is it malware or virus??

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

joeinga

Thread Starter
Joined
Feb 10, 2007
Messages
4
For about 4 months now, whenever I boot up mcafee firewall asks me if I want to allow 3 diffeerent applications. gOhglog, d3sj32 and msxml2. I always respond NO not at this time but all 3 begin running. I have to alt-cnt-del and shutdown the process to keep them from running. d3sj32 wont shut down and the firewall keeps popping up the caution screen all the time I'm on the internet. Can anyone tell me what these are??
Thanks
Joe
 
Joined
Sep 7, 2004
Messages
49,014
d3sj32 is malware

Save HJTsetup.exe to your desktop.

Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
 

joeinga

Thread Starter
Joined
Feb 10, 2007
Messages
4
heeres the logfile from hjt. I'd appreciate any help you could give me. Been away from IT support and programming too long to understand the new stuff.

Thanks, Joe
Scan saved at 3:54:41 PM, on 2/11/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\WINDOWS\System32\d3sj32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Roxio\Easy CD Creator

5\DirectCD\DirectCD.exe
C:\Program Files\AdwareAlert\AdwareAlert.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Hewlett-Packard\HP OfficeJet Series

500\Bin\HPOstr05.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\Program Files\Hewlett-Packard\HP OfficeJet Series

500\bin\HPOVDX05.EXE
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\Common Files\Network

Associates\McShield\Mcshield.exe
C:\WINDOWS\System32\hpoipm07.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\HPOTBX05.EXE
C:\hjt2-07\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet

Explorer,SearchURL =

http://www.begin2search.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Search Bar =

res://C:\WINDOWS\gailj.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Search Page =

res://C:\WINDOWS\gailj.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet

Explorer\Main,Start Page = http://bellsouth.com/
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Search_URL =

res://C:\WINDOWS\gailj.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Search Bar =

res://C:\WINDOWS\gailj.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Search Page =

res://C:\WINDOWS\gailj.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet

Explorer\Search,SearchAssistant =

res://C:\WINDOWS\gailj.dll/sp.html#37049
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Still Image -

{31656AAF-7229-BA16-E97D-31557D631863} -

C:\WINDOWS\system\mstctw32.dll
O2 - BHO: GDS module -

{A084A565-B09B-4e4c-A497-7CC50AEAB2A7} -

C:\WINDOWS\gds.dll
O2 - BHO: Class -

{FCC29CF2-2126-1210-E059-E37290935DCC} -

C:\WINDOWS\system32\ieoz32.dll (file missing)
O3 - Toolbar: &Radio -

{8E718888-423F-11D2-876E-00A0C9082467} -

C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan -

{ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program

Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
O4 - HKLM\..\Run: [msyf32.exe]

"C:\WINDOWS\system32\msyf32.exe"
O4 - HKLM\..\Run: [IgfxTray]

"C:\WINDOWS\System32\igfxtray.exe"
O4 - HKLM\..\Run: [HotKeysCmds]

"C:\WINDOWS\System32\hkcmd.exe"
O4 - HKLM\..\Run: [d3bb32.exe] "C:\WINDOWS\d3bb32.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program

Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [sdkul.exe] "C:\WINDOWS\sdkul.exe"
O4 - HKLM\..\Run: [KernelFaultCheck]

"%systemroot%\system32\dumprep 0 -k"
O4 - HKLM\..\Run: [appzb.exe] "C:\WINDOWS\appzb.exe"
O4 - HKLM\..\Run: [wineo.exe]

"C:\WINDOWS\system32\wineo.exe"
O4 - HKLM\..\Run: [sdkwq32.exe]

"C:\WINDOWS\sdkwq32.exe"
O4 - HKLM\..\Run: [crwp.exe]

"C:\WINDOWS\system32\crwp.exe"
O4 - HKLM\..\Run: [sysjy32.exe]

"C:\WINDOWS\system32\sysjy32.exe"
O4 - HKLM\..\Run: [winvo32.exe]

"C:\WINDOWS\system32\winvo32.exe"
O4 - HKLM\..\Run: [iezm.exe]

"C:\WINDOWS\system32\iezm.exe"
O4 - HKLM\..\Run: [jkcmiaaa]

C:\WINDOWS\System32\jkcmiaaa.exe
O4 - HKLM\..\Run: [adwarealert] C:\Program

Files\AdwareAlert\AdwareAlert.exe -boot
O4 - HKCU\..\Run: [wzcsapi]

