Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firstadsolution.com Popups


  • Please log in to reply
8 replies to this topic

#1 tipsygypsy

tipsygypsy

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 27 November 2005 - 10:52 PM

I would really appreciate some help with this, I've about reached my wits end. The most notable problem I have is getting bombarded with popups while using Internet Explorer, sometimes 8-10 at a time, all from the site "ad.firstadsolutions.com". I also have an unexplainable shortcut on my desktop that cannot be deleted for good, called "Searchb", which is to C:\WINDOWS\Searchb.exe. Neither the shortcut, nor the program itself ever stays away once deleted. I'm also being bothered by a program called "msxp", it's constantly bringing up script error messages. I have used the following programs: MS Antispyware, AVG free edition, Spybot S&D, Ad-Aware SE, Housecall Anti-Virus, Panda Anti-Virus, BitDefender, AproposFix, F-Secure Blacklight, and McAfee Stinger. My computer is alot better than it was, but these little persistant things just won't leave for anything. I know that most of this crap has to be from Bearshare, Kazaa, Comet Cursor and eDonkey2000, which I downloaded in my more ignorant days but are now uninstalled (but obviously not completely gone)

I apologize for the lengthy explaination.....Here is my HJT log:

_______________________________________________________________________________

Logfile of HijackThis v1.99.1
Scan saved at 10:47:44 PM, on 11/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\ahead\InCD\InCD.exe
C:\WINDOWS\sys11-1664982960.exe
C:\WINDOWS\ms05982960-1664.exe
C:\WINDOWS\sys02664982960-1.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\ms0682960-16649.exe
C:\Program Files\CallWave\IAM.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,ProxyServer = http=localhost:8080
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1

\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft

AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common

Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05

\bin\jusched.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [sys11-1664982960] C:\WINDOWS\sys11-1664982960.exe
O4 - HKLM\..\Run: [ms05982960-1664] C:\WINDOWS\ms05982960-1664.exe
O4 - HKLM\..\Run: [sys02664982960-1] C:\WINDOWS\sys02664982960-1.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [VB1.exe] C:\Documents and Settings\Owner\Application

Data\System Restore\VB1.exe
O4 - HKCU\..\Run: [Setup75.exe] C:\WINDOWS\system32\Setup75.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program

Files\Microsoft Works\WkDetect.exe
O4 - Global Startup: Internet Answering Machine.lnk = C:\Program

Files\CallWave\IAM.exe
O8 - Extra context menu item: &Google Search - res://c:\program

files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program

files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program

files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program

files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program

files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program

files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-

00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program

Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} -

C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %

windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 -

{85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file

missing)
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no

file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} -

(no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-

00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.metalink.net/
O15 - Trusted Zone: http://www.pandasoftware.com
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: WebWorks Help 2.0 - file://C:\Program Files\Painter 7 Trial

Version\Help\wwhelp2.cab
O16 - DPF: Yahoo! Pool 2 -

http://download.games.yahoo.com/games/clients/y/potd_x.cab
O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) -

http://makeover.substance.com/save/makeover.cab
O16 - DPF: {1DA3C4AB-E6B6-47A6-B0F3-1BD81524B51B} (ActiveWorldsDownload

Control) - http://www.activeworlds.com/products/Activ...ldsDownload.cab
O16 - DPF: {1DEFB8C0-22A7-4E58-B735-43A169CDA2AB} (CWDL_DownLoadControl Class)

- http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -

http://207.188.7.150/24d29e460517ab909506/...ip/RdxIE601.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -

http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://update.microsoft.com/microsoftupdat...6/client/muweb_

site.cab?1130300704312
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -

http://a840.g.akamai.net/7/840/537/2003120...us.com/housecal

l/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class)

- http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) -

http://www.live365.com/players/play365.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CE4B62FF-3747-4F34-8453-

58A150C83619}: NameServer = 207.19.167.2 207.19.167.7
O20 - Winlogon Notify: OptimalLayout - C:\WINDOWS\system32\fp2803fue.dll (file

missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1

\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec

Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -

C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies,

Inc. - C:\Program Files\Sygate\SPF\smc.exe

__________________________________________________________________________

Thank you for any help you can give me!

