No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP345\A0117588.dll tagged as "not-a-virus:AdWare.Win32.Suggestor.o". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP345\A0117591.exe infected by "Trojan-Downloader.Win32.Small.bke" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP345\A0117596.exe infected by "Trojan-Downloader.Win32.Small.buy" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP345\A0117625.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP345\A0117633.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP345\A0117634.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP345\A0117642.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP345\A0117643.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP345\A0117652.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP345\A0117653.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP345\A0117660.exe infected by "Trojan.Win32.StartPage.aw" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP347\A0117907.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP347\A0117912.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP347\A0118907.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP347\A0118919.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP347\A0118924.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP347\A0118932.exe tagged as "not-a-virus:AdWare.Win32.WebHancer.351". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP347\A0118934.dll tagged as "not-a-virus:AdWare.Win32.WebHancer.381". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP347\A0118935.exe tagged as "not-a-virus:AdWare.Win32.WebHancer.381". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP347\A0118942.exe tagged as "not-a-virus:AdWare.Win32.WebHancer". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP347\A0118948.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP348\A0119152.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP348\A0119157.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP348\A0119160.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP348\A0119164.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP348\A0119168.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP348\A0119172.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP348\A0119177.dll tagged as "not-a-virus:AdWare.Win32.TimeSink.c". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP348\A0119178.exe tagged as "not-a-virus:AdWare.Win32.TimeSink". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP348\A0119187.dll tagged as "not-a-virus:AdWare.Win32.WebHancer". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP348\A0119189.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP348\A0119193.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP348\A0119205.exe infected by "Trojan.Win32.Crypt.t" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP348\A0119206.exe infected by "Trojan-Downloader.Win32.VB.ri" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP348\A0119207.exe infected by "Trojan-Downloader.Win32.Small.bke" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP348\A0119208.exe tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP348\A0119209.exe infected by "Trojan-Downloader.Win32.Small.buy" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP348\A0119211.exe infected by "Trojan-Downloader.Win32.TSUpdate.l" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP348\A0119213.exe infected by "Trojan-Downloader.Win32.TSUpdate.n" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP348\A0119214.exe infected by "Trojan-Downloader.Win32.TSUpdate.f" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP348\A0119215.dll tagged as "not-a-virus:AdWare.Win32.Suggestor.o". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP348\A0119216.exe infected by "Trojan-Downloader.Win32.TSUpdate.o" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP348\A0119217.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP348\A0119218.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP348\A0119219.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP348\A0119220.dll tagged as "not-a-virus:AdWare.Win32.TimeSink.c". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP348\A0119223.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP348\A0119228.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP348\A0119245.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP348\A0119249.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP348\A0119255.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP348\A0119259.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP348\A0119261.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\system32\alrpclip.dll infected by "Trojan.Win32.Crypt.t" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\system32\sjrstr.dll tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
File C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\45OD89ST\CA2ROF16.htm infected by "Exploit.HTML.Mht" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\KXS5IPKL\CAIBSNJC.htm infected by "Exploit.HTML.Mht" Virus! Action Taken: No Action Taken.
  • 0

#19
Trevuren
Posted 05 December 2005 - 04:37 PM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
A. Please download the Killbox by Option^Explicit.

Note:In the event you already have Killbox, this is a new version that I need you to download.
  • Save it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Select
    • "Delete on Reboot
    • In the main Killbox Window, Press the "All Files" button
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C

    C:\WINDOWS\system32\alrpclip.dll
    C:\WINDOWS\system32\sjrstr.dll
    C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\45OD89ST\CA2ROF16.htm
    C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\KXS5IPKL\CAIBSNJC.htm

  • Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
  • Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.
If your computer does not restart automatically, please restart it manually.


B. Please update your Ewido definitions, run the program in Safe Mode, save the log and post it in your reply along with a fresh HJT.

