Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

problem with Vundo and WinAntiSpyware [CLOSED]

Started by soaoroaoh , Oct 09 2005 08:39 PM

This topic is locked

#16
Trevuren

Posted 18 October 2005 - 09:06 PM

Old Dog

Retired Staff
18,699 posts

A. Please download the Killbox by Option^Explicit.

Note:In the event you already have Killbox, this is a new version that I need you to download.

Save it to your desktop.
Please double-click Killbox.exe to run it.
Select
- "Delete on Reboot".
- "End Explorer Shell While Killing File"
Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C

C:\WINDOWS\system32\awvts.dll
Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If your computer does not restart automatically, please restart it manually.

B. Please do an online scan with Kaspersky WebScanner

Next Click on Launch Kaspersky Anti-Virus Web Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
Standard
- Scan Options:
Scan Archives
Scan Mail Bases
Click OK
Now under select a target to scan:Select My Computer
This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste that information into your next post.

Regards

Trevuren

#17
soaoroaoh

Posted 18 October 2005 - 11:36 PM

Member

Topic Starter
Member
13 posts

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Wednesday, October 19, 2005 00:35:52
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 19/10/2005
Kaspersky Anti-Virus database records: 145575
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 82417
Number of viruses found: 13
Number of infected objects: 25
Number of suspicious objects: 1
Duration of the scan process: 5285 sec

Infected Object Name - Virus Name
C:\Documents and Settings\Sarah Price\Local Settings\Temporary Internet Files\Content.IE5\0XAN4X2N\deliver46860[1].htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\09A82D74.exe Infected: Trojan-Downloader.Win32.Agent.hw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\20C82572.dll Infected: Trojan-Downloader.Win32.IstBar.kg
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\302245F1.exe Infected: Trojan-Downloader.Win32.Adload.a
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\302245F1.tcf Infected: Trojan-Downloader.Win32.Adload.a
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\30256FED.exe Infected: Trojan-Downloader.Win32.Agent.hw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\303317DF.dll Infected: Trojan-Downloader.Win32.IstBar.kg
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\303317DF.exe Infected: Trojan-Downloader.Win32.IstBar.ij
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\30396BD8.exe Infected: Trojan-Downloader.Win32.IstBar.gen
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\304369CD.dll Infected: Trojan-Downloader.Win32.Dyfuca.gen
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\304369CD.tcf Infected: Trojan-Downloader.Win32.Dyfuca.gen
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\304613C9.exe Infected: Trojan-Downloader.Win32.Dyfuca.ei
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3D180AF6.exe Infected: Trojan.Win32.Pakes
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3F524BA4.tmp Infected: Email-Worm.Win32.Sober.p
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3F66478E.tmp Infected: Email-Worm.Win32.Sober.p
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP5\A0030586.dll Infected: Trojan-Downloader.Win32.IstBar.kg
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP8\A0031258.exe Infected: Trojan-Downloader.Win32.Dyfuca.ei
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP8\A0031322.DLL Infected: Trojan-Downloader.Win32.IstBar.gen
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP8\A0031324.exe Infected: Trojan-Downloader.Win32.IstBar.gen
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP8\A0031371.exe Infected: Trojan-Downloader.Win32.IstBar.jm
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP8\A0031380.dll Infected: Trojan.Win32.Crypt.o
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP8\A0031381.dll Infected: Trojan.Win32.Crypt.o
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP8\A0031382.dll Infected: Trojan.Win32.Crypt.o
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP8\A0031383.dll Infected: Trojan.Win32.Crypt.o
C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP8\A0031384.dll Infected: Trojan.Win32.Crypt.o
C:\WINDOWS\system32\mllji.dll Infected: Trojan-Downloader.Win32.ConHook.l

Scan process completed.

#18
Trevuren

Posted 19 October 2005 - 10:35 AM

Old Dog

Retired Staff
18,699 posts

So that is good! The items are either in your system Restore cache which we will clean out at the end or in your Norton Quarantine which you can empty/delete using instructions found with the program.

For the others:

A. Please download the Killbox by Option^Explicit.

Note:In the event you already have Killbox, this is a new version that I need you to download.

Save it to your desktop.
Please double-click Killbox.exe to run it.
Select
- "Delete on Reboot".
- "End Explorer Shell While Killing File"
Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C

C:\Documents and Settings\Sarah Price\Local Settings\Temporary Internet Files\Content.IE5\0XAN4X2N\deliver46860[1].htm
C:\WINDOWS\system32\mllji.dll
Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If your computer does not restart automatically, please restart it manually.

B. Finally, run HijackThis, click SCAN, produce a LOG and POST it in this thread for review.

Regards,

Trevuren

#19
soaoroaoh

Posted 19 October 2005 - 11:59 AM

Member

Topic Starter
Member
13 posts

Logfile of HijackThis v1.99.1
Scan saved at 12:57:49 PM, on 10/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\EzButton\EzButton.EXE
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\System32\ZoomingHook.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\system32\hphmon04.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Toshiba\ConfigFree\CFSServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://careers.ns.utexas.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshibadirect.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXE
O4 - HKLM\..\Run: [NDSTray.exe] C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [ZoomingHook] c:\WINDOWS\System32\ZoomingHook.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [Notebook Maximizer] C:\Program Files\Notebook Maximizer\maximizer_startup.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CFSServ.exe] C:\Program Files\Toshiba\ConfigFree\CFSServ.exe -NoClient
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgall..._1/axofupld.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

#20
Trevuren

Posted 19 October 2005 - 12:19 PM

Old Dog

Retired Staff
18,699 posts

Your log looks good. If you have no more malware-related problems that you are aware of, just give me the OK and we can start the final but essential cleanup procedures.

Trevuren

#21
soaoroaoh

Posted 19 October 2005 - 09:28 PM

Member

Topic Starter
Member
13 posts

there is still something on my computer that turns words on webpages into links.. for example if i was on a website that had the text "diet" it would turn that word into a link to a dieting site. I've had this problem before a long time ago but had eliminated it. I've used spybot again and run Norton, but it's still there. Any suggestions?

#22
Trevuren

Posted 20 October 2005 - 11:07 AM

Old Dog

Retired Staff
18,699 posts

This sounds more like a setting that you have set on your Google Toolbar. Your log is clean. We will nevertheless check out your whole system.

I need you to download MWav to a convenient location.

This scan might take around 3+ hours to finish when set to scan everything.
I need you to run MWav by double-clicking on mwav.exe. This scan only produces a report, it doesn't clean your system. I will analyze the report and recommend a course of action depending on the results.

Put a check next to the below items before scanning:

Memory
Startup Folders
Drive - All Local Drives
Folder - then click "browse" to change the directory to C: (default is C:\Windows)
Registry
System Folders
Services
Include Sub-Directory
Scan All Files

Please make sure ALL of these are checked, then press the Scan button. This typically will take hours to complete.

**NOTE*** Sometimes MWav will pause and it appears to be finished, but it isn't done. Just let it run until it says it's complete.

On the bottom portion of the window, you will see the lower panel where MWav is listing "infected items", please highlight everything in that lower panel and copy them by holding CTRL + C then paste it here. The whole log will be extremely BIG so there is no way to post the log. I just need the infected items list.