BC AdBot (Login to Remove)

 


#2 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:10:55 AM

Posted 28 November 2005 - 12:52 PM

:thumbsup:

Please post a new log and in Notepad be sure to click on Format and place a check mark beside "word wrap" so the log will be easier to read.

David :flowers:

#3 tipsygypsy

tipsygypsy
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 28 November 2005 - 07:14 PM

I already had word wrap applied for the first one, but here's another one just to make sure:


Logfile of HijackThis v1.99.1
Scan saved at 7:10:29 PM, on 11/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\ahead\InCD\InCD.exe
C:\WINDOWS\sys11-1664982960.exe
C:\WINDOWS\ms05982960-1664.exe
C:\WINDOWS\sys02664982960-1.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\ms0682960-16649.exe
C:\Program Files\CallWave\IAM.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [sys11-1664982960] C:\WINDOWS\sys11-1664982960.exe
O4 - HKLM\..\Run: [ms05982960-1664] C:\WINDOWS\ms05982960-1664.exe
O4 - HKLM\..\Run: [sys02664982960-1] C:\WINDOWS\sys02664982960-1.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [VB1.exe] C:\Documents and Settings\Owner\Application Data\System Restore\VB1.exe
O4 - HKCU\..\Run: [Setup75.exe] C:\WINDOWS\system32\Setup75.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Global Startup: Internet Answering Machine.lnk = C:\Program Files\CallWave\IAM.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.metalink.net/
O15 - Trusted Zone: http://www.pandasoftware.com
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: WebWorks Help 2.0 - file://C:\Program Files\Painter 7 Trial Version\Help\wwhelp2.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potd_x.cab
O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://makeover.substance.com/save/makeover.cab
O16 - DPF: {1DA3C4AB-E6B6-47A6-B0F3-1BD81524B51B} (ActiveWorldsDownload Control) - http://www.activeworlds.com/products/Activ...ldsDownload.cab
O16 - DPF: {1DEFB8C0-22A7-4E58-B735-43A169CDA2AB} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/24d29e460517ab909506/...ip/RdxIE601.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1130300704312
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CE4B62FF-3747-4F34-8453-58A150C83619}: NameServer = 207.19.167.2 207.19.167.7
O20 - Winlogon Notify: OptimalLayout - C:\WINDOWS\system32\fp2803fue.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

#4 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:10:55 AM

Posted 30 November 2005 - 03:36 PM

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
  • Click the Free Trial link for "SpySweeper" to download the program. NOTE: DO NOT click the Free Spyware Scan link.
  • Install it.
  • Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed, click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply.
Then reboot your computer - IMPORTANT
Then post a new HJT log

#5 tipsygypsy

tipsygypsy
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 01 December 2005 - 07:30 PM

Thanks for your help, here's my Spy Sweeper log (I think there's two there because I did it twice) Both times I did a scan, it found a program called enbrowser along with a bunch of other stuff, but it can't seem to get rid of enbrowser, and I still have popups with IE. I also still have the mysterious "SearchB" on my desktop, and upon startup, Spy Sweeper tells me that ms0682960-16649 is trying to start up, and should it be removed. I click remove, but it does the same thing the next time I reboot. The more info message box on ms0682960-16649.exe says this:

Startup item: ms0682960-16649
msxp
enhance

Location C:\WINDOWS\ms0682960-16649.exe
Registry or Startup folder: HKLM: Run

*takes a deep breath* SOOOO, getting to the good stuff, here's my spy sweeper log, and my HJT log, respectively:

********
1:36 AM: | Start of Session, Thursday, December 01, 2005 |
1:36 AM: Spy Sweeper started
1:36 AM: Sweep initiated using definitions version 576
1:36 AM: Starting Memory Sweep
1:38 AM: Found Adware: enbrowser
1:38 AM: Detected running threat: C:\WINDOWS\ms0682960-16649.exe (ID = 185160)
1:41 AM: Memory Sweep Complete, Elapsed Time: 00:04:28
1:41 AM: Starting Registry Sweep
1:42 AM: HKLM\software\system\sysold\ (2 subtraces) (ID = 926808)
1:42 AM: Registry Sweep Complete, Elapsed Time:00:01:30
1:43 AM: Starting Cookie Sweep
1:43 AM: Cookie Sweep Complete, Elapsed Time: 00:00:01
1:43 AM: Starting File Sweep
1:45 AM: msxp.exe (ID = 185160)
1:45 AM: searchb.exe (ID = 185155)
1:46 AM: uninstall_wh.exe (ID = 185158)
1:46 AM: linun.exe (ID = 185152)
1:47 AM: uninst123.exe (ID = 185157)
2:16 AM: ms0682960-16649.exe (ID = 185160)
2:20 AM: Warning: Invalid Stream
2:20 AM: Warning: Unhandled Archive Type
2:22 AM: Warning: Unhandled Archive Type
2:22 AM: Warning: Unhandled Archive Type
2:23 AM: Warning: Invalid Stream
2:23 AM: searchb.lnk (ID = 185155)
2:24 AM: File Sweep Complete, Elapsed Time: 00:40:51
2:24 AM: Full Sweep has completed. Elapsed time 00:47:07
2:24 AM: Traces Found: 11
6:49 PM: Removal process initiated
6:52 PM: Quarantining All Traces: enbrowser
6:53 PM: enbrowser is in use. It will be removed on reboot.
6:53 PM: ms0682960-16649.exe is in use. It will be removed on reboot.
6:53 PM: Preparing to restart your computer. Please wait...
6:53 PM: Removal process completed. Elapsed time 00:04:20
7:00 PM: Processing Startup Alerts
7:00 PM: Removed Startup entry: ms0682960-16649
7:07 PM: Memory Shield: Found: Memory-resident threat enbrowser, version 1.0.0.0
7:07 PM: Detected running threat: enbrowser
7:07 PM: Ignored memory-resident threat: enbrowser
********
5:31 PM: | Start of Session, Wednesday, November 30, 2005 |
5:31 PM: Spy Sweeper started
5:31 PM: Sweep initiated using definitions version 576
5:31 PM: Starting Memory Sweep
5:32 PM: Found Adware: enbrowser
5:32 PM: Detected running threat: C:\WINDOWS\ms05982960-1664.exe (ID = 185160)
5:32 PM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || ms05982960-1664 (ID = 0)
5:32 PM: Detected running threat: C:\WINDOWS\sys02664982960-1.exe (ID = 185160)
5:32 PM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || sys02664982960-1 (ID = 0)
5:36 PM: Detected running threat: C:\WINDOWS\ms0682960-16649.exe (ID = 185160)
5:43 PM: Detected running threat: C:\WINDOWS\sys11-1664982960.exe (ID = 185160)
5:43 PM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || sys11-1664982960 (ID = 0)
5:43 PM: Memory Sweep Complete, Elapsed Time: 00:12:14
5:43 PM: Starting Registry Sweep
5:47 PM: Found Adware: comet cursor
5:47 PM: HKCR\interface\{930a2b79-855e-4a18-80bb-4c0595b40798}\ (8 subtraces) (ID = 106471)
5:47 PM: HKCR\interface\{e61a0304-c605-441f-bd57-2833b65a69f1}\ (8 subtraces) (ID = 106505)
5:47 PM: HKLM\software\classes\interface\{930a2b79-855e-4a18-80bb-4c0595b40798}\ (8 subtraces) (ID = 106652)
