1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: pls check hjt log

Discussion in 'Virus & Other Malware Removal' started by wawawhee, Apr 27, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. wawawhee

    wawawhee Thread Starter

    Joined:
    Apr 8, 2004
    Messages:
    63
    A friend is having a problem w/dell comp. The weirdest part is that it does not recognize d:, when I attached an ext. hard drive it would not see that. I attached a card reader w/hjt on it and mccaffe popped up and said that it had cleaned a trojan. I reinstalled hjt, started in safe and got this log. Mcaffee is out of date. Any help is appreciated

    Logfile of HijackThis v1.99.1
    Scan saved at 12:03:43 PM, on 4/27/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    D:\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://dinamo.directwebsearch.net/search.php
    R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://dinamo.directwebsearch.net/search.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://dinamo.directwebsearch.net/search.php
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50141
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\DELINO~1.FAM\LOCALS~1\Temp\sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\DELINO~1.FAM\LOCALS~1\Temp\sp.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50141
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
    O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
    O2 - BHO: (no name) - {96B75F7D-1E69-488E-899F-9F3D6528D9EE} - C:\WINDOWS\System32\ocg.dll
    O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [mm_server] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_server.exe
    O4 - HKLM\..\Run: [Iesearch.exe] C:\Program Files\Internet Explorer\Iesearch.exe
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [dbF75cE] C:\WINDOWS\efcptpri.exe
    O4 - HKLM\..\Run: [š%Ÿe„šVnRĂ–§j֩OVó×C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\efcptpri.exe
    O4 - HKLM\..\Run: [Wzlwgvn] C:\Program Files\Eegt\Fjyfaco.exe
    O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C
    O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
    O4 - HKLM\..\Run: [dofj1na0] C:\WINDOWS\System32\dofj1na0.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitehxc32.exe
    O4 - HKLM\..\Run: [efgjqh] C:\WINDOWS\efgjqh.exe
    O4 - HKLM\..\Run: [p] C:\documents and settings\cheryl\local settings\temp\p.exe
    O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
    O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
    O4 - HKLM\..\Run: [System service62] C:\WINDOWS\etb\pokapoka63.exe
    O4 - HKLM\..\Run: [hclean32.exe] C:\WINDOWS\System32\hclean32.exe
    O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\System32\popcorn72.exe rundll.dll,LoadMouseProfile
    O4 - HKLM\..\Run: [DCC_send] 10010.exe
    O4 - HKLM\..\Run: [clamav] SetupExeDll.exe
    O4 - HKLM\..\Run: [System service66] C:\WINDOWS\etb\pokapoka70.exe
    O4 - HKLM\..\Run: [System service63] C:\WINDOWS\etb\pokapoka63.exe
    O4 - HKLM\..\Run: [System service70] C:\WINDOWS\etb\pokapoka70.exe
    O4 - HKLM\..\Run: [McRegWiz] c:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
    O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: Microsoft® JavaScript® Console - {445587F8-2015-45FB-833B-826D88564750} - C:\WINDOWS\System32\jsconsole.dll
    O9 - Extra 'Tools' menuitem: JavaScript Console - {445587F8-2015-45FB-833B-826D88564750} - C:\WINDOWS\System32\jsconsole.dll
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O13 - DefaultPrefix:
    O13 - WWW Prefix:
    O13 - Home Prefix: c:\searchpage.html?page=
    O13 - Mosaic Prefix: c:\searchpage.html?page=
    O16 - DPF: v3cab - http://searchmiracle.com/cab/12.cab
    O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/6247971CanadaInc/ie/bridge-c528.cab
    O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://winfixer.com/pages/scanner/WFXScan.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4D9F58D9-1D1F-4838-B244-36E541149AD3}: NameServer = 195.95.218.18,85.255.112.11
    O17 - HKLM\System\CS1\Services\Tcpip\..\{4D9F58D9-1D1F-4838-B244-36E541149AD3}: NameServer = 195.95.218.18,85.255.112.11
    O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\Documents and Settings\DeLino\msopt.dll (file missing)
    O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\Toolbar\toolbar.dll
    O18 - Filter: text/html - {D90D88EF-97CE-4F46-80BD-92F6F4A7E2DD} - C:\WINDOWS\System32\ocg.dll
    O18 - Filter: text/plain - {D90D88EF-97CE-4F46-80BD-92F6F4A7E2DD} - C:\WINDOWS\System32\ocg.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: ISEXEng - Unknown owner - C:\WINDOWS\System32\angelex.exe (file missing)
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    O23 - Service: WebSeach Toolbar support NT service (TBPSSvc) - Unknown owner - C:\PROGRA~1\Toolbar\TBPSSvc.exe
    O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe
     
  2. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    · http://users.pandora.be/bluepatchy/miekiemoes/tools/LQfix.exe to download LQfix.exe and Save it to your desktop.
    · Doubleclick LQfix.exe and click install.
    · Leave the default settings. If you change them, the fix will fail.
    · Make sure 'Launch LQfix' is checked. After clicking finish in the install, the fix will start.
    · Follow the prompts on the screen.
    · Your system will reboot afterwards.
    · Please be patient after reboot, because there is a script running in the background.


    Go to the link below and download the trial version of SpySweeper:

    SpySweeper http://www.webroot.com/consumer/products/spysweeper/index.html?acode=af1&rc=4129&ac=tsg

    * Click the Free Trial link under "SpySweeper" to download the program.
    * Install it. Once the program is installed, it will open.
    * It will prompt you to update to the latest definitions, click Yes.
    * Once the definitions are installed, click Options on the left side.
    * Click the Sweep Options tab.
    * Under What to Sweep please put a check next to the following:
    o Sweep Memory
    o Sweep Registry
    o Sweep Cookies
    o Sweep All User Accounts
    o Enable Direct Disk Sweeping
    o Sweep Contents of Compressed Files
    o Sweep for Rootkits

    o Please UNCHECK Do not Sweep System Restore Folder.

    * Click Sweep Now on the left side.
    * Click the Start button.
    * When it's done scanning, click the Next button.
    * Make sure everything has a check next to it, then click the Next button.
    * It will remove all of the items found.
    * Click Session Log in the upper right corner, copy everything in that window.
    * Click the Summary tab and click Finish.
    * Paste the contents of the session log you copied into your next reply.
    Also post a new Hijack This log.
     
  3. wawawhee

    wawawhee Thread Starter

    Joined:
    Apr 8, 2004
    Messages:
    63
    Log is in 2 pc.
    ********
    3:28 PM: | Start of Session, Thursday, April 27, 2006 |
    3:28 PM: Spy Sweeper started
    3:28 PM: Sweep initiated using definitions version 665
    3:28 PM: Starting Memory Sweep
    3:28 PM: Found Adware: cws-aboutblank
    3:28 PM: Detected running threat: C:\WINDOWS\System32\ocg.dll (ID = 55121)
    3:30 PM: Found Adware: wildmedia
    3:30 PM: Detected running threat: C:\Documents and Settings\Cheryl\Local Settings\Temp\p.exe (ID = 31)
    3:30 PM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || p (ID = 0)
    3:30 PM: Found Adware: websearch toolbar
    3:30 PM: Detected running threat: C:\Program Files\Toolbar\common.dll (ID = 57)
    3:30 PM: Found Trojan Horse: trojan-downloader-perlink.biz
    3:30 PM: Detected running threat: C:\WINDOWS\SYSTEM32\popcorn72.exe (ID = 137946)
    3:30 PM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || ControlPanel (ID = 0)
    3:31 PM: Detected running threat: C:\WINDOWS\SYSTEM32\ocg.dll (ID = 49)
    3:31 PM: Memory Sweep Complete, Elapsed Time: 00:03:02
    3:31 PM: Starting Registry Sweep
    3:31 PM: Found Adware: exact cashback/bargain buddy
    3:31 PM: HKLM\system\currentcontrolset\services\isexeng\ (12 subtraces) (ID = 104034)
    3:31 PM: Found Adware: browseraid
    3:31 PM: HKLM\software\microsoft\windows\currentversion\run\ || 98d0ce0c16b1 (ID = 105156)
    3:31 PM: HKLM\software\microsoft\windows\currentversion\run\ || a70f6a1d-0195-42a2-934c-d8ac0f7c08eb (ID = 105157)
    3:31 PM: Found Trojan Horse: childoleauto
    3:31 PM: HKCR\clsid\{3f143c3a-1457-6cca-03a7-7aa23b61e40f}\ (3 subtraces) (ID = 105493)
    3:31 PM: HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler\ || {3f143c3a-1457-6cca-03a7-7aa23b61e40f} (ID = 105495)
    3:31 PM: Found Adware: coolwebsearch (cws)
    3:31 PM: HKCR\interface\{0d4a224c-d063-496f-b39a-d43a31cda6d5}\ (8 subtraces) (ID = 108395)
    3:31 PM: HKCR\interface\{c19eb5b1-fc58-456e-8793-384532ed5970}\ (8 subtraces) (ID = 108398)
    3:31 PM: HKLM\software\classes\interface\{0d4a224c-d063-496f-b39a-d43a31cda6d5}\ (8 subtraces) (ID = 109773)
    3:31 PM: HKLM\software\classes\interface\{c19eb5b1-fc58-456e-8793-384532ed5970}\ (8 subtraces) (ID = 109776)
    3:31 PM: HKLM\software\classes\typelib\{129c733d-d07c-4e34-a5e6-d675a016cfae}\ (9 subtraces) (ID = 109796)
    3:31 PM: HKLM\software\classes\typelib\{bec4cd72-0227-41e9-87cb-67b63d0d8044}\ (9 subtraces) (ID = 109803)
    3:31 PM: HKCR\typelib\{129c733d-d07c-4e34-a5e6-d675a016cfae}\ (9 subtraces) (ID = 112502)
    3:31 PM: HKCR\typelib\{bec4cd72-0227-41e9-87cb-67b63d0d8044}\ (9 subtraces) (ID = 112510)
    3:31 PM: HKLM\software\microsoft\internet explorer\main\ || homeoldsp (ID = 115926)
    3:31 PM: HKLM\software\microsoft\windows\currentversion\uninstall\searchassistant uninstall\ (2 subtraces) (ID = 116768)
    3:31 PM: Found Adware: directwebsearch hijacker
    3:31 PM: HKLM\software\microsoft\internet explorer\ || searchurl (ID = 117106)
    3:31 PM: HKLM\software\microsoft\internet explorer\main\ || default_search_url (ID = 117108)
    3:31 PM: Found Adware: cws_ns3
    3:31 PM: HKCR\clsid\{4a8dadd4-5a25-4d41-8599-cb7458766220}\ (4 subtraces) (ID = 117822)
    3:31 PM: HKCR\clsid\{b9d90b27-ad4a-413a-88cb-3e6ddc10dc2d}\ (4 subtraces) (ID = 118856)
    3:31 PM: HKLM\software\classes\clsid\{4a8dadd4-5a25-4d41-8599-cb7458766220}\ (4 subtraces) (ID = 119696)
    3:31 PM: HKLM\software\classes\clsid\{b9d90b27-ad4a-413a-88cb-3e6ddc10dc2d}\ (4 subtraces) (ID = 120695)
    3:31 PM: Found Adware: cws searchpage.html hijack
    3:31 PM: HKLM\software\microsoft\windows\currentversion\url\prefixes\ || home (ID = 123526)
    3:31 PM: Found Adware: cws sp.html hijack
    3:31 PM: HKLM\software\microsoft\internet explorer\main\ || search bar (ID = 123746)
    3:31 PM: HKLM\software\microsoft\internet explorer\main\ || search page (ID = 123747)
    3:31 PM: Found Adware: cws_yun
    3:31 PM: HKLM\software\microsoft\windows\currentversion\yun\ (1 subtraces) (ID = 124514)
    3:31 PM: Found Adware: elitebar
    3:31 PM: HKCR\interface\{dbf33e89-1784-42ac-ade4-a428f56550a3}\ (8 subtraces) (ID = 125703)
    3:31 PM: HKLM\software\backup\elitesidebar\ (11 subtraces) (ID = 125709)
    3:31 PM: HKLM\software\backup\elitetoolbar\ (25 subtraces) (ID = 125710)
    3:31 PM: HKLM\software\classes\interface\{dbf33e89-1784-42ac-ade4-a428f56550a3}\ (8 subtraces) (ID = 125734)
    3:31 PM: HKLM\software\microsoft\code store database\distribution units\v3cab\ (12 subtraces) (ID = 125742)
    3:31 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\ || {28caeff3-0f18-4036-b504-51d73bd81abc} (ID = 125747)
    3:31 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/v3.dll\ (2 subtraces) (ID = 125753)
    3:31 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\v2.dll (ID = 125763)
    3:31 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\v3.dll (ID = 125764)
    3:31 PM: Found Adware: ie driver
    3:31 PM: HKU\.default\software\microsoft\internet explorer\extensions\cmdmapping\ || {120e090d-9136-4b78-8258-f0b44b4bd2ac} (ID = 127909)
    3:31 PM: HKLM\software\maxspeed\ (1 subtraces) (ID = 127929)
    3:31 PM: HKLM\software\microsoft\internet explorer\extensions\{120e090d-9136-4b78-8258-f0b44b4bd2ac}\ (4 subtraces) (ID = 127931)
    3:31 PM: HKLM\software\microsoft\windows\currentversion\uninstall\{120e090d-9136-4b78-8258-f0b44b4bd2ac}\ (2 subtraces) (ID = 128065)
    3:31 PM: Found Adware: instant access
    3:31 PM: HKCR\clsid\{2aeeac34-fd74-4142-b891-4b05c0c03c87}\ (8 subtraces) (ID = 128675)
    3:31 PM: HKCR\clsid\{469c7080-8ec8-43a6-ad97-45848113743c}\ (3 subtraces) (ID = 128681)
    3:31 PM: HKCR\clsid\{d7b59209-0ed9-4986-bd4a-527be836c6b2}\ (10 subtraces) (ID = 128694)
    3:31 PM: HKCR\egcomservice.egcomsvc.1\ (3 subtraces) (ID = 128701)
    3:31 PM: HKCR\egcomservice.egcomsvc\ (3 subtraces) (ID = 128702)
    3:31 PM: HKCR\egcomservice2.egcomsvc2.1\ (3 subtraces) (ID = 128703)
    3:31 PM: HKCR\egcomservice2.egcomsvc2\ (3 subtraces) (ID = 128704)
    3:31 PM: HKCR\interface\{f8aca5a0-060a-478a-8368-1407780d2251}\ (8 subtraces) (ID = 128720)
    3:31 PM: HKLM\software\classes\clsid\{2aeeac34-fd74-4142-b891-4b05c0c03c87}\ (8 subtraces) (ID = 128727)
    3:31 PM: HKLM\software\classes\clsid\{469c7080-8ec8-43a6-ad97-45848113743c}\ (3 subtraces) (ID = 128733)
    3:31 PM: HKLM\software\classes\clsid\{d7b59209-0ed9-4986-bd4a-527be836c6b2}\ (10 subtraces) (ID = 128747)
    3:31 PM: HKLM\software\classes\egcomservice.egcomsvc.1\ (3 subtraces) (ID = 128756)
    3:31 PM: HKLM\software\classes\egcomservice.egcomsvc\ (3 subtraces) (ID = 128757)
    3:31 PM: HKLM\software\classes\egcomservice2.egcomsvc2.1\ (3 subtraces) (ID = 128758)
    3:31 PM: HKLM\software\classes\egcomservice2.egcomsvc2\ (3 subtraces) (ID = 128759)
    3:31 PM: HKLM\software\classes\interface\{f8aca5a0-060a-478a-8368-1407780d2251}\ (8 subtraces) (ID = 128777)
    3:31 PM: HKLM\software\classes\typelib\{ad9b275b-e42d-4c7f-9ffb-29b5fb81688b}\ (9 subtraces) (ID = 128783)
    3:31 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\system32\eglivecam_1028.dll (ID = 128824)
    3:31 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\system32\nethv32.dll (ID = 128826)
    3:31 PM: HKLM\software\microsoft\windows\currentversion\uninstall\instant access\ (2 subtraces) (ID = 128843)
    3:31 PM: HKCR\typelib\{ad9b275b-e42d-4c7f-9ffb-29b5fb81688b}\ (9 subtraces) (ID = 128851)
    3:31 PM: Found Adware: internetoptimizer
    3:31 PM: HKLM\software\microsoft\windows\currentversion\uninstall\rotue\ (ID = 128925)
    3:31 PM: Found Adware: ist istbar
    3:31 PM: HKLM\software\microsoft\windows\currentversion\app management\arpcache\istbaristbar\ (2 subtraces) (ID = 129119)
    3:31 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\conflict.1\istactivex.dll (ID = 129171)
    3:31 PM: Found Adware: wild media - minigolf
    3:31 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/wildapp.dll\ (2 subtraces) (ID = 135051)
    3:31 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/minigolf_affiliate.exe\ (2 subtraces) (ID = 135052)
    3:31 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\wildapp.dll (ID = 135057)
    3:31 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\minigolf_affiliate.exe (ID = 135058)
    3:31 PM: Found Adware: purityscan
    3:31 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\conflict.1\mediaticketsinstaller.ocx (ID = 139075)
    3:31 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\conflict.2\mediaticketsinstaller.ocx (ID = 139076)
    3:31 PM: Found Adware: searchtoolbar
    3:31 PM: HKCR\typelib\{110fa82f-db6c-3c24-8929-60961d10c56e}\ (9 subtraces) (ID = 139176)
    3:31 PM: Found Adware: quicklink search toolbar
    3:31 PM: HKCR\typelib\{110fa82f-db6c-3c24-8929-60961d10c56e}\ (9 subtraces) (ID = 139176)
    3:31 PM: HKLM\software\classes\typelib\{110fa82f-db6c-3c24-8929-60961d10c56e}\ (9 subtraces) (ID = 139179)
    3:31 PM: HKLM\software\classes\typelib\{110fa82f-db6c-3c24-8929-60961d10c56e}\ (9 subtraces) (ID = 139179)
    3:31 PM: HKLM\software\searchtoolbar\ (3 subtraces) (ID = 141346)
    3:31 PM: Found Trojan Horse: vesbiz downloader
    3:31 PM: HKLM\software\microsoft\windows\currentversion\run\ || controlpanel (ID = 145540)
    3:31 PM: HKU\.default\software\wintools\ (13 subtraces) (ID = 146307)
    3:31 PM: HKCR\clsid\{2c4e6d22-b71f-491f-aad3-b6972a650d50}\ (16 subtraces) (ID = 146314)
    3:31 PM: HKCR\clsid\{6e21f428-5617-47f7-aed8-b2e1d8fba711}\ (16 subtraces) (ID = 146322)
    3:31 PM: HKCR\clsid\{8b0fa130-0c3d-4cb1-aeb7-2c29da5509a3}\ (16 subtraces) (ID = 146324)
    3:31 PM: HKCR\clsid\{310cc549-4541-46a9-940f-52b342a6e682}\ (10 subtraces) (ID = 146327)
    3:31 PM: HKCR\clsid\{339bb23f-a864-48c0-a59f-29ea915965ec}\ (4 subtraces) (ID = 146328)
    3:31 PM: HKCR\clsid\{708be496-e202-497b-bc31-9cf47e3bf8d6}\ (16 subtraces) (ID = 146329)
    3:31 PM: HKCR\clsid\{8952a998-1e7e-4716-b23d-3dbe03910972}\ (4 subtraces) (ID = 146332)
    3:31 PM: HKCR\clsid\{69357d4e-bf4d-4651-91e9-52ecd45a0128}\ (10 subtraces) (ID = 146333)
    3:31 PM: HKCR\clsid\{87067f04-de4c-4688-bc3c-4fcf39d609e7}\ (6 subtraces) (ID = 146334)
    3:31 PM: HKCR\clsid\{87766247-311c-43b4-8499-3d5fec94a183}\ (4 subtraces) (ID = 146336)
    3:31 PM: HKCR\clsid\{a8deb4a5-d9ef-4d21-b4f6-921475004e7d}\ (6 subtraces) (ID = 146337)
    3:31 PM: HKCR\clsid\{af8b3c81-cd19-45fb-b6be-160d27711de8}\ (16 subtraces) (ID = 146339)
    3:31 PM: HKCR\clsid\{bbf122a7-8a4d-45b5-9e00-0f68bc87c904}\ (10 subtraces) (ID = 146340)
    3:31 PM: HKCR\clsid\{cae0999f-78c5-49dc-9f30-13142aaaaba4}\ (10 subtraces) (ID = 146343)
    3:31 PM: HKCR\clsid\{f1616b86-9288-489d-b71a-0ccf2f1a89da}\ (4 subtraces) (ID = 146346)
    3:31 PM: HKCR\clsid\{ff76a5da-6158-4439-99ff-edc1b3fe100c}\ (6 subtraces) (ID = 146348)
    3:31 PM: HKCR\interface\{7b8bd940-b1ef-460c-85a2-9acaaf7f9303}\ (8 subtraces) (ID = 146350)
    3:31 PM: HKCR\interface\{66c22569-f05c-4a70-a142-763b337e1002}\ (8 subtraces) (ID = 146352)
    3:31 PM: HKCR\interface\{99aa88d1-d9d3-410a-be9e-044f94c183da}\ (8 subtraces) (ID = 146353)
    3:31 PM: HKCR\interface\{234f09fb-fe89-4c6d-9203-31832fc051c3}\ (8 subtraces) (ID = 146354)
    3:31 PM: HKCR\interface\{365b9a54-e613-46e5-9db1-4f91a9de80bd}\ (8 subtraces) (ID = 146355)
    3:31 PM: HKCR\interface\{618be527-b7f5-417c-bc51-98fdc2d6de61}\ (8 subtraces) (ID = 146356)
    3:31 PM: HKCR\interface\{c380566d-f343-42ab-987b-6b38a1a35747}\ (8 subtraces) (ID = 146358)
    3:31 PM: HKCR\interface\{d1951679-1d52-43fc-9585-0737143585f5}\ (8 subtraces) (ID = 146359)
    3:31 PM: HKCR\interface\{f273d4ea-2025-4410-8408-251a0cd46be7}\ (8 subtraces) (ID = 146360)
    3:31 PM: HKCR\protocols\handler\tpro\ (2 subtraces) (ID = 146363)
    3:31 PM: HKLM\software\btlink\ (ID = 146371)
    3:31 PM: HKLM\software\classes\clsid\{2c4e6d22-b71f-491f-aad3-b6972a650d50}\ (16 subtraces) (ID = 146377)
    3:31 PM: HKLM\software\classes\clsid\{6e21f428-5617-47f7-aed8-b2e1d8fba711}\ (16 subtraces) (ID = 146385)
    3:31 PM: HKLM\software\classes\clsid\{8b0fa130-0c3d-4cb1-aeb7-2c29da5509a3}\ (16 subtraces) (ID = 146387)
    3:31 PM: HKLM\software\classes\clsid\{310cc549-4541-46a9-940f-52b342a6e682}\ (10 subtraces) (ID = 146390)
    3:31 PM: HKLM\software\classes\clsid\{339bb23f-a864-48c0-a59f-29ea915965ec}\ (4 subtraces) (ID = 146391)
    3:31 PM: HKLM\software\classes\clsid\{708be496-e202-497b-bc31-9cf47e3bf8d6}\ (16 subtraces) (ID = 146392)
    3:31 PM: HKLM\software\classes\clsid\{8952a998-1e7e-4716-b23d-3dbe03910972}\ (4 subtraces) (ID = 146395)
    3:31 PM: HKLM\software\classes\clsid\{69357d4e-bf4d-4651-91e9-52ecd45a0128}\ (10 subtraces) (ID = 146396)
    3:31 PM: HKLM\software\classes\clsid\{87067f04-de4c-4688-bc3c-4fcf39d609e7}\ (6 subtraces) (ID = 146397)
    3:31 PM: HKLM\software\classes\clsid\{87766247-311c-43b4-8499-3d5fec94a183}\ (4 subtraces) (ID = 146399)
    3:31 PM: HKLM\software\classes\clsid\{a8deb4a5-d9ef-4d21-b4f6-921475004e7d}\ (6 subtraces) (ID = 146400)
    3:31 PM: HKLM\software\classes\clsid\{af8b3c81-cd19-45fb-b6be-160d27711de8}\ (16 subtraces) (ID = 146402)
    3:31 PM: HKLM\software\classes\clsid\{bbf122a7-8a4d-45b5-9e00-0f68bc87c904}\ (10 subtraces) (ID = 146403)
    3:31 PM: HKLM\software\classes\clsid\{cae0999f-78c5-49dc-9f30-13142aaaaba4}\ (10 subtraces) (ID = 146406)
    3:31 PM: HKLM\software\classes\clsid\{f1616b86-9288-489d-b71a-0ccf2f1a89da}\ (4 subtraces) (ID = 146409)
    3:31 PM: HKLM\software\classes\clsid\{ff76a5da-6158-4439-99ff-edc1b3fe100c}\ (6 subtraces) (ID = 146411)
    3:31 PM: HKLM\software\classes\interface\{7b8bd940-b1ef-460c-85a2-9acaaf7f9303}\ (8 subtraces) (ID = 146413)
    3:31 PM: HKLM\software\classes\interface\{66c22569-f05c-4a70-a142-763b337e1002}\ (8 subtraces) (ID = 146415)
    3:31 PM: HKLM\software\classes\interface\{99aa88d1-d9d3-410a-be9e-044f94c183da}\ (8 subtraces) (ID = 146416)
    3:31 PM: HKLM\software\classes\interface\{234f09fb-fe89-4c6d-9203-31832fc051c3}\ (8 subtraces) (ID = 146417)
    3:31 PM: HKLM\software\classes\interface\{365b9a54-e613-46e5-9db1-4f91a9de80bd}\ (8 subtraces) (ID = 146418)
    3:31 PM: HKLM\software\classes\interface\{618be527-b7f5-417c-bc51-98fdc2d6de61}\ (8 subtraces) (ID = 146419)
    3:31 PM: HKLM\software\classes\interface\{c380566d-f343-42ab-987b-6b38a1a35747}\ (8 subtraces) (ID = 146421)
    3:31 PM: HKLM\software\classes\interface\{d1951679-1d52-43fc-9585-0737143585f5}\ (8 subtraces) (ID = 146422)
    3:31 PM: HKLM\software\classes\interface\{f273d4ea-2025-4410-8408-251a0cd46be7}\ (8 subtraces) (ID = 146423)
    3:31 PM: HKLM\software\classes\protocols\handler\tpro\ (2 subtraces) (ID = 146426)
    3:31 PM: HKLM\software\classes\tbps.plugincfgobj\ (3 subtraces) (ID = 146432)
    3:31 PM: HKLM\software\classes\tbps.pluginconfig\ (3 subtraces) (ID = 146433)
    3:31 PM: HKLM\software\classes\tbps.plugindown\ (3 subtraces) (ID = 146434)
    3:31 PM: HKLM\software\classes\tbps.plugindownadd\ (3 subtraces) (ID = 146435)
    3:31 PM: HKLM\software\classes\tbps.pluginevents\ (3 subtraces) (ID = 146436)
    3:31 PM: HKLM\software\classes\tbps.plugininst\ (3 subtraces) (ID = 146437)
    3:31 PM: HKLM\software\classes\tbps.pluginserver\ (3 subtraces) (ID = 146438)
    3:31 PM: HKLM\software\classes\tbps.toolbarscript\ (3 subtraces) (ID = 146439)
    3:31 PM: HKLM\software\classes\toolbar.resprotocol\ (3 subtraces) (ID = 146441)
    3:31 PM: HKLM\software\classes\typelib\{37ac49e3-e906-4bd8-ae83-d0f7fb48fd17}\ (9 subtraces) (ID = 146444)
    3:31 PM: HKLM\software\classes\typelib\{b23b3add-84b1-414a-92b9-0cabe5a781f4}\ (9 subtraces) (ID = 146447)
    3:31 PM: HKLM\software\classes\wtoolsb.resprotocol\ (3 subtraces) (ID = 146451)
    3:31 PM: HKLM\software\microsoft\internet explorer\toolbar\ || {339bb23f-a864-48c0-a59f-29ea915965ec} (ID = 146461)
    3:31 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{8952a998-1e7e-4716-b23d-3dbe03910972}\ (1 subtraces) (ID = 146473)
    3:31 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{87766247-311c-43b4-8499-3d5fec94a183}\ (ID = 146474)
    3:31 PM: HKLM\software\microsoft\windows\currentversion\installer\userdata\sto\ (2 subtraces) (ID = 146480)
    3:31 PM: HKLM\software\microsoft\windows\currentversion\run\ || tbps (ID = 146489)
    3:31 PM: HKLM\software\microsoft\windows\currentversion\run\ || wintools (ID = 146490)
    3:31 PM: HKLM\software\wintools\ (140 subtraces) (ID = 146515)
    3:31 PM: HKLM\system\currentcontrolset\enum\root\legacy_wintoolssvc\ (10 subtraces) (ID = 146518)
    3:31 PM: HKLM\system\currentcontrolset\services\tbpssvc\ (13 subtraces) (ID = 146519)
    3:31 PM: HKLM\system\currentcontrolset\services\wintoolssvc\ (10 subtraces) (ID = 146520)
    3:31 PM: HKLM\system\currentcontrolset\services\wintoolssvc\ || type (ID = 146521)
    3:31 PM: HKCR\tbps.plugincfgobj\ (3 subtraces) (ID = 146522)
    3:31 PM: HKCR\tbps.pluginconfig\ (3 subtraces) (ID = 146523)
    3:31 PM: HKCR\tbps.plugindown\ (3 subtraces) (ID = 146524)
    3:31 PM: HKCR\tbps.plugindownadd\ (3 subtraces) (ID = 146525)
    3:31 PM: HKCR\tbps.pluginevents\ (3 subtraces) (ID = 146526)
    3:31 PM: HKCR\tbps.plugininst\ (3 subtraces) (ID = 146527)
    3:31 PM: HKCR\tbps.pluginserver\ (3 subtraces) (ID = 146528)
    3:31 PM: HKCR\tbps.toolbarscript\ (3 subtraces) (ID = 146529)
    3:31 PM: HKCR\toolbar.resprotocol\ (3 subtraces) (ID = 146531)
    3:31 PM: HKCR\typelib\{37ac49e3-e906-4bd8-ae83-d0f7fb48fd17}\ (9 subtraces) (ID = 146534)
    3:31 PM: HKCR\typelib\{b23b3add-84b1-414a-92b9-0cabe5a781f4}\ (9 subtraces) (ID = 146537)
    3:31 PM: HKCR\wtoolsb.resprotocol\ (3 subtraces) (ID = 146541)
    3:31 PM: Found Adware: websearch.com hijacker
    3:31 PM: HKLM\software\microsoft\internet explorer\main\ || searchassistant (ID = 146565)
    3:31 PM: HKLM\software\microsoft\internet explorer\search\ || searchassistant (ID = 146567)
    3:31 PM: HKCR\appid\winaffiliatebho.dll\ (1 subtraces) (ID = 146688)
    3:31 PM: HKCR\interface\{851f86c9-d3cc-4574-93f5-40e2d65159e4}\ (8 subtraces) (ID = 146695)
    3:31 PM: HKCR\interface\{e318d698-27b3-44d5-8998-c35eafb9c034}\ (8 subtraces) (ID = 146696)
    3:31 PM: HKLM\software\classes\appid\winaffiliatebho.dll\ (1 subtraces) (ID = 146699)
    3:31 PM: HKLM\software\classes\interface\{851f86c9-d3cc-4574-93f5-40e2d65159e4}\ (8 subtraces) (ID = 146709)
    3:31 PM: HKLM\software\classes\interface\{e318d698-27b3-44d5-8998-c35eafb9c034}\ (8 subtraces) (ID = 146710)
    3:31 PM: HKLM\software\classes\winaffiliatebho.winaffiliateieextensi.1\ (3 subtraces) (ID = 146716)
    3:31 PM: HKLM\software\classes\winaffiliatebho.winaffiliateieextension\ (5 subtraces) (ID = 146717)
    3:31 PM: HKLM\software\microsoft\windows\currentversion\uninstall\midaddle\ (2 subtraces) (ID = 146957)
    3:31 PM: HKCR\winaffiliatebho.winaffiliateieextensi.1\ (3 subtraces) (ID = 146967)
    3:31 PM: HKCR\winaffiliatebho.winaffiliateieextension\ (5 subtraces) (ID = 146968)
    3:31 PM: Found Adware: winad
    3:31 PM: HKCR\clsid\{15ad6789-cdb4-47e1-a9da-992ee8e6bad6}\ (6 subtraces) (ID = 147155)
    3:31 PM: HKCR\mediaaccess.installer\ (5 subtraces) (ID = 147157)
    3:31 PM: HKCR\mediaaccx.installer\ (3 subtraces) (ID = 147158)
    3:31 PM: HKLM\software\classes\clsid\{15ad6789-cdb4-47e1-a9da-992ee8e6bad6}\ (6 subtraces) (ID = 147169)
    3:31 PM: HKLM\software\classes\mediaaccess.installer\ (5 subtraces) (ID = 147171)
    3:31 PM: HKLM\software\classes\mediaaccx.installer\ (3 subtraces) (ID = 147172)
    3:31 PM: HKLM\software\microsoft\code store database\distribution units\{15ad6789-cdb4-47e1-a9da-992ee8e6bad6}\ (10 subtraces) (ID = 147185)
    3:31 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/mediaaccx.dll\ (2 subtraces) (ID = 147191)
    3:31 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\mediaaccx.dll (ID = 147221)
    3:31 PM: Found Adware: ist yoursitebar
    3:31 PM: HKCR\interface\{bf06da8e-2beb-4816-9bbd-f7625246e245}\ (8 subtraces) (ID = 147834)
    3:31 PM: HKLM\software\classes\interface\{bf06da8e-2beb-4816-9bbd-f7625246e245}\ (8 subtraces) (ID = 147840)
    3:31 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\ysbactivex.dll (ID = 147857)
    3:31 PM: HKLM\software\classes\clsid\{af8b3c81-cd19-45fb-b6be-160d27711de8}\ (16 subtraces) (ID = 155047)
    3:31 PM: HKLM\software\classes\clsid\{af8b3c81-cd19-45fb-b6be-160d27711de8}\localserver32\ (2 subtraces) (ID = 155049)
    3:31 PM: HKLM\software\classes\clsid\{af8b3c81-cd19-45fb-b6be-160d27711de8}\implemented categories\ (5 subtraces) (ID = 155058)
    3:31 PM: HKLM\software\classes\clsid\{af8b3c81-cd19-45fb-b6be-160d27711de8}\implemented categories\{7dd95801-9882-11cf-9fa9-00aa006c42c4}\ (1 subtraces) (ID = 155060)
    3:31 PM: HKLM\software\classes\clsid\{af8b3c81-cd19-45fb-b6be-160d27711de8}\implemented categories\{7dd95802-9882-11cf-9fa9-00aa006c42c4}\ (1 subtraces) (ID = 155062)
    3:31 PM: HKLM\software\classes\clsid\{69357d4e-bf4d-4651-91e9-52ecd45a0128}\ (10 subtraces) (ID = 155177)
    3:31 PM: HKLM\software\classes\clsid\{69357d4e-bf4d-4651-91e9-52ecd45a0128}\inprocserver32\ (2 subtraces) (ID = 155179)
    3:31 PM: HKLM\software\classes\clsid\{69357d4e-bf4d-4651-91e9-52ecd45a0128}\inprocserver32\ || threadingmodel (ID = 155181)
    3:31 PM: HKLM\software\classes\clsid\{69357d4e-bf4d-4651-91e9-52ecd45a0128}\progid\ (1 subtraces) (ID = 155182)
    3:31 PM: HKLM\software\classes\clsid\{69357d4e-bf4d-4651-91e9-52ecd45a0128}\version\ (1 subtraces) (ID = 155184)
    3:31 PM: HKLM\software\classes\clsid\{69357d4e-bf4d-4651-91e9-52ecd45a0128}\typelib\ (1 subtraces) (ID = 155186)
    3:31 PM: HKLM\software\classes\tbps.plugincfgobj\ (3 subtraces) (ID = 393070)
    3:31 PM: HKLM\software\classes\tbps.plugincfgobj\clsid\ (1 subtraces) (ID = 393072)
    3:31 PM: HKLM\software\classes\tbps.pluginconfig\clsid\ (1 subtraces) (ID = 393076)
    3:31 PM: HKLM\software\classes\tbps.plugindown\clsid\ (1 subtraces) (ID = 393080)
    3:31 PM: HKLM\software\classes\tbps.plugindownadd\clsid\ (1 subtraces) (ID = 393084)
    3:31 PM: HKLM\software\classes\tbps.pluginevents\ (3 subtraces) (ID = 393086)
    3:31 PM: HKLM\software\classes\tbps.pluginevents\clsid\ (1 subtraces) (ID = 393088)
    3:31 PM: HKLM\software\classes\tbps.plugininst\clsid\ (1 subtraces) (ID = 393092)
    3:31 PM: HKLM\software\classes\tbps.pluginserver\clsid\ (1 subtraces) (ID = 393096)
    3:31 PM: HKLM\software\classes\tbps.toolbarscript\clsid\ (1 subtraces) (ID = 393100)
    3:31 PM: HKLM\software\classes\toolbar.resprotocol\clsid\ (1 subtraces) (ID = 393104)
    3:31 PM: HKLM\software\classes\clsid\{af8b3c81-cd19-45fb-b6be-160d27711de8}\localserver32\ || threadingmodel (ID = 393216)
    3:31 PM: HKLM\software\classes\clsid\{af8b3c81-cd19-45fb-b6be-160d27711de8}\progid\ (1 subtraces) (ID = 393217)
    3:31 PM: HKLM\software\classes\clsid\{af8b3c81-cd19-45fb-b6be-160d27711de8}\typelib\ (1 subtraces) (ID = 393219)
    3:31 PM: HKLM\software\classes\clsid\{af8b3c81-cd19-45fb-b6be-160d27711de8}\version\ (1 subtraces) (ID = 393221)
    3:31 PM: HKLM\software\classes\clsid\{bbf122a7-8a4d-45b5-9e00-0f68bc87c904}\ (10 subtraces) (ID = 393223)
    3:31 PM: HKLM\software\classes\clsid\{bbf122a7-8a4d-45b5-9e00-0f68bc87c904}\localserver32\ (2 subtraces) (ID = 393225)
    3:31 PM: HKLM\software\classes\clsid\{bbf122a7-8a4d-45b5-9e00-0f68bc87c904}\localserver32\ || threadingmodel (ID = 393227)
    3:31 PM: HKLM\software\classes\clsid\{bbf122a7-8a4d-45b5-9e00-0f68bc87c904}\progid\ (1 subtraces) (ID = 393228)
    3:31 PM: HKLM\software\classes\clsid\{bbf122a7-8a4d-45b5-9e00-0f68bc87c904}\typelib\ (1 subtraces) (ID = 393230)
    3:31 PM: HKLM\software\classes\clsid\{bbf122a7-8a4d-45b5-9e00-0f68bc87c904}\version\ (1 subtraces) (ID = 393232)
    3:31 PM: HKLM\software\microsoft\internet explorer\toolbar\ || {339bb23f-a864-48c0-a59f-29ea915965ec} (ID = 393262)
    3:31 PM: Found Trojan Horse: trojan-downloader-ruin
    3:31 PM: HKLM\software\microsoft\windows\currentversion\run\ || hclean32.exe (ID = 595890)
    3:31 PM: HKLM\software\microsoft\windows\currentversion\urls\ (9 subtraces) (ID = 605127)
    3:31 PM: HKLM\software\microsoft\windows\currentversion\ruins\ (9 subtraces) (ID = 605128)
    3:31 PM: HKLM\software\toolbar\ (16 subtraces) (ID = 646240)
    3:31 PM: HKLM\software\wintools\ (140 subtraces) (ID = 646242)
    3:31 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\conflict.1\ysbactivex.dll (ID = 762453)
    3:31 PM: HKCR\protocols\name-space handler\res\toolbar.resprotocol\ (1 subtraces) (ID = 776412)
    3:31 PM: Found Trojan Horse: trojan-downloader-traff4ppc.biz
    3:31 PM: HKLM\software\microsoft\windows\currentversion\run\ || controlpanel (ID = 1102168)
    3:31 PM: Found Adware: 411 ferret toolbar
    3:31 PM: HKCR\toolbarbesttoolbarstoolbar.besttoolbarstoolbarobject\ (5 subtraces) (ID = 1191915)
    3:31 PM: HKCR\toolbarbesttoolbarstoolbar.besttoolbarstoolbarobject.1\ (3 subtraces) (ID = 1191921)
    3:31 PM: HKLM\software\classes\toolbarbesttoolbarstoolbar.besttoolbarstoolbarobject\ (5 subtraces) (ID = 1191985)
    3:31 PM: HKLM\software\classes\toolbarbesttoolbarstoolbar.besttoolbarstoolbarobject.1\ (3 subtraces) (ID = 1191991)
    3:31 PM: HKU\S-1-5-21-2069941311-1513010017-833975278-1011\software\microsoft\internet explorer\main\ || homeoldsp (ID = 115923)
    3:31 PM: HKU\S-1-5-21-2069941311-1513010017-833975278-1011\software\microsoft\internet explorer\extensions\cmdmapping\ || {120e090d-9136-4b78-8258-f0b44b4bd2ac} (ID = 127930)
    3:31 PM: HKU\S-1-5-21-2069941311-1513010017-833975278-1011\software\microsoft\internet explorer\toolbar\webbrowser\ || {08bec6aa-49fc-4379-3587-4b21e286c19e} (ID = 139177)
    3:31 PM: HKU\S-1-5-21-2069941311-1513010017-833975278-1011\software\microsoft\internet explorer\toolbar\webbrowser\ || {08bec6aa-49fc-4379-3587-4b21e286c19e} (ID = 139177)
    3:31 PM: HKU\S-1-5-21-2069941311-1513010017-833975278-1011\software\searchtoolbar\ (4 subtraces) (ID = 141343)
    3:31 PM: Found Trojan Horse: trojan-downloader-wareout
    3:31 PM: HKU\S-1-5-21-2069941311-1513010017-833975278-1011\software\microsoft\internet explorer\extensions\cmdmapping\ || {bf69df00-2734-477f-8257-27cd04f88779} (ID = 144839)
    3:31 PM: HKU\S-1-5-21-2069941311-1513010017-833975278-1011\software\microsoft\windows\currentversion\run\ || wareout (ID = 144859)
    3:31 PM: HKU\S-1-5-21-2069941311-1513010017-833975278-1011\software\wareout\ (6 subtraces) (ID = 144878)
    3:31 PM: HKU\S-1-5-21-2069941311-1513010017-833975278-1011\software\microsoft\internet explorer\toolbar\shellbrowser\ || {339bb23f-a864-48c0-a59f-29ea915965ec} (ID = 146462)
    3:31 PM: HKU\S-1-5-21-2069941311-1513010017-833975278-1011\software\microsoft\internet explorer\toolbar\webbrowser\ || {339bb23f-a864-48c0-a59f-29ea915965ec} (ID = 146464)
    3:31 PM: HKU\S-1-5-21-2069941311-1513010017-833975278-1011\software\microsoft\internet explorer\urlsearchhooks\ || {87766247-311c-43b4-8499-3d5fec94a183} (ID = 146467)
    3:31 PM: HKU\S-1-5-21-2069941311-1513010017-833975278-1011\software\toolbar\ (2 subtraces) (ID = 146513)
    3:31 PM: HKU\S-1-5-21-2069941311-1513010017-833975278-1011\software\wintools\ (18 subtraces) (ID = 146514)
    3:31 PM: HKU\S-1-5-21-2069941311-1513010017-833975278-1011\software\microsoft\internet explorer\toolbar\webbrowser\ || {339bb23f-a864-48c0-a59f-29ea915965ec} (ID = 392934)
    3:31 PM: HKU\S-1-5-21-2069941311-1513010017-833975278-1011\software\toolbar\ (2 subtraces) (ID = 646239)
    3:31 PM: HKU\S-1-5-21-2069941311-1513010017-833975278-1011\software\wintools\ (18 subtraces) (ID = 646241)
    3:31 PM: Found Adware: xosearchox.com hijack
    3:31 PM: HKU\S-1-5-21-2069941311-1513010017-833975278-1011\software\microsoft\internet explorer\ || searchurl (ID = 820943)
    3:31 PM: HKU\S-1-5-18\software\microsoft\internet explorer\main\ || search bar (ID = 123743)
    3:31 PM: HKU\S-1-5-18\software\microsoft\internet explorer\main\ || search page (ID = 123744)
    3:31 PM: HKU\S-1-5-18\software\microsoft\internet explorer\search\ || searchassistant (ID = 123750)
    3:31 PM: HKU\S-1-5-18\software\microsoft\internet explorer\extensions\cmdmapping\ || {120e090d-9136-4b78-8258-f0b44b4bd2ac} (ID = 127930)
    3:31 PM: Found Adware: bho_sep
    3:31 PM: HKU\S-1-5-18\software\sep\ (8 subtraces) (ID = 141642)
    3:31 PM: HKU\S-1-5-18\software\microsoft\internet explorer\toolbar\webbrowser\ || {339bb23f-a864-48c0-a59f-29ea915965ec} (ID = 146464)
    3:31 PM: HKU\S-1-5-18\software\toolbar\ (21 subtraces) (ID = 146513)
    3:31 PM: HKU\S-1-5-18\software\wintools\ (13 subtraces) (ID = 146514)
    3:31 PM: HKU\S-1-5-18\software\microsoft\internet explorer\toolbar\webbrowser\ || {339bb23f-a864-48c0-a59f-29ea915965ec} (ID = 392934)
    3:31 PM: HKU\S-1-5-18\software\toolbar\ (21 subtraces) (ID = 646239)
    3:31 PM: HKU\S-1-5-18\software\wintools\ (13 subtraces) (ID = 646241)
    3:31 PM: Registry Sweep Complete, Elapsed Time:00:00:33
    3:31 PM: Starting Cookie Sweep
     
  4. wawawhee

    wawawhee Thread Starter

    Joined:
    Apr 8, 2004
    Messages:
    63
    pt. 2

    3:31 PM: Found Spy Cookie: 2o7.net cookie
    3:31 PM: [email protected][1].txt (ID = 1957)
    3:31 PM: Found Spy Cookie: websponsors cookie
    3:31 PM: [email protected][2].txt (ID = 3665)
    3:31 PM: Found Spy Cookie: about cookie
    3:31 PM: [email protected][1].txt (ID = 2037)
    3:31 PM: Found Spy Cookie: yieldmanager cookie
    3:31 PM: [email protected][2].txt (ID = 3751)
    3:31 PM: Found Spy Cookie: adknowledge cookie
    3:31 PM: [email protected][1].txt (ID = 2072)
    3:31 PM: Found Spy Cookie: hbmediapro cookie
    3:31 PM: [email protected][2].txt (ID = 2768)
    3:31 PM: Found Spy Cookie: specificclick.com cookie
    3:31 PM: [email protected]cclick[2].txt (ID = 3400)
    3:31 PM: Found Spy Cookie: addynamix cookie
    3:31 PM: [email protected][2].txt (ID = 2062)
    3:31 PM: Found Spy Cookie: cc214142 cookie
    3:31 PM: [email protected][2].txt (ID = 2367)
    3:31 PM: Found Spy Cookie: falkag cookie
    3:31 PM: [email protected][1].txt (ID = 2650)
    3:31 PM: [email protected][1].txt (ID = 2650)
    3:31 PM: Found Spy Cookie: ask cookie
    3:31 PM: [email protected][1].txt (ID = 2245)
    3:31 PM: Found Spy Cookie: atwola cookie
    3:31 PM: [email protected][1].txt (ID = 2255)
    3:31 PM: Found Spy Cookie: belnk cookie
    3:31 PM: [email protected][1].txt (ID = 2292)
    3:31 PM: Found Spy Cookie: bluestreak cookie
    3:31 PM: [email protected][1].txt (ID = 2314)
    3:31 PM: Found Spy Cookie: zedo cookie
    3:31 PM: [email protected][2].txt (ID = 3763)
    3:31 PM: Found Spy Cookie: casalemedia cookie
    3:31 PM: [email protected][1].txt (ID = 2354)
    3:31 PM: Found Spy Cookie: centrport net cookie
    3:31 PM: [email protected][2].txt (ID = 2374)
    3:31 PM: [email protected][2].txt (ID = 2293)
    3:31 PM: Found Spy Cookie: empnads cookie
    3:31 PM: [email protected][2].txt (ID = 5012)
    3:31 PM: Found Spy Cookie: fastclick cookie
    3:31 PM: [email protected][1].txt (ID = 2651)
    3:31 PM: Found Spy Cookie: gangbangsquad cookie
    3:31 PM: [email protected][1].txt (ID = 2720)
    3:31 PM: Found Spy Cookie: clickandtrack cookie
    3:31 PM: [email protected][1].txt (ID = 2397)
    3:31 PM: Found Spy Cookie: kinghost cookie
    3:31 PM: [email protected][1].txt (ID = 2903)
    3:31 PM: Found Spy Cookie: maxserving cookie
    3:31 PM: [email protected][1].txt (ID = 2966)
    3:31 PM: Found Spy Cookie: touchclarity cookie
    3:31 PM: [email protected][1].txt (ID = 3567)
    3:31 PM: Found Spy Cookie: partypoker cookie
    3:31 PM: [email protected][1].txt (ID = 3111)
    3:31 PM: Found Spy Cookie: paycounter cookie
    3:31 PM: [email protected][1].txt (ID = 3115)
    3:31 PM: Found Spy Cookie: overture cookie
    3:31 PM: [email protected][1].txt (ID = 3106)
    3:31 PM: Found Spy Cookie: questionmarket cookie
    3:31 PM: [email protected][1].txt (ID = 3217)
    3:31 PM: [email protected][1].txt (ID = 2038)
    3:31 PM: Found Spy Cookie: realmedia cookie
    3:31 PM: [email protected][2].txt (ID = 3235)
    3:31 PM: Found Spy Cookie: revenue.net cookie
    3:31 PM: [email protected][2].txt (ID = 3257)
    3:31 PM: Found Spy Cookie: rn11 cookie
    3:31 PM: [email protected][2].txt (ID = 3261)
    3:31 PM: Found Spy Cookie: trafficmp cookie
    3:31 PM: [email protected][2].txt (ID = 3581)
    3:31 PM: Found Spy Cookie: tribalfusion cookie
    3:31 PM: [email protected][2].txt (ID = 3589)
    3:31 PM: Found Spy Cookie: xxxcounter cookie
    3:31 PM: [email protected][1].txt (ID = 3733)
    3:31 PM: [email protected][1].txt (ID = 3749)
    3:31 PM: Found Spy Cookie: adserver cookie
    3:31 PM: [email protected][1].txt (ID = 2142)
    3:31 PM: [email protected][2].txt (ID = 3762)
    3:31 PM: Cookie Sweep Complete, Elapsed Time: 00:00:01
    3:31 PM: Starting File Sweep
    3:31 PM: Found Adware: shopathomeselect
    3:31 PM: c:\windows\system32\sahimages (2 subtraces) (ID = -2147480329)
    3:31 PM: c:\documents and settings\all users\start menu\programs\web search tools (4 subtraces) (ID = -2147480048)
    3:31 PM: Found Adware: ist sidefind
    3:31 PM: c:\program files\sidefind (4 subtraces) (ID = -2147480325)
    3:31 PM: c:\program files\sidefind\update (1 subtraces) (ID = -2147474314)
    3:31 PM: c:\program files\istsvc (ID = -2147480800)
    3:31 PM: Found Adware: ist powerscan
    3:31 PM: c:\program files\power scan (ID = -2147480461)
    3:31 PM: Found Adware: exact bullseye
    3:31 PM: c:\program files\bullseye network (14 subtraces) (ID = -2147481394)
    3:31 PM: Found Adware: 180search assistant/zango
    3:31 PM: c:\program files\180solutions (7 subtraces) (ID = -2147480568)
    3:31 PM: Found Adware: exact navisearch
    3:31 PM: c:\program files\navisearch (2 subtraces) (ID = -2147480573)
    3:31 PM: c:\program files\cashback (8 subtraces) (ID = -2147481281)
    3:31 PM: c:\program files\common files\wintools (10 subtraces) (ID = -2147480046)
    3:31 PM: Found Adware: memorywatcher
    3:31 PM: c:\program files\memorywatcher (3 subtraces) (ID = -2147480604)
    3:31 PM: Found Adware: clearsearch
    3:31 PM: c:\program files\clearsearch (ID = -2147481257)
    3:31 PM: Found Adware: topicks
    3:31 PM: c:\program files\topicks (4 subtraces) (ID = -2147480143)
    3:31 PM: c:\program files\instant access (30 subtraces) (ID = -2147480835)
    3:31 PM: c:\program files\toolbar (23 subtraces) (ID = -2147480045)
    3:31 PM: Found Adware: webrebates
    3:31 PM: c:\program files\web_rebates (36 subtraces) (ID = -2147480050)
    3:31 PM: c:\program files\common files\midaddle (2 subtraces) (ID = -2147480036)
    3:31 PM: Found Adware: ezula ilookup
    3:31 PM: c:\program files\web offer (11 subtraces) (ID = -2147480998)
    3:31 PM: c:\windows\elitebar (ID = -2147481054)
    3:31 PM: c:\program files\media access (1 subtraces) (ID = -2147480020)
    3:31 PM: c:\program files\yoursitebar (3 subtraces) (ID = -2147479984)
    3:32 PM: a0259342.dll (ID = 156206)
    3:32 PM: protector_update[3].exe (ID = 59979)
    3:32 PM: a0258332.dll (ID = 156206)
    3:32 PM: mediaticketsinstaller.ocx (ID = 73162)
    3:32 PM: a0255329.dll (ID = 156207)
    3:32 PM: a0257332.dll (ID = 156206)
    3:32 PM: mediaaccx.dll (ID = 90413)
    3:32 PM: a0259395.exe (ID = 60009)
    3:32 PM: a0259376.exe (ID = 59987)
    3:32 PM: csoiw.exe (ID = 246)
    3:32 PM: msxmlpp.dll (ID = 54324)
    3:32 PM: topicks.reg (ID = 79704)
    3:32 PM: a0259391.exe (ID = 59978)
    3:32 PM: a0259379.exe (ID = 59978)
    3:32 PM: a0259364.exe (ID = 59978)
    3:32 PM: a0259393.exe (ID = 59987)
    3:32 PM: a0259355.exe (ID = 59978)
    3:32 PM: a0259392.exe (ID = 59978)
    3:32 PM: minigolf_affiliate.exe (ID = 69949)
    3:32 PM: a0256328.dll (ID = 156206)
    3:33 PM: bobby.exe (ID = 59937)
    3:33 PM: wildmedia.exe (ID = 88929)
    3:34 PM: adp8034.exe (ID = 50504)
    3:35 PM: ysbactivex.dll (ID = 91022)
    3:35 PM: a0255328.dll (ID = 156206)
    3:35 PM: xud_70.dll (ID = 156207)
    3:35 PM: winsik32.exe (ID = 60047)
    3:35 PM: icnfe.dll (ID = 54008)
    3:35 PM: icqrt.dll (ID = 54187)
    3:35 PM: icvbr.dll (ID = 54008)
    3:35 PM: xcwer32.dll (ID = 54008)
    3:35 PM: sdfup.dll (ID = 54008)
    3:35 PM: cidft.dll (ID = 54008)
    3:35 PM: cidpoq32.dll (ID = 54008)
    3:35 PM: gupd.dll (ID = 54008)
    3:35 PM: zxmsn.dll (ID = 54008)
    3:35 PM: wecxg32.dll (ID = 54008)
    3:36 PM: ysbactivex.dll (ID = 91035)
    3:36 PM: readme.txt (ID = 119871)
    3:36 PM: silent_setup[1].exe (ID = 134966)
    3:36 PM: a0258333.dll (ID = 156207)
    3:36 PM: a0259377.exe (ID = 59987)
    3:37 PM: tbps.ini (ID = 85907)
    3:37 PM: logo.gif (ID = 52264)
    3:37 PM: a0259399.dll (ID = 59975)
    3:37 PM: qh6dgcqu.dat (ID = 75674)
    3:37 PM: uninst.exe (ID = 88856)
    3:37 PM: proxy_inst[1].exe (ID = 141679)
    3:37 PM: info.txt (ID = 90430)
    3:38 PM: a0259378.exe (ID = 59927)
    3:38 PM: a0259357.exe (ID = 60009)
    3:38 PM: a0259361.exe (ID = 60009)
    3:38 PM: a0259398.dll (ID = 59984)
    3:39 PM: a0259400.dll (ID = 59980)
    3:39 PM: a0259397.dll (ID = 59983)
    3:40 PM: sfbho.dll (ID = 76032)
    3:41 PM: a0257333.dll (ID = 156207)
    3:41 PM: woinstall.exe (ID = 60696)
    3:41 PM: Found Adware: sicro dialer
    3:41 PM: switchagreement.txt (ID = 76024)
    3:41 PM: a0259343.dll (ID = 156207)
    3:41 PM: a0259389.exe (ID = 59987)
    3:41 PM: a0259375.exe (ID = 59978)
    3:41 PM: a0259362.exe (ID = 59978)
    3:41 PM: a0259370.exe (ID = 59978)
    3:41 PM: a0259384.exe (ID = 59978)
    3:41 PM: a0259394.exe (ID = 59987)
    3:41 PM: a0259373.exe (ID = 59987)
    3:42 PM: a0256329.dll (ID = 156207)
    3:42 PM: spwnf.dll (ID = 73422)
    3:42 PM: sidefind.exe (ID = 76042)
    3:42 PM: 0006_regular[1].cab (ID = 64478)
    3:42 PM: bobby[3].exe (ID = 59937)
    3:42 PM: bobby[1].exe (ID = 59937)
    3:42 PM: fsslf.dll (ID = 116324)
    3:42 PM: Found Trojan Horse: trojan-dnschanger
    3:42 PM: dmxxb.exe (ID = 129709)
    3:42 PM: 666.exe (ID = 137881)
    3:42 PM: Found Adware: exact software
    3:42 PM: exclean.exe (ID = 50591)
    3:42 PM: 5637084_2712_1320_5456_63.41.tmp1 (ID = 137430)
    3:42 PM: a0259382.exe (ID = 59927)
    3:43 PM: a0259371.exe (ID = 59927)
    3:43 PM: protector[1].exe (ID = 60047)
    3:43 PM: a0259353.exe (ID = 59995)
    3:43 PM: a0259368.exe (ID = 59978)
    3:43 PM: a0255304.dll (ID = 156207)
    3:43 PM: Found Adware: azsearch toolbar
    3:43 PM: pumba3.dll (ID = 107199)
    3:43 PM: silent_install[2].exe (ID = 60023)
    3:43 PM: gpsresl32.exe (ID = 137946)
    3:43 PM: a0259369.exe (ID = 59987)
    3:43 PM: a0259388.exe (ID = 59987)
    3:44 PM: a0259374.exe (ID = 59978)
    3:44 PM: protector.exe (ID = 59987)
    3:44 PM: protector_update[4].exe (ID = 59987)
    3:44 PM: v3cab[1].cab (ID = 60031)
    3:44 PM: a0259396.exe (ID = 60012)
    3:44 PM: ysb.dll (ID = 91011)
    3:44 PM: a0259381.exe (ID = 59987)
    3:44 PM: midaddle.dll (ID = 88610)
    3:44 PM: a0259380.exe (ID = 59987)
    3:44 PM: a0259358.exe (ID = 59987)
    3:44 PM: bb_auto_wider.swf (ID = 52237)
    3:44 PM: bb_click_wider.swf (ID = 52238)
    3:44 PM: a0259366.exe (ID = 59987)
    3:44 PM: a0259372.exe (ID = 59978)
    3:45 PM: a0259363.exe (ID = 59987)
    3:45 PM: protector[1].exe (ID = 59995)
    3:45 PM: protector_update[1].exe (ID = 59995)
    3:45 PM: a0259387.exe (ID = 59979)
    3:45 PM: elitesidebar version 8.dll (ID = 59981)
    3:45 PM: sidefind.dll (ID = 76054)
    3:45 PM: a0259401.dll (ID = 59981)
    3:45 PM: a0259386.exe (ID = 59987)
    3:45 PM: uninstall.exe (ID = 50884)
    3:45 PM: a0259365.exe (ID = 59987)
    3:45 PM: mqexdlm.srg (ID = 115392)
    3:46 PM: protector_update[1].exe (ID = 60009)
    3:46 PM: protector_update[2].exe (ID = 59927)
    3:46 PM: a0259385.exe (ID = 59978)
    3:46 PM: ntfsnlpa.exe (ID = 125496)
    3:46 PM: a0259360.exe (ID = 59927)
    3:46 PM: logo.gif (ID = 52264)
    3:46 PM: a0259356.exe (ID = 60009)
    3:47 PM: Found Trojan Horse: trojan-secdrop
    3:47 PM: rdsndin.exe (ID = 81237)
    3:47 PM: nt_hide70.dll (ID = 156206)
    3:47 PM: Found Adware: tibs dialer
    3:47 PM: hooks.dll (ID = 79311)
    3:47 PM: adp8035.exe (ID = 50505)
    3:47 PM: fvdv.dll (ID = 72927)
    3:47 PM: eglivecam_1028.dll (ID = 63817)
    3:47 PM: a0259359.exe (ID = 60009)
    3:47 PM: bb_auto_wider.swf (ID = 52237)
    3:47 PM: bb_click_wider.swf (ID = 52238)
    3:47 PM: 1967064_1072_1320_5800_63.41.tmp1 (ID = 137430)
    3:47 PM: 197172_2712_1320_4348_63.41.tmp1 (ID = 137430)
    3:47 PM: bkmsf32.dat (ID = 60047)
    3:47 PM: ?ttrib.exe (ID = 73218)
    3:47 PM: a0259390.exe (ID = 59987)
    3:47 PM: a0259354.exe (ID = 59995)
    3:47 PM: winyuu32.exe (ID = 60047)
    3:48 PM: iexploreskins.exe (ID = 84898)
    3:48 PM: msproto3.dll (ID = 54324)
    3:48 PM: mshelper.dll (ID = 54280)
    3:48 PM: msxslab.dll (ID = 54324)
    3:48 PM: qdow_as2.dll (ID = 85289)
    3:48 PM: mediaticketsinstaller.ocx (ID = 73162)
    3:48 PM: msblank32.html (ID = 137880)
    3:48 PM: a0259383.exe (ID = 59987)
    3:48 PM: nethv32.dll (ID = 63874)
    3:49 PM: a0259367.exe (ID = 59987)
    3:49 PM: hclean32.exe (ID = 125494)
    3:49 PM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || hclean32.exe (ID = 0)
    3:49 PM: popcorn72.exe (ID = 137946)
    3:49 PM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || ControlPanel (ID = 0)
    3:49 PM: a0259403.exe (ID = 156191)
    3:50 PM: xlmurin.wzg (ID = 91703)
    3:50 PM: zwipvbh.wzg (ID = 87862)
    3:50 PM: Found Trojan Horse: 2nd-thought
    3:50 PM: stcloader.exe (ID = 48347)
    3:50 PM: mtwcnl32.dll (ID = 54330)
    3:51 PM: yywr.wzg (ID = 111188)
    3:51 PM: yywsv.wzg (ID = 111189)
    3:51 PM: msblank.html (ID = 135703)
    3:51 PM: osd1c5.osd (ID = 60005)
    3:51 PM: home.url (ID = 84894)
    3:51 PM: frequently asked questions.url (ID = 84889)
    3:51 PM: terms of use.url (ID = 86338)
    3:51 PM: privacy policy.url (ID = 84923)
    3:51 PM: nethv32.inf (ID = 63873)
    3:51 PM: wildapp.inf (ID = 69911)
    3:51 PM: osdeb.osd (ID = 60007)
    3:51 PM: icon.gif (ID = 52263)
    3:51 PM: icon.gif (ID = 52263)
    3:51 PM: osd149f.osd (ID = 60007)
    3:51 PM: Found Adware: directrevenue-abetterinternet
    3:51 PM: localnrd.inf (ID = 83368)
    3:51 PM: ysbactivex.inf (ID = 91034)
    3:51 PM: cursors.xml (ID = 84688)
    3:51 PM: osd149f.osd (ID = 60007)
    3:51 PM: Found Adware: twain-tech
    3:51 PM: multimpp.inf (ID = 81828)
    3:51 PM: File Sweep Complete, Elapsed Time: 00:19:30
    3:51 PM: Full Sweep has completed. Elapsed time 00:23:11
    3:51 PM: Traces Found: 2231
    4:10 PM: Removal process initiated
    4:10 PM: Quarantining All Traces: 180search assistant/zango
    4:11 PM: Quarantining All Traces: 2nd-thought
    4:11 PM: Quarantining All Traces: clearsearch
    4:11 PM: Quarantining All Traces: cws_ns3
    4:11 PM: Quarantining All Traces: cws-aboutblank
    4:11 PM: cws-aboutblank is in use. It will be removed on reboot.
    4:11 PM: C:\WINDOWS\System32\ocg.dll is in use. It will be removed on reboot.
    4:11 PM: C:\WINDOWS\SYSTEM32\ocg.dll is in use. It will be removed on reboot.
    4:11 PM: Quarantining All Traces: directrevenue-abetterinternet
    4:11 PM: Quarantining All Traces: elitebar
    4:11 PM: Quarantining All Traces: ie driver
    4:11 PM: Quarantining All Traces: ist istbar
    4:11 PM: Quarantining All Traces: purityscan
    4:11 PM: Quarantining All Traces: trojan-dnschanger
    4:11 PM: Quarantining All Traces: trojan-downloader-ruin
    4:11 PM: Quarantining All Traces: websearch toolbar
    4:12 PM: websearch toolbar is in use. It will be removed on reboot.
    4:12 PM: c:\program files\common files\wintools is in use. It will be removed on reboot.
    4:12 PM: c:\program files\toolbar is in use. It will be removed on reboot.
    4:12 PM: C:\Program Files\Toolbar\common.dll is in use. It will be removed on reboot.
    4:12 PM: Quarantining All Traces: wildmedia
    4:12 PM: Quarantining All Traces: 411 ferret toolbar
    4:12 PM: Quarantining All Traces: azsearch toolbar
    4:12 PM: Quarantining All Traces: childoleauto
    4:12 PM: Quarantining All Traces: coolwebsearch (cws)
    4:12 PM: Quarantining All Traces: internetoptimizer
    4:12 PM: Quarantining All Traces: quicklink search toolbar
    4:12 PM: Quarantining All Traces: tibs dialer
    4:12 PM: Quarantining All Traces: trojan-downloader-perlink.biz
    4:12 PM: trojan-downloader-perlink.biz is in use. It will be removed on reboot.
    4:12 PM: popcorn72.exe is in use. It will be removed on reboot.
    4:12 PM: Quarantining All Traces: trojan-downloader-traff4ppc.biz
    4:12 PM: Quarantining All Traces: trojan-downloader-wareout
    4:12 PM: Quarantining All Traces: trojan-secdrop
    4:12 PM: Quarantining All Traces: vesbiz downloader
    4:12 PM: Quarantining All Traces: winad
    4:12 PM: Quarantining All Traces: bho_sep
    4:12 PM: Quarantining All Traces: browseraid
    4:12 PM: Quarantining All Traces: cws searchpage.html hijack
    4:12 PM: Quarantining All Traces: cws sp.html hijack
    4:12 PM: Quarantining All Traces: cws_yun
    4:12 PM: Quarantining All Traces: directwebsearch hijacker
    4:12 PM: Quarantining All Traces: exact bullseye
    4:12 PM: Quarantining All Traces: exact cashback/bargain buddy
    4:12 PM: exact cashback/bargain buddy is in use. It will be removed on reboot.
    4:12 PM: adp8034.exe is in use. It will be removed on reboot.
    4:12 PM: uninstall.exe is in use. It will be removed on reboot.
    4:12 PM: adp8035.exe is in use. It will be removed on reboot.
    4:12 PM: Quarantining All Traces: exact navisearch
    4:12 PM: Quarantining All Traces: exact software
    4:12 PM: Quarantining All Traces: ezula ilookup
    4:12 PM: Quarantining All Traces: instant access
    4:12 PM: Quarantining All Traces: ist powerscan
    4:12 PM: Quarantining All Traces: ist sidefind
    4:12 PM: Quarantining All Traces: ist yoursitebar
    4:12 PM: Quarantining All Traces: memorywatcher
    4:12 PM: Quarantining All Traces: searchtoolbar
    4:12 PM: Quarantining All Traces: shopathomeselect
    4:12 PM: Quarantining All Traces: sicro dialer
    4:12 PM: Quarantining All Traces: topicks
    4:12 PM: Quarantining All Traces: twain-tech
    4:15 PM: Quarantining All Traces: websearch.com hijacker
    4:15 PM: Quarantining All Traces: wild media - minigolf
    4:15 PM: Quarantining All Traces: xosearchox.com hijack
    4:15 PM: Quarantining All Traces: 2o7.net cookie
    4:15 PM: Quarantining All Traces: about cookie
    4:15 PM: Quarantining All Traces: addynamix cookie
    4:15 PM: Quarantining All Traces: adknowledge cookie
    4:15 PM: Quarantining All Traces: adserver cookie
    4:15 PM: Quarantining All Traces: ask cookie
    4:15 PM: Quarantining All Traces: atwola cookie
    4:15 PM: Quarantining All Traces: belnk cookie
    4:15 PM: Quarantining All Traces: bluestreak cookie
    4:15 PM: Quarantining All Traces: casalemedia cookie
    4:15 PM: Quarantining All Traces: cc214142 cookie
    4:15 PM: Quarantining All Traces: centrport net cookie
    4:15 PM: Quarantining All Traces: clickandtrack cookie
    4:15 PM: Quarantining All Traces: empnads cookie
    4:15 PM: Quarantining All Traces: falkag cookie
    4:15 PM: Quarantining All Traces: fastclick cookie
    4:15 PM: Quarantining All Traces: gangbangsquad cookie
    4:15 PM: Quarantining All Traces: hbmediapro cookie
    4:15 PM: Quarantining All Traces: kinghost cookie
    4:15 PM: Quarantining All Traces: maxserving cookie
    4:15 PM: Quarantining All Traces: overture cookie
    4:15 PM: Quarantining All Traces: partypoker cookie
    4:15 PM: Quarantining All Traces: paycounter cookie
    4:15 PM: Quarantining All Traces: questionmarket cookie
    4:15 PM: Quarantining All Traces: realmedia cookie
    4:15 PM: Quarantining All Traces: revenue.net cookie
    4:15 PM: Quarantining All Traces: rn11 cookie
    4:15 PM: Quarantining All Traces: specificclick.com cookie
    4:15 PM: Quarantining All Traces: touchclarity cookie
    4:15 PM: Quarantining All Traces: trafficmp cookie
    4:15 PM: Quarantining All Traces: tribalfusion cookie
    4:15 PM: Quarantining All Traces: websponsors cookie
    4:15 PM: Quarantining All Traces: xxxcounter cookie
    4:15 PM: Quarantining All Traces: yieldmanager cookie
    4:15 PM: Quarantining All Traces: zedo cookie
    4:16 PM: Preparing to restart your computer. Please wait...
    4:16 PM: Removal process completed. Elapsed time 00:05:30
    4:19 PM: Processing Startup Alerts
    4:19 PM: Removed Startup entry: McRegWiz
    ********

    ______________________________________________
    Logfile of HijackThis v1.99.1
    Scan saved at 4:56:11 PM, on 4/27/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\System32\DSentry.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_server.exe
    C:\Program Files\Internet Explorer\Iesearch.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Eegt\Fjyfaco.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\WINDOWS\System32\wuauclt.exe
    D:\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://empnads.com/servlet/ajrotator/121229/0/viewHTML?zone=enternet
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {96B75F7D-1E69-488E-899F-9F3D6528D9EE} - C:\WINDOWS\System32\ocg.dll (file missing)
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [mm_server] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_server.exe
    O4 - HKLM\..\Run: [Iesearch.exe] C:\Program Files\Internet Explorer\Iesearch.exe
    O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Wzlwgvn] C:\Program Files\Eegt\Fjyfaco.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [DCC_send] 10010.exe
    O4 - HKLM\..\Run: [clamav] SetupExeDll.exe
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
    O4 - HKLM\..\Run: [msci] C:\DOCUME~1\DELINO~1.FAM\LOCALS~1\Temp\200642716532_mcinfo.exe /insfin
    O4 - HKLM\..\Run: [Cleanup] C:\DOCUME~1\DELINO~1.FAM\LOCALS~1\Temp\200642716533_mcappins.exe /v=3 /cleanup
    O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [FLKPT] control64.exe
    O4 - HKCU\..\Run: [xxtoolbar] ExchangeMaster.exe
    O4 - HKCU\..\Run: [Uint32] PrcIdle.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: Microsoft® JavaScript® Console - {445587F8-2015-45FB-833B-826D88564750} - C:\WINDOWS\System32\jsconsole.dll
    O9 - Extra 'Tools' menuitem: JavaScript Console - {445587F8-2015-45FB-833B-826D88564750} - C:\WINDOWS\System32\jsconsole.dll
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O13 - DefaultPrefix:
    O13 - WWW Prefix:
    O13 - Mosaic Prefix: c:\searchpage.html?page=
    O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://winfixer.com/pages/scanner/WFXScan.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4D9F58D9-1D1F-4838-B244-36E541149AD3}: NameServer = 195.95.218.18,85.255.112.11
    O17 - HKLM\System\CS1\Services\Tcpip\..\{4D9F58D9-1D1F-4838-B244-36E541149AD3}: NameServer = 195.95.218.18,85.255.112.11
    O18 - Filter: text/html - {D90D88EF-97CE-4F46-80BD-92F6F4A7E2DD} - C:\WINDOWS\System32\ocg.dll
    O18 - Filter: text/plain - {D90D88EF-97CE-4F46-80BD-92F6F4A7E2DD} - C:\WINDOWS\System32\ocg.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe (file missing)
     
  5. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    You have no active AntiVirus!

    Get the free AVG 7 install it, check for updates and run a full scan

    AVG 7 - http://free.grisoft.com/freeweb.php/doc/2/
    =====================
    You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

    Please download FixWareout

    http://downloads.subratam.org/Fixwareout.exe


    Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

    When your system reboots, follow the prompts. Afterwards, Hijack This will launch. Close Hijack This, and click OK to proceed. )



    Run Hijack this – scan only
    Click the box to the left of these entries, close IE, click fix checked

    R3 - Default URLSearchHook is missing

    O2 - BHO: (no name) - {96B75F7D-1E69-488E-899F-9F3D6528D9EE} - C:\WINDOWS\System32\ocg.dll (file missing)

    O4 - HKLM\..\Run: [Iesearch.exe] C:\Program Files\Internet Explorer\Iesearch.exe

    O4 - HKLM\..\Run: [Wzlwgvn] C:\Program Files\Eegt\Fjyfaco.exe

    O4 - HKLM\..\Run: [DCC_send] 10010.exe

    O4 - HKLM\..\Run: [clamav] SetupExeDll.exe

    O4 - HKLM\..\Run: [msci] C:\DOCUME~1\DELINO~1.FAM\LOCALS~1\Temp\200642716532_mcinfo.exe /insfin

    O4 - HKLM\..\Run: [Cleanup] C:\DOCUME~1\DELINO~1.FAM\LOCALS~1\Temp\200642716533_mcappins.exe /v=3 /cleanup

    O4 - HKCU\..\Run: [FLKPT] control64.exe

    O4 - HKCU\..\Run: [xxtoolbar] ExchangeMaster.exe

    O4 - HKCU\..\Run: [Uint32] PrcIdle.exe

    O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://winfixer.com/pages/scanner/WFXScan.cab

    O17 - HKLM\System\CCS\Services\Tcpip\..\{4D9F58D9-1D1F-4838-B244-36E541149AD3}: NameServer = 195.95.218.18,85.255.112.11

    O17 - HKLM\System\CS1\Services\Tcpip\..\{4D9F58D9-1D1F-4838-B244-36E541149AD3}: NameServer = 195.95.218.18,85.255.112.11

    O18 - Filter: text/html - {D90D88EF-97CE-4F46-80BD-92F6F4A7E2DD} - C:\WINDOWS\System32\ocg.dll

    O18 - Filter: text/plain - {D90D88EF-97CE-4F46-80BD-92F6F4A7E2DD} - C:\WINDOWS\System32\ocg.dll

    O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe (file missing)

    DownLoad http://www.downloads.subratam.org/KillBox.zip

    Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

    Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

    C:\Program Files\Internet Explorer\Iesearch.exe
    C:\Program Files\Eegt
    C:\WINDOWS\System32\ocg.dll


    Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

    START – RUN – type in %temp% OK - Edit – Select all – File – Delete

    Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

    Not all temp files will delete and that is normal
    Empty the recycle bin
    Boot

    please post the contents of the logfile C:\fixwareout\report.txt, along with a new Hijack This log.


    Please give feedback on what worked/didnÂ’t work and the current status of your system
     
  6. wawawhee

    wawawhee Thread Starter

    Joined:
    Apr 8, 2004
    Messages:
    63
    I installed and ran AVG. When i tried to run fixwareout I received a 16 bitMS-DOS subsystem notice that notepad was not suitable for dos? I ran hjt from a rmovable media and was able to rcover the log to my computer. I tried to delete the hjt files but 023 won't leave. Killbox did not find any of the files that I typed in( would'nt open notepad.). Here is the log:

    Logfile of HijackThis v1.99.1
    Scan saved at 10:29:28 PM, on 4/27/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\WINDOWS\Explorer.EXE
    D:\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [mm_server] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_server.exe
    O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: Microsoft® JavaScript® Console - {445587F8-2015-45FB-833B-826D88564750} - C:\WINDOWS\System32\jsconsole.dll (file missing)
    O9 - Extra 'Tools' menuitem: JavaScript Console - {445587F8-2015-45FB-833B-826D88564750} - C:\WINDOWS\System32\jsconsole.dll (file missing)
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O13 - DefaultPrefix:
    O13 - WWW Prefix:
    O13 - Mosaic Prefix: c:\searchpage.html?page=
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe (file missing)
     
  7. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    XP Fix - http://www.visualtour.com/downloads/

    Scroll down to get XP Fix

    And run FixWareout again.
    ==============
    Fix this with HiJack

    O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe (file missing)

    Click Start > Run > and type in:

    services.msc

    Click OK.

    In the services window find this exact name

    WinTools for IE service

    Rightclick and choose "Properties". On the "General" tab under "Service Status" click the "Stop" button to stop the service. Beside "Startup Type" in the dropdown menu select "Disabled". Click Apply then OK. File-Exit the Services utility.
     
  8. wawawhee

    wawawhee Thread Starter

    Joined:
    Apr 8, 2004
    Messages:
    63
    I installed the fix and now I am getting an error that NTVDM CPU is getting illegit. instructions. I stopped the 023 entry.
     
  9. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Run http://www.kaspersky.com/virusscanner - Online scan

    When the scan is finished Save the results from the scan!

    Post a new HiJackThis log along with the results from Kaspersky scan
     
  10. wawawhee

    wawawhee Thread Starter

    Joined:
    Apr 8, 2004
    Messages:
    63
    These are the files. The computer still will not show notepad: NTVDM CPU is getting illegit. instructions

    Logfile of HijackThis v1.99.1
    Scan saved at 1:33:49 PM, on 4/28/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    D:\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://empnads.com/servlet/ajrotator/121229/0/viewHTML?zone=enternet
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [mm_server] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_server.exe
    O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: Microsoft® JavaScript® Console - {445587F8-2015-45FB-833B-826D88564750} - C:\WINDOWS\System32\jsconsole.dll (file missing)
    O9 - Extra 'Tools' menuitem: JavaScript Console - {445587F8-2015-45FB-833B-826D88564750} - C:\WINDOWS\System32\jsconsole.dll (file missing)
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O13 - DefaultPrefix:
    O13 - WWW Prefix:
    O13 - Mosaic Prefix: c:\searchpage.html?page=
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
     
  11. wawawhee

    wawawhee Thread Starter

    Joined:
    Apr 8, 2004
    Messages:
    63
    KASPERSKY ON-LINE SCANNER REPORT
    Friday, April 28, 2006 1:29:31 PM
    Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
    Kaspersky Anti-Virus database last update: 28/04/2006
    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: false
    Scan Target - My Computer:
    A:\
    C:\
    D:\
    E:\
    Scan Statistics:
    Total number of scanned objects: 36325
    Number of viruses found: 47
    Number of infected objects: 205
    Number of suspicious objects: 0
    Duration of the scan process: 00:24:01
    Infected Object Name / Virus Name / Last Action
    C:\abcxx.chm/d_abcxx.exe Infected: Trojan.Win32.Dialer.ce skipped
    C:\abcxx.chm CHM: infected - 1 skipped
    C:\Documents and Settings\DeLino.FAMILYCOMPUTER\Local Settings\Temp\1180172_1372_2412_3712_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a skipped
    C:\Documents and Settings\DeLino.FAMILYCOMPUTER\Local Settings\Temp\131244_2144_2476_3796_63.41.tmp Infected: Trojan-Downloader.Win32.Agent.tv skipped
    C:\Documents and Settings\DeLino.FAMILYCOMPUTER\Local Settings\Temp\131244_2144_2476_3796_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a skipped
    C:\Documents and Settings\DeLino.FAMILYCOMPUTER\Local Settings\Temp\131470_1332_2796_1116_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a skipped
    C:\Documents and Settings\DeLino.FAMILYCOMPUTER\Local Settings\Temp\131494_3908_2772_1156_66.41.tmp Infected: not-a-virus:AdWare.Win32.EliteBar.ar skipped
    C:\Documents and Settings\DeLino.FAMILYCOMPUTER\Local Settings\Temp\131506_340_2604_424_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a skipped
    C:\Documents and Settings\DeLino.FAMILYCOMPUTER\Local Settings\Temp\131536_3440_2740_3592_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a skipped
    C:\Documents and Settings\DeLino.FAMILYCOMPUTER\Local Settings\Temp\131548_3000_2620_4048_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a skipped
    C:\Documents and Settings\DeLino.FAMILYCOMPUTER\Local Settings\Temp\131572_2776_2192_2548_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a skipped
    C:\Documents and Settings\DeLino.FAMILYCOMPUTER\Local Settings\Temp\131584_244_2096_2228_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a skipped
    C:\Documents and Settings\DeLino.FAMILYCOMPUTER\Local Settings\Temp\131618_3940_1916_788_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a skipped
    C:\Documents and Settings\DeLino.FAMILYCOMPUTER\Local Settings\Temp\131636_468_2660_2764_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a skipped
    C:\Documents and Settings\DeLino.FAMILYCOMPUTER\Local Settings\Temp\131638_3000_2620_2116_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a skipped
    C:\Documents and Settings\DeLino.FAMILYCOMPUTER\Local Settings\Temp\131650_4012_2656_2592_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a skipped
    C:\Documents and Settings\DeLino.FAMILYCOMPUTER\Local Settings\Temp\131652_172_2600_3836_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a skipped
    C:\Documents and Settings\DeLino.FAMILYCOMPUTER\Local Settings\Temp\131660_1556_2408_3980_66.41.tmp Infected: not-a-virus:AdWare.Win32.EliteBar.ar skipped
    C:\Documents and Settings\DeLino.FAMILYCOMPUTER\Local Settings\Temp\131678_3596_2572_3468_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a skipped
    C:\Documents and Settings\DeLino.FAMILYCOMPUTER\Local Settings\Temp\131694_244_2096_3144_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a skipped
    C:\Documents and Settings\DeLino.FAMILYCOMPUTER\Local Settings\Temp\131724_3184_2528_3796_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a skipped
    C:\Documents and Settings\DeLino.FAMILYCOMPUTER\Local Settings\Temp\1443380_920_2280_2140_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a skipped
    C:\Documents and Settings\DeLino.FAMILYCOMPUTER\Local Settings\Temp\1640210_2892_2112_4668_63.41.tmp Infected: Trojan-Downloader.Win32.Agent.tv skipped
    C:\Documents and Settings\DeLino.FAMILYCOMPUTER\Local Settings\Temp\1640210_2892_2112_4668_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a skipped
    C:\Documents and Settings\DeLino.FAMILYCOMPUTER\Local Settings\Temp\196910_2776_2192_2092_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a skipped
    C:\Documents and Settings\DeLino.FAMILYCOMPUTER\Local Settings\Temp\196984_468_2660_2728_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a skipped
    C:\Documents and Settings\DeLino.FAMILYCOMPUTER\Local Settings\Temp\197044_3256_2560_3740_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a skipped
    C:\Documents and Settings\DeLino.FAMILYCOMPUTER\Local Settings\Temp\197074_3820_2732_3312_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a skipped
    C:\Documents and Settings\DeLino.FAMILYCOMPUTER\Local Settings\Temp\197078_2636_2212_3108_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a skipped
    C:\Documents and Settings\DeLino.FAMILYCOMPUTER\Local Settings\Temp\197080_2964_2540_3740_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a skipped
    C:\Documents and Settings\DeLino.FAMILYCOMPUTER\Local Settings\Temp\197096_3820_2732_3388_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a skipped
    C:\Documents and Settings\DeLino.FAMILYCOMPUTER\Local Settings\Temp\197124_3596_2572_3288_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a skipped
    C:\Documents and Settings\DeLino.FAMILYCOMPUTER\Local Settings\Temp\197132_3980_2156_3400_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a skipped
    C:\Documents and Settings\DeLino.FAMILYCOMPUTER\Local Settings\Temp\197164_2776_2192_3636_63.41.tmp Infected: Trojan-Downloader.Win32.Agent.tv skipped
    C:\Documents and Settings\DeLino.FAMILYCOMPUTER\Local Settings\Temp\197164_2776_2192_3636_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a skipped
    C:\Documents and Settings\DeLino.FAMILYCOMPUTER\Local Settings\Temp\197170_3896_2328_2752_66.41.tmp Infected: not-a-virus:AdWare.Win32.EliteBar.ar skipped
    C:\Documents and Settings\DeLino.FAMILYCOMPUTER\Local Settings\Temp\197172_2712_2616_1272_62.41.tmp1 Infected: Trojan.Win32.EliteBar.a skipped
    C:\Documents and Settings\DeLino.FAMILYCOMPUTER\Local Settings\Temp\197220_340_2604_2692_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a skipped
    C:\Documents and Settings\DeLino.FAMILYCOMPUTER\Local Settings\Temp\197364_2964_2540_2272_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a skipped
    C:\Documents and Settings\DeLino.FAMILYCOMPUTER\Local Settings\Temp\2031910_1372_2412_3824_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a skipped
    C:\Documents and Settings\DeLino.FAMILYCOMPUTER\Local Settings\Temp\262400_2360_2664_908_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a skipped
    C:\Documents and Settings\DeLino.FAMILYCOMPUTER\Local Settings\Temp\262410_2964_2540_3644_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a skipped
    C:\Documents and Settings\DeLino.FAMILYCOMPUTER\Local Settings\Temp\262608_1084_1776_1232_62.41.tmp1 Infected: Trojan.Win32.EliteBar.a skipped
    C:\Documents and Settings\DeLino.FAMILYCOMPUTER\Local Settings\Temp\262662_3404_1776_4068_62.41.tmp1 Infected: Trojan.Win32.EliteBar.a skipped
    C:\Documents and Settings\DeLino.FAMILYCOMPUTER\Local Settings\Temp\262676_3184_2528_3812_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a skipped
    C:\Documents and Settings\DeLino.FAMILYCOMPUTER\Local Settings\Temp\262688_968_2648_3944_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a skipped
    C:\Documents and Settings\DeLino.FAMILYCOMPUTER\Local Settings\Temp\262720_1332_2796_3804_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a skipped
    C:\Documents and Settings\DeLino.FAMILYCOMPUTER\Local Settings\Temp\262770_968_2648_2244_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a skipped
    C:\Documents and Settings\DeLino.FAMILYCOMPUTER\Local Settings\Temp\263166_2620_2496_3404_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a skipped
    C:\Documents and Settings\DeLino.FAMILYCOMPUTER\Local Settings\Temp\2950606_1228_2292_2436_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a skipped
    C:\Documents and Settings\DeLino.FAMILYCOMPUTER\Local Settings\Temp\3212464_2892_2112_5064_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a skipped
    C:\Documents and Settings\DeLino.FAMILYCOMPUTER\Local Settings\Temp\327992_2636_2212_1636_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a skipped
    C:\Documents and Settings\DeLino.FAMILYCOMPUTER\Local Settings\Temp\328196_3572_2448_3696_66.41.tmp Infected: not-a-virus:AdWare.Win32.EliteBar.ar skipped
    C:\Documents and Settings\DeLino.FAMILYCOMPUTER\Local Settings\Temp\3670280_920_2280_1264_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a skipped
    C:\Documents and Settings\DeLino.FAMILYCOMPUTER\Local Settings\Temp\460066_1088_2468_1808_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a skipped
    C:\Documents and Settings\DeLino.FAMILYCOMPUTER\Local Settings\Temp\525148_3684_2224_1280_62.41.tmp1 Infected: Trojan.Win32.EliteBar.a skipped
    C:\Documents and Settings\DeLino.FAMILYCOMPUTER\Local Settings\Temp\590144_2272_2572_2688_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a skipped
    C:\Documents and Settings\DeLino.FAMILYCOMPUTER\Local Settings\Temp\590336_2272_2572_3100_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a skipped
    C:\Documents and Settings\DeLino.FAMILYCOMPUTER\Local Settings\Temp\655844_2272_2572_3068_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a skipped
    C:\Documents and Settings\DeLino.FAMILYCOMPUTER\Local Settings\Temp\66212_2144_2476_3840_63.41.tmp Infected: Trojan-Downloader.Win32.Agent.tv skipped
    C:\Documents and Settings\DeLino.FAMILYCOMPUTER\Local Settings\Temp\66212_2144_2476_3840_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a skipped
    C:\Documents and Settings\DeLino.FAMILYCOMPUTER\Local Settings\Temp\66232_3440_2740_1856_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a skipped
    C:\Documents and Settings\DeLino.FAMILYCOMPUTER\Local Settings\Temp\66238_3596_2572_3532_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a skipped
    C:\Documents and Settings\DeLino.FAMILYCOMPUTER\Local Settings\Temp\66250_968_2648_2772_63.41.tmp Infected: Trojan-Downloader.Win32.Agent.tv skipped
    C:\Documents and Settings\DeLino.FAMILYCOMPUTER\Local Settings\Temp\66250_968_2648_2772_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a skipped
    C:\Documents and Settings\DeLino.FAMILYCOMPUTER\Local Settings\Temp\66254_1332_2796_4012_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a skipped
    C:\Documents and Settings\DeLino.FAMILYCOMPUTER\Local Settings\Temp\66254_3980_2156_3576_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a skipped
    C:\Documents and Settings\DeLino.FAMILYCOMPUTER\Local Settings\Temp\66260_340_2604_2700_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a skipped
    C:\Documents and Settings\DeLino.FAMILYCOMPUTER\Local Settings\Temp\66260_468_2660_2872_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a skipped
    C:\Documents and Settings\DeLino.FAMILYCOMPUTER\Local Settings\Temp\66270_172_2600_3432_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a skipped
    C:\Documents and Settings\DeLino.FAMILYCOMPUTER\Local Settings\Temp\66270_2544_2428_2472_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a skipped
    C:\Documents and Settings\DeLino.FAMILYCOMPUTER\Local Settings\Temp\66274_3820_2732_3404_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a skipped
    C:\Documents and Settings\DeLino.FAMILYCOMPUTER\Local Settings\Temp\66306_2144_2476_3860_63.41.tmp Infected: Trojan-Downloader.Win32.Agent.tv skipped
    C:\Documents and Settings\DeLino.FAMILYCOMPUTER\Local Settings\Temp\66306_2144_2476_3860_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a skipped
    C:\Documents and Settings\DeLino.FAMILYCOMPUTER\Local Settings\Temp\66308_244_2096_1880_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a skipped
    C:\Documents and Settings\DeLino.FAMILYCOMPUTER\Local Settings\Temp\66326_3440_2740_3588_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a skipped
    C:\Documents and Settings\DeLino.FAMILYCOMPUTER\Local Settings\Temp\66332_4012_2656_3316_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a skipped
    C:\Documents and Settings\DeLino.FAMILYCOMPUTER\Local Settings\Temp\66334_3000_2620_2084_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a skipped
    C:\Documents and Settings\DeLino.FAMILYCOMPUTER\Local Settings\Temp\66346_968_2648_2776_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a skipped
    C:\Documents and Settings\DeLino.FAMILYCOMPUTER\Local Settings\Temp\66348_1332_2796_2168_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a skipped
     
  12. wawawhee

    wawawhee Thread Starter

    Joined:
    Apr 8, 2004
    Messages:
    63
    C:\Documents and Settings\DeLino.FAMILYCOMPUTER\Local Settings\Temp\66348_3184_2528_1312_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a skipped
    C:\Documents and Settings\DeLino.FAMILYCOMPUTER\Local Settings\Temp\66348_3980_2156_3604_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a skipped
    C:\Documents and Settings\DeLino.FAMILYCOMPUTER\Local Settings\Temp\66354_468_2660_2876_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a skipped
    C:\Documents and Settings\DeLino.FAMILYCOMPUTER\Local Settings\Temp\66364_172_2600_3148_63.41.tmp Infected: Trojan-Downloader.Win32.Agent.tv skipped
    C:\Documents and Settings\DeLino.FAMILYCOMPUTER\Local Settings\Temp\66364_172_2600_3148_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a skipped
    C:\Documents and Settings\DeLino.FAMILYCOMPUTER\Local Settings\Temp\66368_2984_2784_536_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a skipped
    C:\Documents and Settings\DeLino.FAMILYCOMPUTER\Local Settings\Temp\66398_2144_2476_1240_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a skipped
    C:\Documents and Settings\DeLino.FAMILYCOMPUTER\Local Settings\Temp\66420_3440_2740_3596_63.41.tmp Infected: Trojan-Downloader.Win32.Agent.tv skipped
    C:\Documents and Settings\DeLino.FAMILYCOMPUTER\Local Settings\Temp\66420_3440_2740_3596_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a skipped
    C:\Documents and Settings\DeLino.FAMILYCOMPUTER\Local Settings\Temp\66424_2092_2412_2596_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a skipped
    C:\Documents and Settings\DeLino.FAMILYCOMPUTER\Local Settings\Temp\66434_3256_2560_3860_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a skipped
    C:\Documents and Settings\DeLino.FAMILYCOMPUTER\Local Settings\Temp\66518_2092_2412_2972_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a skipped
    C:\Documents and Settings\DeLino.FAMILYCOMPUTER\Local Settings\Temp\66528_3256_2560_3964_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a skipped
    C:\Documents and Settings\DeLino.FAMILYCOMPUTER\Local Settings\Temp\66622_3256_2560_4016_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a skipped
    C:\Documents and Settings\DeLino.FAMILYCOMPUTER\Local Settings\Temp\68114_2892_2112_4664_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a skipped
    C:\Documents and Settings\DeLino.FAMILYCOMPUTER\Local Settings\Temp\68266_2892_2112_4680_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a skipped
    C:\Documents and Settings\DeLino.FAMILYCOMPUTER\Local Settings\Temp\721498_2892_2112_4876_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a skipped
    C:\Documents and Settings\DeLino.FAMILYCOMPUTER\Local Settings\Temp\787148_2360_2664_2980_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a skipped
    C:\Documents and Settings\DeLino.FAMILYCOMPUTER\Local Settings\Temp\852260_2944_2964_3876_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a skipped
    C:\Documents and Settings\DeLino.FAMILYCOMPUTER\Local Settings\Temp\917676_920_2280_3480_63.41.tmp1 Infected: Trojan.Win32.EliteBar.a skipped
    C:\Documents and Settings\DeLino.FAMILYCOMPUTER\Local Settings\Temp\CAB61763\common.dll Infected: not-a-virus:AdWare.Win32.WebSearch.bl skipped
    C:\Documents and Settings\DeLino.FAMILYCOMPUTER\Local Settings\Temp\toolbar.cab/IExploreSkins.exe Infected: not-a-virus:AdWare.Win32.WebSearch.f skipped
    C:\Documents and Settings\DeLino.FAMILYCOMPUTER\Local Settings\Temp\toolbar.cab/toolbar.dll Infected: not-a-virus:AdWare.Win32.WebSearch.d skipped
    C:\Documents and Settings\DeLino.FAMILYCOMPUTER\Local Settings\Temp\toolbar.cab CAB: infected - 2 skipped
    C:\info6_s.cab/Information.exe Infected: Trojan.Win32.Dialer.t skipped
    C:\info6_s.cab CAB: infected - 1 skipped
    C:\Program Files\rdso\eetu.exe Infected: Trojan-Downloader.Win32.PurityScan.ah skipped
    C:\Program Files\Windows Media Player\wmplayer.exe.tmp Infected: Trojan.Win32.Dialer.ei skipped
    C:\RECYCLER\S-1-5-21-2069941311-1513010017-833975278-1011\Dc3.exe Infected: Trojan-Proxy.Win32.Small.dr skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP338\A0254341.exe Infected: not-a-virus:AdWare.Win32.Wintol.af skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP338\A0254357.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP341\A0255339.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP341\A0255340.exe Infected: not-a-virus:AdWare.Win32.Wintol.af skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP342\A0256342.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP342\A0256343.exe Infected: not-a-virus:AdWare.Win32.Wintol.af skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP342\A0257344.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP342\A0257347.exe Infected: not-a-virus:AdWare.Win32.Wintol.af skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP342\A0258351.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP342\A0259411.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP342\A0259412.exe Infected: not-a-virus:AdWare.Win32.Wintol.af skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP342\A0259421.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP342\A0259425.dll Infected: not-a-virus:AdWare.Win32.EliteBar.z skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP342\A0259430.exe Infected: not-a-virus:AdWare.Win32.PurityScan.ag skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP342\A0259434.exe Infected: not-a-virus:AdWare.Win32.Msnagent.b skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP342\A0259436.exe Infected: not-a-virus:AdWare.Win32.WebSearch.f skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP342\A0259440.exe Infected: not-a-virus:AdWare.Win32.WinFetcher.b skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP342\A0259441.dll Infected: not-a-virus:AdWare.Win32.Midadle.c skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP342\A0259442.exe/data0002 Infected: not-a-virus:AdWare.Win32.Midadle.f skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP342\A0259442.exe NSIS: infected - 1 skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP342\A0259443.exe/IdmUP.dll Infected: not-a-virus:AdWare.Win32.ToPicks.c skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP342\A0259443.exe/TPReg.dll Infected: not-a-virus:AdWare.Win32.ToPicks.c skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP342\A0259443.exe/HtCheck2.dll Infected: not-a-virus:AdWare.Win32.ToPicks.c skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP342\A0259443.exe/Idhost.exe Infected: not-a-virus:AdWare.Win32.ToPicks.c skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP342\A0259443.exe ZIP: infected - 4 skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP342\A0259444.dll Infected: not-a-virus:AdWare.Win32.AzSearch.c skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP342\A0259460.dll Infected: not-a-virus:AdWare.Win32.SBSoft.h skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP342\A0259466.exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.BargainBuddy.l skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP342\A0259466.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.BargainBuddy.q skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP342\A0259466.exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.BargainBuddy.q skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP342\A0259466.exe/stream/data0005 Infected: Trojan-Clicker.Win32.VB.ex skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP342\A0259466.exe/stream/data0006/stream/data0001 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP342\A0259466.exe/stream/data0006/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP342\A0259466.exe/stream/data0006 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP342\A0259466.exe/stream/data0007/stream/data0002 Infected: not-a-virus:AdWare.Win32.BargainBuddy.y skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP342\A0259466.exe/stream/data0007/stream/data0005 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP342\A0259466.exe/stream/data0007/stream/data0006 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP342\A0259466.exe/stream/data0007/stream/data0007 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP342\A0259466.exe/stream/data0007/stream/data0008 Infected: not-a-virus:AdWare.Win32.BargainBuddy.l skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP342\A0259466.exe/stream/data0007/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.l skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP342\A0259466.exe/stream/data0007 Infected: not-a-virus:AdWare.Win32.BargainBuddy.l skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP342\A0259466.exe/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.l skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP342\A0259466.exe NSIS: infected - 15 skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP342\A0259467.exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.BargainBuddy.l skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP342\A0259467.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.BargainBuddy.q skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP342\A0259467.exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.BargainBuddy.q skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP342\A0259467.exe/stream/data0005/stream/data0001 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP342\A0259467.exe/stream/data0005/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP342\A0259467.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP342\A0259467.exe/stream/data0006/stream/data0002 Infected: not-a-virus:AdWare.Win32.BargainBuddy.y skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP342\A0259467.exe/stream/data0006/stream/data0005 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP342\A0259467.exe/stream/data0006/stream/data0006 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP342\A0259467.exe/stream/data0006/stream/data0007 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP342\A0259467.exe/stream/data0006/stream/data0008 Infected: not-a-virus:AdWare.Win32.BargainBuddy.l skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP342\A0259467.exe/stream/data0006/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.l skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP342\A0259467.exe/stream/data0006 Infected: not-a-virus:AdWare.Win32.BargainBuddy.l skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP342\A0259467.exe/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.l skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP342\A0259467.exe NSIS: infected - 14 skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP342\A0259468.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.BargainBuddy.y skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP342\A0259468.exe/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.y skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP342\A0259468.exe NSIS: infected - 2 skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP342\A0259471.srg Infected: not-a-virus:AdWare.Win32.BargainBuddy.q skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP342\A0259473.exe/WISE0001.BIN Infected: not-a-virus:AdWare.Win32.EZula.ak skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP342\A0259473.exe WiseSFX: infected - 1 skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP342\A0259474.exe Infected: not-a-virus:AdWare.Win32.EZula.bf skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP342\A0259475.dll Infected: not-a-virus:AdWare.Win32.EZula.be skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP342\A0259476.dll Infected: not-a-virus:AdWare.Win32.EZula.bf skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP342\A0259485.dll Infected: not-a-virus:AdWare.Win32.SideFind skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP342\A0259487.dll Infected: not-a-virus:AdWare.Win32.SideFind skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP342\A0259488.dll Infected: not-a-virus:AdWare.Win32.YourSiteBar.c skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP342\A0259494.exe/data0002/data0002 Infected: not-a-virus:AdWare.Win32.WinFetcher.b skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP342\A0259494.exe/data0002 Infected: not-a-virus:AdWare.Win32.WinFetcher.b skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP342\A0259494.exe NSIS: infected - 2 skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP342\A0260350.dll Infected: not-a-virus:AdWare.Win32.WebSearch.aq skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP342\A0260351.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP342\A0260352.exe Infected: not-a-virus:AdWare.Win32.WebSearch.as skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP342\A0260353.exe Infected: not-a-virus:AdWare.Win32.WebSearch.an skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP342\A0260354.dll Infected: not-a-virus:AdWare.Win32.WebSearch.ay skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP342\A0260355.exe Infected: not-a-virus:AdWare.Win32.Wintol.af skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP342\A0260356.exe Infected: not-a-virus:AdWare.Win32.Wintol.af skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP342\A0260357.dll Infected: not-a-virus:AdWare.Win32.Wintol.al skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP342\A0260361.exe Infected: not-a-virus:AdWare.Win32.Wintol.ah skipped
    C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP343\A0260404.exe Infected: not-a-virus:AdWare.Win32.WebRebates.b skipped
    C:\WINDOWS\Downloaded Program Files\mwsearch.reg Infected: Trojan.WinREG.StartPage skipped
    C:\WINDOWS\kb1635.exe Infected: Trojan.Win32.LowZones.bi skipped
    C:\WINDOWS\kb16351.exe Infected: Trojan.Win32.LowZones.bi skipped
    C:\WINDOWS\q1214.exe Infected: Trojan-Downloader.Win32.Small.kq skipped
    C:\WINDOWS\q1214_1.exe Infected: Trojan-Downloader.Win32.Small.kq skipped
    C:\WINDOWS\q1214_2.exe Infected: Trojan-Downloader.Win32.Small.kq skipped
    C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4BSPEZOF\silent_setup[2].exe Infected: Trojan.Win32.EliteBar.a skipped
    C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\O9YJK1IJ\prompt[1].htm Infected: Trojan-Downloader.JS.IstBar.j skipped
    C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\O9YJK1IJ\proxy_inst[1].exe Infected: Trojan.Win32.EliteBar.a skipped
    C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OT2JQP0H\js[1].htm Infected: Exploit.HTML.CodeBaseExec skipped
    C:\WINDOWS\SYSTEM32\msvsres.dll Infected: not-a-virus:AdWare.Win32.XmlMimeFilter.e skipped
    C:\WINDOWS\SYSTEM32\mѕconfig.exe Infected: not-a-virus:AdWare.Win32.PurityScan.cq skipped
    C:\WINDOWS\SYSTEM32\nhvj91p3.ini Infected: not-a-virus:AdWare.Win32.Sahat.ao skipped

    Scan process completed.
     
  13. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    I need the full error message and what you are doing to get it

    ==========
    DownLoad EasyCleaner http://www.majorgeeks.com/download414.html

    Use the clear files and Unnecessary files buttons – I do not recommend
    using the Duplicates files button
    as many dupes are there on purpose.

    Not all files will delete – that is normal.

    In the unnecessary button I check the top 4 entries
    =====================



    Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

    Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

    C:\info6_s.cab
    C:\Program Files\rdsoped
    C:\Program Files\Windows Media Player\wmplayer.exe.tmp
    C:\WINDOWS\Downloaded Program Files\mwsearch.reg
    C:\WINDOWS\kb1635.exe
    C:\WINDOWS\kb16351.exe
    C:\WINDOWS\q1214.exe
    C:\WINDOWS\q1214_1.exe
    C:\WINDOWS\q1214_2.exe
    C:\WINDOWS\SYSTEM32\msvsres.dll
    C:\WINDOWS\SYSTEM32\mѕconfig.exe
    C:\WINDOWS\SYSTEM32\nhvj91p3.ini

    Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

    START – RUN – type in %temp% OK - Edit – Select all – File – Delete

    Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

    Not all temp files will delete and that is normal
    Empty the recycle bin
    Boot and post a new log from normal NOT safe mode

    Please give feedback on what worked/didn’t work and the current status of your system
     
  14. wawawhee

    wawawhee Thread Starter

    Joined:
    Apr 8, 2004
    Messages:
    63
    I cannot open notepad here is the message:
    ____________________________
    16 bit MS-DOS Subsystem
    ________________________________
    C:\WINDOWS\system32\NOTEPAD.EXE
    The NTVDM CPU has encounteredan illegal instruction
    CS:053f IP:01ds OP:63 68 65 2f 31



    ---------------------------------------------------------------------------------------------------

    Logfile of HijackThis v1.99.1
    Scan saved at 2:39:06 PM, on 4/29/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
    C:\WINDOWS\System32\DSentry.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_server.exe
    C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    D:\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://empnads.com/servlet/ajrotator/121229/0/viewHTML?zone=enternet
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [mm_server] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_server.exe
    O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: Microsoft® JavaScript® Console - {445587F8-2015-45FB-833B-826D88564750} - C:\WINDOWS\System32\jsconsole.dll (file missing)
    O9 - Extra 'Tools' menuitem: JavaScript Console - {445587F8-2015-45FB-833B-826D88564750} - C:\WINDOWS\System32\jsconsole.dll (file missing)
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O13 - DefaultPrefix:
    O13 - WWW Prefix:
    O13 - Mosaic Prefix: c:\searchpage.html?page=
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1146336497296
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1146336483156
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
     
  15. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Run XP fix again

    Download the trial version of Ewido Security Suite http://www.ewido.net/en/download/ (W2K/XP Only)
    · Install ewido.
    · During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
    · Launch ewido
    · It will prompt you to update click the OK button and it will go to the main screen
    · On the left side of the main screen click update
    · Click on Start and let it update.
    · DO NOT run a scan yet. You will do that later in safe mode.

    Restart your computer into safe mode now. Perform the following steps in safe mode:
    (Start tapping F8 at the first black screen after power up)

    Run Ewido:
    · Click on scanner
    · Click Complete System Scan and the scan will begin.
    · During the scan it will prompt you to clean files, click OK
    · When the scan is finished, look at the bottom of the screen and click the Save report button.
    · Save the report to your C: Drive
    This will take some time to run!
    Boot to normal mode
    Post that log and a new HiJack log
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/462943

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice