Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Homepage Switched


  • This topic is locked This topic is locked
22 replies to this topic

#1 perplexed22

perplexed22

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Local time:01:04 AM

Posted 01 November 2005 - 07:20 PM

Hi, my homepage has been changed and I cannot switch it back through the normal way.

Here's my HJT log. Thanks!

Logfile of HijackThis v1.99.1
Scan saved at 6:18:16 PM, on 11/1/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\svchop.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\My Documents\Desktop Fixers\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://C:\WINDOWS\system32\shdochop.dll/defaultASX.htm#privacy_API;
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {E738C6A5-3A2F-F02D-4D80-960CA934569F} - C:\WINDOWS\mfclx.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [IEXPLORE.EXE] C:\Program Files\Internet Explorer\IEXPLORE.EXE
O4 - HKLM\..\Run: [appjx32.exe] C:\WINDOWS\appjx32.exe
O4 - HKLM\..\Run: [apilr32.exe] C:\WINDOWS\system32\apilr32.exe
O4 - HKLM\..\Run: [FH] C:\WINDOWS\system32\svchop.exe home
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: OSA.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1120413433848
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O23 - Service: Remote Procedure Call (RPC) Helper ( 11F#`I) - Unknown owner - C:\WINDOWS\system32\atlcd32.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

BC AdBot (Login to Remove)

 


#2 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:09:04 AM

Posted 02 November 2005 - 01:13 AM

Hello and welcome to BC! :thumbsup:

Please print these instructions out, or write them down, as you can't read them during the fix.

You have a nasty CoolWebSearch infection. First we will need to download a few tools that will help us in the removal of your problem.

Download about:buster by RubbeRDuckY Here.
Download CWShredder Here.
Download SpSeHjfix Here.
Download and install CleanUp! Here

Save all of these files somewhere you will remember like to the Desktop.

Unzip SpSeHjfix to its own folder (ie c:\SpSeHjfix)

Unzip CWShredder to its own folder (ie c:\CWShredder)

Unzip AboutBuster to its own folder (ie c:\Aboutbuster)

Run the CleanUp! installer. You dont need to do anything with it right now.

Update About:Buster
  • Unzip the contents of AboutBuster.zip and an AboutBuster directory will be created.
  • Navigate to the AboutBuster directory and double-click on AboutBuster.exe.
  • Click "OK" at the prompt with instructions.
  • Click "Update" and then "Check For Update" to begin the update process.
  • If any updates exist please download them by clicking "Download Update" then click the X to close that window.
  • Now close About:Buster
Update CWShredder
  • Open CWShredder and click I AGREE
  • Click Check For Update
  • Close CWShredder
Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.


Please run about:buster by RubbeRDuckY:
  • Click Start and then OK to allow AboutBuster to scan for Alternate Data Streams.
  • Click Yes to allow it to shutdown explorer.exe.
  • It will begin to check your computer for malicious files. If it asks if you would like to do a second pass, allow it to do so.
  • When it has finished, click Save Log. Make sure you save it as I may need a copy of it later.
  • Reboot your computer into safe mode again
Run about:buster again following the same instructions as above, this time without the restart at the end

Now run CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about.

Now run SpSeHjfix. A log will be saved in the same folder that you put the exe into. Please post the results of that log in your next reply.

Now run the CleanUp program:

*IMPORTANT NOTE*
CleanUp deletes EVERYTHING out of your temp/temporary folders, it does not make backups.
If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp

Running CleanUp
  • Start CleanUp by double-clicking the icon on your desktop (or from the Start > All Programs menu).
  • When CleanUp starts go to the Options button (right side of CleanUp screen)
  • Move the arrow down to "Custom CleanUp!"
  • Now place a checkmark next to the following (Make sure nothing else is checked!):
    • Delete Cookies
      This is optional, if you leave the box checked it will remove all of your cookies, at this point removing cookies is a good idea
    • Empty Recycle Bins
    • Delete Prefetch files
    • Cleanup! All Users
  • Click OK
  • Then click on the CleanUp button. This will take a short while, let it do its thing.
  • When asked to reboot system select No
  • Close CleanUp
After all that, please post back with how things went as well as the logs requested and a new HiJackThis log. :flowers:
Hi there, stranger!

#3 perplexed22

perplexed22
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Local time:01:04 AM

Posted 04 November 2005 - 07:21 PM

Hi,

I just downloaded all of the programs today and about:buster and CWShredder did not update. I think about:buster said "critical error" up in the top bar of the window and then inside the window it said something to the efftect that it could not update.

Anyway, so I clicked on the link to download about:buster but none of the things you said would happen did. Like it never asked to shut down explorer.exe and it didn't ask to do a second pass and there was no "save log." I don't know why though because I'm sure the program I used is exactly from the link. So, I ran it three times in a row and it said "No Ads Found!" and then it said something after that the other times but after I rebooted and did it again i wrote down what it said after it was done scanning and I closed out the window. It said "comctl32.ocx or one of its components was not correctly registered: a file is missing or invalid."

Here is the log from the SpSeHjfix. I think I ran it maybe three times because it didn't seem like it did anything seeing as how it took like 2 seconds.

The HJT log is right after. Thanks!


(11/4/05 5:45:30 PM) SPSeHjFix started v1.1.2
(11/4/05 5:45:30 PM) OS: WinXP Service Pack 1 (5.1.2600)
(11/4/05 5:45:30 PM) Language: english
(11/4/05 5:45:30 PM) Win-Path: C:\WINDOWS
(11/4/05 5:45:30 PM) System-Path: C:\WINDOWS\System32
(11/4/05 5:45:30 PM) Temp-Path: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\
(11/4/05 5:45:34 PM) Disinfection started
(11/4/05 5:45:34 PM) Bad-Dll(IEP): (not found)
(11/4/05 5:45:34 PM) Bad-Dll(IEP) in BHO: (not found)
(11/4/05 5:45:34 PM) UBF: 4 - UBB: 0 - UBR: 7
(11/4/05 5:45:34 PM) UBF: 4 - UBB: 0 - UBR: 7
(11/4/05 5:45:34 PM) Bad IE-pages: (none)
(11/4/05 5:45:34 PM) Stealth-String not found
(11/4/05 5:45:34 PM) Not infected->END


(11/4/05 5:46:28 PM) SPSeHjFix started v1.1.2
(11/4/05 5:46:28 PM) OS: WinXP Service Pack 1 (5.1.2600)
(11/4/05 5:46:28 PM) Language: english
(11/4/05 5:46:28 PM) Win-Path: C:\WINDOWS
(11/4/05 5:46:28 PM) System-Path: C:\WINDOWS\System32
(11/4/05 5:46:28 PM) Temp-Path: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\