5:47 PM: HKLM\software\classes\interface\{e61a0304-c605-441f-bd57-2833b65a69f1}\ (8 subtraces) (ID = 106682)
5:47 PM: HKLM\software\classes\interface\{e61a0304-c605-441f-bd57-2833b65a69f1}\proxystubclsid32\ (1 subtraces) (ID = 106683)
5:47 PM: HKLM\software\classes\interface\{e61a0304-c605-441f-bd57-2833b65a69f1}\typelib\ (2 subtraces) (ID = 106684)
6:08 PM: Found Adware: shopathomeselect
6:08 PM: HKLM\software\ || test (ID = 141678)
6:09 PM: Found Adware: syncroad
6:09 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\syncroadx.dll (ID = 143515)
6:11 PM: Found Adware: winad
6:11 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\winadctlx.dll (ID = 147223)
6:12 PM: Found Adware: icannnews
6:12 PM: HKCR\activexctrl\ (3 subtraces) (ID = 169450)
6:12 PM: HKCR\interface\{980ad470-04ea-4d1d-bd26-e178b7bda6d8}\ (8 subtraces) (ID = 169454)
6:12 PM: HKCR\interface\{fd39937a-c583-4aac-9332-8a3e44988a67}\ (8 subtraces) (ID = 169455)
6:12 PM: HKCR\typelib\{ee5ac3d6-6f43-4047-af0a-d66fc2cf8f42}\ (9 subtraces) (ID = 169456)
6:12 PM: HKLM\software\classes\activexctrl\ (3 subtraces) (ID = 169457)
6:12 PM: HKLM\software\classes\interface\{980ad470-04ea-4d1d-bd26-e178b7bda6d8}\ (8 subtraces) (ID = 169461)
6:12 PM: HKLM\software\classes\interface\{fd39937a-c583-4aac-9332-8a3e44988a67}\ (8 subtraces) (ID = 169462)
6:12 PM: HKLM\software\classes\typelib\{ee5ac3d6-6f43-4047-af0a-d66fc2cf8f42}\ (9 subtraces) (ID = 169463)
6:14 PM: Found Adware: clkoptimizer
6:14 PM: HKLM\software\qstat\ (5 subtraces) (ID = 769771)
6:15 PM: Found Adware: ezula ilookup
6:15 PM: HKLM\software\microsoft\webext\ (1 subtraces) (ID = 828947)
6:15 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/grinstall7.dll\ (2 subtraces) (ID = 836092)
6:15 PM: HKCR\clsid\{e9670165-86fe-4c34-8c4b-d3158ddc5d92}\ (4 subtraces) (ID = 860940)
6:15 PM: HKLM\software\classes\clsid\{e9670165-86fe-4c34-8c4b-d3158ddc5d92}\ (4 subtraces) (ID = 860969)
6:15 PM: HKLM\software\qstat\ || brr (ID = 877670)
6:16 PM: HKLM\software\system\sysold\ (2 subtraces) (ID = 926808)
6:16 PM: Found Adware: elitemediagroup-pop64
6:16 PM: HKCR\interface\{b216c7fc-397c-45f0-adfc-907df3c87339}\ (8 subtraces) (ID = 967532)
6:16 PM: HKCR\interface\{efdfe6ee-8888-422e-ab3c-b48589338ae3}\ (8 subtraces) (ID = 967541)
6:16 PM: HKCR\typelib\{5bec549d-581b-4636-ae75-28645e8cddc1}\ (9 subtraces) (ID = 967550)
6:16 PM: HKLM\software\classes\interface\{b216c7fc-397c-45f0-adfc-907df3c87339}\ (8 subtraces) (ID = 967592)
6:16 PM: HKLM\software\classes\interface\{efdfe6ee-8888-422e-ab3c-b48589338ae3}\ (8 subtraces) (ID = 967601)
6:16 PM: HKLM\software\classes\typelib\{5bec549d-581b-4636-ae75-28645e8cddc1}\ (9 subtraces) (ID = 967610)
6:20 PM: HKU\S-1-5-21-2052111302-1972579041-839522115-1003\software\system\sysuid\ (1 subtraces) (ID = 731748)
6:31 PM: Found Adware: cws_xplugin
6:31 PM: HKU\S-1-5-18\software\microsoft\internet explorer\main\ || sethp (ID = 124467)
6:35 PM: Registry Sweep Complete, Elapsed Time:00:51:09
6:35 PM: Starting Cookie Sweep