Regards,

Trevuren

#23
soaoroaoh

Posted 21 October 2005 - 08:14 AM

Member

Topic Starter
Member
13 posts

File C:\PROGRA~1\YOURSI~1\ysb.dll infected by "Trojan-Downloader.Win32.IstBar.lv" Virus! Action Taken: No Action Taken.
File C:\PROGRA~1\ISTsvc\istsvc.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus! Action Taken: No Action Taken.
File C:\PROGRA~1\ISTsvc\istsvc.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Sarah Price\Desktop\Downloads\hooversw.exe tagged as "not-a-virus:AdWare.Win32.SaveNow.e". Action Taken: No Action Taken.
Object "searchexe Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "istbar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "surfaccuracy Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "edonkey2000 Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "istbar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "surfaccuracy Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "istbar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "istbar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "180solutions Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "istbar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "sidefind Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "yoursitebar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "dealhelper.com Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "istbar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "unknown toolbar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "unknown toolbar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "dealhelper.com Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "istbar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "dyfuca.internet optimizer Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "istbar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "redv Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "redv Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "dyfuca.internet optimizer Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "istbar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "redv Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "redv Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "cydoor.topicks.a Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "powerreg scheduler Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "powerreg scheduler Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "zipitpro Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\MediaGatewayX.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\OFFICE\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\WINDOWS\PCHEALTH\ERRORREP\QHEADLES\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\WINDOWS\PCHEALTH\ERRORREP\QSIGNOFF\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Owner\Application Data\Microsoft\Installer\{9860A9CF-7E71-43AC-888F-0B4D3EA212D1}\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Owner\Application Data\Microsoft\Installer\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\All Users\Start Menu\Programs\iPod\iPod Updater 2004-11-15\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Hewlett-Packard\Digital Imaging\hpis\temp\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Hewlett-Packard\Digital Imaging\hpis\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\QuickTime\QTComponents\". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".DS_Store". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".flac". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ogg". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".prn". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sfv". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sln". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object "OpenWithList". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "All ATI Software". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "AolCoach". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "AT&T Connection Services Software". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "ATI Display Driver". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "InstallShield_{3CB41017-F5CA-4C56-934C-ED02156251E6}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "InstallShield_{4E5E22C2-1386-47AE-8EDE-32DDCDCD6653}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "InstallShield_{78F4DFCE-1336-4027-BCB2-1A00C24A8653}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "InstallShield_{BE20E2F5-1903-4AAE-B1AF-2046E586C925}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "MUSICMATCH iPod Plug-in". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "QuickTime". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "SM1FX_AT". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "SymSetup.{C6F5B6CF-609C-428E-876F-CA83176C021B}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Yahoo! Companion". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{2E0695EE-ED29-4D96-BD77-2A9A17EDF0D6}". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{06645894-E73C-413B-8704-71823A9C39B5}" refers to invalid object "C:\Program Files\America Online 9.0\media\cerberus.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{0B54F548-639F-462F-BCDE-9557B8AB378F}" refers to invalid object "C:\Program Files\Common Files\aolshare\pictures\YGPPicEdit.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{12D56325-94E3-4E74-A91B-586982151C2F}" refers to invalid object "C:\Program Files\Common Files\aolshare\Coach\Player\coachdm2.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{1765C079-E3CB-40C2-B37A-632991B195D3}" refers to invalid object "C:\DOCUME~1\SARAHP~1\LOCALS~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{229B78B8-38F5-11D5-9001-00C04F4C3B9F}" refers to invalid object "C:\Program Files\America Online 9.0\media\cddbcontrol.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{296802FE-345A-4CA4-B941-692B8622CC69}" refers to invalid object "C:\Program Files\America Online 9.0\axtrack.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{307DE02D-679A-49B9-B582-6E623BE9386F}" refers to invalid object "C:\Program Files\Common Files\aolshare\Coach\Player\coachdm2.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{379919F2-1612-45B7-B9F4-773F6D5214F5}" refers to invalid object "C:\Program Files\eDonkey2000\plugins\ed2kie.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{3C2D2A1E-031F-4397-9614-87C932A848E0}" refers to invalid object "C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{3F8E02B4-6601-41A2-95E7-6BD102935C55}" refers to invalid object "C:\Program Files\America Online 9.0\media\phobos.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{57B2FD05-64D4-4AD7-A92A-7C32FE50A0F4}" refers to invalid object "C:\Program Files\Common Files\aolshare\pictures\YGPUPF.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{79C10055-C1B5-4754-AC44-003784AA3A44}" refers to invalid object "C:\Program Files\Common Files\aolshare\pictures\YGPPicInfo.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{8D66A700-5DF0-4706-9ACA-FEB467A7A853}" refers to invalid object "C:\Program Files\America Online 9.0\media\ares.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{942127CD-4B2F-4164-9448-6AF0B1CE1B4C}" refers to invalid object "C:\DOCUME~1\SARAHP~1\LOCALS~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{BB9EF4CE-09E6-44C5-A6E9-AD9A471B4025}" refers to invalid object "C:\Program Files\America Online 9.0\MyCalendar.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{DCCAF17F-7581-4C86-9867-56D9405FAC3F}" refers to invalid object "C:\Program Files\America Online 9.0\media\pathfinder.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{E3852602-B619-11D6-94EC-00047521F020}" refers to invalid object "C:\Program Files\America Online 9.0\media\nmpxchat\nmpxchat.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{ECAD18F1-CA65-11D6-8A1B-00E029570A3E}" refers to invalid object "C:\Program Files\America Online 9.0\sa.dll". Action Taken: No Action Taken.
File C:\WINDOWS\nem220.dll.tcf infected by "Trojan-Downloader.Win32.Dyfuca.gen" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\system32\Pddqfi.exe.tcf tagged as "not-a-virus:AdWare.Win32.DealHelper.ac". Action Taken: No Action Taken.
File C:\DOCUME~1\SARAHP~1\LOCALS~1\Temp\dealhelper.exe infected by "Trojan-Downloader.Win32.Agent.hw" Virus! Action Taken: No Action Taken.
File C:\DOCUME~1\SARAHP~1\LOCALS~1\Temp\pmt.exe infected by "Trojan-Downloader.Win32.Small.bke" Virus! Action Taken: No Action Taken.
File C:\DOCUME~1\SARAHP~1\LOCALS~1\TEMPOR~1\Content.IE5\0XAN4X2N\nem220[1].dll infected by "Trojan-Downloader.Win32.Dyfuca.gen" Virus! Action Taken: No Action Taken.
File C:\DOCUME~1\SARAHP~1\LOCALS~1\TEMPOR~1\Content.IE5\0XAN4X2N\ysb_prompt[1].htm infected by "Exploit.HTML.CodeBaseExec" Virus! Action Taken: No Action Taken.
File C:\DOCUME~1\SARAHP~1\LOCALS~1\TEMPOR~1\Content.IE5\31G04ZJV\optimize[1].exe infected by "Trojan-Downloader.Win32.Dyfuca.ei" Virus! Action Taken: No Action Taken.
File C:\DOCUME~1\SARAHP~1\LOCALS~1\TEMPOR~1\Content.IE5\4XARM1S3\dealhelper[1].exe infected by "Trojan-Downloader.Win32.Agent.hw" Virus! Action Taken: No Action Taken.
File C:\DOCUME~1\SARAHP~1\LOCALS~1\TEMPOR~1\Content.IE5\CPY381UZ\istsvc[1].exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus! Action Taken: No Action Taken.
File C:\DOCUME~1\SARAHP~1\LOCALS~1\TEMPOR~1\Content.IE5\CTEZSX2N\istrecover[1].exe infected by "Trojan-Downloader.Win32.IstBar.ij" Virus! Action Taken: No Action Taken.
File C:\DOCUME~1\SARAHP~1\LOCALS~1\TEMPOR~1\Content.IE5\CTEZSX2N\sidefind13[1].dll tagged as "not-a-virus:AdWare.Win32.SideFind". Action Taken: No Action Taken.
File C:\DOCUME~1\SARAHP~1\LOCALS~1\TEMPOR~1\Content.IE5\HSSV5XKX\Play-Lyrics[1].htm infected by "Trojan-Downloader.JS.IstBar.t" Virus! Action Taken: No Action Taken.
File C:\DOCUME~1\SARAHP~1\LOCALS~1\TEMPOR~1\Content.IE5\KV294F8N\ibar[1].js infected by "Trojan-Downloader.JS.IstBar.ad" Virus! Action Taken: No Action Taken.
File C:\DOCUME~1\SARAHP~1\LOCALS~1\TEMPOR~1\Content.IE5\KV294F8N\powerscan[1].exe tagged as "not-a-virus:AdWare.Win32.PowerScan.d". Action Taken: No Action Taken.
File C:\DOCUME~1\SARAHP~1\LOCALS~1\TEMPOR~1\Content.IE5\NUVLHLVJ\WinFixer2005ScannerInstall[1].exe tagged as not-a-virus:Downloader.Win32.Agent.d. No Action Taken.
File C:\DOCUME~1\SARAHP~1\LOCALS~1\TEMPOR~1\Content.IE5\QRMTYR0B\sidefind[1].exe infected by "Trojan-Downloader.Win32.IstBar.jm" Virus! Action Taken: No Action Taken.
File C:\DOCUME~1\SARAHP~1\LOCALS~1\TEMPOR~1\Content.IE5\QRMTYR0B\ysb_1002952[1].cab infected by "Trojan-Downloader.Win32.IstBar.gen" Virus! Action Taken: No Action Taken.
File C:\DOCUME~1\SARAHP~1\LOCALS~1\TEMPOR~1\Content.IE5\R41T3OWW\WinFixer2005ScannerInstall[1].cab tagged as not-a-virus:Downloader.Win32.Agent.d. No Action Taken.
File C:\DOCUME~1\SARAHP~1\LOCALS~1\TEMPOR~1\Content.IE5\W5I3416V\sfbho13[1].dll tagged as "not-a-virus:AdWare.Win32.SideFind". Action Taken: No Action Taken.
File C:\DOCUME~1\SARAHP~1\LOCALS~1\TEMPOR~1\Content.IE5\WXUZCLEB\pmt[1].exe infected by "Trojan-Downloader.Win32.Small.bke" Virus! Action Taken: No Action Taken.
File C:\DOCUME~1\SARAHP~1\LOCALS~1\TEMPOR~1\Content.IE5\WXUZCLEB\ysb[1].dll infected by "Trojan-Downloader.Win32.IstBar.lv" Virus! Action Taken: No Action Taken.
File C:\DOCUME~1\SARAHP~1\LOCALS~1\TEMPOR~1\Content.IE5\YV8L8HYH\version[1].exe tagged as "not-a-virus:AdWare.Win32.DealHelper.ac". Action Taken: No Action Taken.
File C:\Documents and Settings\Sarah Price\Desktop\Downloads\hooversw.exe tagged as "not-a-virus:AdWare.Win32.SaveNow.e". Action Taken: No Action Taken.
File C:\Documents and Settings\Sarah Price\Local Settings\Temp\dealhelper.exe infected by "Trojan-Downloader.Win32.Agent.hw" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Sarah Price\Local Settings\Temp\pmt.exe infected by "Trojan-Downloader.Win32.Small.bke" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Sarah Price\Local Settings\Temporary Internet Files\Content.IE5\0XAN4X2N\nem220[1].dll infected by "Trojan-Downloader.Win32.Dyfuca.gen" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Sarah Price\Local Settings\Temporary Internet Files\Content.IE5\0XAN4X2N\ysb_prompt[1].htm infected by "Exploit.HTML.CodeBaseExec" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Sarah Price\Local Settings\Temporary Internet Files\Content.IE5\31G04ZJV\optimize[1].exe infected by "Trojan-Downloader.Win32.Dyfuca.ei" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Sarah Price\Local Settings\Temporary Internet Files\Content.IE5\4XARM1S3\dealhelper[1].exe infected by "Trojan-Downloader.Win32.Agent.hw" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Sarah Price\Local Settings\Temporary Internet Files\Content.IE5\CPY381UZ\istsvc[1].exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Sarah Price\Local Settings\Temporary Internet Files\Content.IE5\CTEZSX2N\istrecover[1].exe infected by "Trojan-Downloader.Win32.IstBar.ij" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Sarah Price\Local Settings\Temporary Internet Files\Content.IE5\CTEZSX2N\sidefind13[1].dll tagged as "not-a-virus:AdWare.Win32.SideFind". Action Taken: No Action Taken.
File C:\Documents and Settings\Sarah Price\Local Settings\Temporary Internet Files\Content.IE5\HSSV5XKX\Play-Lyrics[1].htm infected by "Trojan-Downloader.JS.IstBar.t" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Sarah Price\Local Settings\Temporary Internet Files\Content.IE5\KV294F8N\ibar[1].js infected by "Trojan-Downloader.JS.IstBar.ad" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Sarah Price\Local Settings\Temporary Internet Files\Content.IE5\KV294F8N\powerscan[1].exe tagged as "not-a-virus:AdWare.Win32.PowerScan.d". Action Taken: No Action Taken.
File C:\Documents and Settings\Sarah Price\Local Settings\Temporary Internet Files\Content.IE5\NUVLHLVJ\WinFixer2005ScannerInstall[1].exe tagged as not-a-virus:Downloader.Win32.Agent.d. No Action Taken.
File C:\Documents and Settings\Sarah Price\Local Settings\Temporary Internet Files\Content.IE5\QRMTYR0B\sidefind[1].exe infected by "Trojan-Downloader.Win32.IstBar.jm" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Sarah Price\Local Settings\Temporary Internet Files\Content.IE5\QRMTYR0B\ysb_1002952[1].cab infected by "Trojan-Downloader.Win32.IstBar.gen" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Sarah Price\Local Settings\Temporary Internet Files\Content.IE5\R41T3OWW\WinFixer2005ScannerInstall[1].cab tagged as not-a-virus:Downloader.Win32.Agent.d. No Action Taken.
File C:\Documents and Settings\Sarah Price\Local Settings\Temporary Internet Files\Content.IE5\W5I3416V\sfbho13[1].dll tagged as "not-a-virus:AdWare.Win32.SideFind". Action Taken: No Action Taken.
File C:\Documents and Settings\Sarah Price\Local Settings\Temporary Internet Files\Content.IE5\WXUZCLEB\pmt[1].exe infected by "Trojan-Downloader.Win32.Small.bke" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Sarah Price\Local Settings\Temporary Internet Files\Content.IE5\WXUZCLEB\ysb[1].dll infected by "Trojan-Downloader.Win32.IstBar.lv" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Sarah Price\Local Settings\Temporary Internet Files\Content.IE5\YV8L8HYH\version[1].exe tagged as "not-a-virus:AdWare.Win32.DealHelper.ac". Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\09A82D74.exe infected by "Trojan-Downloader.Win32.Agent.hw" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\15386973.htm tagged as "not-a-virus:AdWare.Win32.DealHelper.ab". Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\20C82572.dll infected by "Trojan-Downloader.Win32.IstBar.kg" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\26752BAA.dll infected by "Trojan.Win32.Crypt.o" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\302245F1.dll tagged as "not-a-virus:AdWare.Win32.AdMir.a". Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\302245F1.exe infected by "Trojan-Downloader.Win32.Adload.a" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\302245F1.tcf infected by "Trojan-Downloader.Win32.Adload.a" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\30256FED.exe infected by "Trojan-Downloader.Win32.Agent.hw" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\302C43E6.exe tagged as "not-a-virus:AdWare.Win32.DealHelper.x". Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\302C43E6.htm tagged as "not-a-virus:AdWare.Win32.DealHelper.ab". Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\302F6DE2.dll tagged as "not-a-virus:AdWare.Win32.DealHelper.ab". Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\302F6DE2.exe tagged as "not-a-virus:AdWare.Win32.DealHelper.x". Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\303317DF.dll infected by "Trojan-Downloader.Win32.IstBar.kg" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\303317DF.exe infected by "Trojan-Downloader.Win32.IstBar.ij" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\30396BD8.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\303C15D4.exe tagged as "not-a-virus:AdWare.Win32.WinAD.bo". Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\304369CD.dll infected by "Trojan-Downloader.Win32.Dyfuca.gen" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\304369CD.exe tagged as "not-a-virus:AdWare.Win32.DealHelper.ac". Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\304369CD.tcf infected by "Trojan-Downloader.Win32.Dyfuca.gen" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\304613C9.exe infected by "Trojan-Downloader.Win32.Dyfuca.ei" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\30533BBB.3ba tagged as "not-a-virus:AdWare.Win32.SurfAccuracy.d". Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\305665B7.exe tagged as "not-a-virus:AdWare.Win32.DealHelper.ac". Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3D180AF6.exe infected by "Trojan.Win32.Pakes" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3F524BA4.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3F66478E.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\43DF4F75.dll tagged as "not-a-virus:AdWare.Win32.AdMir.a". Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\49E50549.dll tagged as "not-a-virus:AdWare.Win32.DealHelper.ab". Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\56DA6F4B.dll infected by "Trojan.Win32.Crypt.o" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\60AD4DAB.dll infected by "Trojan.Win32.Crypt.o" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\650A1CD5.dll infected by "Trojan.Win32.Crypt.o" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\650D46D2.dll infected by "Trojan.Win32.Crypt.o" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\651170CE.bat infected by "Trojan.BAT.KillProc.a" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\651E18C0.exe tagged as "not-a-virus:AdWare.Win32.SurfAccuracy.d". Action Taken: No Action Taken.
File C:\Program Files\SideFind\sfbho.dll6483.tcf tagged as "not-a-virus:AdWare.Win32.SideFind". Action Taken: No Action Taken.
File C:\Program Files\YourSiteBar\ysb.dll infected by "Trojan-Downloader.Win32.IstBar.lv" Virus! Action Taken: No Action Taken.
File C:\RECYCLER\S-1-5-21-902365055-1057950470-1139782735-1006\Dc1\SAccU.exe tagged as "not-a-virus:AdWare.Win32.SurfAccuracy.d". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP10\A0031596.dll infected by "Trojan.Win32.Crypt.o" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP10\A0031597.dll infected by "Trojan.Win32.Crypt.o" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP10\A0031598.dll infected by "Trojan.Win32.Crypt.o" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP10\A0031599.dll infected by "Trojan.Win32.Crypt.o" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP10\A0031600.dll infected by "Trojan.Win32.Crypt.o" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP10\A0031601.bat infected by "Trojan.BAT.KillProc.a" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP10\A0031602.exe tagged as "not-a-virus:AdWare.Win32.SurfAccuracy.d". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP10\A0031608.dll infected by "Trojan-Downloader.Win32.ConHook.l" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP2\A0029271.dll tagged as "not-a-virus:AdWare.Win32.Virtumonde.p". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP5\A0030584.dll tagged as "not-a-virus:AdWare.Win32.AdMir.a". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP5\A0030585.exe tagged as "not-a-virus:AdWare.Win32.DealHelper.x". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP5\A0030586.dll infected by "Trojan-Downloader.Win32.IstBar.kg" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP5\A0030587.exe tagged as "not-a-virus:AdWare.Win32.DealHelper.ac". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP7\A0030726.dll tagged as "not-a-virus:AdWare.Win32.DealHelper.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP8\A0031064.EXE tagged as "not-a-virus:AdWare.Win32.WinAD.bo". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP8\A0031161.dll tagged as "not-a-virus:AdWare.Win32.DealHelper.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP8\A0031258.exe infected by "Trojan-Downloader.Win32.Dyfuca.ei" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP8\A0031322.DLL infected by "Trojan-Downloader.Win32.IstBar.gen" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP8\A0031324.exe infected by "Trojan-Downloader.Win32.IstBar.gen" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP8\A0031330.EXE tagged as "not-a-virus:AdWare.Win32.PowerScan.d". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP8\A0031370.dll tagged as "not-a-virus:AdWare.Win32.SideFind". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP8\A0031371.exe infected by "Trojan-Downloader.Win32.IstBar.jm" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP8\A0031380.dll infected by "Trojan.Win32.Crypt.o" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP8\A0031381.dll infected by "Trojan.Win32.Crypt.o" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP8\A0031382.dll infected by "Trojan.Win32.Crypt.o" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP8\A0031383.dll infected by "Trojan.Win32.Crypt.o" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP8\A0031384.dll infected by "Trojan.Win32.Crypt.o" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP9\A0031534.dll tagged as "not-a-virus:AdWare.Win32.DealHelper.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP9\A0031587.dll infected by "Trojan.Win32.Crypt.o" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP9\A0031588.dll infected by "Trojan.Win32.Crypt.o" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP9\A0031589.dll infected by "Trojan.Win32.Crypt.o" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP9\A0031590.dll infected by "Trojan.Win32.Crypt.o" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP9\A0031591.dll infected by "Trojan.Win32.Crypt.o" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{0C1D1238-A1EF-43EA-9ACF-9240DDBA7386}\RP9\A0031592.bat infected by "Trojan.BAT.KillProc.a" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWFX5_0001_LP1014NetInstaller.exe tagged as not-a-virus:Downloader.Win32.Agent.d. No Action Taken.
File C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWFX5_0001_LP1014NetInstaller.exe tagged as not-a-virus:Downloader.Win32.Agent.d. No Action Taken.
File C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWFX5_0001_LP1014NetInstaller.exe tagged as not-a-virus:Downloader.Win32.Agent.d. No Action Taken.
File C:\WINDOWS\Downloaded Program Files\UWAS5LP_0001_0811NetInstaller.exe tagged as not-a-virus:Downloader.Win32.Agent.d. No Action Taken.
File C:\WINDOWS\Downloaded Program Files\UWFX5_0001_LP1014NetInstaller.exe tagged as not-a-virus:Downloader.Win32.Agent.d. No Action Taken.
File C:\WINDOWS\Downloaded Program Files\YSBactivex.dll_tobedeleted infected by "Trojan-Downloader.Win32.IstBar.gen" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\nem220.dll.tcf infected by "Trojan-Downloader.Win32.Dyfuca.gen" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\system32\Pddqfi.exe.tcf tagged as "not-a-virus:AdWare.Win32.DealHelper.ac". Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWFX5_0001_LP1014NetInstaller.exe tagged as not-a-virus:Downloader.Win32.Agent.d. No Action Taken.
File C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWFX5_0001_LP1014NetInstaller.exe tagged as not-a-virus:Downloader.Win32.Agent.d. No Action Taken.
File C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWFX5_0001_LP1014NetInstaller.exe tagged as not-a-virus:Downloader.Win32.Agent.d. No Action Taken.
File C:\WINDOWS\Downloaded Program Files\UWAS5LP_0001_0811NetInstaller.exe tagged as not-a-virus:Downloader.Win32.Agent.d. No Action Taken.
File C:\WINDOWS\Downloaded Program Files\UWFX5_0001_LP1014NetInstaller.exe tagged as not-a-virus:Downloader.Win32.Agent.d. No Action Taken.
File C:\WINDOWS\Downloaded Program Files\YSBactivex.dll_tobedeleted infected by "Trojan-Downloader.Win32.IstBar.gen" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\nem220.dll.tcf infected by "Trojan-Downloader.Win32.Dyfuca.gen" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\system32\Pddqfi.exe.tcf tagged as "not-a-virus:AdWare.Win32.DealHelper.ac". Action Taken: No Action Taken.

#24
Trevuren

Posted 21 October 2005 - 02:03 PM

Old Dog

Retired Staff
18,699 posts

Please follow the instructions provided, you may want to print out these instructions and use them as a reference.

Please download ewido security suite it is a trial version of the program.
- Install ewido security suite
- When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
- Launch ewido, there should be an icon on your desktop double-click it.
- The program will prompt you to update click the OK button
- The program will now go to the main screen
You will need to update ewido to the latest definition files.
- On the left hand side of the main screen click update
- Click on Start
- The update will start and a progress bar will show the updates being installed.
Once the updates are installed do the following:
- REBOOT into Safe Mode
- Run EWIDO
- Click on scanner
- Click on Start Scan
- Let the program scan the machine
- While the scan is in progress you will be prompted to clean files, click OK
Once the scan has completed, there will be a button located on the bottom of the screen named Save report
- Click Save report
- Save the report to your desktop
Reboot your machine and post back a new HJT log and the ewido .txt log file you saved by using Add Reply

Regards,

Trevuren

#25
soaoroaoh

Posted 22 October 2005 - 12:05 PM

Member

Topic Starter
Member
13 posts

Logfile of HijackThis v1.99.1
Scan saved at 01:04:01 PM, on 10/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\EzButton\EzButton.EXE
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\System32\ZoomingHook.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\system32\hphmon04.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Toshiba\ConfigFree\CFSServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\TrojanHunter 4.2\THGuard.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://careers.ns.utexas.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshibadirect.com/
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: LinkTracker Class - {8B6DA27E-7F64-4694-8F8F-DC87AB8C6B22} - C:\WINDOWS\system32\qlink32.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXE
O4 - HKLM\..\Run: [NDSTray.exe] C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [ZoomingHook] c:\WINDOWS\System32\ZoomingHook.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [Notebook Maximizer] C:\Program Files\Notebook Maximizer\maximizer_startup.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CFSServ.exe] C:\Program Files\Toshiba\ConfigFree\CFSServ.exe -NoClient
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [version] C:\WINDOWS\system32\Pddqfi.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgall..._1/axofupld.cab
O16 - DPF: {D0B5B58D-8CB9-4EDB-8BB0-9D34AEF727CF} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O18 - Filter: text/html - {3551784B-E99A-474f-B782-3EC814442918} - C:\WINDOWS\system32\qlink32.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

#26
Trevuren

Posted 22 October 2005 - 12:46 PM

Old Dog

Retired Staff
18,699 posts

Please prvide me with your Ewido text log as requested. If it was deleted by mistake, please run Ewido again and post the resulting log

Trevuren

Edited by Trevuren, 22 October 2005 - 12:48 PM.

#27
soaoroaoh

Posted 22 October 2005 - 08:19 PM

Member

Topic Starter
Member
13 posts

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 01:00:06 PM, 10/22/2005
+ Report-Checksum: A303FFAB

+ Scan result:

HKLM\SOFTWARE\ISTsvc -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ISTsvc -> Spyware.ISTBar : Cleaned with backup
HKU\S-1-5-21-902365055-1057950470-1139782735-1006\Software\IST -> Spyware.ISTBar : Cleaned with backup
HKU\S-1-5-21-902365055-1057950470-1139782735-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000010-6F7D-442C-93E3-4A4827C2E4C8} -> Spyware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-21-902365055-1057950470-1139782735-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10E42047-DEB9-4535-A118-B3F6EC39B807} -> Spyware.SideFind : Cleaned with backup
HKU\S-1-5-21-902365055-1057950470-1139782735-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{86227D9C-0EFE-4F8A-AA55-30386A3F5686} -> Spyware.YourSiteBar : Cleaned with backup
HKU\S-1-5-21-902365055-1057950470-1139782735-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3FDD654-A057-4971-9844-4ED8E67DBBB8} -> Spyware.ISTBar : Cleaned with backup
C:\Documents and Settings\Sarah Price\Cookies\sarah price@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Sarah Price\Cookies\sarah [email protected][1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Sarah Price\Cookies\sarah [email protected][2].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Sarah Price\Cookies\sarah [email protected][2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Sarah Price\Cookies\sarah price@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Sarah Price\Cookies\sarah price@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Sarah Price\Cookies\sarah price@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Sarah Price\Cookies\sarah [email protected][1].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Sarah Price\Cookies\sarah [email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Sarah Price\Cookies\sarah price@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Sarah Price\Cookies\sarah price@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Sarah Price\Cookies\sarah [email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sarah Price\Cookies\sarah [email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sarah Price\Cookies\sarah [email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Sarah Price\Cookies\sarah [email protected][1].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Sarah Price\Cookies\sarah [email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Sarah Price\Cookies\sarah price@fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Sarah Price\Cookies\sarah price@hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Sarah Price\Cookies\sarah price@ivwbox[1].txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
C:\Documents and Settings\Sarah Price\Cookies\sarah price@mediaplex[2].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Sarah Price\Cookies\sarah [email protected][1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Sarah Price\Cookies\sarah price@qksrv[2].txt -> Spyware.Cookie.Qksrv : Cleaned with backup
C:\Documents and Settings\Sarah Price\Cookies\sarah price@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Sarah Price\Cookies\sarah [email protected][1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Sarah Price\Cookies\sarah [email protected][2].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Sarah Price\Cookies\sarah price@serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Sarah Price\Cookies\sarah [email protected][1].txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Sarah Price\Cookies\sarah price@tradedoubler[2].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Sarah Price\Cookies\sarah price@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Sarah Price\Cookies\sarah price@tribalfusion[2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Sarah Price\Cookies\sarah [email protected][1].txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\Sarah Price\Cookies\sarah price@valueclick[1].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Sarah Price\Cookies\sarah price@ysbweb[1].txt -> Spyware.Cookie.Ysbweb : Cleaned with backup
C:\Documents and Settings\Sarah Price\Local Settings\Temp\dealhelper.exe -> TrojanDownloader.Agent.hw : Cleaned with backup
C:\Documents and Settings\Sarah Price\Local Settings\Temp\pmt.exe -> TrojanDownloader.Small.bke : Cleaned with backup
C:\Documents and Settings\Sarah Price\Local Settings\Temporary Internet Files\Content.IE5\0XAN4X2N\nem220[1].dll -> TrojanDownloader.Dyfuca : Cleaned with backup
C:\Documents and Settings\Sarah Price\Local Settings\Temporary Internet Files\Content.IE5\31G04ZJV\optimize[1].exe -> TrojanDownloader.Dyfuca.ei : Cleaned with backup
C:\Documents and Settings\Sarah Price\Local Settings\Temporary Internet Files\Content.IE5\4XARM1S3\dealhelper[1].exe -> TrojanDownloader.Agent.hw : Cleaned with backup
C:\Documents and Settings\Sarah Price\Local Settings\Temporary Internet Files\Content.IE5\CPY381UZ\istsvc[1].exe -> TrojanDownloader.IstBar : Cleaned with backup
C:\Documents and Settings\Sarah Price\Local Settings\Temporary Internet Files\Content.IE5\CTEZSX2N\istrecover[1].exe -> TrojanDownloader.IstBar.ij : Cleaned with backup
C:\Documents and Settings\Sarah Price\Local Settings\Temporary Internet Files\Content.IE5\CTEZSX2N\sidefind13[1].dll -> Spyware.SideFind : Cleaned with backup
C:\Documents and Settings\Sarah Price\Local Settings\Temporary Internet Files\Content.IE5\KV294F8N\ibar[1].js -> TrojanDownloader.IstBar.ad : Cleaned with backup
C:\Documents and Settings\Sarah Price\Local Settings\Temporary Internet Files\Content.IE5\KV294F8N\powerscan[1].exe -> Spyware.PowerScan : Cleaned with backup
C:\Documents and Settings\Sarah Price\Local Settings\Temporary Internet Files\Content.IE5\NUVLHLVJ\WinFixer2005ScannerInstall[1].exe -> Not-A-Virus.Downloader.Agent.d : Cleaned with backup
C:\Documents and Settings\Sarah Price\Local Settings\Temporary Internet Files\Content.IE5\QRMTYR0B\sidefind[1].exe -> TrojanDownloader.IstBar.jm : Cleaned with backup
C:\Documents and Settings\Sarah Price\Local Settings\Temporary Internet Files\Content.IE5\QRMTYR0B\ysb_1002952[1].cab/YSBactivex.dll -> TrojanDownloader.IstBar : Cleaned with backup
C:\Documents and Settings\Sarah Price\Local Settings\Temporary Internet Files\Content.IE5\R41T3OWW\WinFixer2005ScannerInstall[1].cab/UWFX5_0001_LP1014NetInstaller.exe -> Not-A-Virus.Downloader.Agent.d : Cleaned with backup
C:\Documents and Settings\Sarah Price\Local Settings\Temporary Internet Files\Content.IE5\W5I3416V\power_remove[1].exe -> TrojanDownloader.IstBar.gi : Cleaned with backup
C:\Documents and Settings\Sarah Price\Local Settings\Temporary Internet Files\Content.IE5\W5I3416V\sfbho13[1].dll -> Spyware.SideFind : Cleaned with backup
C:\Documents and Settings\Sarah Price\Local Settings\Temporary Internet Files\Content.IE5\WXUZCLEB\pmt[1].exe -> TrojanDownloader.Small.bke : Cleaned with backup
C:\Documents and Settings\Sarah Price\Local Settings\Temporary Internet Files\Content.IE5\WXUZCLEB\ysb[1].dll -> TrojanDownloader.IstBar.lv : Cleaned with backup
C:\Documents and Settings\Sarah Price\Local Settings\Temporary Internet Files\Content.IE5\YV8L8HYH\version[1].exe -> Spyware.DealHelper : Cleaned with backup
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll.tcf -> Spyware.Wheaterbug : Cleaned with backup
C:\Program Files\ISTsvc -> Spyware.ISTBar : Cleaned with backup
C:\Program Files\ISTsvc\istsvc.exe -> Spyware.ISTBar : Cleaned with backup
C:\Program Files\SideFind\sfbho.dll6483.tcf -> Spyware.SideFind : Cleaned with backup
C:\Program Files\YourSiteBar\ysb.dll -> TrojanDownloader.IstBar.lv : Cleaned with backup
C:\RECYCLER\NPROTECT\00718266.exe -> TrojanDownloader.Dyfuca.ei : Cleaned with backup
C:\RECYCLER\NPROTECT\00718335.EXE -> Spyware.PowerScan : Cleaned with backup
C:\RECYCLER\NPROTECT\00718341.EXE -> TrojanDownloader.IstBar.gi : Cleaned with backup
C:\RECYCLER\NPROTECT\00718358.exe -> TrojanDownloader.IstBar.jm : Cleaned with backup
C:\RECYCLER\NPROTECT\00718387.TCF -> Spyware.SideFind : Cleaned with backup
C:\RECYCLER\NPROTECT\00718388.dll -> Spyware.SideFind : Cleaned with backup
C:\RECYCLER\S-1-5-21-902365055-1057950470-1139782735-1006\Dc1\SAccU.exe -> Spyware.SurfAccuracy : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWFX5_0001_LP1014NetInstaller.exe -> Not-A-Virus.Downloader.Agent.d : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWFX5_0001_LP1014NetInstaller.exe -> Not-A-Virus.Downloader.Agent.d : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWFX5_0001_LP1014NetInstaller.exe -> Not-A-Virus.Downloader.Agent.d : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\UWAS5LP_0001_0811NetInstaller.exe -> Not-A-Virus.Downloader.Agent.d : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\UWFX5_0001_LP1014NetInstaller.exe -> Not-A-Virus.Downloader.Agent.d : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\YSBactivex.dll_tobedeleted -> TrojanDownloader.IstBar : Cleaned with backup
C:\WINDOWS\jsqut.exe -> TrojanDownloader.IstBar.ij : Cleaned with backup
C:\WINDOWS\nem220.dll.tcf -> TrojanDownloader.Dyfuca : Cleaned with backup
C:\WINDOWS\system32\Pddqfi.exe.tcf -> Spyware.DealHelper : Cleaned with backup

::Report End

#28
Trevuren

Posted 22 October 2005 - 09:21 PM

Old Dog

Retired Staff
18,699 posts

Please post a fresh HJT log and comments on the presense of any possible malware signs on your system.

That Ewido log sure shows s lot of bad stuff being removed.

Regards,

Trevuren

#29
Trevuren

Posted 02 November 2005 - 06:24 PM

Old Dog

Retired Staff
18,699 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.