Regards,

Trevuren
  • 0

#20
Special C
Posted 06 December 2005 - 12:33 AM

Special C

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 1:27:59 AM, 12/6/2005
+ Report-Checksum: A9245787

+ Scan result:

C:\!KillBox\sjrstr.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Special C\Cookies\special c@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Special C\Cookies\special [email protected][1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Special C\Cookies\special c@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Special C\Cookies\special [email protected][2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Special C\Cookies\special c@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Special C\Cookies\special [email protected][2].txt -> Spyware.Cookie.Casinolasvegas : Cleaned with backup
C:\Documents and Settings\Special C\Cookies\special [email protected][2].txt -> Spyware.Cookie.Goldenpalace : Cleaned with backup
C:\Documents and Settings\Special C\Cookies\special c@bluestreak[1].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Special C\Cookies\special c@casinolasvegas[1].txt -> Spyware.Cookie.Casinolasvegas : Cleaned with backup
C:\Documents and Settings\Special C\Cookies\special c@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Special C\Cookies\special c@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Special C\Cookies\special c@goldenpalace[1].txt -> Spyware.Cookie.Goldenpalace : Cleaned with backup
C:\Documents and Settings\Special C\Cookies\special [email protected][1].txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Special C\Cookies\special c@tradedoubler[1].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Special C\Cookies\special c@trafficmp[2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Special C\Cookies\special [email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Special C\Desktop\l2mfix\backup.zip/dlls/dn0s01d7e.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Special C\Desktop\l2mfix\backup.zip/dlls/p6p6lg7s16.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Special C\Desktop\l2mfix\dlls\dn0s01d7e.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Special C\Desktop\l2mfix\dlls\p6p6lg7s16.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Special C\Local Settings\Temp\Cookies\special [email protected][1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Special C\Local Settings\Temp\Cookies\special [email protected][1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Special C\Local Settings\Temp\Cookies\special c@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Special C\Local Settings\Temp\Cookies\special [email protected][1].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Special C\Local Settings\Temp\Cookies\special c@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Special C\Local Settings\Temp\Cookies\special c@doubleclick[2].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Special C\Local Settings\Temp\Cookies\special [email protected][2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Special C\Local Settings\Temp\Cookies\special c@tradedoubler[1].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Special C\Local Settings\Temp\Cookies\special c@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Special C\Local Settings\Temp\Cookies\special [email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\WINDOWS\Temp\Cookies\special [email protected][1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\WINDOWS\Temp\Cookies\special [email protected][2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\WINDOWS\Temp\Cookies\special [email protected][2].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\WINDOWS\Temp\Cookies\special [email protected][2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\WINDOWS\Temp\Cookies\special c@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\WINDOWS\Temp\Cookies\special [email protected][1].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\WINDOWS\Temp\Cookies\special [email protected][2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\WINDOWS\Temp\Cookies\special c@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\WINDOWS\Temp\Cookies\special c@bluestreak[1].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\WINDOWS\Temp\Cookies\special [email protected][1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\WINDOWS\Temp\Cookies\special c@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\WINDOWS\Temp\Cookies\special c@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\WINDOWS\Temp\Cookies\special [email protected][2].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\WINDOWS\Temp\Cookies\special c@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\WINDOWS\Temp\Cookies\special c@fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\WINDOWS\Temp\Cookies\special c@hypertracker[1].txt -> Spyware.Cookie.Hypertracker : Cleaned with backup
C:\WINDOWS\Temp\Cookies\special c@mediaplex[2].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\WINDOWS\Temp\Cookies\special c@paypopup[1].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\WINDOWS\Temp\Cookies\special c@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\WINDOWS\Temp\Cookies\special c@serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\WINDOWS\Temp\Cookies\special c@targetnet[2].txt -> Spyware.Cookie.Targetnet : Cleaned with backup
C:\WINDOWS\Temp\Cookies\special c@tradedoubler[1].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
C:\WINDOWS\Temp\Cookies\special c@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\WINDOWS\Temp\Cookies\special c@tribalfusion[2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\WINDOWS\Temp\Cookies\special c@valueclick[1].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\WINDOWS\Temp\Cookies\special c@yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\WINDOWS\Temp\Cookies\special [email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned with backup