"C:\WINDOWS\System32\wzcsapi.exe"
O4 - HKCU\..\Run: [mfc40]

"C:\WINDOWS\System32\mfc40.exe"
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor]

"C:\Program Files\McAfee\McAfee Shared

Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [msxml2r]

"C:\WINDOWS\System32\msxml2r.exe"
O4 - HKCU\..\Run: [jkcmiaaa]

C:\WINDOWS\System32\jkcmiaaa.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program

Files\Messenger\MSMSGS.EXE" /background
O4 - Global Startup: Digital Line Detect.lnk =

C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: HP OfficeJet Series 500

Startup.lnk = C:\Program Files\Hewlett-Packard\HP

OfficeJet Series 500\Bin\HPOstr05.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program

Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Refresh Pa&ge with Full

Quality - C:\Program Files\BellSouth Accelerator

Technology\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with

Full Quality - C:\Program Files\BellSouth Accelerator

Technology\pac-image.html
O9 - Extra button: Real.com -

{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -

C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\MSMSGS.EXE
O16 - DPF: {01010200-5E80-11D8-9E86-0007E96C65AE}

(SupportSoft Installer) -

http://training.fastaccess.com/sdccommon/download/tgctl

ins.cab
O16 - DPF: {7E9522CF-6B95-46D6-8E2F-7638F507313F}

(BLS_SpeedOP.systemcheck) -

http://www.fastaccess.drivers.bellsouth.net/software/DS

Lspeedtool/bls_speedop.cab
O20 - Winlogon Notify: igfxcui -

C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: System -

{2B3772B0-8507-4751-9410-77D32AD563A1} - dgflib.dll

(file missing)
O23 - Service: Remote Procedure Call (RPC) Helper (

11Fßä#·ºÄÖ`I) - Unknown owner -

C:\WINDOWS\system32\javazw.exe (file missing)
O23 - Service: AVSync Manager (AvSynMgr) - Network

Associates, Inc. - C:\Program Files\McAfee\McAfee

VirusScan\Avsynmgr.exe
O23 - Service: d3sj32 - Unknown owner -

C:\WINDOWS\System32\d3sj32.exe
O23 - Service: McAfee Firewall - Unknown owner -

C:\Program Files\McAfee\McAfee Firewall\CPD.EXE"

/SERVICE (file missing)
O23 - Service: McShield - Unknown owner - C:\Program

Files\Common Files\Network

Associates\McShield\Mcshield.exe
O23 - Service: WAN Miniport (ATW) Service

(WANMiniportService) - America Online, Inc. -

C:\WINDOWS\wanmpsvc.exe
 
Joined
Sep 7, 2004
Messages
49,014
Please disable WordWrap in notepad before posting any new logs. Otherwise the logs are unreadable.
(Notepad -> Format -> uncheck WordWrap)
=========================
CWShredder
DownLoad http://www.intermute.com/spysubtract/cwshredder_download.html
Close all browser windows,UnZip the file, click on the cwshredder.exe then click "Fix"


Download About:Buster from:
http://www.majorgeeks.com/AboutBuster_d4289.html
Double click aboutbuster.exe, Click begin removal, click yes to shutdown IE, click Start, then click OK.
==================
Download Superantispyware (SAS)

http://www.superantispyware.com/superantispywarefreevspro.html

Install it and double-click the icon on your desktop to run it.
· It will ask if you want to update the program definitions, click Yes.
· Under Configuration and Preferences, click the Preferences button.
· Click the Scanning Control tab.
· Under Scanner Options make sure the following are checked:
o Close browsers before scanning
o Scan for tracking cookies
o Terminate memory threats before quarantining.
o Please leave the others unchecked.
o Click the Close button to leave the control center screen.
· On the main screen, under Scan for Harmful Software click Scan your computer.
· On the left check C:\Fixed Drive.
· On the right, under Complete Scan, choose Perform Complete Scan.
· Click Next to start the scan. Please be patient while it scans your computer.
· After the scan is complete a summary box will appear. Click OK.
· Make sure everything in the white box has a check next to it, then click Next.
· It will quarantine what it found and if it asks if you want to reboot, click Yes.
· To retrieve the removal information for me please do the following:
o After reboot, double-click the SUPERAntispyware icon on your desktop.
o Click Preferences. Click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o It will open in your default text editor (such as Notepad/Wordpad).
o Please highlight everything in the notepad, then right-click and choose copy.
· Click close and close again to exit the program.
· Please paste that information here for me with a new HijackThis log.
 

joeinga

Thread Starter
Joined
Feb 10, 2007
Messages
4
MFDnSC
Yes, I am going to donate $25 in your name. I wish I could send more but that will have to wait awhile. Before you look at the log file can you tell me what packages I should install to protect my pc from so much spyware/torgans etc. Also after all this I keep seeing the firewall aske me if I want to let d3sj32.exe startup.
Whew.... been trying to send both the HIJACK and SUPERANTISPYWARE logs but the superantispyware log was 70 pages long. I deleted all the "system restore" stuff and tried again but keep getting a "file's too big" message. I'll try send that log in a second reply
Thanks so much again for your help.


Logfile of HijackThis v1.99.1
Scan saved at 1:34:06 PM, on 2/13/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\AdwareAlert\AdwareAlert.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\Program Files\Hewlett-Packard\HP OfficeJet Series 500\Bin\HPOstr05.exe
C:\WINDOWS\System32\d3sj32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\HP OfficeJet Series 500\bin\HPOVDX05.EXE
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\WINDOWS\System32\hpoipm07.exe
C:\hjt2-07\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.begin2search.com/sidesearch.html
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: GDS module - {A084A565-B09B-4e4c-A497-7CC50AEAB2A7} - C:\WINDOWS\gds.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
O4 - HKLM\..\Run: [IgfxTray] "C:\WINDOWS\System32\igfxtray.exe"
O4 - HKLM\..\Run: [HotKeysCmds] "C:\WINDOWS\System32\hkcmd.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] "%systemroot%\system32\dumprep 0 -k"
O4 - HKLM\..\Run: [wineo.exe] "C:\WINDOWS\system32\wineo.exe"
O4 - HKLM\..\Run: [crwp.exe] "C:\WINDOWS\system32\crwp.exe"
O4 - HKLM\..\Run: [winvo32.exe] "C:\WINDOWS\system32\winvo32.exe"
O4 - HKLM\..\Run: [jkcmiaaa] C:\WINDOWS\System32\jkcmiaaa.exe
O4 - HKLM\..\Run: [adwarealert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot
O4 - HKCU\..\Run: [wzcsapi] "C:\WINDOWS\System32\wzcsapi.exe"
O4 - HKCU\..\Run: [mfc40] "C:\WINDOWS\System32\mfc40.exe"
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [msxml2r] "C:\WINDOWS\System32\msxml2r.exe"
O4 - HKCU\..\Run: [jkcmiaaa] C:\WINDOWS\System32\jkcmiaaa.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: HP OfficeJet Series 500 Startup.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet Series 500\Bin\HPOstr05.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\BellSouth Accelerator Technology\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\BellSouth Accelerator Technology\pac-image.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {01010200-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Installer) - http://training.fastaccess.com/sdccommon/download/tgctlins.cab
O16 - DPF: {7E9522CF-6B95-46D6-8E2F-7638F507313F} (BLS_SpeedOP.systemcheck) - http://www.fastaccess.drivers.bellsouth.net/software/DSLspeedtool/bls_speedop.cab
O20 - Winlogon Notify: !SASWinLogon - C:\hjt2-07\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVSync Manager (AvSynMgr) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
O23 - Service: d3sj32 - Unknown owner - C:\WINDOWS\System32\d3sj32.exe
O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
 

joeinga

Thread Starter
Joined
Feb 10, 2007
Messages
4
Dear MFDnsc.... here's that superantispyware log...

SUPERAntiSpyware Scan Log
Generated 02/13/2007 at 12:45 PM

Application Version : 3.5.1016

Core Rules Database Version : 3182
Trace Rules Database Version: 1192

Scan type : Complete Scan
Total Scan Time : 00:54:58

Memory items scanned : 375
Memory threats detected : 0
Registry items scanned : 4977
Registry threats detected : 14
File items scanned : 42017
File threats detected : 9983

Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{daa873d4-958c-453c-81ca-3fe6f3676a87}
HKCR\CLSID\{DAA873D4-958C-453C-81CA-3FE6F3676A87}
HKCR\CLSID\{DAA873D4-958C-453C-81CA-3FE6F3676A87}\InprocServer32
C:\WINDOWS\SYSTEM32:ICAA.DLL
HKCR\CLSID\{DAA873D4-958C-453C-81CA-3FE6F3676A87}
HKCR\CLSID\{6C2A592C-2CEB-91F6-ABFC-8A6CAA196309}
HKCR\CLSID\{6C2A592C-2CEB-91F6-ABFC-8A6CAA196309}\Data
C:\MS32.TMP

Adware.Tracking Cookie
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][3].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

Parasite.CoolWebSearch Variant
HKCR\CLSID\{50B9D537-5DB0-52B1-FF6F-ED6C70DA477E}
HKCR\CLSID\{50B9D537-5DB0-52B1-FF6F-ED6C70DA477E}\Data


Trojan.GKJ
HKCR\CLSID\{3E898EEA-FEFA-451B-ACF2-7561F94B1191}
HKCR\CLSID\{3E898EEA-FEFA-451B-ACF2-7561F94B1191}\InProcServer32
HKCR\CLSID\{3E898EEA-FEFA-451B-ACF2-7561F94B1191}\InProcServer32#ThreadingModel

Adware.BookedSpace
C:\WINDOWS\bsx32\ADBN3.bsx
C:\WINDOWS\bsx32\ADTMI1.bsx
C:\WINDOWS\bsx32\ADVC5.bsx
C:\WINDOWS\bsx32\ADVCTX2.bsx
C:\WINDOWS\bsx32\ASIB9894.bsx
C:\WINDOWS\bsx32\ASIC29667.bsx
C:\WINDOWS\bsx32\ASID12180.bsx
C:\WINDOWS\bsx32\ASIE17070.bsx
C:\WINDOWS\bsx32\ASIF29819.bsx
C:\WINDOWS\bsx32\ASIF4502.bsx
C:\WINDOWS\bsx32\ASIFA15376.bsx
C:\WINDOWS\bsx32\ASIFWH29233.bsx
C:\WINDOWS\bsx32\ASIG21943.bsx
C:\WINDOWS\bsx32\ASIGT10102.bsx
C:\WINDOWS\bsx32\ASIH21180.bsx
C:\WINDOWS\bsx32\ASIH7853.bsx
C:\WINDOWS\bsx32\ASII21469.bsx
C:\WINDOWS\bsx32\ASIL18549.bsx
C:\WINDOWS\bsx32\ASILS29399.bsx
C:\WINDOWS\bsx32\ASIM4381.bsx
C:\WINDOWS\bsx32\ASIM9740.bsx
C:\WINDOWS\bsx32\ASIOG19375.bsx
C:\WINDOWS\bsx32\ASIOT25456.bsx
C:\WINDOWS\bsx32\ASIPF1965.bsx
C:\WINDOWS\bsx32\ASIR21184.bsx
C:\WINDOWS\bsx32\ASIRE20082.bsx
C:\WINDOWS\bsx32\ASIS24110.bsx
C:\WINDOWS\bsx32\ASIS31590.bsx
C:\WINDOWS\bsx32\ASIT17011.bsx
C:\WINDOWS\bsx32\ASIT26116.bsx
C:\WINDOWS\bsx32\ASIW11211.bsx
C:\WINDOWS\bsx32\ASIWS3.bsx
C:\WINDOWS\bsx32\AUTOS2.bsx
C:\WINDOWS\bsx32\BID1.bsx
C:\WINDOWS\bsx32\BingoRoom1.bsx
C:\WINDOWS\bsx32\CARD2.bsx
C:\WINDOWS\bsx32\CARS3.bsx
C:\WINDOWS\bsx32\DATE4.bsx
C:\WINDOWS\bsx32\EECH1.bsx
C:\WINDOWS\bsx32\EML1.bsx
C:\WINDOWS\bsx32\FAST1.bsx
C:\WINDOWS\bsx32\FINC3.bsx
C:\WINDOWS\bsx32\FINC5.bsx
C:\WINDOWS\bsx32\FLWR1.bsx
C:\WINDOWS\bsx32\FMND1.bsx
C:\WINDOWS\bsx32\HEBE3.bsx
C:\WINDOWS\bsx32\HERBS1.bsx
C:\WINDOWS\bsx32\HOGAR3.bsx
C:\WINDOWS\bsx32\INK1.bsx
C:\WINDOWS\bsx32\JOBS4.bsx
C:\WINDOWS\bsx32\MORT5.bsx
C:\WINDOWS\bsx32\MOVS2.bsx
C:\WINDOWS\bsx32\NEWS2.bsx
C:\WINDOWS\bsx32\SHOP2.bsx
C:\WINDOWS\bsx32\SPZ3.bsx
C:\WINDOWS\bsx32\TECH2.bsx
C:\WINDOWS\bsx32\TMP3.bsx
C:\WINDOWS\bsx32\TRVL6.bsx
C:\WINDOWS\bsx32\UTONE2.bsx
C:\WINDOWS\bsx32\VENUE1.bsx
C:\WINDOWS\bsx32\WWW3.bsx
C:\WINDOWS\bsx32\XTFL2.bsx
C:\WINDOWS\bsx32

Adware.IST/ISTBar (Slotch Bar)
HKU\S-1-5-21-1606980848-1935655697-839522115-1003\Software\Microsoft\Internet Explorer\Main#BandRest [ Never ]

Malware.SpywareBot
HKU\S-1-5-21-1606980848-1935655697-839522115-1003\Software\SpywareBot
C:\Program Files\SpywareBot\DataBaseNew.ref
C:\Program Files\SpywareBot\HOSTS Backups\2007-1-22-1169477628_hosts
C:\Program Files\SpywareBot\HOSTS Backups\2007-1-24-1169625618_hosts
C:\Program Files\SpywareBot\HOSTS Backups
C:\Program Files\SpywareBot\Log\log_2007_01_22_09_52_55.log
C:\Program Files\SpywareBot\Log\log_2007_01_22_09_52_58.log
C:\Program Files\SpywareBot\Log\log_2007_01_22_10_17_24.log
C:\Program Files\SpywareBot\Log\log_2007_01_22_10_18_09.log
C:\Program Files\SpywareBot\Log\log_2007_01_22_10_52_11.log
C:\Program Files\SpywareBot\Log\log_2007_01_22_10_53_36.log
C:\Program Files\SpywareBot\Log\log_2007_01_22_12_50_27.log
C:\Program Files\SpywareBot\Log\log_2007_01_22_12_56_16.log
C:\Program Files\SpywareBot\Log\log_2007_01_22_14_00_36.log
C:\Program Files\SpywareBot\Log\log_2007_01_22_14_01_01.log
C:\Program Files\SpywareBot\Log\log_2007_01_22_14_14_02.log
C:\Program Files\SpywareBot\Log\log_2007_01_22_14_15_06.log
C:\Program Files\SpywareBot\Log\log_2007_01_23_14_11_37.log
C:\Program Files\SpywareBot\Log\log_2007_01_23_14_39_45.log
C:\Program Files\SpywareBot\Log\log_2007_01_24_03_00_08.log
C:\Program Files\SpywareBot\Log
C:\Program Files\SpywareBot\Quarantine
C:\Program Files\SpywareBot\Registry Backups
C:\Program Files\SpywareBot\Settings\CustomScan.stg
C:\Program Files\SpywareBot\Settings\IgnoreList.stg
C:\Program Files\SpywareBot\Settings\ScanInfo.stg
C:\Program Files\SpywareBot\Settings\ScanResults.stg
C:\Program Files\SpywareBot\Settings\SelectedFolders.stg
C:\Program Files\SpywareBot\Settings\Settings.stg
C:\Program Files\SpywareBot\Settings
C:\Program Files\SpywareBot

Adware.AdSponsor
HKCR\AppId\{73364D99-1240-4dff-B12A-67E448373148}

Trojan.CoolWebSearch Variant
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10005.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10006.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10009.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10016.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10017.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10018.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10019.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10020.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10021.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10022.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10023.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10024.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10025.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10026.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10027.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10028.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10029.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10030.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10031.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10032.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10033.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10034.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10035.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10036.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10037.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10038.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10039.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10040.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10041.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10042.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10043.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10044.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10045.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10046.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10047.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10048.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10049.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10050.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10051.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10052.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10053.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10054.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10055.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10056.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10057.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10058.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10059.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10060.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10061.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10062.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10063.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10064.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10065.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10066.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10067.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10068.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10069.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10070.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10071.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10072.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10073.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10074.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10075.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10076.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10077.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10078.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10079.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10080.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10081.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10082.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10083.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10084.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10085.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10086.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10087.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10088.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10089.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10090.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10091.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10092.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10093.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10094.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10095.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10096.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10097.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10098.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10099.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10100.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10101.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10102.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10103.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10104.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10105.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10106.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10107.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10108.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10110.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10111.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10112.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10113.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10114.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10115.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10116.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10117.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10118.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10119.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10120.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10121.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10122.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10123.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10124.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10125.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10126.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10127.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10128.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10129.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10130.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10131.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10132.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10133.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10134.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10135.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10136.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10137.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10138.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10139.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10140.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10141.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10142.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10143.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10144.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10145.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10146.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10147.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10148.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10149.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10150.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10151.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10152.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10153.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10154.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10155.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10156.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10157.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10158.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10159.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10160.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10161.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10162.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10163.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10164.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10165.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10166.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10167.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10168.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10169.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10170.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10171.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10172.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10173.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10174.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10175.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10176.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10177.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10178.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10179.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10180.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10181.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10182.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10183.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10184.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10185.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10186.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10187.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10188.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10189.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10190.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10191.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10192.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10193.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10194.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10195.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10196.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10197.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10198.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10199.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10200.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10201.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10202.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10203.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10204.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10205.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10206.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10207.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10208.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10209.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10210.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10211.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10212.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10213.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10214.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10215.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10216.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10217.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10218.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10219.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10220.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10221.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10222.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10223.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10224.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10225.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10226.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10227.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10228.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10229.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10230.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10231.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10232.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10233.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10234.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10235.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10236.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10237.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10238.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10239.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10240.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10241.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10242.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10243.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10244.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10245.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10246.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10247.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10248.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10249.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10250.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10251.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10252.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10253.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10254.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10255.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10256.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10257.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10258.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10259.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10260.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10261.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10262.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10263.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10264.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10265.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10266.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10267.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10268.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10269.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10270.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10271.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10272.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10273.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10274.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10275.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10276.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10277.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10278.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10279.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10280.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10281.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10282.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10283.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10284.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10285.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10286.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10287.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10288.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10289.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10290.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10291.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10292.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10293.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10294.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10295.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10296.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10297.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10298.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10299.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10300.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10301.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10302.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10303.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10304.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10305.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10306.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10307.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10308.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10309.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10310.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10311.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10312.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10313.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10314.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10315.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10316.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10317.QIT
C:\PROGRAM FILES\ADWAREALERT\QUARANTINE\22-01-2007-10-39-01\10318.QIT



Trojan.Downloader-AgentDQ
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E735F751-6B63-409A-BBC8-9935377A9EE7}\RP130\A0011538.DLL

Trojan.Unknown Origin
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E735F751-6B63-409A-BBC8-9935377A9EE7}\RP154\A0012289.EXE

Adware.Spyware Labs
C:\WINDOWS\BUNDLES\2504040901.EXE

Unclassified.Unknown Origin/System
C:\WINDOWS\SYSTEM32\FSUSD.EXE

Adware.2ndThought-Installer
C:\WINDOWS\SYSTEM32\ID113.EXE

Trojan.Downloader-IPV6Mons
C:\WINDOWS\SYSTEM32\IPV6MONS.DLL

Trojan.Downloader-Gen/MultiBot
C:\WINDOWS\SYSTEM32\SDVEKKYI.EXE
 
Joined
Sep 7, 2004
Messages
49,014
Turn off restore points, boot, turn them back on – here’s how

http://service1.symantec.com/SUPPOR...2001111912274039?OpenDocument&src=sec_doc_nam
===================
Lets do some more since you had so much

Run CWShredder again

===============
Go to the link below and download the trial version of SpySweeper:

SpySweeper http://www.webroot.com/consumer/products/spysweeper/?acode=af1&rc=855

(It's a 2 week trial.)

* Click the Try Spy Sweeper for FreeDownload the trial link. (Download Antivirus if required)
* Install it. During the install it will prompt for updates, these can be gotten now or later
* Once the program is installed, it will open.
* It will prompt you to update to the latest definitions, if not already done so, before proceding check to ensure that you are up to date (Click Home > Bottom middle of page will tell you) .
* Once the definitions are installed, click Options on the left side.
* Click the Options tab on the left hand side.
* Chose Custom Sweep (Raido Buttom)
* Chose Change Settings (Link)
* Where to Sweep
> Select My Computer
* What to Sweep
> Select all options available (enable Virus scan if available)
* Skip File Types
> Do not skip any file types
* Advanced Options
> Select all options available


* Click Sweep on the left side.
* Click the Black arrow next to start full sweep
* Select Start Custom Sweep
* When it's done scanning, copy Items Found into Notepad
* Make sure everything has a check next to it, then click the Next button.
* It will remove all of the items found.
* Click the Summary tab and click Finish.
* Compare the contents of the notepad to the report
* Place the contens of the notepad into your next reply identifying any items not removed.

If Spy Sweeper Suggests rebooting and scanning again repeat process and copy that information into your next reply as well.


Also post a new Hijack This log.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top