(11/4/05 5:46:38 PM) SPSeHjFix started v1.1.2
(11/4/05 5:46:38 PM) OS: WinXP Service Pack 1 (5.1.2600)
(11/4/05 5:46:38 PM) Language: english
(11/4/05 5:46:38 PM) Win-Path: C:\WINDOWS
(11/4/05 5:46:38 PM) System-Path: C:\WINDOWS\System32
(11/4/05 5:46:38 PM) Temp-Path: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\
(11/4/05 5:46:41 PM) Disinfection started
(11/4/05 5:46:41 PM) Bad-Dll(IEP): (not found)
(11/4/05 5:46:41 PM) Bad-Dll(IEP) in BHO: (not found)
(11/4/05 5:46:41 PM) UBF: 4 - UBB: 0 - UBR: 7
(11/4/05 5:46:41 PM) UBF: 4 - UBB: 0 - UBR: 7
(11/4/05 5:46:41 PM) Bad IE-pages: (none)
(11/4/05 5:46:41 PM) Stealth-String not found
(11/4/05 5:46:41 PM) Not infected->END




Logfile of HijackThis v1.99.1
Scan saved at 6:20:08 PM, on 11/4/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchop.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Documents and Settings\My Documents\Desktop Fixers\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdochop.dll/blank.html
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {E738C6A5-3A2F-F02D-4D80-960CA934569F} - C:\WINDOWS\mfclx.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [IEXPLORE.EXE] C:\Program Files\Internet Explorer\IEXPLORE.EXE
O4 - HKLM\..\Run: [appjx32.exe] C:\WINDOWS\appjx32.exe
O4 - HKLM\..\Run: [apilr32.exe] C:\WINDOWS\system32\apilr32.exe
O4 - HKLM\..\Run: [FH] C:\WINDOWS\system32\svchop.exe home
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: OSA.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1120413433848
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

#4 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:09:04 AM

Posted 05 November 2005 - 09:18 AM

Hi,

ok, let's do this..

Please download cureit;
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Run drweb - cureit
Double-click the "drweb-cureit.exe" and click "ok" in the prompt window that will open, asking "start the express scan now".
It will first make a quick scan of your system, let it clean what it finds, and when it says "done" in the lower left corner click on all your drive's.
A red dot will mark the selected drive(s) . Then hit the pedestrian who now has turned green.
Click on the green man in the right corner, it will scan ALL your drive's, hit yes to all.

Reboot.

Next;

Please do an online scan with Kaspersky WebScanner

Next Click on Launch Kaspersky Anti-Virus Web Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Standard
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This program will start to scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Hi there, stranger!

#5 perplexed22

perplexed22
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Local time:01:04 AM

Posted 05 November 2005 - 04:03 PM

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Saturday, November 05, 2005 15:00:36
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 5/11/2005
Kaspersky Anti-Virus database records: 148758
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 27762
Number of viruses found: 8
Number of infected objects: 31
Number of suspicious objects: 3
Duration of the scan process: 3856 sec

Infected Object Name - Virus Name
C:\Program Files\Norton AntiVirus\Quarantine\154660B8.htm.mwt Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\1B3F7471.htm.mwt Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\1D422B87.tmp.mwt Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\268E68EA.ani.mwt Suspicious: Exploit.Win32.IMG-ANI.c
C:\Program Files\Norton AntiVirus\Quarantine\292D7EC2.htm.mwt Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\3F996A9C.htm.mwt Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\43BC7CC0.jar.mwt/BlackBox.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\43BC7CC0.jar.mwt/VerifierBug.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\43BC7CC0.jar.mwt/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Program Files\Norton AntiVirus\Quarantine\43BC7CC0.jar.mwt Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Program Files\Norton AntiVirus\Quarantine\4DDB7743.jar.mwt/BlackBox.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\4DDB7743.jar.mwt/VerifierBug.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\4DDB7743.jar.mwt/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Program Files\Norton AntiVirus\Quarantine\4DDB7743.jar.mwt Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Program Files\Norton AntiVirus\Quarantine\4E8724FE.jar.mwt/BlackBox.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\4E8724FE.jar.mwt/VerifierBug.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\4E8724FE.jar.mwt/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Program Files\Norton AntiVirus\Quarantine\4E8724FE.jar.mwt Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Program Files\Norton AntiVirus\Quarantine\4F19625B.jar.mwt/BlackBox.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\4F19625B.jar.mwt/VerifierBug.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\4F19625B.jar.mwt/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Program Files\Norton AntiVirus\Quarantine\4F19625B.jar.mwt Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Program Files\Norton AntiVirus\Quarantine\4F3433A0.htm.mwt Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\539A023D.htm.mwt Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\54761EB2.htm.mwt Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\61B45C20.htm.mwt Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\697F59EC Infected: Virus.Win32.Nsag.a
C:\Program Files\Norton AntiVirus\Quarantine\76062AAD.jar.mwt/BlackBox.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\76062AAD.jar.mwt/VerifierBug.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\76062AAD.jar.mwt/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Program Files\Norton AntiVirus\Quarantine\76062AAD.jar.mwt Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\q641387.exe Infected: Trojan-Downloader.Win32.Small.bri
C:\System Volume Information\_restore{C7B0D66D-6343-4700-85BB-F8F9DA2D0600}\RP40\A0004810.exe Infected: Trojan-Downloader.Win32.Small.bit
C:\WINDOWS\n_ttmuma.txt Infected: Trojan-Downloader.Win32.Agent.bc

Scan process completed.

#6 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:09:04 AM

Posted 05 November 2005 - 04:41 PM

Ok, good job.

First navigate to, and delete the following file:

C:\WINDOWS\n_ttmuma.txt

Empty recycle bin. Next:
  • Open HiJackThis
  • Click on the configure button on the bottom right
  • Click on the tab "Misc Tools"
  • Click on "Delete File on Reboot"
  • Navigate to this file - C:\q641387.exe
  • Double click on that file.
  • HJT asks you if you want to reboot, now. Click "Yes".
Post a fresh HijackThis log. :thumbsup:
Hi there, stranger!

#7 perplexed22

perplexed22
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Local time:01:04 AM

Posted 05 November 2005 - 08:14 PM

Logfile of HijackThis v1.99.1
Scan saved at 7:12:32 PM, on 11/5/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\My Documents\Desktop Fixers\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdochop.dll/blank.html
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {E738C6A5-3A2F-F02D-4D80-960CA934569F} - C:\WINDOWS\mfclx.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [IEXPLORE.EXE] C:\Program Files\Internet Explorer\IEXPLORE.EXE
O4 - HKLM\..\Run: [appjx32.exe] C:\WINDOWS\appjx32.exe
O4 - HKLM\..\Run: [apilr32.exe] C:\WINDOWS\system32\apilr32.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kav...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1120413433848
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

#8 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:09:04 AM

Posted 06 November 2005 - 03:08 AM

Ok.

Please print these instructions out, or write them down, as you can't read them during the fix.

Update Ewido Security Suite to the latest definitions.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.