::Report End




Logfile of HijackThis v1.99.1
Scan saved at 1:32:54 AM, on 12/6/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\1133642558\ee\AOLSoftware.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RAMASST.exe
c:\program files\common files\aol\1133642558\ee\aim6.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\toshiba\ivp\swupdate\swupdtmr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlantafalcons.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com
O1 - Hosts: re.com
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1133642558\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: WindowsUpdate - C:\WINDOWS\system32\p6p6lg7s16.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Swupdtmr - Unknown owner - c:\toshiba\ivp\swupdate\swupdtmr.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

#21
Trevuren
Posted 06 December 2005 - 12:43 AM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
We must disable Spy Sweeper for it may interfere with our fix

To disable SpySweeper:
  • Open SpySweeper, click >Options over to the left then >program options >Uncheck "load at windows startup".
  • Over to the left, click "shields" and uncheck all there.
  • Uncheck "home page shield".
  • Uncheck 'automaticly restore default without notifiction
  • Please RUN HijackThis.
    . Click the SCAN button to produce a log.

  • Place a check mark beside each one of the following items:

    O1 - Hosts: re.com
    O20 - Winlogon Notify: WindowsUpdate - C:\WINDOWS\system32\p6p6lg7s16.dll (file missing)

  • Now with all the items selected, and all windows closed except for HJT, delete them by clicking the FIX checked button. Close the HijackThis window.

  • Reboot Your System


  • Finally, RUN Hijackthis again and produce a new HJT log. Post it in the forum so we can check how everything looks now. In addition, please tell me if there are any more malware problems that you are aware of.
Regards,

Trevuren
  • 0

#22
Special C
Posted 06 December 2005 - 12:58 AM

Special C

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
The random pop-ups ceased a copuple of fixes ago, but I still get pop-ups when I am using my browser.

Logfile of HijackThis v1.99.1
Scan saved at 1:57:24 AM, on 12/6/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\1133642558\ee\AOLSoftware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RAMASST.exe
c:\program files\common files\aol\1133642558\ee\aim6.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
c:\toshiba\ivp\swupdate\swupdtmr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlantafalcons.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1133642558\ee\AOLSoftware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Swupdtmr - Unknown owner - c:\toshiba\ivp\swupdate\swupdtmr.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

#23
Trevuren
Posted 06 December 2005 - 01:07 AM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
I guess that it is time for me to dig into my bag of tricks a little deeper. I don't think I have many left.

Please print out these instructions for reference, since you will have to restart your computer during the fix.

1. Please download AproposFix from here:
http://swandog46.gee.../aproposfix.exe

2. Save it to your desktop but Do NOT RUN IT YET.

3. Then please Reboot your computer in Safe Mode by doing the following:

A) Restart your computer.
B) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
C) Instead of Windows loading as normal, a menu should appear
D) Select the first option, to run Windows in Safe Mode.


4. Once in Safe Mode
  • Double-click aproposfix.exe and unzip it to the desktop.
  • Open the aproposfix folder on your desktop
  • Run RunThis.bat.
  • Follow the prompts.
5. When the tool is finished
  • Reboot back into normal mode
  • Post a new HijackThis log, along with the entire contents of the log.txt file in the aproposfix folder. (Please also comment on the presence/adsence of popups).
Regards,

Trevuren
  • 0

#24
Special C
Posted 06 December 2005 - 01:27 AM

Special C

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I spent some time web-browsing and did not get a single pop-up! Seems as if the problem is fixed as I usually have them by now. Thanks for your help. Here are the logs.

