WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93101 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

More pop ups

Started by CAPTAIN , Apr 23 2006 09:45 AM

This topic is locked

16 replies to this topic

#1 CAPTAIN

Authentic Member

Authentic Member
41 posts

Posted 23 April 2006 - 09:45 AM

I can't get rid of these pop ups. Please help. Here is the hjt log:

Logfile of HijackThis v1.99.1
Scan saved at 11:32:31 AM, on 4/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Netscape Internet Service\ncupdatesvc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Belkin Wireless\Belkin Wireless Keyboard\MagicKey.exe
C:\Program Files\Belkin Wireless\Belkin Wireless Mouse\MouseAp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Belkin Wireless\Belkin Wireless Keyboard\OSD.EXE
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\My Documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optonline.net/
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\pkiig.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,agolqlv.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Mixersel] C:\Program Files\Realtek\InstallShield\mixersel.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\nwinnmai.exe FI002
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [w2038ee1.dll] RUNDLL32.EXE w2038ee1.dll,I2 000913ca02038ee1
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\nwinnmai.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Enable Belkin Wireless Keyboard Driver.lnk = C:\Program Files\Belkin Wireless\Belkin Wireless Keyboard\MagicKey.exe
O4 - Global Startup: Enable Belkin Wireless Mouse Driver.lnk = C:\Program Files\Belkin Wireless\Belkin Wireless Mouse\MouseAp.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z....meInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120616987652
O18 - Protocol: aim - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - Unknown owner - c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe (file missing)
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: Netscape Update Service (NCUpdateSvc) - Netscape Communications Corporation - C:\Program Files\Netscape Internet Service\ncupdatesvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

Advertisements

Register to Remove

#2 pskelley

R.I.P Always in our hearts

Authentic Member
3,879 posts

Interests:Computers, fishing, biking, basketball, travel

Posted 24 April 2006 - 07:10 AM

Hello and welcome to TomCoyote forum. If you still need help, please follow the directions carefully.

1) HJT needs a folder to store logs and backups safely. Return to MyDocuments and right click a blank spt, then make a new folder called HJT. Move the log that is there and HJT.exe into that folder.
It will look like this now: C:\Documents and Settings\Owner\My Documents\HJT\HijackThis.exe

Thanks to LonnyRJones and any others who helped with this fix.

2) Download Brute Force Uninstaller to your C:\
http://www.merijn.org/files/bfu.zip
Unzip it to a folder of its own (C:\BFU). So BFU should be on your root. In most cases this is C:\
Download qoofix.bat: http://downloads.sub.../Lon/qooFix.bat
(rightclick on this link and choose save as)
Place qoofix.bat in your C:\BFU - folder. (Important!)
Doubleclick qooFix.bat, Close all browsers and explorer folders.
Choose option 1 (Qoolfix autofix) and follow the prompts.
Please be patient, it will take about five minutes.
After the PC has restarted please post another hijackthis log.

We will have more to do, please include your comments.

Thanks...pskelley
TomCoyote forum
Expert Member

MS-MVP Windows Security 2007-8-9 Proud Member ASAP UNITE Member 2006

#3 CAPTAIN

Authentic Member

Authentic Member
41 posts

Posted 24 April 2006 - 10:47 AM

I have qoofix.bat in the C:\BFU folder and it won't open. Any suggestions?

#4 pskelley

R.I.P Always in our hearts

Authentic Member
3,879 posts

Interests:Computers, fishing, biking, basketball, travel

Posted 24 April 2006 - 11:02 AM

Nope...that is a very technical fix for a hard to remove item. I have had no problems with the few I have used it on so far. All I can suggest is that something might not have been downloaded correctly or there was a problem with the download. I suggest you delete it all and review the steps carefully. I know of no other fix for this trojan right now. Thanks

MS-MVP Windows Security 2007-8-9 Proud Member ASAP UNITE Member 2006

#5 pskelley

R.I.P Always in our hearts

Authentic Member
3,879 posts

Interests:Computers, fishing, biking, basketball, travel

Posted 24 April 2006 - 11:17 AM

Using the same links I provided, here are some detailed instructions that may help your.

Detailed instructions by Mieke <<< thanks Mieke for these instructions.

Ok, let me explain every step again, but very detailed how to unzip properly and move that qoofix.bat in that folder.

* Rightclick on next link and choose save as: Brute Force Uninstaller
A new window will open.
You'll see below in the filename-path: bfu.zip
Now edit that filename path to: C:\bfu.zip
Then click save.
Close the windows now.
Then click My computer.
Then click C:\
You should find bfu.zip there.
Now rightclick bfu.zip
Select 'extract all'
A wizard will open.
Click next.
You'll see it will say in the filepath C:\bfu
Click next and click finish.
If you now look on your C:\, you'll find C:\bfu.zip and C:\bfu
Now rightclick on this link: qoofix.bat
Choose save as.
In the filepath, you'll see qoofix.bat
Now change that to C:\bfu\qoofix.bat and choose save.
This will place the qoofix.bat in the C:\bfu folder.
Then go to the BFU folder and doubleclick qoofix.bat.
This should start the fix.
It will also ask to reboot. After reboot, post a new hijackthislog in your next reply

Perhaps this will help

Thanks

Edited by pskelley, 24 April 2006 - 11:18 AM.

MS-MVP Windows Security 2007-8-9 Proud Member ASAP UNITE Member 2006

#6 CAPTAIN

Authentic Member

Authentic Member
41 posts

Posted 24 April 2006 - 11:34 AM

Got it working. Here is the new log:

Logfile of HijackThis v1.99.1
Scan saved at 1:24:51 PM, on 4/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Netscape Internet Service\ncupdatesvc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Belkin Wireless\Belkin Wireless Keyboard\MagicKey.exe
C:\Program Files\Belkin Wireless\Belkin Wireless Mouse\MouseAp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Belkin Wireless\Belkin Wireless Keyboard\OSD.EXE
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Documents and Settings\Owner\My Documents\HTJ\HTJ.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optonline.net/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Mixersel] C:\Program Files\Realtek\InstallShield\mixersel.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\nwinnmai.exe FI002
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [w2038ee1.dll] RUNDLL32.EXE w2038ee1.dll,I2 000913ca02038ee1
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\nwinnmai.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Enable Belkin Wireless Keyboard Driver.lnk = C:\Program Files\Belkin Wireless\Belkin Wireless Keyboard\MagicKey.exe
O4 - Global Startup: Enable Belkin Wireless Mouse Driver.lnk = C:\Program Files\Belkin Wireless\Belkin Wireless Mouse\MouseAp.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z....meInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120616987652
O18 - Protocol: aim - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - Unknown owner - c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe (file missing)
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: Netscape Update Service (NCUpdateSvc) - Netscape Communications Corporation - C:\Program Files\Netscape Internet Service\ncupdatesvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

#7 pskelley

R.I.P Always in our hearts

Authentic Member
3,879 posts

Interests:Computers, fishing, biking, basketball, travel

Posted 24 April 2006 - 12:13 PM

Great, if you would be so kind, just briefly post what caused the problem and what you or I did to fix it. I'll put that in a folder in case the same issue comes up again, thanks.

Since this was a nasty, I would like to run a scan to make sure we got it all. Please follow the directions in the posted order.

1) I see ewido onboard, open the program and choose update, allow time for it to finish. Now click scanner then complete system scan. Allow ewido to remove anything it locates unless you know it is not bad. Save that scan report, I must see it.

2) Spyware Doctor may block the HJT fix, turn it off until you are done)

3) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\nwinnmai.exe FI002
(fairly sure the next item is bad, leave it only if you know what it is)
O4 - HKLM\..\Run: [w2038ee1.dll] RUNDLL32.EXE w2038ee1.dll,I2 000913ca02038ee1
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\nwinnmai.exe

Close all programs but HJT and all browser windows, then click on "Fix Checked"

4) Enable hidden files&folders..reverse the process when finished.
http://www.xtra.co.n...1916458,00.html

RIGHT Click on Start then click on Explore. Locate and delete these items:

C:\WINDOWS\system32\nwinnmai.exe >>> file

C:\Windows\Prefetch\ >>> delete the contents (NOT THE FOLDER)
Prefetch info: http://www.windowsne...refetch-XP.html

5) Download CCleaner from this link: http://www.ccleaner.com/ Review the instructions http://www.ccleaner.com/help/tour1.asp
Run CCleaner, Windows & Applications when you run the registry cleaner (Issues) you will be prompted to backup before you can remove stuff, make sure you do.

6) C:\Program Files\Java\j2re1.4.2\ <<< Java is outdated and that may be why you picked up this trojan? Use this information to get updated as soon as possible: http://forums.spybot...read.php?t=2559

Restart the computer and post the ewido scan reslts, a new HJT log and any comments you think will help. How is the computer running now?

Thanks...Phil

MS-MVP Windows Security 2007-8-9 Proud Member ASAP UNITE Member 2006

#8 CAPTAIN

Authentic Member

Authentic Member
41 posts

Posted 24 April 2006 - 02:51 PM

Still getting pop ups.Here are the reports:

Logfile of HijackThis v1.99.1
Scan saved at 4:38:50 PM, on 4/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Netscape Internet Service\ncupdatesvc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Belkin Wireless\Belkin Wireless Keyboard\MagicKey.exe
C:\Program Files\Belkin Wireless\Belkin Wireless Mouse\MouseAp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Belkin Wireless\Belkin Wireless Keyboard\OSD.EXE
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\My Documents\HTJ\HTJ.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optonline.net/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Mixersel] C:\Program Files\Realtek\InstallShield\mixersel.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [w08323b6.dll] RUNDLL32.EXE w08323b6.dll,I2 000913ca008323b6
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Enable Belkin Wireless Keyboard Driver.lnk = C:\Program Files\Belkin Wireless\Belkin Wireless Keyboard\MagicKey.exe
O4 - Global Startup: Enable Belkin Wireless Mouse Driver.lnk = C:\Program Files\Belkin Wireless\Belkin Wireless Mouse\MouseAp.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z....meInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120616987652
O18 - Protocol: aim - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - Unknown owner - c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe (file missing)
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: Netscape Update Service (NCUpdateSvc) - Netscape Communications Corporation - C:\Program Files\Netscape Internet Service\ncupdatesvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 3:41:14 PM, 4/24/2006
+ Report-Checksum: 6590204E

+ Scan result:

[2204] C:\WINDOWS\system32\w2038ee1.dll -> Downloader.Agent.ahv : Cleaned with backup
C:\ac2_0003.exe -> Downloader.Small.cpu : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38805.4741848264.WCU/C:/Documents and Settings/Owner/Local Settings/Temp/ICD5.tmp/SAIX.dll -> Adware.180Solutions : Cleaned with backup
C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38805.4741848264.WCU/C:/Documents and Settings/Owner/Local Settings/Temp/SAISetup.exe -> Adware.180Solutions : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\drsmartload1.exe -> Downloader.VB.abm : Cleaned with backup
C:\drsmartload46a.exe -> Downloader.Adload.as : Cleaned with backup
C:\w.exe -> Downloader.Agent.aie : Cleaned with backup
C:\WINDOWS\ac2_0009.exe -> Downloader.Small.cpu : Cleaned with backup
C:\WINDOWS\keyboard13.exe -> Downloader.VB.abj : Cleaned with backup
C:\WINDOWS\mousepad13.exe -> Hijacker.VB.mo : Cleaned with backup
C:\WINDOWS\newname13.exe -> Downloader.VB.aaf : Cleaned with backup
C:\WINDOWS\pi1_36.exe -> Downloader.Small.cqy : Cleaned with backup
C:\WINDOWS\system32\cloudsim.exe -> Logger.VB.eh : Cleaned with backup
C:\WINDOWS\system32\mmxp2passion.exe -> Adware.MediaMotor : Cleaned with backup
C:\WINDOWS\system32\w0930ec0.dll -> Downloader.Agent.ahv : Cleaned with backup
C:\WINDOWS\system32\w2038ee1.dll -> Downloader.Agent.ahv : Cleaned with backup

::Report End

#9 pskelley

R.I.P Always in our hearts

Authentic Member
3,879 posts

Interests:Computers, fishing, biking, basketball, travel

Posted 24 April 2006 - 03:51 PM

OK, let's talk...I am not getting a lot of information from you and it is hard to tell what is going on from where I am setting. This item:
O4 - HKLM\..\Run: [w08323b6.dll] RUNDLL32.EXE w08323b6.dll,I2 000913ca008323b6 I can not find anything out about it no matter how or where I search. Since you did not remove it am I to assume you know what it is?
Make sure you have all files and folders enabled and search for: w08323b6.dll when you get a location, use one or more of these tools to find out what it is:
http://virusscan.jotti.org/
http://www.kaspersky.com/scanforvirus
http://www.virustota...h/index_en.html
Unless you know for sure what that is, I would suggest you rule it out first, I see a clean HJT log and nothing in the ewido scan that could not be deleted.

What kind of popups are these, and are they coming with the same frequency as before we removed the Qoologic trojan? Are then coming from the same places? Popups are part of surfing the web and I see no popup blocker, if these are just popups from when you visit a website, then consider this: http://toolbar.google.com/
I use the Google Toolbar to block my popups and I use the basic toolbar without all of the eye candy that are resource wasters.

You can try this: To look for hidden stuff
Download f-secure blacklight from here:
http://www.f-secure.com/blacklight/

1) choose: I Accept
2) download/save to Desktop
3) choose Scan
4) When finished there will be a .txtfile on the Desktop fsbl-xxxxxxxxx , numbers,
open that and post the content to your topic.

Then do this: Please do an online scan with Kaspersky Online Scanner

http://www.kaspersky.com/virusscanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then start to download the latest definition files.

Once the scanner is installed and the definitions downloaded, click Next.

Now click on Scan Settings

In the scan settings make sure that the following are selected:

Scan using the following Anti-Virus database:

Extended (If available otherwise Standard)

Scan Options:

Scan Archives

Scan Mail Bases

Click OK

Now under select a target to scan select My Computer

The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.

Now click on the Save as Text button:

Save the file to your desktop.

Copy and paste that information in your next post. If the log should be extremely log, I do not need to see any cookies, System Restore items or anything that is quarantined within one of your programs (you should clean those)

Give me some information this time and the results of the Blacklight and Kaspersky scans (unless you fix the problem earlier.

Thanks...

Edited by pskelley, 25 April 2006 - 05:40 AM.

MS-MVP Windows Security 2007-8-9 Proud Member ASAP UNITE Member 2006

#10 CAPTAIN

Authentic Member

Authentic Member
41 posts

Posted 24 April 2006 - 07:41 PM

I'm getting advertisements on pages that don't normally have them. Also, now I'm getting"page cannot be displayed" when I try to go to different website. This didn't happen as much as it's happening now.

Kapersky report:

How do I get rid of these viruses?

Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan Statistics
Total number of scanned objects 65291
Number of viruses found 79
Number of infected objects 279
Number of suspicious objects 8
Duration of the scan process 01:01:20

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy9.zip/adv.exe Suspicious: Password-protected-EXE skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy9.zip ZIP: suspicious - 1 skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hyperlinker.zip/stb.exe Suspicious: Password-protected-EXE skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hyperlinker.zip ZIP: suspicious - 1 skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hyperlinker10.zip/Logger.exe Suspicious: Password-protected-EXE skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Hyperlinker10.zip ZIP: suspicious - 1 skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\RegistryCleaner.zip/soproc.exe Suspicious: Password-protected-EXE skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\RegistryCleaner.zip ZIP: suspicious - 1 skipped

C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38831.5028697685.WCU/C:/Documents and Settings/Owner/Local Settings/Temp/-1.exe/data0003 Infected: not-a-virus:AdWare.Win32.HotSearchBar.i skipped

C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38831.5028697685.WCU/C:/Documents and Settings/Owner/Local Settings/Temp/-1.exe Infected: not-a-virus:AdWare.Win32.HotSearchBar.i skipped

C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38831.5028697685.WCU/C:/Documents and Settings/Owner/Local Settings/Temp/fns-10.exe/data0003 Infected: not-a-virus:AdWare.Win32.HotSearchBar.h skipped

C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38831.5028697685.WCU/C:/Documents and Settings/Owner/Local Settings/Temp/fns-10.exe Infected: not-a-virus:AdWare.Win32.HotSearchBar.h skipped

C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38831.5028697685.WCU/C:/Documents and Settings/Owner/Local Settings/Temp/FT_SilentSudokuInstaller.exe/data0002/data0006 Infected: Trojan-Dropper.Win32.VB.kk skipped

C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38831.5028697685.WCU/C:/Documents and Settings/Owner/Local Settings/Temp/FT_SilentSudokuInstaller.exe/data0002 Infected: Trojan-Dropper.Win32.VB.kk skipped

C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38831.5028697685.WCU/C:/Documents and Settings/Owner/Local Settings/Temp/FT_SilentSudokuInstaller.exe Infected: Trojan-Dropper.Win32.VB.kk skipped

C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38831.5028697685.WCU/C:/Documents and Settings/Owner/Local Settings/Temp/ICD6.tmp/amm06.ocx Infected: Trojan-Downloader.Win32.VB.bo skipped

C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38831.5028697685.WCU/C:/Documents and Settings/Owner/Local Settings/Temp/win.exe/data0002 Infected: Trojan-Clicker.Win32.Small.jf skipped

C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38831.5028697685.WCU/C:/Documents and Settings/Owner/Local Settings/Temp/win.exe Infected: Trojan-Clicker.Win32.Small.jf skipped

C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38831.5028697685.WCU ZIP: infected - 10 skipped

C:\Documents and Settings\Owner\My Documents\backups\backup-20060422-204455-188.dll Infected: Trojan-Downloader.Win32.VB.bo skipped

C:\Documents and Settings\Owner\My Documents\ccsetup128.exe/stream/data0006 Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped

C:\Documents and Settings\Owner\My Documents\ccsetup128.exe/stream Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped

C:\Documents and Settings\Owner\My Documents\ccsetup128.exe NSIS: infected - 2 skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0B5A1A84.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0B5A1A84.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0B5A1A84.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0B5A1A84.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0B5A1A84.zip ZIP: infected - 4 skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0B5A1A84.zip CryptFF: infected - 4 skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7228303D.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7228303D.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7228303D.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7228303D.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7228303D.zip ZIP: infected - 4 skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7228303D.zip CryptFF: infected - 4 skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7C845CD7.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7C845CD7.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7C845CD7.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7C845CD7.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7C845CD7.zip ZIP: infected - 4 skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7C845CD7.zip CryptFF: infected - 4 skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7C9104C9.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7C9104C9.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7C9104C9.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7C9104C9.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7C9104C9.zip ZIP: infected - 4 skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7C9104C9.zip CryptFF: infected - 4 skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7CC27A93.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7CC27A93.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7CC27A93.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7CC27A93.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7CC27A93.zip ZIP: infected - 4 skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7CC27A93.zip CryptFF: infected - 4 skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP330\A0080677.dll Infected: not-a-virus:AdWare.Win32.NewDotNet skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP330\A0080721.dll Infected: Trojan.Win32.Crypt.t skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP330\A0080723.dll Infected: Trojan-Downloader.Win32.Apropo.ad skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP330\A0080724.exe Infected: Trojan-Downloader.Win32.Apropo.ad skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP330\A0080725.dll Infected: Trojan.Win32.Crypt.t skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP330\A0080726.dll Infected: Trojan.Win32.Crypt.t skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP330\A0080727.exe Infected: Trojan.Win32.Crypt.t skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP330\A0080728.dll Infected: Trojan.Win32.Crypt.t skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP330\A0080730.dll Infected: not-a-virus:AdWare.Win32.CASClient.a skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP330\A0080731.exe Infected: not-a-virus:AdWare.Win32.WinAD.bo skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP330\A0080735.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.m skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP332\A0081794.exe/WISE0012.BIN Infected: not-a-virus:AdWare.Win32.MyWebSearch.ae skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP332\A0081794.exe WiseSFX: infected - 1 skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP332\A0081794.exe WiseSFX Dropper: infected - 1 skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP337\A0083861.dll Infected: not-a-virus:AdWare.Win32.Mirar.a skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP337\A0083865.exe Infected: not-a-virus:AdWare.Win32.CASClient.a skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP337\A0083884.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP337\A0083885.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP337\A0083886.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP337\A0083887.exe Infected: not-a-virus:AdWare.Win32.MyWebSearch.ae skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP337\A0083889.exe Infected: not-a-virus:AdWare.Win32.Sahat.ai skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP363\A0088020.exe Infected: not-a-virus:AdWare.Win32.Mirar.d skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP363\A0088021.exe Infected: not-a-virus:AdWare.Win32.EZula.bn skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP363\A0088022.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP363\A0088023.exe Infected: not-a-virus:AdWare.Win32.ShopNav.g skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP363\A0088024.exe/data0002 Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP363\A0088024.exe/data0003 Infected: not-a-virus:AdWare.Win32.BookedSpace.e skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP363\A0088024.exe NSIS: infected - 2 skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP363\A0088025.exe/data0003 Infected: not-a-virus:AdWare.Win32.HotSearchBar.i skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP363\A0088025.exe NSIS: infected - 1 skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP363\A0088026.exe Infected: Trojan-Downloader.Win32.Apropo.ae skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP363\A0088027.exe/data0002 Infected: Trojan.Win32.Registrator.b skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP363\A0088027.exe/data0003 Infected: Trojan-Downloader.Win32.Small.ayh skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP363\A0088027.exe NSIS: infected - 2 skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP363\A0088028.dll Infected: not-a-virus:AdWare.Win32.EZula.bn skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP363\A0088029.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.k skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP363\A0088030.exe Infected: Trojan-Dropper.Win32.Agent.hl skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP363\A0088031.exe Infected: not-a-virus:AdWare.Win32.MDH.e skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP363\A0088032.exe/data0002 Infected: not-a-virus:AdWare.Win32.WeirWeb.b skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP363\A0088032.exe NSIS: infected - 1 skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP363\A0088033.dll Infected: not-a-virus:AdWare.Win32.Mirar.b skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP363\A0088034.exe/data0002 Infected: Trojan.Win32.Registrator.b skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP363\A0088034.exe/data0003 Infected: Trojan-Downloader.Win32.Small.aly skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP363\A0088034.exe NSIS: infected - 2 skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP363\A0088035.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.m skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0088472.dll Infected: not-a-virus:AdWare.Win32.E2Give.d skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0088482.dll Infected: not-a-virus:AdWare.Win32.Mirar.e skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0088513.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0088514.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0088515.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0088517.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0088518.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0088526.exe Infected: Trojan-Downloader.Win32.VB.tw skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0088527.exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.BargainBuddy.q skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0088527.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.BargainBuddy.q skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0088527.exe/stream/data0004/stream/data0002 Infected: not-a-virus:AdWare.Win32.BargainBuddy.y skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0088527.exe/stream/data0004/stream/data0004 Infected: not-a-virus:AdWare.Win32.BargainBuddy.ae skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0088527.exe/stream/data0004/stream/data0005 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0088527.exe/stream/data0004/stream/data0006 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0088527.exe/stream/data0004/stream/data0007 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0088527.exe/stream/data0004/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0088527.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0088527.exe/stream/data0005/stream/data0004 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0088527.exe/stream/data0005/stream/data0005 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0088527.exe/stream/data0005/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0088527.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0088527.exe/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0088527.exe NSIS: infected - 14 skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0088529.dll Infected: Trojan-Clicker.Win32.Small.jf skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0088530.exe Infected: Trojan-Downloader.Win32.VB.tw skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0088531.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089551.dll Infected: not-a-virus:AdWare.Win32.Mirar.b skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089552.dll Infected: not-a-virus:AdWare.Win32.Mirar.a skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089554.exe Infected: Trojan-Downloader.Win32.VB.nw skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089555.exe Infected: Trojan-Clicker.Win32.VB.ij skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089556.exe Infected: Trojan-Clicker.Win32.VB.ij skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089558.dll Infected: Trojan-Clicker.Win32.Small.jf skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089559.exe Infected: Trojan-Downloader.Win32.Dyfuca.ei skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089560.exe Infected: Trojan-Downloader.Win32.Dyfuca.ey skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089561.vxd Infected: not-a-virus:AdWare.Win32.BargainBuddy.q skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089562.srg Infected: not-a-virus:AdWare.Win32.BargainBuddy.q skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089564.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089565.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089566.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089567.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089568.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089569.dll Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089570.dll Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089571.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089572.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089573.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089574.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.ae skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089575.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.BargainBuddy.y skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089575.exe/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.y skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089575.exe NSIS: infected - 2 skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089581.exe Infected: not-a-virus:Monitor.Win32.NetMon.a skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089582.exe Infected: Trojan-Downloader.Win32.Small.abd skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089583.exe Infected: Trojan-Downloader.Win32.TSUpdate.o skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089584.exe Infected: Trojan-Downloader.Win32.Small.buy skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089585.exe Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089594.dll Infected: not-a-virus:AdWare.Win32.NewDotNet.i skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089601.dll Infected: not-a-virus:AdWare.Win32.SurfSide.an skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089602.dll Infected: not-a-virus:AdWare.Win32.SurfSide.an skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089603.exe Infected: not-a-virus:AdWare.Win32.SurfSide.an skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089604.exe/InpB/SskBho.dll Infected: not-a-virus:AdWare.Win32.SurfSide.an skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089604.exe/InpB/SskCore.dll Infected: not-a-virus:AdWare.Win32.SurfSide.an skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089604.exe/InpB/Ssk.exe Infected: not-a-virus:AdWare.Win32.SurfSide.an skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089604.exe/InpB Infected: not-a-virus:AdWare.Win32.SurfSide.an skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089604.exe CAB: infected - 4 skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089607.dll Infected: not-a-virus:AdWare.Win32.SurfSide.an skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089632.exe Infected: Trojan-Dropper.Win32.VB.kk skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089639.EXE Infected: not-a-virus:AdWare.Win32.NewDotNet skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089641.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089642.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089645.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089648.exe Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089649.exe Infected: Trojan-Dropper.Win32.Agent.hl skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089650.exe Infected: Trojan-Dropper.Win32.Agent.aie skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089651.exe/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089651.exe/data.rar/whSurvey.exe Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089651.exe/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089651.exe/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089651.exe/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089651.exe RarSFX: infected - 5 skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089652.exe Infected: Trojan.Win32.VB.tg skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089653.exe Infected: Trojan-Dropper.Win32.Agent.hl skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089654.dll Infected: not-a-virus:AdWare.Win32.CommAd.a skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089655.exe Infected: not-a-virus:AdWare.Win32.CommAd.a skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089656.exe Infected: Trojan-Downloader.Win32.VB.tw skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089657.exe Infected: Trojan-Downloader.Win32.VB.tw skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089658.exe Infected: Trojan-Downloader.Win32.VB.tw skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089659.exe Infected: Trojan-Downloader.Win32.VB.tw skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089660.exe Infected: Trojan-Dropper.Win32.Small.qn skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089661.exe Infected: Trojan-Downloader.Win32.VB.tw skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089662.exe Infected: Trojan-Downloader.Win32.VB.tw skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089663.exe Infected: Trojan-Downloader.Win32.VB.tw skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089664.exe Infected: Trojan-Downloader.Win32.VB.tw skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089665.exe Infected: Trojan.Win32.VB.tg skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089666.exe Infected: Trojan-Dropper.Win32.Agent.hl skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089667.exe Infected: Trojan-Dropper.Win32.Agent.hl skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089668.dll Infected: Trojan-Downloader.Win32.Agent.agw skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089669.exe Infected: Trojan-Dropper.Win32.Agent.hl skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089670.exe Infected: Trojan-Downloader.Win32.Small.bgl skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089671.dll Infected: not-a-virus:AdWare.Win32.HotSearchBar.h skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089672.dll Infected: not-a-virus:AdWare.Win32.HotSearchBar.h skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089673.dll Infected: not-a-virus:AdWare.Win32.HotSearchBar.h skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089674.dll Infected: not-a-virus:AdWare.Win32.HotSearchBar.h skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089675.dll Infected: not-a-virus:AdWare.Win32.HotSearchBar.h skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089676.dll Infected: not-a-virus:AdWare.Win32.HotSearchBar.h skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089677.dll Infected: not-a-virus:AdWare.Win32.HotSearchBar.h skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089678.dll Infected: not-a-virus:AdWare.Win32.HotSearchBar.h skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089679.dll Infected: not-a-virus:AdWare.Win32.HotSearchBar.h skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089680.dll Infected: not-a-virus:AdWare.Win32.HotSearchBar.h skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089681.dll Infected: not-a-virus:AdWare.Win32.HotSearchBar.h skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089682.dll Infected: not-a-virus:AdWare.Win32.HotSearchBar.h skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089683.dll Infected: not-a-virus:AdWare.Win32.HotSearchBar.h skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089684.dll Infected: not-a-virus:AdWare.Win32.HotSearchBar.h skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089685.dll Infected: not-a-virus:AdWare.Win32.HotSearchBar.i skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089686.dll Infected: not-a-virus:AdWare.Win32.HotSearchBar.h skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089687.dll Infected: not-a-virus:AdWare.Win32.HotSearchBar.h skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089688.dll Infected: not-a-virus:AdWare.Win32.HotSearchBar.h skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089689.dll Infected: not-a-virus:AdWare.Win32.HotSearchBar.h skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089690.dll Infected: not-a-virus:AdWare.Win32.HotSearchBar.h skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089691.dll Infected: not-a-virus:AdWare.Win32.HotSearchBar.h skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089692.dll Infected: not-a-virus:AdWare.Win32.HotSearchBar.h skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089693.dll Infected: not-a-virus:AdWare.Win32.HotSearchBar.h skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089694.dll Infected: not-a-virus:AdWare.Win32.HotSearchBar.h skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089695.dll Infected: not-a-virus:AdWare.Win32.HotSearchBar.h skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089696.dll Infected: not-a-virus:AdWare.Win32.HotSearchBar.h skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089697.dll Infected: not-a-virus:AdWare.Win32.HotSearchBar.h skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089698.dll Infected: not-a-virus:AdWare.Win32.HotSearchBar.h skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089699.dll Infected: not-a-virus:AdWare.Win32.HotSearchBar.h skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089700.dll Infected: not-a-virus:AdWare.Win32.HotSearchBar.h skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089701.dll Infected: not-a-virus:AdWare.Win32.HotSearchBar.h skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089702.dll Infected: not-a-virus:AdWare.Win32.HotSearchBar.h skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089703.exe Infected: Trojan-Dropper.Win32.Agent.hl skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089704.exe Infected: Trojan-Dropper.Win32.Agent.hl skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089705.exe Infected: Trojan-Downloader.Win32.Small.ckq skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089706.exe Infected: Trojan.Win32.VB.tg skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089707.exe Infected: Trojan.Win32.VB.tg skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089708.exe Infected: Trojan-Clicker.Win32.Agent.gp skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089709.exe/data.rar/WhAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089709.exe/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089709.exe/data.rar/WhSurvey.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089709.exe/data.rar/Webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089709.exe/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089709.exe/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089709.exe RarSFX: infected - 6 skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089710.exe Infected: Trojan-Downloader.Win32.VB.tw skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089711.exe Infected: Trojan-Downloader.Win32.VB.tw skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089712.exe Infected: Trojan-Downloader.Win32.VB.tw skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089713.exe Infected: Trojan-Downloader.Win32.VB.tw skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP389\A0089716.dll Infected: Trojan-Downloader.Win32.Qoologic.bj skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP390\A0089754.exe Infected: Trojan-Downloader.Win32.Qoologic.bj skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP390\A0089757.exe Infected: Trojan-Downloader.Win32.Qoologic.bj skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP390\A0089758.exe Infected: Trojan-Downloader.Win32.Qoologic.bj skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP390\A0089759.exe Infected: Trojan-Downloader.Win32.Qoologic.bj skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP390\A0089760.dll Infected: Trojan-Downloader.Win32.Qoologic.bj skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP390\A0089783.exe Infected: Trojan-Downloader.Win32.Small.cpu skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP390\A0089789.exe Infected: Trojan-Downloader.Win32.VB.abm skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP390\A0089790.exe Infected: Trojan-Downloader.Win32.Adload.as skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP390\A0089791.exe Infected: Trojan-Downloader.Win32.Agent.aie skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP390\A0089792.exe Infected: Trojan-Downloader.Win32.Small.cpu skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP390\A0089793.exe Infected: Trojan-Downloader.Win32.VB.abj skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP390\A0089794.exe Infected: Trojan-Clicker.Win32.VB.mo skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP390\A0089795.exe Infected: Trojan-Downloader.Win32.VB.aaf skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP390\A0089796.exe Infected: Trojan-Downloader.Win32.Small.cqy skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP390\A0089797.exe Infected: Trojan-Spy.Win32.VB.eh skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP390\A0089799.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped

C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP391\A0089980.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped

C:\WINDOWS\DHU.exe/data0001 Infected: Trojan-Clicker.Win32.Small.jf skipped

C:\WINDOWS\DHU.exe NSIS: infected - 1 skipped

C:\WINDOWS\optimize.exe Infected: Trojan-Downloader.Win32.Dyfuca.ey skipped

C:\WINDOWS\pf78.exe/data0002 Infected: Trojan-Downloader.Win32.VB.tw skipped

C:\WINDOWS\pf78.exe/data0003 Infected: Trojan.Win32.VB.tg skipped

C:\WINDOWS\pf78.exe/data0006 Infected: Trojan.Win32.VB.tg skipped

C:\WINDOWS\pf78.exe/data0007 Infected: Trojan.Win32.VB.tg skipped

C:\WINDOWS\pf78.exe NSIS: infected - 4 skipped

C:\WINDOWS\sk02.exe/data0002 Infected: Trojan-Clicker.Win32.Small.jf skipped

C:\WINDOWS\sk02.exe NSIS: infected - 1 skipped

C:\WINDOWS\system32\1mp0bok6.ini Infected: not-a-virus:AdWare.Win32.Sahat.ao skipped

C:\WINDOWS\system32\drsmartload637a.exe Infected: Trojan-Downloader.Win32.VB.vz skipped

C:\WINDOWS\system32\FT_SilentSudokuInstaller.exe/data0002/data0006 Infected: Trojan-Dropper.Win32.VB.kk skipped

C:\WINDOWS\system32\FT_SilentSudokuInstaller.exe/data0002 Infected: Trojan-Dropper.Win32.VB.kk skipped

C:\WINDOWS\system32\FT_SilentSudokuInstaller.exe NSIS: infected - 2 skipped

C:\WINDOWS\system32\related.exe Infected: Trojan-Downloader.Win32.Small.bmx skipped

C:\WINDOWS\system32\Setup94.exe/data0002 Infected: Trojan-Downloader.Win32.VB.tw skipped

C:\WINDOWS\system32\Setup94.exe/data0003 Infected: Trojan.Win32.VB.tg skipped

C:\WINDOWS\system32\Setup94.exe/data0006 Infected: Trojan.Win32.VB.tg skipped

C:\WINDOWS\system32\Setup94.exe/data0007 Infected: Trojan.Win32.VB.tg skipped

C:\WINDOWS\system32\Setup94.exe NSIS: infected - 4 skipped

C:\WINDOWS\system32\w08323b6.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped

C:\WINDOWS\weirdontheweb_iep.exe/data0002 Infected: not-a-virus:AdWare.Win32.WeirWeb.a skipped

C:\WINDOWS\weirdontheweb_iep.exe NSIS: infected - 1 skipped

Scan process completed.

No hidden items found in the Blacklight eliminator

HTJ log:

Logfile of HijackThis v1.99.1
Scan saved at 9:11:08 PM, on 4/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Netscape Internet Service\ncupdatesvc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Belkin Wireless\Belkin Wireless Keyboard\MagicKey.exe
C:\Program Files\Belkin Wireless\Belkin Wireless Mouse\MouseAp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Belkin Wireless\Belkin Wireless Keyboard\OSD.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\My Documents\HTJ\HTJ.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optonline.net/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Mixersel] C:\Program Files\Realtek\InstallShield\mixersel.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Enable Belkin Wireless Keyboard Driver.lnk = C:\Program Files\Belkin Wireless\Belkin Wireless Keyboard\MagicKey.exe
O4 - Global Startup: Enable Belkin Wireless Mouse Driver.lnk = C:\Program Files\Belkin Wireless\Belkin Wireless Mouse\MouseAp.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z....meInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120616987652
O18 - Protocol: aim - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - Unknown owner - c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe (file missing)
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: Netscape Update Service (NCUpdateSvc) - Netscape Communications Corporation - C:\Program Files\Netscape Internet Service\ncupdatesvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

Advertisements

Register to Remove

#11 pskelley

R.I.P Always in our hearts

Authentic Member
3,879 posts

Interests:Computers, fishing, biking, basketball, travel

Posted 25 April 2006 - 06:25 AM

Kaspersky: I have to assume most of what it found were cookies, delete them.

The Recovery and Quarantine areas should remove easliy, but you will need to be in safe mode for the Temp stuff and the files that need to be deleted:
http://www.bleepingc...tutorial61.html

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\
Open Spybot > Click on Recovery > Check everything and click on Purge selected items. Ok if asked, close Spybot.

C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38831.5028697685.WCU/C:/Documents and Settings/Owner/Local Settings/Temp/ <<< navigate to that Temp folder and delete everything in it. (NOT THE FOLDER)

C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\ <<< unless you know something is safe, delete the contents of that Backup folder.

C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\ <<< delete the content of that Quarantine folder.

Naviagte to and delete all of these files:

C:\WINDOWS\DHU.exe
C:\WINDOWS\optimize.exe
C:\WINDOWS\pf78.exe
C:\WINDOWS\sk02.exe
C:\WINDOWS\system32\1mp0bok6.ini
C:\WINDOWS\system32\drsmartload637a.exe
C:\WINDOWS\system32\FT_SilentSudokuInstaller.exe
C:\WINDOWS\system32\related.exe
C:\WINDOWS\system32\Setup94.exe
C:\WINDOWS\system32\w08323b6.dll
C:\WINDOWS\weirdontheweb_iep.exe

Follow the instructions in this link to clean out the System Restore files: C:\System Volume Information\_restore
System Restore does not know the good files from the bad. In case bad stuff has gotten into your System Restore files, follow the instructions in this link to get clean System Restore files. Turn it off, reboot then turn it back on:
http://service1.syma...src=sec_doc_nam

Scan saved at 9:11:08 PM, on 4/24/2006 <<< this HJT log is clean, here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online:
http://boards.cexx.o...topic.php?t=957
http://russelltexas....re/allclear.htm
http://forum.malware...wtopic.php?t=14
http://www.bleepingc...topict2520.html
http://cybercoyote.o...not-admin.shtml

ewido is a great program but it does use some resources. Once the trial is over you can update and use the scanner for as long as you wish, but unless you purchase it you should turn it off completely so it does not run unless you start it manually.

Make sure you review this information:
http://www.microsoft...s/IEtopten.mspx

Once you have removed all of the stuff in the Kaspersky scan, make sure any items you removed before posting the scan results are deleted also. Then post a new Kaspersky scan, unless it is clean. Let me know at that point how you are running.

Thanks...Phil

MS-MVP Windows Security 2007-8-9 Proud Member ASAP UNITE Member 2006

#12 CAPTAIN

Authentic Member

Authentic Member
41 posts

Posted 27 April 2006 - 06:46 PM

I'm having trouble with Norton removing the viruses. The Norton program won't scan for viruses. I believe the program needs to be updated at a cost. In the meantime, is there another program available that will scan and get rid of these viruses?

#13 pskelley

R.I.P Always in our hearts

Authentic Member
3,879 posts

Interests:Computers, fishing, biking, basketball, travel

Posted 27 April 2006 - 06:55 PM

If you are saying the Norton program does not scan because it needs to be paid for, that would be true. If you want another free antivirus program, then here are two to choose from, but you need to uninstall Norton, you do not want to have two programs running at the same time:
See this: http://service1.syma...000031316555206

http://free.grisoft.com/freeweb.php
http://www.avast.com...ast_4_home.html

Thanks...

Edited by pskelley, 01 May 2006 - 03:33 AM.

MS-MVP Windows Security 2007-8-9 Proud Member ASAP UNITE Member 2006

#14 CAPTAIN

Authentic Member

Authentic Member
41 posts

Posted 30 April 2006 - 08:30 PM

Downloaded Avast. Everything appears to be running somewhat normal. Here is the new kaspersky report: Saturday, April 29, 2006 11:03:20 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version: 5.0.78.0 Kaspersky Anti-Virus database last update: 30/04/2006 Kaspersky Anti-Virus database records: 190668 Scan Settings Scan using the following antivirus database extended Scan Archives true Scan Mail Bases true Scan Target My Computer C:\ D:\ E:\ F:\ G:\ H:\ I:\ Scan Statistics Total number of scanned objects 70989 Number of viruses found 7 Number of infected objects 19 Number of suspicious objects 0 Duration of the scan process 02:09:28 Infected Object Name Virus Name Last Action C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38831.5028697685.WCU/C:/Documents and Settings/Owner/Local Settings/Temp/-1.exe/data0003 Infected: not-a-virus:AdWare.Win32.HotSearchBar.i skipped C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38831.5028697685.WCU/C:/Documents and Settings/Owner/Local Settings/Temp/-1.exe Infected: not-a-virus:AdWare.Win32.HotSearchBar.i skipped C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38831.5028697685.WCU/C:/Documents and Settings/Owner/Local Settings/Temp/fns-10.exe/data0003 Infected: not-a-virus:AdWare.Win32.HotSearchBar.h skipped C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38831.5028697685.WCU/C:/Documents and Settings/Owner/Local Settings/Temp/fns-10.exe Infected: not-a-virus:AdWare.Win32.HotSearchBar.h skipped C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38831.5028697685.WCU/C:/Documents and Settings/Owner/Local Settings/Temp/FT_SilentSudokuInstaller.exe/data0002/data0006 Infected: Trojan-Dropper.Win32.VB.kk skipped C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38831.5028697685.WCU/C:/Documents and Settings/Owner/Local Settings/Temp/FT_SilentSudokuInstaller.exe/data0002 Infected: Trojan-Dropper.Win32.VB.kk skipped C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38831.5028697685.WCU/C:/Documents and Settings/Owner/Local Settings/Temp/FT_SilentSudokuInstaller.exe Infected: Trojan-Dropper.Win32.VB.kk skipped C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38831.5028697685.WCU/C:/Documents and Settings/Owner/Local Settings/Temp/ICD6.tmp/amm06.ocx Infected: Trojan-Downloader.Win32.VB.bo skipped C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38831.5028697685.WCU/C:/Documents and Settings/Owner/Local Settings/Temp/win.exe/data0002 Infected: Trojan-Clicker.Win32.Small.jf skipped C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38831.5028697685.WCU/C:/Documents and Settings/Owner/Local Settings/Temp/win.exe Infected: Trojan-Clicker.Win32.Small.jf skipped C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38831.5028697685.WCU ZIP: infected - 10 skipped C:\Documents and Settings\Owner\My Documents\ccsetup128.exe/stream/data0006 Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped C:\Documents and Settings\Owner\My Documents\ccsetup128.exe/stream Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped C:\Documents and Settings\Owner\My Documents\ccsetup128.exe NSIS: infected - 2 skipped C:\RECYCLER\S-1-5-21-4272770746-3964083981-1519504173-1003\Dc32.dll Infected: Trojan-Downloader.Win32.VB.bo skipped C:\WINDOWS\chadch.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.SideFind.a skipped C:\WINDOWS\chadch.exe/stream Infected: not-a-virus:AdWare.Win32.SideFind.a skipped C:\WINDOWS\chadch.exe NSIS: infected - 2 skipped C:\WINDOWS\system32\nsc2ED.dll Infected: not-a-virus:AdWare.Win32.SideFind.a skipped Scan process completed.

#15 pskelley

R.I.P Always in our hearts

Authentic Member
3,879 posts

Interests:Computers, fishing, biking, basketball, travel

Posted 01 May 2006 - 03:49 AM

Kaspersky Scan

C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38831.5028697685.WCU/C:/Documents and Settings/Owner/Local Settings/Temp/ <<< navigate to and delete everything in the Temp folder in red.

C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\ <<< navigate to and delete everything in that backup folder in red.

C:\RECYCLER\S-1-5-21-4272770746-3964083981-1519504173-1003\Dc32.dll <<< Open your Recycle Bin and delete the contents

C:\WINDOWS\chadch.exe/ <<< delete that file

C:\WINDOWS\system32\nsc2ED.dll <<< delete that file

http://www.helpwithw...P/howto-16.html

Thanks...

MS-MVP Windows Security 2007-8-9 Proud Member ASAP UNITE Member 2006

Body Background

skin color theme