Now open Ewido and do a scan of your system.
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • Clean anything it finds.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.
Close Ewido.

Reboot back into normal mode and post the log :thumbsup:
Hi there, stranger!

#9 perplexed22

perplexed22
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Local time:01:04 AM

Posted 06 November 2005 - 12:14 PM

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 11:06:16 AM, 11/6/2005
+ Report-Checksum: 7AF00EF4

+ Scan result:

HKLM\SOFTWARE\Classes\BHOmod.BHOmodObj\CLSID\\ -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\BHOmod.BHOmodObj.1\CLSID\\ -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8B0B6F79-C50D-4ea6-8F65-BDF18005DE20}\TypeLib\\ -> Spyware.2020Search : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{9769272F-6F27-441E-B5A7-D784C10CACE6}\TypeLib\\ -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX\CLSID\\ -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX.1\CLSID\\ -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Update\{357A87ED-3E5D-437d-B334-DEB7EB4982A3} -> Trojan.Agent.eo : Cleaned with backup
HKU\S-1-5-21-1292428093-688789844-1060284298-500\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Cleaned with backup


::Report End

#10 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:09:04 AM

Posted 07 November 2005 - 09:28 AM

Lot better :thumbsup:

Please do an online virus scan with Panda ActiveScan Here. You need to use Internet Explorer for this scan.
  • Once you get to the Panda site, scroll down a bit and click on Scan your PC
  • A new window will appear; click on Check Now!
  • A new window will appear; fill in the boxes (Country, State, email addy)
  • Click on Scan Now! >
    If you have never used ActiveScan before, you will be prompted to install an ActiveX control (asinst.cab) : click on Install. Panda will install the component, and then install the latest signature files.
  • From "Select a device to scan...", choose "My Computer"
  • Allow the scan to run. It'll take a while.
  • When complete, click on "See Report", and then on "Save report"; save it to a convenient location.
  • I will need you to post that report in your next reply; simply open the text file, then copy/paste the content here.

Hi there, stranger!

#11 perplexed22

perplexed22
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Local time:01:04 AM

Posted 09 November 2005 - 07:40 AM

I did all the steps but when I click on "my computer" to scan, nothing happens. I waited overnight last night for it to do something, but it never did.

#12 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:09:04 AM

Posted 09 November 2005 - 08:22 AM

Hi again.. Let's do something else then:

I need you to download MWav to a convenient location.

This scan might take around 3+ hours to finish when set to scan everything.
I need you to run MWav by double-clicking on mwav.exe.
Put a check next to the below items before scanning:
  • Memory
  • Startup Folders
  • Drive - All Local Drives
  • Folder - then click "browse" to change the directory to C: (default is C:\Windows)
  • Registry
  • System Folders
  • Services
  • Include Sub-Directory
  • Scan All Files
Please make sure ALL of these are checked, then press the Scan button. This typically will take hours to complete.

**NOTE*** Sometimes MWav will pause and it appears to be finished, but it isn't done. Just let it run until it says it's complete.

On the bottom portion of the window, you will see the lower panel where MWav is listing "infected items". When it's done scanning, please highlight everything in that lower panel and copy them by holding CTRL + C then paste it here. The whole log will be extremely BIG so there is no way to post the log. I just need the infected items list.
Hi there, stranger!

#13 perplexed22

perplexed22
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Local time:01:04 AM

Posted 09 November 2005 - 09:10 PM

Object "searchmaid hijacker Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "alexa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "istbar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "cws.loadadv.400 Browser Hijacker" found in File System! Action Taken: No Action Taken.
Object "aurora Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "cws.loadadv.400 Browser Hijacker" found in File System! Action Taken: No Action Taken.
Object "cws.loadadv.400 Browser Hijacker" found in File System! Action Taken: No Action Taken.
Object "cws.loadadv.400 Browser Hijacker" found in File System! Action Taken: No Action Taken.
Object "cws.loadadv.401 Browser Hijacker" found in File System! Action Taken: No Action Taken.
Object "180solutions Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "cws.loadadv.401 Browser Hijacker" found in File System! Action Taken: No Action Taken.
Object "cws.loadadv.400 Browser Hijacker" found in File System! Action Taken: No Action Taken.
Object "weatherbug Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "redv Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "redv Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\MSXML3A.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\RdxIE.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\Real\GToolbar\BarControl.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\rununinstall.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\CONFLICT.1\rununinstall.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\BridgeX.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\camera.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\MediaAccX.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\inst2.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\Advchk.exe" refers to invalid object "C:\Program Files\Norton AntiVirus\AdvTools\Advchk.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\cmmgr32.exe" refers to invalid object "C:\WINDOWS\System32\cmmgr32.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\Message in a Haunted Mansion" refers to invalid object "C:\Nancy Drew\Message in a Haunted Mansion\Message in a Haunted Mansion". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\mplayer2.exe" refers to invalid object ""C:\Program Files\Windows Media Player\mplayer2.exe"". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\All Users\Start Menu\Programs\iPod\iPod Updater 2004-08-06\". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".2". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".nt". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".pf". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sav". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sig". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".tmp". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".wks". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".zoo". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".[1]". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".[2]". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "70tovmto". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "AltnetDM". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "BargainBuddy". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "BMSE dbl". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Browser Helper". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "DownloadWare". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "eZula". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "HSA". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "IE Help". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "IEC system". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "InstallShield_{00FC6799-866E-44A1-A60C-DCF394CF56FD}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Internet Optimizer". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Internet Optimizer Active Alert". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Internet Optimizer Software Installer". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB842773". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB873333". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB888113". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB888302". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB890859". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB891781". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB893066". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB893086". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "NaviSearch". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "P2P Networking". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Recommended Hotfix - 421701D". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "salm". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "SE". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "SE Assistant". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "SE Help". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Search Function". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Sidebar Search". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "SW". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "untopr1150". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Virtual MaidVirtual Maid". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "wcmdmgr.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Wind Updates". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Windows SR 2.0". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "WinTools". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "WSEM Update". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "wtdmmp". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "wtwebdriver". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{2727FBEF-3155-11D4-8F73-0050DA0F6297}". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{04921709-B159-11d1-9207-0000F8758E66}" refers to invalid object "C:\WINDOWS\System32\dxtmsft3.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0A4286EA-E355-44FB-8086-AF3DF7645BD9}" refers to invalid object "C:\PROGRA~1\WINDOW~2\wmpband.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0AA02E8D-F851-4CB0-9F64-BBA9BE7A983D}" refers to invalid object "C:\Program Files\Windows Media Player\mpvis.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0F1BD18B-A09F-2B1D-72B5-FD6C5B756181}" refers to invalid object "C:\WINDOWS\appot.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{141DBAF1-55FB-11D1-B83E-00A0C933BE86}" refers to invalid object "C:\WINDOWS\System32\dxtmsft3.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1E011311-07E0-11D0-97E0-00A024CF05D1}" refers to invalid object "C:\PROGRA~1\MathSoft\STUDYW~1\QUEUEMGR.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{21C8DFA4-B035-F7B9-5BB4-A395AE8BC97E}" refers to invalid object "C:\WINDOWS\winsu32.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{22A88341-AFCB-45F0-A856-C2BAE74F878E}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\inst2.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{23A83ED8-18DC-4D1B-9337-5D740C332BB5}" refers to invalid object "C:\WINDOWS\System32\sdpblb373h.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2B36B033-9619-F69B-7916-CABB49D9D493}" refers to invalid object "C:\WINDOWS\system32\msdm32.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2B49B7B5-AFC2-F0B4-1A23-B344B04DA997}" refers to invalid object "C:\WINDOWS\javaof32.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{32EE3805-F743-4A9A-991B-9DC1A3622794}" refers to invalid object "C:\WINDOWS\crlg.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{3A5EA1BA-3C28-11D1-9039-00C04FD9189D}" refers to invalid object "C:\WINDOWS\System32\dxtmsft3.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{3FAB4955-E444-6893-D427-11550982293C}" refers to invalid object "C:\WINDOWS\System32\vlfexigw.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{402097FC-59F7-9FD3-EC0D-88EA0363B911}" refers to invalid object "C:\WINDOWS\system32\crvl.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{41cac831-2e0a-4c66-9a6c-22cbd2ab1689}" refers to invalid object "C:\PROGRA~1\AIMGAM~1\LEXIBO~1\game.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{4280CF27-C5B5-A3C7-B70A-D9FB76475A20}" refers to invalid object "C:\WINDOWS\atlmu32.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{53707962-6F74-2D53-2644-206D7942484F}" refers to invalid object "C:\PROGRA~1\SPYBOT~2\SDHelper.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{54D9498B-CF93-414F-8984-8CE7FDE0D391}" refers to invalid object "C:\Program Files\ewido\security suite\shellhook.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{56336BCA-3D8A-11d6-A00B-0050DA18DE71}" refers to invalid object "C:\DOCUME~1\TOMHAN~1\LOCALS~1\Temp\InfoWindow.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5B30B79D-8735-D27E-9DCB-696F7BA9AD19}" refers to invalid object "C:\WINDOWS\netau32.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{68C2B05C-6FD7-A25A-1A44-6BEDAC7CC212}" refers to invalid object "C:\WINDOWS\system32\ipob32.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{69EE49C5-6268-11D1-B83E-00A0C933BE86}" refers to invalid object "C:\WINDOWS\System32\dxtmsft3.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6A44E44A-FDF5-F4A9-F321-CB601544CC72}" refers to invalid object "C:\WINDOWS\sdkcr32.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6F6D532E-766B-2A96-BFA4-56181BB5872B}" refers to invalid object "C:\WINDOWS\system32\crxl32.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{77B2F8DE-CB3F-4b6b-839B-807DD1ADBA1C}" refers to invalid object "C:\PROGRA~1\VIRTUA~1\VIRTUA~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{8B0B6F79-C50D-4ea6-8F65-BDF18005DE20}" refers to invalid object "C:\PROGRA~1\VIRTUA~1\VIRTUA~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{90b5e2e1-5050-11d1-b83e-00a0c933be86}" refers to invalid object "C:\WINDOWS\System32\dxtmsft3.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{945F5842-3A8D-11D1-9037-00C04FD9189D}" refers to invalid object "C:\WINDOWS\System32\dxtmsft3.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{94E03510-31B9-47a0-A44E-E932AC86BB17}" refers to invalid object ""C:\Program Files\Windows Media Player\wmlaunch.exe"". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A5E8F9C0-DC65-46F7-AC4F-FCA037137BF6}" refers to invalid object "C:\WINDOWS\system32\cred32.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{AEE3E4A8-EF01-4024-A0F1-809D9B096E14}" refers to invalid object ""C:\Program Files\Windows Media Player\WMPEnc.exe"". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{AF6A40FF-392B-13E7-A214-5868C38F3AC3}" refers to invalid object "C:\WINDOWS\sysap.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B81848F3-69A6-86C8-A5F6-C25DF8FB1C3B}" refers to invalid object "C:\WINDOWS\system32\ntzu.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BB232368-89D6-D32C-AA6D-D7E7E4F9BAC8}" refers to invalid object "C:\WINDOWS\system32\winke.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C0B664FE-B05A-8BB3-3679-FD2AC5CE6167}" refers to invalid object "C:\WINDOWS\system32\atlcd32.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C14764FB-7729-E4FA-2318-1BFFA53FABD5}" refers to invalid object "C:\WINDOWS\atljt32.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C766F605-364A-1930-FDF7-A3F3C2E2D30D}" refers to invalid object "C:\WINDOWS\system32\mfcfm.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{CC3BE6B4-B64A-ABBF-52CD-6A22DC1C9320}" refers to invalid object "C:\WINDOWS\d3py32.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D284B257-C15D-70AF-66BE-6D507A958BD2}" refers to invalid object "C:\WINDOWS\javaej.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D80D3DFA-C37F-847B-A15D-D7EA3197E6CD}" refers to invalid object "C:\WINDOWS\syswb32.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{daa873d4-958c-453c-81ca-3fe6f3676a87}" refers to invalid object "C:\WINDOWS\System32:traa.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E0AE89E6-0065-8993-DABF-A0DE398D6009}" refers to invalid object "C:\WINDOWS\ipik32.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E681802B-1736-B81C-675D-4D0FBFA99125}" refers to invalid object "C:\WINDOWS\system32\sysuk32.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E738C6A5-3A2F-F02D-4D80-960CA934569F}" refers to invalid object "C:\WINDOWS\mfclx.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E97149FC-FABF-5681-0D84-4D5A325A00C3}" refers to invalid object "C:\WINDOWS\winez32.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F30B480F-9AF5-E869-0157-2A5DD7B575B8}" refers to invalid object "C:\WINDOWS\ntwi32.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F3EBA98D-7880-AB75-7063-EB55AB543AAF}" refers to invalid object "C:\WINDOWS\crsk32.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{FA5FFA54-A8EC-0B87-647C-966E2F8E621F}" refers to invalid object "C:\WINDOWS\netqi32.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{FC2AAD0F-D03A-453b-91A6-77CADEE26282}" refers to invalid object "C:\PROGRA~1\WINDOW~2\wmpvis.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{25993AFE-AC76-47BD-B1F2-C4756B0DDAE6}" refers to invalid object "C:\Program Files\AIM Toolbar\AIMBar.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{2D480C2F-44A5-4916-A951-7042163EA63E}" refers to invalid object "C:\Program Files\Windows Media Player\wmpvis.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{3C2D2A1E-031F-4397-9614-87C932A848E0}" refers to invalid object "C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{4F3AF32D-257D-42C1-B2F7-F8070CE4C26E}" refers to invalid object "C:\DOCUME~1\TOMHAN~1\LOCALS~1\Temp\Word8.0\ShockwaveFlashObjects.exd". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{7399D076-ECA7-4A82-B6AF-3FDB25C913A9}" refers to invalid object "C:\Program Files\AIM Games\Lexibox Deluxe\game.exe". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{7AF322C5-AB43-11D4-A00B-0050DA18DE71}" refers to invalid object "C:\DOCUME~1\TOMHAN~1\LOCALS~1\Temp\InfoWindow.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{99834DC4-FD53-4317-8A14-B318F706A9D9}" refers to invalid object "C:\DOCUME~1\TOMHAN~1\LOCALS~1\Temp\Word8.0\MSForms.exd". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{9EA07085-07A2-451E-B1CD-56668B441A10}" refers to invalid object "C:\DOCUME~1\TOMHAN~1\LOCALS~1\Temp\Word8.0\ShockwaveFlashObjects.exd". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{A137EF16-7BAA-4D2D-8BFD-7FCE6D5A1D57}" refers to invalid object "C:\Program Files\Windows Media Player\WMPEnc.exe". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{A7052879-029A-4C40-92F9-6E6181F94FE6}" refers to invalid object "C:\DOCUME~1\TOMHAN~1\LOCALS~1\Temp\Word8.0\MSForms.exd". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{A77BE2B4-B625-4847-BEDA-ED150F206E69}" refers to invalid object "C:\DOCUME~1\TOMHAN~1\LOCALS~1\Temp\Word8.0\MSForms.exd". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{AAAC38BC-EA36-4410-9FD6-B27E7C1DE4F6}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\inst2.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{B6DD1ED6-573F-40FD-99A1-F28D8BF23916}" refers to invalid object "C:\PROGRA~1\WINDOW~2\wmpband.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{BF7A08F0-7B26-471F-BC89-1C4C6B36BE6D}" refers to invalid object "C:\DOCUME~1\TOMHAN~1\LOCALS~1\Temp\Word8.0\ShockwaveFlashObjects.exd". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{C1BAC740-8F0B-11D0-89E7-00C0A8295197}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\camera.ocx". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{C58F1580-0DF3-401C-93B1-2D9DDA61CF04}" refers to invalid object "C:\Program Files\Windows Media Player\mpvis.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{D72EC833-A24A-4A71-8BE1-31C224629287}" refers to invalid object "C:\WINDOWS\wt\webdriver\WTHost.exe". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{F8209D9F-D73B-49D5-BD13-055CA660B815}" refers to invalid object "C:\Program Files\ewido\security suite\shellhook.dll". Action Taken: No Action Taken.
Entry "HKCR\.sll" refers to invalid object "SSLFile". Action Taken: No Action Taken.
Entry "HKCR\.SV4" refers to invalid object "Rol". Action Taken: No Action Taken.
Entry "HKCR\cid_auto_file\shell\open\command" refers to invalid object ""E:\Setup.exe" "%1"". Action Taken: No Action Taken.
Entry "HKCR\Connection Manager Profile\shell\open\command" refers to invalid object "C:\WINDOWS\System32\CMMGR32.EXE "%1"". Action Taken: No Action Taken.
Entry "HKCR\DKIBand.DKIBandObj" refers to invalid object "{40D41A8B-D79B-43d7-99A7-9EE0F344C385}". Action Taken: No Action Taken.
Entry "HKCR\DKIBand.DKIBandObj.1" refers to invalid object "{40D41A8B-D79B-43d7-99A7-9EE0F344C385}". Action Taken: No Action Taken.
Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken.
Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Entry "HKCR\msbackupfile\shell\open\command" refers to invalid object "%SystemRoot%\system32\ntbackup.exe". Action Taken: No Action Taken.
Entry "HKCR\Plenoptic.Plenoptic" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
Entry "HKCR\Plenoptic.Plenoptic.1" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
Entry "HKCR\vnd.ms.radio\shell\open\command" refers to invalid object ""C:\Program Files\Windows Media Player\mplayer2.exe" "%L"". Action Taken: No Action Taken.
Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr.1" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
File C:\WINDOWS\System32\70tovmto.ini tagged as "not-a-virus:AdWare.Win32.Sahat.ao". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\000C32D4.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\001206CD.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0090759C.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\00C807A9.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\018B6CDB.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\01A45631.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\02914323.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\02E23ACD.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\02E34ACA.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\02E80EC5.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\02EA1EC2.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\034D0138.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\03512B34.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\03516257.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\03540C53.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\03787F4A.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\03DC77AB.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\03F84D53.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\03FF214C.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\041933BA.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\041C5DB7.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\046D70A5.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\047A4F10.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\047E790C.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\048244C0.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\04BA63AD.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\04C137A6.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\05097A26.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\051F3041.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\055001D2.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\05DF3339.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\061250B5.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\06157AB2.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\069619F5.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\06B26E0A.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\070F01E9.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\07212E46.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\07F72538.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\07FE7931.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\08A02DE4.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\08A457E0.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\08C50FC1.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\08C839BD.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0921350F.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0933587E.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0A547FCD.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0A58409B.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0A5F1494.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0AA75973.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0C9556F8.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0CA82AE4.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0CAB3D2B.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0D3B783E.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0D414C36.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0DB96BBB.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0DBC15B8.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0DC54147.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0DF74C03.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0DFA75FF.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0E122556.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0E893B6B.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0E8C6567.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0EE46871.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0EEA3C6A.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0EF91260.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0EFD3C5C.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0F6B18BF.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0FA061F1.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0FC0757E.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\109516DC.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\109E77FA.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\10A23ECD.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\10CB7A11.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\10E62F4D.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\1101146A.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\11053E66.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\11A0372C.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\11A36129.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\11EA488E.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\11ED70AA.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\12361917.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\12394314.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\12477C69.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\12FF4D57.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\13220EE3.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\13DD0868.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\14306ADB.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\144271D8.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\149F081C.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\14F46383.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\15947E7F.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\1597287B.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\164F7969.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\16AF5150.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\17C33D9B.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\17E43B38.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\17F93223.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\18A060E5.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\19204A0A.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\19271E02.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\199A53CC.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\19ED7D70.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\19F0276C.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\1A9455A1.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\1ABD7F8D.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\1ACD6032.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\1B121472.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\1B2508FB.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\1B2B5CF4.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\1B6F29EE.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\1BDD110C.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\1BE03B09.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\1BF73780.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\1C0504DA.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\1C143918.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\1C176314.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\1C36669F.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\1CD01A90.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\1CD13FF8.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\1CD76E89.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\1D2C5549.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\1D2F7F46.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\1DA97EA8.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\1DAB4EC2.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\1DE72843.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\1E1955FB.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\1E402AB2.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\1E4454AE.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\1E936610.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\1EB413EE.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\1F405E36.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\1F6602DA.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\1F6918D2.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\1F6C42CE.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\200F2539.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\202413BC.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\2055706B.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\20FF1967.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\21034364.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\21460B51.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\21766F2B.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\21791928.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\21952E47.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\21A754A1.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\21AA7E9E.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\22F73BBF.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\23272FFC.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\236A41D9.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\23732BCA.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\237755C6.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\23E52595.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\24AD7F62.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\24B17C69.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\24DD30D0.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\25071016.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\250E640F.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\2589701C.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\258C1A18.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\259763A5.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\260B14F7.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\260E3EF3.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\264E0AB3.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\265134AF.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\26B95636.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\26BD0032.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\270F1220.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\27215549.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\27863D0E.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\279249FF.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\27E44F3B.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\27E77937.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\287E264A.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\28815046.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\29132558.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\29164F54.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\292F79CF.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\294E0513.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\298E69EE.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\299B11E0.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\2A0F53F6.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\2A1627EF.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\2AD33F23.exe tagged as "not-a-virus:AdWare.Win32.HelpExpress". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\2B7D2C4C.exe tagged as "not-a-virus:AdWa

#14 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:09:04 AM

Posted 10 November 2005 - 01:23 AM

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
  • Click the Free Trial link under to "SpySweeper" to download the program.
  • Install it. Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed, click Options on the left side.
  • Click the Sweep Options tab.
  • Under What to Sweep please put a check next to the following:
    • Sweep Memory
    • Sweep Registry
    • Sweep Cookies
    • Sweep All User Accounts
    • Enable Direct Disk Sweeping
    • Sweep Contents of Compressed Files
    • Sweep for Rootkits
    • Please UNCHECK Do not Sweep System Restore Folder.
  • Click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply along with a fresh HijackThis log.

Hi there, stranger!

#15 perplexed22

perplexed22
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Local time:01:04 AM

Posted 10 November 2005 - 07:27 PM

Hi, everything went well. Here are the logs.

********
5:38 PM: | Start of Session, Thursday, November 10, 2005 |
5:38 PM: Spy Sweeper started
5:38 PM: Sweep initiated using definitions version 556
5:38 PM: Starting Memory Sweep
5:44 PM: Memory Sweep Complete, Elapsed Time: 00:05:40
5:44 PM: Starting Registry Sweep
5:44 PM: Found Adware: cws_analyzeie
5:44 PM: HKCR\clsid\{60d75c7f-d119-4a89-b3b3-d8aa07ef3300}\ (ID = 116873)
5:44 PM: HKLM\software\classes\clsid\{60d75c7f-d119-4a89-b3b3-d8aa07ef3300}\ (ID = 116895)
5:44 PM: Found Adware: daosearch
5:44 PM: HKLM\software\microsoft\windows\currentversion\services32\ || _args (ID = 124670)
5:44 PM: HKLM\software\microsoft\windows\currentversion\services32\ || _file (ID = 124671)
5:44 PM: HKLM\software\microsoft\windows\currentversion\services32\ || _folder (ID = 124672)
5:44 PM: Found Adware: dialerplatform
5:44 PM: HKCR\bhomod.bhomodobj.1\ (2 subtraces) (ID = 125124)
5:44 PM: HKCR\bhomod.bhomodobj\ (4 subtraces) (ID = 125125)
5:44 PM: HKLM\software\classes\bhomod.bhomodobj.1\ (2 subtraces) (ID = 125136)
5:44 PM: HKLM\software\classes\bhomod.bhomodobj\ (4 subtraces) (ID = 125137)
5:44 PM: HKLM\software\ptssa\ (3 subtraces) (ID = 125166)
5:44 PM: Found Adware: fastlook hijacker
5:44 PM: HKLM\software\microsoft\windows\currentversion\run\ || iexplore.exe (ID = 126410)
5:44 PM: Found Adware: psguard desktop hijacker
5:44 PM: HKLM\software\microsoft\windows\currentversion\uninstall\internet update\ (2 subtraces) (ID = 136964)
5:44 PM: Found Adware: virtualmaid toolbar
5:44 PM: HKCR\clsid\{8b0b6f79-c50d-4ea6-8f65-bdf18005de20}\ (10 subtraces) (ID = 145585)
5:44 PM: HKCR\clsid\{77b2f8de-cb3f-4b6b-839b-807dd1adba1c}\ (14 subtraces) (ID = 145586)
5:44 PM: HKCR\govm.contextitem.1\ (3 subtraces) (ID = 145589)
5:44 PM: HKCR\govm.contextitem\ (5 subtraces) (ID = 145590)
5:44 PM: HKLM\software\classes\clsid\{8b0b6f79-c50d-4ea6-8f65-bdf18005de20}\ (10 subtraces) (ID = 145592)
5:44 PM: HKLM\software\classes\clsid\{77b2f8de-cb3f-4b6b-839b-807dd1adba1c}\ (14 subtraces) (ID = 145593)
5:44 PM: HKLM\software\classes\govm.contextitem.1\ (3 subtraces) (ID = 145596)
5:44 PM: HKLM\software\classes\govm.contextitem\ (5 subtraces) (ID = 145597)
5:44 PM: HKLM\software\classes\vm.vmobj.1\ (3 subtraces) (ID = 145599)
5:44 PM: HKLM\software\classes\vm.vmobj\ (5 subtraces) (ID = 145600)
5:44 PM: HKCR\vm.vmobj.1\ (3 subtraces) (ID = 145614)
5:44 PM: HKCR\vm.vmobj\ (5 subtraces) (ID = 145615)
5:44 PM: Found Adware: websearch toolbar
5:44 PM: HKLM\software\microsoft\windows\currentversion\uninstall\wintools_adkw\ (4 subtraces) (ID = 146506)
5:44 PM: HKLM\software\microsoft\windows\currentversion\uninstall\wintools_adkw\ || displayname (ID = 146507)
5:44 PM: HKLM\software\microsoft\windows\currentversion\uninstall\wintools_adkw\ || publisher (ID = 146508)
5:44 PM: HKLM\software\microsoft\windows\currentversion\uninstall\wintools_adkw\ || uninstallstring (ID = 146509)
5:44 PM: HKLM\software\microsoft\windows\currentversion\uninstall\wintools_adkw\ || urlinfoabout (ID = 146510)
5:44 PM: HKLM\software\microsoft\windows\currentversion\uninstall\wintools_esies\ (4 subtraces) (ID = 146511)
5:44 PM: HKLM\system\currentcontrolset\enum\root\legacy_wintoolssvc\ (7 subtraces) (ID = 146518)
5:44 PM: Found Adware: winad
5:44 PM: HKLM\software\media access\ (8 subtraces) (ID = 147182)
5:44 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\mediaaccx.dll (ID = 147221)
5:45 PM: HKU\WRSS_Profile_S-1-5-21-1292428093-688789844-1060284298-1008\software\microsoft\internet explorer\urlsearchhooks\ || {87766247-311c-43b4-8499-3d5fec94a183} (ID = 146467)
5:45 PM: Found Adware: popuper oneclicksearches.com hijack
5:45 PM: HKU\WRSS_Profile_S-1-5-21-1292428093-688789844-1060284298-1008\software\microsoft\internet explorer\main\ || local page (ID = 359550)
5:45 PM: HKU\WRSS_Profile_S-1-5-21-1292428093-688789844-1060284298-1008\software\microsoft\internet explorer\main\ || search page (ID = 359551)
5:45 PM: HKU\WRSS_Profile_S-1-5-21-1292428093-688789844-1060284298-1008\software\microsoft\internet explorer\main\ || search bar (ID = 359552)
5:45 PM: HKU\WRSS_Profile_S-1-5-21-1292428093-688789844-1060284298-1008\software\microsoft\internet explorer\search\ || searchassistant (ID = 359553)
5:45 PM: HKU\WRSS_Profile_S-1-5-21-1292428093-688789844-1060284298-1008\software\microsoft\internet explorer\search\ || customizesearch (ID = 359554)
5:45 PM: HKU\WRSS_Profile_S-1-5-21-1292428093-688789844-1060284298-1008\software\microsoft\internet explorer\searchurl\ (ID = 359555)
5:45 PM: HKU\WRSS_Profile_S-1-5-21-1292428093-688789844-1060284298-1008\software\microsoft\internet explorer\main\ || default_search_url (ID = 359556)
5:45 PM: HKU\WRSS_Profile_S-1-5-21-1292428093-688789844-1060284298-1008\software\microsoft\internet explorer\main\ || use search asst (ID = 594249)
5:45 PM: Found Adware: cws_ns3 hijacker
5:45 PM: HKU\WRSS_Profile_S-1-5-21-1292428093-688789844-1060284298-1007\software\microsoft\internet explorer\main\ || search bar (ID = 123390)
5:45 PM: HKU\WRSS_Profile_S-1-5-21-1292428093-688789844-1060284298-1007\software\microsoft\internet explorer\search\ || searchassistant (ID = 123398)
5:45 PM: Found Adware: dapsol dialer
5:45 PM: HKU\WRSS_Profile_S-1-5-21-1292428093-688789844-1060284298-1007\software\microsoft\internet explorer\main\ || conc (ID = 124673)
5:45 PM: Found Adware: 180search assistant/zango
5:45 PM: HKU\WRSS_Profile_S-1-5-21-1292428093-688789844-1060284298-1007\software\salm\ (9 subtraces) (ID = 135792)
5:45 PM: Found Adware: w-find.com hijacker
5:45 PM: HKU\WRSS_Profile_S-1-5-21-1292428093-688789844-1060284298-1007\software\microsoft\internet explorer\ || {a3dfd66b-f281-421a-b922-426c75e19f06} (ID = 203850)
5:45 PM: HKU\WRSS_Profile_S-1-5-21-1292428093-688789844-1060284298-1007\software\microsoft\internet explorer\ || {34cec74f-8ecf-4125-acf5-d2cd5f6b0715} (ID = 203851)
5:45 PM: HKU\WRSS_Profile_S-1-5-21-1292428093-688789844-1060284298-1007\software\microsoft\internet explorer\ || verkey3prev (ID = 203852)
5:45 PM: HKU\WRSS_Profile_S-1-5-21-1292428093-688789844-1060284298-1007\software\microsoft\internet explorer\ || verkey3 (ID = 203853)
5:45 PM: HKU\WRSS_Profile_S-1-5-21-1292428093-688789844-1060284298-1007\software\microsoft\internet explorer\main\ || local page (ID = 359550)
5:45 PM: HKU\WRSS_Profile_S-1-5-21-1292428093-688789844-1060284298-1007\software\microsoft\internet explorer\search\ || customizesearch (ID = 359554)
5:45 PM: HKU\WRSS_Profile_S-1-5-21-1292428093-688789844-1060284298-1007\software\microsoft\internet explorer\searchurl\ (ID = 359555)
5:45 PM: HKU\WRSS_Profile_S-1-5-21-1292428093-688789844-1060284298-1007\software\microsoft\internet explorer\main\ || default_search_url (ID = 359556)
5:45 PM: HKU\WRSS_Profile_S-1-5-21-1292428093-688789844-1060284298-1006\software\microsoft\internet explorer\urlsearchhooks\ || {87766247-311c-43b4-8499-3d5fec94a183} (ID = 146467)
5:45 PM: HKU\WRSS_Profile_S-1-5-21-1292428093-688789844-1060284298-1006\software\microsoft\windows\currentversion\run\ || wintools (ID = 146484)
5:45 PM: Found Adware: popuper startsearches.net hijack
5:45 PM: HKU\WRSS_Profile_S-1-5-21-1292428093-688789844-1060284298-1005\software\microsoft\internet explorer\main\ || search page (ID = 142831)
5:45 PM: HKU\WRSS_Profile_S-1-5-21-1292428093-688789844-1060284298-1005\software\microsoft\internet explorer\main\ || local page (ID = 142833)
5:45 PM: HKU\WRSS_Profile_S-1-5-21-1292428093-688789844-1060284298-1005\software\microsoft\internet explorer\main\ || search bar (ID = 142834)
5:45 PM: HKU\WRSS_Profile_S-1-5-21-1292428093-688789844-1060284298-1005\software\microsoft\internet explorer\search\ || searchassistant (ID = 142835)
5:45 PM: HKU\WRSS_Profile_S-1-5-21-1292428093-688789844-1060284298-1005\software\microsoft\internet explorer\search\ || customizesearch (ID = 142836)
5:45 PM: HKU\WRSS_Profile_S-1-5-21-1292428093-688789844-1060284298-1005\software\microsoft\internet explorer\main\ || use search asst (ID = 726439)
5:45 PM: HKU\WRSS_Profile_S-1-5-21-1292428093-688789844-1060284298-1005\software\microsoft\internet explorer\main\ || default_search_url (ID = 726441)
5:45 PM: HKU\WRSS_Profile_S-1-5-21-1292428093-688789844-1060284298-1005\software\microsoft\internet explorer\searchurl\ (ID = 726442)
5:45 PM: HKU\S-1-5-21-1292428093-688789844-1060284298-1004\software\microsoft\internet explorer\main\ || conc (ID = 124673)
5:46 PM: Registry Sweep Complete, Elapsed Time:00:02:08
5:46 PM: Starting Cookie Sweep
5:46 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
5:46 PM: Starting File Sweep
5:46 PM: Found Adware: security iguard
5:46 PM: c:\documents and settings\tom hangge\application data\rex-services\security iguard (10 subtraces) (ID = -2147480346)
5:47 PM: Warning: Could not set Common Ad Sites in hosts file. Access violation at address 004364FF in module 'WRSSSDK.exe'. Read of address 80002C23
5:48 PM: Warning: Could not set Common Ad Sites in hosts file. Access violation at address 004364FF in module 'WRSSSDK.exe'. Read of address 80002C23
5:49 PM: Warning: Could not set Common Ad Sites in hosts file. Access violation at address 004364FF in module 'WRSSSDK.exe'. Read of address 80002C23
5:50 PM: Warning: Could not set Common Ad Sites in hosts file. Access violation at address 004364FF in module 'WRSSSDK.exe'. Read of address 80002C23
5:50 PM: Found Trojan Horse: trojan backdoor ppdoor
5:50 PM: vgljvmgg.dll (ID = 79780)
5:51 PM: Warning: Could not set Common Ad Sites in hosts file. Access violation at address 004364FF in module 'WRSSSDK.exe'. Read of address 80002C23
5:52 PM: Warning: Could not set Common Ad Sites in hosts file. Access violation at address 004364FF in module 'WRSSSDK.exe'. Read of address 80002C23
5:53 PM: Warning: Could not set Common Ad Sites in hosts file. Access violation at address 004364FF in module 'WRSSSDK.exe'. Read of address 80002C23
5:53 PM: security iguard.lnk (ID = 75262)
5:54 PM: Warning: Could not set Common Ad Sites in hosts file. Access violation at address 004364FF in module 'WRSSSDK.exe'. Read of address 80002C23
5:55 PM: Warning: Could not set Common Ad Sites in hosts file. Access violation at address 004364FF in module 'WRSSSDK.exe'. Read of address 80002C23
5:56 PM: Warning: Could not set Common Ad Sites in hosts file. Access violation at address 004364FF in module 'WRSSSDK.exe'. Read of address 80002C23
5:57 PM: Warning: Could not set Common Ad Sites in hosts file. Access violation at address 004364FF in module 'WRSSSDK.exe'. Read of address 80002C23
5:58 PM: Warning: Could not set Common Ad Sites in hosts file. Access violation at address 004364FF in module 'WRSSSDK.exe'. Read of address 80002C23
5:59 PM: Found Adware: coolwebsearch (cws)
5:59 PM: inst2.inf (ID = 54214)
5:59 PM: dc2.url (ID = 54454)
5:59 PM: dc1.url (ID = 54373)
5:59 PM: dc3.url (ID = 54472)
5:59 PM: perfcii.ini (ID = 82890)
5:59 PM: Found Adware: shopathomeselect
5:59 PM: q17i9a4j.ini (ID = 75852)
5:59 PM: credit counseling.url (ID = 130668)
5:59 PM: insurance home.url (ID = 130676)
5:59 PM: mortgage life insurance.url (ID = 130681)
5:59 PM: help desk software.url (ID = 130675)
5:59 PM: ab scissor.url (ID = 130666)
5:59 PM: videos.url (ID = 130694)
5:59 PM: what is hydrocodone.url (ID = 130695)
5:59 PM: online gambling casino.url (ID = 130684)
5:59 PM: refinancing my mortgage.url (ID = 130691)
5:59 PM: debt credit card.url (ID = 130671)
5:59 PM: fha.url (ID = 130673)
5:59 PM: loan for debt consolidation.url (ID = 130677)
5:59 PM: health insurance.url (ID = 130674)
5:59 PM: personal loans online.url (ID = 130688)
5:59 PM: payroll advance.url (ID = 130687)
5:59 PM: marketing email.url (ID = 130679)
5:59 PM: prescription drugs rx online.url (ID = 130690)
5:59 PM: credit report.url (ID = 130669)
5:59 PM: tahoe vacation rental.url (ID = 130692)
5:59 PM: escorts.url (ID = 130672)
5:59 PM: order phentermine.url (ID = 130686)
5:59 PM: mortgage insurance.url (ID = 130680)
5:59 PM: personal loans with bad credit.url (ID = 130689)
5:59 PM: crm software.url (ID = 130670)
5:59 PM: nevada corporations.url (ID = 130682)
5:59 PM: unsecured bad credit loans.url (ID = 130693)
5:59 PM: loan for people with bad credit.url (ID = 130678)
5:59 PM: broadband comparison.url (ID = 130667)
5:59 PM: online betting site.url (ID = 130683)
5:59 PM: online instant loan.url (ID = 130685)
5:59 PM: 70tovmto.ini (ID = 75631)
6:00 PM: File Sweep Complete, Elapsed Time: 00:13:35
6:00 PM: Full Sweep has completed. Elapsed time 00:21:35
6:00 PM: Traces Found: 244
6:22 PM: Removal process initiated
6:22 PM: Quarantining All Traces: virtualmaid toolbar
6:22 PM: Quarantining All Traces: websearch toolbar
6:22 PM: Quarantining All Traces: cws_analyzeie
6:22 PM: Quarantining All Traces: daosearch
6:22 PM: Quarantining All Traces: trojan backdoor ppdoor
6:22 PM: Quarantining All Traces: 180search assistant/zango
6:22 PM: Quarantining All Traces: coolwebsearch (cws)
6:22 PM: Quarantining All Traces: cws_ns3 hijacker
6:22 PM: Quarantining All Traces: dapsol dialer
6:22 PM: Quarantining All Traces: dialerplatform
6:22 PM: Quarantining All Traces: fastlook hijacker
6:22 PM: Quarantining All Traces: popuper oneclicksearches.com hijack
6:22 PM: Quarantining All Traces: popuper startsearches.net hijack
6:22 PM: Quarantining All Traces: psguard desktop hijacker
6:22 PM: Quarantining All Traces: security iguard
6:22 PM: Quarantining All Traces: shopathomeselect
6:23 PM: Quarantining All Traces: w-find.com hijacker
6:23 PM: Quarantining All Traces: winad
6:23 PM: Removal process completed. Elapsed time 00:01:05
********
5:32 PM: | Start of Session, Thursday, November 10, 2005 |
5:32 PM: Spy Sweeper started
5:32 PM: Messenger service has been disabled.
5:34 PM: There is a problem reaching the server. The cause may be in your connection, or on the server. Please try again later.
5:36 PM: There is a problem reaching the server. The cause may be in your connection, or on the server. Please try again later.
5:38 PM: | End of Session, Thursday, November 10, 2005 |





Logfile of HijackThis v1.99.1
Scan saved at 6:25:41 PM, on 11/10/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Documents and Settings\My Documents\Desktop Fixers\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdochop.dll/blank.html
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {E738C6A5-3A2F-F02D-4D80-960CA934569F} - C:\WINDOWS\mfclx.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [appjx32.exe] C:\WINDOWS\appjx32.exe
O4 - HKLM\..\Run: [apilr32.exe] C:\WINDOWS\system32\apilr32.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kav...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1120413433848
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users