Log of AproposFix v1

************

Running from directory:
C:\Documents and Settings\Special C\Desktop\aproposfix

************

Registry entries found:

[HKEY_LOCAL_MACHINE\Software\C1iesAC9ZXtm]
@=":5zwLSVdeedeefeTOilkjjdeedtge9z0u195eVbVWHPkjeGULYHUVeSDUiVQaafVbV"
"Device"="\\\\.\\ql14322"
"DriverPath"="C:\\WINDOWS\\system32\\drivers\\par1snxx.sys"
"DriverName"="MSIFips"
"HideUninstallerName"="C:\\Program Files\\Diradobe\\mcdkbdsw.exe"
"HDll"="C:\\WINDOWS\\system32\\alrpclip.dll"
"ServerAddress"="adchannel.contextplus.net"
"LegalNote"="http://adchannel.con...onbranded.html"
"PartnerId"="CP.LAV"
"InstallationId"="{X7214ab3-cd98-1706-d50e-17eb8bf41db7}"
"PageFiltering"=dword:00000001
"CrMnTmt"=dword:0036ee80
"ClientName"="C:\\Program Files\\Diradobe\\expledit.exe"
"AutoUpdater"="C:\\WINDOWS\\system32\\lautwh32.exe"
"Version"="2.0.131"

************

Removing hidden service:
Service MSIFips removed.

Removing hidden folder:
Deletion of folder Diradobe succeeded!

Deleting files:

Deletion of file C:\WINDOWS\system32\drivers\par1snxx.sys succeeded!
Deletion of file C:\WINDOWS\system32\lautwh32.exe succeeded!
Deletion of file C:\WINDOWS\system32\alrpclip.dll succeeded!

Backing up files:
Done!

Removing registry entries:

REGEDIT4

[-HKEY_CURRENT_USER\Software\C1iesAC9ZXtm]
[-HKEY_LOCAL_MACHINE\Software\C1iesAC9ZXtm]

Done!

Finished!




Logfile of HijackThis v1.99.1
Scan saved at 2:27:40 AM, on 12/6/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\1133642558\ee\AOLSoftware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RAMASST.exe
c:\program files\common files\aol\1133642558\ee\aim6.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\NOTEPAD.EXE
c:\toshiba\ivp\swupdate\swupdtmr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlantafalcons.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1133642558\ee\AOLSoftware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Swupdtmr - Unknown owner - c:\toshiba\ivp\swupdate\swupdtmr.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

#25
Trevuren
Posted 06 December 2005 - 01:36 AM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Your system was infected by a "rootkit" A biggie.

Congratulations, your log shows that your SYSTEM IS CLEAN

There are a few things you must do once you are completely clean:

1. Re-hide your System Files and Folders to prevent any future accidents.

Reconfigure Windows XP to hide hidden files:
  • Click Start. Open My Computer.
  • Select the Tools menu and click Folder Options. Select the View Tab.
  • Under the Hidden files and folders heading deselect "Show hidden files and folders".
  • Check the "Hide protected operating system files (recommended)" option.
  • Click Yes to confirm. Click OK.
2. Reset and Re-enable your System Restore to remove bad files from the backup that Windows makes as no program is able to clean those files:

TO DISABLE SYSTEM RESTORE
  • Right-click "My Computer", and then left click "Properties".
  • Left click on "System Restore Tab"
  • Check box beside "Turn Off System Restore"
  • Left click on "Apply"
TO ENABLE SYSTEM RESTORE
  • Remove check mark from "Turn Off System Restore"
  • Click on "Apply"
Here are some tips to reduce the potential for spyware infection in the future:

Make sure you keep your Windows OS current by visiting Windows update
regularly to download and install any critical updates and service packs. With out these you are leaving the backdoor open.

I strongly recommend installing the following applications:
  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
  • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
  • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
  • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.
To protect yourself further:
  • Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
And also see TonyKlein's good advice
So how did I get infected in the first place? (My Favorite)

Regards,

Trevuren
  • 0

Advertisements

#26
Trevuren
Posted 08 December 2005 - 07:00 PM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP