Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HEELLPPP!


  • Please log in to reply
5 replies to this topic

#1 henabs

henabs

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:48 AM

Posted 02 July 2005 - 06:01 PM

Hey my comp is running very slow so i figured i'd post this log and if you see somethin that can save me from all these pop-ups and crashes then HEEELLLLPPP!!!! :thumbsup:
Logfile of HijackThis v1.99.1
Scan saved at 7:55:12 PM, on 02/07/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
c:\windows\system32\uxfrno.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\System32\hvlsvc32.exe
C:\DOCUME~1\Abbiy\LOCALS~1\Temp\sysnet.exe
C:\Program Files\ProSiteFinder\prositefinder.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\almr\wait.exe
C:\WINDOWS\System32\w?nspool.exe
C:\Program Files\Reality Fusion\Reality Fusion GameCam SE\Program\RFTRay.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\ProSiteFinder\prositefinderh.exe
C:\Program Files\ProSiteFinder\prositefinder.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Abbiy\LOCALS~1\Temp\Rar$EX00.263\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.viewpornkey.com
R3 - URLSearchHook: (no name) - _{77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: (no name) - {00000000-0000-435D-8603-0F36B16F3B3A} - C:\Program Files\ProSiteFinder\ProSiteFinder.dll
O2 - BHO: Shorty - {11A4CA8C-A8B9-49c2-A6D3-3F64C9EEBAE6} - C:\Program Files\DNS\Catcher.dll
O2 - BHO: SABHO - {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - c:\program files\180searchassistant\salmhook.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: RichEditor Class - {F79A2C4B-8776-4ED7-8B2F-4786A4A3500A} - C:\WINDOWS\System32\richedtr.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [richup] C:\WINDOWS\System32\richup.exe
O4 - HKLM\..\Run: [HVl Services] hvlsvc32.exe
O4 - HKLM\..\Run: [Sysnet] C:\DOCUME~1\Abbiy\LOCALS~1\Temp\sysnet.exe
O4 - HKLM\..\Run: [ProSiteFinder] C:\Program Files\ProSiteFinder\prositefinder.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [salm] c:\program files\180searchassistant\salm.exe
O4 - HKLM\..\Run: [lmvgf] C:\WINDOWS\lmvgf.exe
O4 - HKLM\..\Run: [mevbtrj0] C:\WINDOWS\System32\mevbtrj0.exe
O4 - HKLM\..\Run: [fbjzozs] c:\windows\system32\uxfrno.exe r
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-58-12-0000093.exe
O4 - HKCU\..\Run: [Aahm] C:\Program Files\abir\thmt.exe
O4 - HKCU\..\Run: [uqki] C:\PROGRA~1\COMMON~1\uqki\uqkim.exe
O4 - HKCU\..\Run: [Tsbw] C:\Program Files\almr\wait.exe
O4 - HKCU\..\Run: [Itvauql] C:\WINDOWS\System32\w?nspool.exe
O4 - HKCU\..\Run: [HVl Services] hvlsvc32.exe
O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Documents and Settings\Abbiy\Local Settings\Temp\{B674100F-3B65-4852-BBB4-12574228FEBE}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Reality Fusion GameCam SE.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O15 - Trusted Zone: *.admin2cash.biz
O15 - Trusted Zone: *.private-dialer.biz
O15 - Trusted Zone: *.private-iframe.biz
O15 - Trusted Zone: *.traffic2cash.biz
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {11111111-1111-1111-1111-113108567842} - mhtml:file://C:NO_SUCH_MHT.MHT!http://www.easywww.info/safe/payloadexe.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAcc...Bridge-c139.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...etup1.0.0.8.cab
O16 - DPF: {233036C5-6847-5227-DF30-666708D9A2BE} - http://67.19.178.86/1/rdgCA1742.exe
O16 - DPF: {253DD920-D105-1752-B520-70276D1CB196} - http://67.19.178.86/1/rdgCA1742.exe
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab28578.cab
O16 - DPF: {35B73B29-9F89-789B-3C69-047C4A7CB42F} - http://67.19.178.86/1/rdgCA1742.exe
O16 - DPF: {457E7C97-5E70-58BA-EA18-70067BFD0929} - http://67.19.178.86/1/rdgCA1742.exe
O16 - DPF: {492C5357-94E3-1BF9-34FE-4DCE27FAC14E} - http://67.19.178.86/1/rdgCA1742.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by1fd.bay1.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5558463D-624A-028B-C58D-43FC261F9C67} - http://67.19.178.86/1/rdgCA1742.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/080ed15eda402c...ip/RdxIE601.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {79AB5CDF-4B4F-466A-DEA5-7CC2756B3340} - http://67.19.178.86/1/rdgCA1742.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab28578.cab
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180searchassistant.com/180saax.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
"Im always off in my own little world, but thats okay, they know me there"

BC AdBot (Login to Remove)

 


m

#2 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:03:48 AM

Posted 02 July 2005 - 06:35 PM

Hello henabs,

C:\DOCUME~1\Abbiy\LOCALS~1\Temp\Rar$EX00.263\HijackThis.exe


Hijackthis this will not save backups when run from a temp folder.

Be sure to Hijackthis in its own folder, not in a temp folder. Here is how you make a Hijackthis folder:

Click My Computer, then
In the menu bar, File->New->Folder.
That will create a folder named New Folder, which you can rename to "HJT" or "HijackThis". Now you have C:\HJT\ folder. Put your HijackThis.exe there.

************************************

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

Please download Nailfix from here:
http://www.noidea.us/easyfile/file.php?dow...050515010747824
Unzip it to the desktop but please do NOT run it yet.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:
http://www.pchell.com/support/safemode.shtml


Once in Safe Mode, please double-click on Nailfix.cmd.
Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

Then please run Ewido, and run a full scan.
Save the logfile from the scan.

Next please run HijackThis, click Scan, and check:

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe

Close all open windows except for HijackThis and click Fix Checked.

Restart your computer in normal mode and please post a new HijackThis log, as well as the Ewido scan log.

Edited by SifuMike, 02 July 2005 - 06:43 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 henabs

henabs
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:48 AM

Posted 04 July 2005 - 06:02 PM

Thanks for the quick reply. So I downloaded from the 2 links you posted, while trying to extract nailfix to the desktop I encountered this:

! C:\Documents and Settings\Abbiy\Desktop\help\Nailfix.zip: Unexpected end of archive
! C:\Documents and Settings\Abbiy\Desktop\help\Nailfix.zip: Either multipart or corrupt ZIP archive

This is what the message is after I hit extract to, then chose desktop. Ewido was downloaded successfully I have not ran it yet as you had instructed. I will await further instructions. Thanks.
"Im always off in my own little world, but thats okay, they know me there"

#4 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:03:48 AM

Posted 04 July 2005 - 06:12 PM

Hello henabs,

while trying to extract nailfix to the desktop I encountered this:

! C:\Documents and Settings\Abbiy\Desktop\help\Nailfix.zip: Unexpected end of archive
! C:\Documents and Settings\Abbiy\Desktop\help\Nailfix.zip: Either multipart or corrupt ZIP archive



Are you downloading with Opera or IE6? It will not download correctly with Opera.
Use IE6 to do the download and let me know what happens.
Do not go further with the fix until you can download NailFix.

Edited by SifuMike, 04 July 2005 - 06:18 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 henabs

henabs
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:48 AM

Posted 04 July 2005 - 09:02 PM

I was using opera so that problem was solved. I did everything step by step. here are the log files.

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 10:50:11 PM, 04/07/2005
+ Report-Checksum: B65E150

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{1E0004EC-5DF0-48C7-A8F0-FBB0488A3D94} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\HbCoreSrv.DynamicProp -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\HbCoreSrv.DynamicProp\CLSID -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\HbCoreSrv.DynamicProp\CurVer -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{04D7391C-AB32-4921-84F3-B63FC0EEDF43} -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{09F19D39-3084-47B0-B1CE-26581074BC36} -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{244D13BB-AFDB-11CE-85D1-00AA00695286} -> Spyware.BonziBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{2CEC1D83-1F31-41A7-B2BC-A2FE25E3BF34} -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{31CA5C07-7F5F-4502-8C77-99A91558ADD0} -> Spyware.TX4 : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{41943AC1-46DC-41EF-A365-713C14C50A06} -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{439508F6-E48B-4095-B000-ADC7A02AB29E} -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{4BB35A55-A91A-11CF-BA7C-00A0D1001A5A} -> Spyware.BonziBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{4E86A93F-4E89-45FD-866B-80D25B0F21A6} -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{6B1BE803-567F-11D1-B652-0060976C699F} -> Spyware.BonziBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{6B1BE807-567F-11D1-B652-0060976C699F} -> Spyware.BonziBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{86E5D74F-02EB-11D3-A464-0080C858F182} -> Spyware.BonziBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{86E5D751-02EB-11D3-A464-0080C858F182} -> Spyware.BonziBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{916694A8-8AD6-11D2-B6FD-0060976C699F} -> Spyware.BonziBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{916694A9-8AD6-11D2-B6FD-0060976C699F} -> Spyware.BonziBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{9DD19D39-2CDC-465B-BB21-1D433590BA3D} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C7E7863D-2EF7-46F9-A2C2-DD08B2B3C0A5} -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{CA74A032-869B-4752-927E-D0DA5677DC23} -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{F2A97FA2-714D-11CF-BA24-00A0D1001A5A} -> Spyware.BonziBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{223A26D8-9F91-42F6-8ED3-094B637DE020} -> Spyware.TX4 : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{6B1BE80A-567F-11D1-B652-0060976C699F} -> Spyware.BonziBuddy : Cleaned with backup
HKLM\SOFTWARE\Hotbar -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Hotbar\Hotbar -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Hotbar\Hotbar\Mail -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Hotbar\Hotbar\PI -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Hotbar\Hotbar\PI\3.2 -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -> Spyware.PopularScreensavers : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SWAR -> Spyware.CometCursor : Cleaned with backup
HKU\S-1-5-21-1614895754-813497703-854245398-1003\Software\Hotbar -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1614895754-813497703-854245398-1003\Software\Hotbar\Common -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1614895754-813497703-854245398-1003\Software\Hotbar\Common\Updates -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1614895754-813497703-854245398-1003\Software\Hotbar\HostOI -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1614895754-813497703-854245398-1003\Software\Hotbar\HostOI\Updates -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1614895754-813497703-854245398-1003\Software\Hotbar\HostOL -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1614895754-813497703-854245398-1003\Software\Hotbar\HostOL\Updates -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1614895754-813497703-854245398-1003\Software\Hotbar\Hotbar -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1614895754-813497703-854245398-1003\Software\Hotbar\Hotbar\dynamic -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1614895754-813497703-854245398-1003\Software\Hotbar\Hotbar\dynamicFail -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1614895754-813497703-854245398-1003\Software\Hotbar\Hotbar\EUI -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1614895754-813497703-854245398-1003\Software\Hotbar\Hotbar\HtmlPPP -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1614895754-813497703-854245398-1003\Software\Hotbar\Hotbar\links -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1614895754-813497703-854245398-1003\Software\Hotbar\Hotbar\Mail -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1614895754-813497703-854245398-1003\Software\Hotbar\Hotbar\options -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1614895754-813497703-854245398-1003\Software\Hotbar\Hotbar\PI -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1614895754-813497703-854245398-1003\Software\Hotbar\Hotbar\PI\3.2 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1614895754-813497703-854245398-1003\Software\Hotbar\Hotbar\Sample -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1614895754-813497703-854245398-1003\Software\Hotbar\Hotbar\Sample\Hist -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1614895754-813497703-854245398-1003\Software\Hotbar\Hotbar\Sample\Hist\sg804 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1614895754-813497703-854245398-1003\Software\Hotbar\Hotbar\updates -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1614895754-813497703-854245398-1003\Software\Hotbar\Time -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1614895754-813497703-854245398-1003\Software\Hotbar\Time\HostIE -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1614895754-813497703-854245398-1003\Software\Hotbar\Time\HostIE\Updates -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1614895754-813497703-854245398-1003\Software\Support Software -> Spyware.NetworkEssentials : Cleaned with backup
HKU\S-1-5-21-1614895754-813497703-854245398-1003\Software\Support Software\Params -> Spyware.NetworkEssentials : Cleaned with backup
HKU\S-1-5-21-1614895754-813497703-854245398-1003\Software\Updater -> Spyware.KeenValue : Cleaned with backup
C:\dffjj.exe/kans.reg -> Trojan.WinREG.LowZones.f : Cleaned with backup
C:\dffjj.exe/kansup.reg -> Trojan.WinREG.LowZones.f : Cleaned with backup
C:\Documents and Settings\Abbiy\Cookies\abbiy@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Abbiy\Cookies\abbiy@linksynergy[2].txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
C:\Documents and Settings\Abbiy\Cookies\abbiy@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Abbiy\Cookies\abbiy@qksrv[1].txt -> Spyware.Cookie.Qksrv : Cleaned with backup
C:\Documents and Settings\Abbiy\Cookies\abbiy@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Abbiy\Desktop\temp532.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\180sainstaller.exe/clientax.dll -> Spyware.180Solutions : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\180sainstallernusac.exe/clientax.dll -> Spyware.180Solutions : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\acmgjgpd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\aihnehcd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\alekadjd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\aojbaiod.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\bcfaoohd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\bebloemd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\bflogjgd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\bgammold.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\bgfdefmd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\bgndkded.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\bkalcndd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\bklpfdnc.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\blkbfnpc.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\bmdmckhd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\bnghajkd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\boeondkd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\bpcbjimd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\camkcbmd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\cbaikomd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\cbigammd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\cefianjd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\cgbiooic.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\cibkkmmd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\cjihocmc.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\ckaiooic.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\clkghaad.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\cmgpbgbd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\cnhkiifd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\cpnpignd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\dcdghomd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\dfeplmid.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\dfhojnfd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\dgebnend.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\dhoglfad.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\djckiced.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\djjnehcd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\dkokpkod.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\dmljbcpd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\dmohjped.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\dnapdend.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\eciemdgd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\edmchhmc.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\eeklanjd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\eeldglbd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\ehhlhbmd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\ehkiogfd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\eiaebkad.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\ejhgmded.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\emalogpd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\epkijapd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\epnplpmd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\faoonbnd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\fbhimhnc.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\fdajpoad.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\feaoajkd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\fjlfdjhd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\fknampad.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\fmihfbid.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\fmlilkoc.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\gaggdicd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\gchfhfod.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\gcjlockd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\ghnfkboc.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\gimjcfpd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\gnjbdnmd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\gpnoehcd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\hcpikhnc.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\hggokomd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\hikfbkdd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\hjciepic.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\hjhmmpod.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\hknknmmc.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\hndnnknd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\hpbchfoc.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\hpbghnfd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\hpdbhemd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\idcbocmc.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\ihbdacdd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\ihdbgaod.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\iifmnlid.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\ineaabfd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\infbclpd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\innmblpd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\inpfcjnd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\jedaoled.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\jfjffbed.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\jganpaid.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\jggmjnnc.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\jhnacdcd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\jidenpdd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\jikpooic.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\jjfhnabd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\jlheddjd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\jlondlmc.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\jppajimd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\kbpipoad.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\kglgcnhd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\kglghnmd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\kgllpeld.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\kiapooic.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\kilgaegd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\kjhcpaid.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\klhdmlcd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\knhoehcd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\kohdikad.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\lccnbhmd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\lgplmjld.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\maeocbdd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\mckdfegd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\mdoplead.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\memijapd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\mfcpnapd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\mfnolfad.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\mhfkgjgd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\mhilnpod.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\mjinlehd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\mllfphgd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\mmfdckdd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\mnckdlmd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\mnibejmd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\mnkkakpd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\mpjlpehd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\nbeipndd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\ncgldkod.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\nchfkdfd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\nciafpgd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\ndadgknd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\neomnapd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\ngaclkoc.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\nijoooic.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\nkdonfdd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\nkhakmgd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\nkjoaokd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\nlmghcad.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\odhijapd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\oegbjamd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\ofnmeemd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\ogofphmc.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\oiildjnd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\okegdijd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\onaihomd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\onbiaokd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\oocenejd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\oofcjnnc.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\oolmlpmd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\opcnfepc.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\padajpad.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\pbolenfd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\PEW\aurareco.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\pffmjimc.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\pfnhemfd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\pgdkghpc.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\pgebjpnd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\pgiaclnd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\phpehimd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\picodpod.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\piecgpnd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\pkmjgbmd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\plhgcbmd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\plpgnend.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\pmhicpid.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\pnmhcknd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\popdjged.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\popmngid.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Abbiy\Local Settings\Temp\ppogdphd.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Ammi\Cookies\ammi@adorigin[1].txt -> Spyware.Cookie.Adorigin : Cleaned with backup
C:\Documents and Settings\Ammi\Cookies\ammi@ads18.bpath[1].txt -> Spyware.Cookie.Bpath : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\XIE3T3XX\d[1].exe/kans.reg -> Trojan.WinREG.LowZones.f : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\XIE3T3XX\d[1].exe/kansup.reg -> Trojan.WinREG.LowZones.f : Cleaned with backup
C:\Program Files\Common Files\uqki\mytsl -> TrojanDownloader.TSUpdate.j : Cleaned with backup
C:\Program Files\Common Files\uqki\mytsp -> Spyware.Xupiter : Cleaned with backup
C:\Program Files\Hotbar\bin\4.5.1.0\HbHostIE.dll -> Spyware.HotBar : Cleaned with backup
C:\Program Files\Hotbar\bin\4.5.1.0\HbSrv.exe -> Spyware.HotBar : Cleaned with backup
C:\temp\kans.reg -> Trojan.WinREG.LowZones.f : Cleaned with backup
C:\temp\kansup.reg -> Trojan.WinREG.LowZones.f : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\rdgCA1742.exe -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\rdgCA1742.exe -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.5\rdgCA1742.exe -> TrojanDownloader.Small.ayl : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.6\rdgCA1742.exe -> TrojanDownloader.Small.ayl : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.7\rdgCA1742.exe -> TrojanDownloader.Small.ayl : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.8\rdgCA1742.exe -> TrojanDownloader.Small.ayl : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\rdgCA1742.exe -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\mhlstsj.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\system32\BO2802040113.dll -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\c4t.exe -> Heuristic.Win32.Hijacker1 : Cleaned with backup
C:\WINDOWS\system32\COMMCOS2.DLL -> Spyware.SafeSurfing : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\8HADML6F\Canada[1].exe -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\8HADML6F\Canada[2].exe -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\8HADML6F\Poller[1].exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\MX23I1MJ\Canada[1].exe -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\YB0FIVYL\Canada[1].exe -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\system32\dgdgd.exe -> Heuristic.Win32.Hijacker1 : Cleaned with backup
C:\WINDOWS\system32\regsync.exe -> Spyware.SafeSurfing : Cleaned with backup
C:\WINDOWS\system32\temp532.exe -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\system32\uolwufn.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\system32\vbrundll.dll -> Spyware.SafeSurfing : Cleaned with backup
C:\WINDOWS\_MSRSTRT.EXE -> Not-A-Virus.Tool.Reboot : Cleaned with backup


::Report End

Logfile of HijackThis v1.99.1
Scan saved at 10:56:46 PM, on 04/07/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\System32\hvlsvc32.exe
C:\DOCUME~1\Abbiy\LOCALS~1\Temp\sysnet.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
c:\windows\system32\dfjdyq.exe
C:\Program Files\almr\wait.exe
C:\WINDOWS\System32\w?nspool.exe
C:\Program Files\Reality Fusion\Reality Fusion GameCam SE\Program\RFTRay.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Media Gateway\MediaGateway.exe
C:\Program Files\180searchassistant\salm.exe
C:\WINDOWS\System32\ea16amr5.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.viewpornkey.com
R3 - URLSearchHook: (no name) - _{77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll
O2 - BHO: Shorty - {11A4CA8C-A8B9-49c2-A6D3-3F64C9EEBAE6} - C:\Program Files\DNS\Catcher.dll
O2 - BHO: SABHO - {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - c:\program files\180searchassistant\salmhook.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: RichEditor Class - {F79A2C4B-8776-4ED7-8B2F-4786A4A3500A} - C:\WINDOWS\System32\richedtr.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [richup] C:\WINDOWS\System32\richup.exe
O4 - HKLM\..\Run: [HVl Services] hvlsvc32.exe
O4 - HKLM\..\Run: [Sysnet] C:\DOCUME~1\Abbiy\LOCALS~1\Temp\sysnet.exe
O4 - HKLM\..\Run: [lmvgf] C:\WINDOWS\lmvgf.exe
O4 - HKLM\..\Run: [dcz] C:\WINDOWS\dcz.exe
O4 - HKLM\..\Run: [ppmlmtj] c:\windows\system32\dfjdyq.exe r
O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe
O4 - HKLM\..\Run: [salm] c:\program files\180searchassistant\salm.exe
O4 - HKLM\..\Run: [bgb] C:\WINDOWS\bgb.exe
O4 - HKLM\..\Run: [ea16amr5] C:\WINDOWS\System32\ea16amr5.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-58-12-0000093.exe
O4 - HKCU\..\Run: [Aahm] C:\Program Files\abir\thmt.exe
O4 - HKCU\..\Run: [uqki] C:\PROGRA~1\COMMON~1\uqki\uqkim.exe
O4 - HKCU\..\Run: [Tsbw] C:\Program Files\almr\wait.exe
O4 - HKCU\..\Run: [Itvauql] C:\WINDOWS\System32\w?nspool.exe
O4 - HKCU\..\Run: [HVl Services] hvlsvc32.exe
O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Documents and Settings\Abbiy\Local Settings\Temp\{B674100F-3B65-4852-BBB4-12574228FEBE}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Reality Fusion GameCam SE.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O15 - Trusted Zone: *.admin2cash.biz
O15 - Trusted Zone: *.private-dialer.biz
O15 - Trusted Zone: *.private-iframe.biz
O15 - Trusted Zone: *.traffic2cash.biz
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {11111111-1111-1111-1111-113108567842} - mhtml:file://C:NO_SUCH_MHT.MHT!http://www.easywww.info/safe/payloadexe.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAcc...Bridge-c139.cab
O16 - DPF: {233036C5-6847-5227-DF30-666708D9A2BE} - http://67.19.178.86/1/rdgCA1742.exe
O16 - DPF: {253DD920-D105-1752-B520-70276D1CB196} - http://67.19.178.86/1/rdgCA1742.exe
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab28578.cab
O16 - DPF: {35B73B29-9F89-789B-3C69-047C4A7CB42F} - http://67.19.178.86/1/rdgCA1742.exe
O16 - DPF: {457E7C97-5E70-58BA-EA18-70067BFD0929} - http://67.19.178.86/1/rdgCA1742.exe
O16 - DPF: {492C5357-94E3-1BF9-34FE-4DCE27FAC14E} - http://67.19.178.86/1/rdgCA1742.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by1fd.bay1.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5558463D-624A-028B-C58D-43FC261F9C67} - http://67.19.178.86/1/rdgCA1742.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/080ed15eda402c...ip/RdxIE601.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {79AB5CDF-4B4F-466A-DEA5-7CC2756B3340} - http://67.19.178.86/1/rdgCA1742.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab28578.cab
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180searchassistant.com/180saax.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Windows Process Moniter - Unknown owner - C:\WINDOWS\winmon.exe

Thanks again for all the help. The computer has already sped up! I still am getting quite a few pop-ups right after I restarted in normal mode. Anyway I'll leave that upto the expert...
"Im always off in my own little world, but thats okay, they know me there"

#6 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:03:48 AM

Posted 04 July 2005 - 10:44 PM

Hello henabs,

You still have quite a mess on your computer. :thumbsup:
Let get that malware off.

*******************************************

From the Start menu, choose Control Panel.
Choose "Add or Remove Programs"
Select 180search Assistant and click "Change/Remove Programs".
Also uninstall
Internet Optimizer
Media Gateway


*******************************************

How to Reboot into Safe Mode
tap F8 key during reboot, until the boot menu appears...use the arrow keys to choose "Safe Mode" from the menu......,then press the "Enter" key.



Please boot into Safe Mode, go to HijackThis->Config->Misc. Tools->Open process manager. Select the following and click “Kill process” for each.

C:\WINDOWS\System32\hvlsvc32.exe
C:\DOCUME~1\Abbiy\LOCALS~1\Temp\sysnet.exe
c:\windows\system32\dfjdyq.exe
C:\Program Files\almr\wait.exe
C:\Program Files\Media Gateway\MediaGateway.exe
C:\Program Files\180searchassistant\salm.exe
C:\WINDOWS\System32\ea16amr5.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\WINDOWS\System32\w?nspool.exe
Be very careful to kill the process with the ? in it and NOT the legit winspool.exe

While in Safe Mode, select the following with HijackThis.
With all windows (including this one!) closed (close browser/explorer windows), please select "fix.”

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.viewpornkey.com
R3 - URLSearchHook: (no name) - _{77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll
O2 - BHO: Shorty - {11A4CA8C-A8B9-49c2-A6D3-3F64C9EEBAE6} - C:\Program Files\DNS\Catcher.dll
O2 - BHO: SABHO - {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - c:\program files\180searchassistant\salmhook.dll
O2 - BHO: RichEditor Class - {F79A2C4B-8776-4ED7-8B2F-4786A4A3500A} - C:\WINDOWS\System32\richedtr.dll
O4 - HKLM\..\Run: [richup] C:\WINDOWS\System32\richup.exe
O4 - HKLM\..\Run: [HVl Services] hvlsvc32.exe
O4 - HKLM\..\Run: [Sysnet] C:\DOCUME~1\Abbiy\LOCALS~1\Temp\sysnet.exe
O4 - HKLM\..\Run: [lmvgf] C:\WINDOWS\lmvgf.exe
O4 - HKLM\..\Run: [dcz] C:\WINDOWS\dcz.exe
O4 - HKLM\..\Run: [ppmlmtj] c:\windows\system32\dfjdyq.exe r
O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe
O4 - HKLM\..\Run: [salm] c:\program files\180searchassistant\salm.exe
O4 - HKLM\..\Run: [bgb] C:\WINDOWS\bgb.exe
O4 - HKLM\..\Run: [ea16amr5] C:\WINDOWS\System32\ea16amr5.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-58-12-0000093.exe
O4 - HKCU\..\Run: [Aahm] C:\Program Files\abir\thmt.exe
O4 - HKCU\..\Run: [uqki] C:\PROGRA~1\COMMON~1\uqki\uqkim.exe
O4 - HKCU\..\Run: [Tsbw] C:\Program Files\almr\wait.exe
O4 - HKCU\..\Run: [Itvauql] C:\WINDOWS\System32\w?nspool.exe
O4 - HKCU\..\Run: [HVl Services] hvlsvc32.exe
O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Documents and Settings\Abbiy\Local Settings\Temp\{B674100F-3B65-4852-BBB4-12574228FEBE}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O15 - Trusted Zone: *.admin2cash.biz
O15 - Trusted Zone: *.private-dialer.biz
O15 - Trusted Zone: *.private-iframe.biz
O15 - Trusted Zone: *.traffic2cash.biz
O16 - DPF: {11111111-1111-1111-1111-113108567842} - mhtml:file://C:NO_SUCH_MHT.MHT!http://www.easywww.info/safe/payloadexe.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAcc...Bridge-c139.cab
O16 - DPF: {233036C5-6847-5227-DF30-666708D9A2BE} - http://67.19.178.86/1/rdgCA1742.exe
O16 - DPF: {253DD920-D105-1752-B520-70276D1CB196} - http://67.19.178.86/1/rdgCA1742.exe
O16 - DPF: {35B73B29-9F89-789B-3C69-047C4A7CB42F} - http://67.19.178.86/1/rdgCA1742.exe
O16 - DPF: {457E7C97-5E70-58BA-EA18-70067BFD0929} - http://67.19.178.86/1/rdgCA1742.exe
O16 - DPF: {492C5357-94E3-1BF9-34FE-4DCE27FAC14E} - http://67.19.178.86/1/rdgCA1742.exe
O16 - DPF: {5558463D-624A-028B-C58D-43FC261F9C67} - http://67.19.178.86/1/rdgCA1742.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/080ed15eda402c...ip/RdxIE601.cab
O16 - DPF: {79AB5CDF-4B4F-466A-DEA5-7CC2756B3340} - http://67.19.178.86/1/rdgCA1742.exe
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180searchassistant.com/180saax.cab
O23 - Service: Windows Process Moniter - Unknown owner - C:\WINDOWS\winmon.exe



*******************************************

Next, we're going on a file hunt.
Go to My Computer and double-click C.
Go to the Tools menu and select 'Folder Options'.
On the 'View' tab select 'show hidden files and folders' and deselect (uncheck) 'hide protected operating system files (recommended)'.

Find and delete each of the following. If you can't delete an item, right-click it and click properties. Make sure 'read-only' is unchecked.
If you still can't delete something, right-click it and rename it to a random word. Then drag the item to a different location. Try deleting it now. If you still can't, be sure to let me know.

Delete the following files/folders in bold (Do not be concerned if they do not exist)

C:\WINDOWS\System32\hvlsvc32.exe <==file
C:\Program Files\almr\wait.exe <==file
C:\WINDOWS\nem220.dll <==file
C:\Program Files\DNS\Catcher.dll <==file
c:\program files\180searchassistant\ <==folder
C:\WINDOWS\System32\richedtr.dll <==file
C:\WINDOWS\System32\richup.exe <==file
C:\DOCUME~1\Abbiy\LOCALS~1\Temp\sysnet.exe <==file
C:\WINDOWS\lmvgf.exe <==file
C:\WINDOWS\dcz.exe <==file
c:\windows\system32\dfjdyq.exe <==file
C:\Program Files\Media Gateway\ <==folder
C:\WINDOWS\bgb.exe <==file
C:\WINDOWS\System32\ea16amr5.exe <==file
C:\Program Files\Internet Optimizer\ <==folder
C:\Program Files\Common Files\mc-58-12-0000093.exe <==file
C:\Program Files\abir\thmt.exe <==file
C:\PROGRA~1\COMMON~1\uqki\ <==folder
C:\Program Files\almr\wait.exe <==file
C:\WINDOWS\System32\w?nspool.exe <==file Be very careful to delete the file with the ? in it and NOT the legit winspool.exe



*******************************************


Let's empty the temp files:

Download CCleaner and install it. (default location is best).
Select the Windows Tab, Run CCleaner ,(click Run Cleaner (bottom right) then, when it finishes scanning click Exit.)
When you see "Complete" on the top line, it's done. It's very fast.

I recommend that you DO NOT run anything under the Issues button and the Applications Tab. To prevent accidently running the Issues Tab and Applicatons tabs, clear all check boxes are under them.

*******************************************



Download, update and run the free A2 (A squared) anti-trojan

Let it fix whatever it wants to. Save the log file by clicking on "Save HTML-Report".

*******************************************



I know you may have anti-virus software, but sometimes its definitions are corrupted due to malware. Online scans are the best resort in this case.
Run this pc through the
Trend Micro Housecall Online virus scanner (Beta)
or
Panda Scan Online virus scanner

Let it fix whatever it wants to.

*******************************************

Finally, reboot and post a new Hijackthis log, and tell me how your computer is running.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users