6:35 PM: Found Spy Cookie: 64.62.232 cookie
6:35 PM: owner@64.62.232[1].txt (ID = 1987)
6:35 PM: owner@64.62.232[2].txt (ID = 1987)
6:35 PM: owner@64.62.232[3].txt (ID = 1987)
6:35 PM: Found Spy Cookie: websponsors cookie
6:35 PM: owner@a.websponsors[1].txt (ID = 3665)
6:35 PM: Found Spy Cookie: about cookie
6:35 PM: owner@about[2].txt (ID = 2037)
6:35 PM: Found Spy Cookie: yieldmanager cookie
6:35 PM: owner@ad.yieldmanager[1].txt (ID = 3751)
6:35 PM: owner@add.about[1].txt (ID = 2038)
6:35 PM: Found Spy Cookie: adknowledge cookie
6:35 PM: owner@adknowledge[1].txt (ID = 2072)
6:35 PM: Found Spy Cookie: hbmediapro cookie
6:35 PM: owner@adopt.hbmediapro[2].txt (ID = 2768)
6:35 PM: Found Spy Cookie: precisead cookie
6:35 PM: owner@adopt.precisead[2].txt (ID = 3182)
6:35 PM: Found Spy Cookie: specificclick.com cookie
6:35 PM: owner@adopt.specificclick[1].txt (ID = 3400)
6:35 PM: Found Spy Cookie: adorigin cookie
6:35 PM: owner@adorigin[2].txt (ID = 2082)
6:35 PM: Found Spy Cookie: cc214142 cookie
6:35 PM: owner@ads.cc214142[1].txt (ID = 2367)
6:35 PM: owner@altreligion.about[1].txt (ID = 2038)
6:35 PM: Found Spy Cookie: megago cookie
6:35 PM: owner@amityvilletruth.freeservers[2].txt (ID = 2983)
6:35 PM: owner@anime.about[1].txt (ID = 2038)
6:35 PM: Found Spy Cookie: anm.co.uk cookie
6:35 PM: owner@anm.co[2].txt (ID = 2223)
6:35 PM: Found Spy Cookie: apmebf cookie
6:35 PM: owner@apmebf[2].txt (ID = 2229)
6:35 PM: Found Spy Cookie: askmen cookie
6:35 PM: owner@askmen[1].txt (ID = 2247)
6:35 PM: Found Spy Cookie: ask cookie
6:35 PM: owner@ask[2].txt (ID = 2245)
6:35 PM: Found Spy Cookie: belnk cookie
6:35 PM: owner@ath.belnk[1].txt (ID = 2293)
6:35 PM: Found Spy Cookie: atwola cookie
6:35 PM: owner@atwola[2].txt (ID = 2255)
6:35 PM: owner@azlist.about[1].txt (ID = 2038)
6:35 PM: Found Spy Cookie: inet-traffic.com cookie
6:35 PM: owner@banner3.inet-traffic[1].txt (ID = 2856)
6:35 PM: Found Spy Cookie: bannerspace cookie
6:35 PM: owner@bannerspace[2].txt (ID = 2284)
6:35 PM: Found Spy Cookie: banners cookie
6:35 PM: owner@banners[1].txt (ID = 2282)
6:35 PM: Found Spy Cookie: banner cookie
6:35 PM: owner@banner[1].txt (ID = 2276)
6:35 PM: owner@belnk[1].txt (ID = 2292)
6:35 PM: Found Spy Cookie: bravenet cookie
6:35 PM: owner@bravenet[2].txt (ID = 2322)
6:35 PM: Found Spy Cookie: burstnet cookie
6:35 PM: owner@burstnet[2].txt (ID = 2336)
6:35 PM: Found Spy Cookie: gostats cookie
6:35 PM: owner@c2.gostats[2].txt (ID = 2748)
6:35 PM: Found Spy Cookie: callwave cookie
6:35 PM: owner@callwave[1].txt (ID = 2342)
6:35 PM: Found Spy Cookie: 2o7.net cookie
6:35 PM: owner@cnn.122.2o7[1].txt (ID = 1958)
6:35 PM: owner@cocktails.about[1].txt (ID = 2038)
6:36 PM: Found Spy Cookie: tickle cookie
6:36 PM: owner@cookie.tickle[1].txt (ID = 3530)
6:36 PM: Found Spy Cookie: customer cookie
6:36 PM: owner@customer[1].txt (ID = 2481)
6:36 PM: owner@customer[2].txt (ID = 2481)
6:36 PM: owner@dating.about[2].txt (ID = 2038)
6:36 PM: owner@dealnews.122.2o7[2].txt (ID = 1958)
6:36 PM: Found Spy Cookie: delfinproject cookie
6:36 PM: owner@delfinproject[1].txt (ID = 2509)
6:36 PM: owner@dist.belnk[1].txt (ID = 2293)
6:36 PM: owner@divorcesupport.about[2].txt (ID = 2038)
6:36 PM: owner@drawsketch.about[2].txt (ID = 2038)
6:36 PM: Found Spy Cookie: exitexchange cookie
6:36 PM: owner@exitexchange[2].txt (ID = 2633)
6:36 PM: Found Spy Cookie: expage cookie
6:36 PM: owner@expage[2].txt (ID = 2637)
6:36 PM: owner@familyinternet.about[2].txt (ID = 2038)
6:36 PM: Found Spy Cookie: fe.lea.lycos.com cookie
6:36 PM: owner@fe.lea.lycos[1].txt (ID = 2660)
6:36 PM: Found Spy Cookie: fortunecity cookie
6:36 PM: owner@fortunecity[1].txt (ID = 2686)
6:36 PM: owner@gostats[2].txt (ID = 2747)
6:36 PM: Found Spy Cookie: go.com cookie
6:36 PM: owner@go[1].txt (ID = 2728)
6:36 PM: Found Spy Cookie: clickandtrack cookie
6:36 PM: owner@hits.clickandtrack[1].txt (ID = 2397)
6:36 PM: Found Spy Cookie: howstuffworks cookie
6:36 PM: owner@howstuffworks[2].txt (ID = 2805)
6:36 PM: Found Spy Cookie: screensavers.com cookie
6:36 PM: owner@i.screensavers[2].txt (ID = 3298)
6:36 PM: owner@incestabuse.about[1].txt (ID = 2038)
6:36 PM: Found Spy Cookie: infospace cookie
6:36 PM: owner@infospace[1].txt (ID = 2865)
6:36 PM: Found Spy Cookie: spywarelabs install cookie
6:36 PM: owner@install.spywarelabs[2].txt (ID = 3421)
6:36 PM: Found Spy Cookie: kmpads cookie
6:36 PM: owner@kmpads[2].txt (ID = 2909)
6:36 PM: Found Spy Cookie: kount cookie
6:36 PM: owner@kount[2].txt (ID = 2911)
6:36 PM: Found Spy Cookie: domainsponsor cookie
6:36 PM: owner@landing.domainsponsor[1].txt (ID = 2535)
6:36 PM: Found Spy Cookie: ugo cookie
6:36 PM: owner@mediamgr.ugo[2].txt (ID = 3609)
6:36 PM: owner@metacafe.122.2o7[2].txt (ID = 1958)
6:36 PM: Found Spy Cookie: metareward.com cookie
6:36 PM: owner@metareward[2].txt (ID = 2990)
6:36 PM: owner@metropolis5000.freeservers[2].txt (ID = 2983)
6:36 PM: owner@msnportal.112.2o7[1].txt (ID = 1958)
6:36 PM: Found Spy Cookie: mygeek cookie
6:36 PM: owner@mygeek[1].txt (ID = 3041)
6:36 PM: Found Spy Cookie: nextag cookie
6:36 PM: owner@nextag[1].txt (ID = 5014)
6:36 PM: Found Spy Cookie: offeroptimizer cookie
6:36 PM: owner@offeroptimizer[1].txt (ID = 3087)
6:36 PM: owner@paganwiccan.about[2].txt (ID = 2038)
6:36 PM: owner@paranormal.about[1].txt (ID = 2038)
6:36 PM: Found Spy Cookie: zango cookie
6:36 PM: owner@partner.zango[1].txt (ID = 3761)
6:36 PM: Found Spy Cookie: touchclarity cookie
6:36 PM: owner@partypoker.touchclarity[2].txt (ID = 3567)
6:36 PM: Found Spy Cookie: partypoker cookie
6:36 PM: owner@partypoker[2].txt (ID = 3111)
6:36 PM: Found Spy Cookie: paypopup cookie
6:36 PM: owner@paypopup[2].txt (ID = 3119)
6:36 PM: owner@people.howstuffworks[2].txt (ID = 2806)
6:36 PM: Found Spy Cookie: mircx cookie
6:36 PM: owner@pop.mircx[2].txt (ID = 2998)
6:36 PM: Found Spy Cookie: qksrv cookie
6:36 PM: owner@qksrv[2].txt (ID = 3213)
6:36 PM: owner@quitsmoking.about[1].txt (ID = 2038)
6:36 PM: Found Spy Cookie: directtrack cookie
6:36 PM: owner@rapidresponse.directtrack[2].txt (ID = 2528)
6:36 PM: Found Spy Cookie: realmedia cookie
6:36 PM: owner@realmedia[1].txt (ID = 3235)
6:36 PM: Found Spy Cookie: reunion cookie
6:36 PM: owner@reunion[2].txt (ID = 3255)
6:36 PM: Found Spy Cookie: rightmedia cookie
6:36 PM: owner@rightmedia[1].txt (ID = 3259)
6:36 PM: Found Spy Cookie: rn11 cookie
6:36 PM: owner@rn11[2].txt (ID = 3261)
6:36 PM: owner@roleplaygames.about[1].txt (ID = 2038)
6:36 PM: Found Spy Cookie: adjuggler cookie
6:36 PM: owner@rotator.adjuggler[2].txt (ID = 2071)
6:36 PM: owner@search.about[2].txt (ID = 2038)
6:36 PM: Found Spy Cookie: search123 cookie
6:36 PM: owner@search123[1].txt (ID = 3305)
6:36 PM: Found Spy Cookie: domain sponsor cookie
6:36 PM: owner@searchportal.domainsponsor[1].txt (ID = 2534)
6:36 PM: owner@sio.belnk[1].txt (ID = 2293)
6:36 PM: Found Spy Cookie: starware.com cookie
6:36 PM: owner@starware[2].txt (ID = 3441)
6:36 PM: Found Spy Cookie: dealtime cookie
6:36 PM: owner@stat.dealtime[2].txt (ID = 2506)
6:36 PM: Found Spy Cookie: reliablestats cookie
6:36 PM: owner@stats1.reliablestats[1].txt (ID = 3254)
6:36 PM: owner@teenadvice.about[2].txt (ID = 2038)
6:36 PM: owner@teenmusic.about[2].txt (ID = 2038)
6:36 PM: Found Spy Cookie: tracking cookie
6:36 PM: owner@tracking[1].txt (ID = 3571)
6:36 PM: Found Spy Cookie: tripod cookie
6:36 PM: owner@tripod[1].txt (ID = 3591)
6:36 PM: Found Spy Cookie: ugl.adtrak cookie
6:36 PM: owner@ugl.adtrak[1].txt (ID = 3606)
6:36 PM: Found Spy Cookie: adminder cookie
6:36 PM: owner@www.adminder[1].txt (ID = 2079)
6:36 PM: Found Spy Cookie: affiliatefuel.com cookie
6:36 PM: owner@www.affiliatefuel[1].txt (ID = 2202)
6:36 PM: Found Spy Cookie: burstbeacon cookie
6:36 PM: owner@www.burstbeacon[2].txt (ID = 2335)
6:36 PM: owner@www.burstnet[1].txt (ID = 2337)
6:36 PM: owner@www.go[1].txt (ID = 2729)
6:36 PM: Found Spy Cookie: hitboss.com cookie
6:36 PM: owner@www.hitboss[2].txt (ID = 2782)
6:36 PM: Found Spy Cookie: myaffiliateprogram.com cookie
6:36 PM: owner@www.myaffiliateprogram[1].txt (ID = 3032)
6:36 PM: Found Spy Cookie: redzip cookie
6:36 PM: owner@www.redzip[2].txt (ID = 3250)
6:36 PM: owner@www.screensavers[2].txt (ID = 3298)
6:36 PM: Found Spy Cookie: upspiral cookie
6:36 PM: owner@www.upspiral[1].txt (ID = 3615)
6:36 PM: Found Spy Cookie: xiti cookie
6:36 PM: owner@xiti[1].txt (ID = 3717)
6:36 PM: owner@yieldmanager[1].txt (ID = 3749)
6:36 PM: Cookie Sweep Complete, Elapsed Time: 00:01:08
6:37 PM: Starting File Sweep
7:36 PM: Found Trojan Horse: trojan downloader matcash
7:36 PM: c:\program files\common files\inetget (ID = -2147477182)
7:39 PM: upd209.exe (ID = 153729)
7:40 PM: uninst123.exe (ID = 185157)
7:43 PM: Found Adware: exact cashback/bargain buddy
7:43 PM: ed41950b-e72b-4262-9536-c1d9d9 (ID = 52238)
7:47 PM: tp7543.exe (ID = 198156)
7:48 PM: 7eec560e-c169-4910-ab4d-0268d4 (ID = 52238)
7:49 PM: Found Adware: targetsaver
7:49 PM: glf3cglf3c.exe (ID = 197165)
7:49 PM: bundlelite.exe (ID = 180744)
7:50 PM: 80e6c218-7418-481c-a65d-47390a (ID = 52237)
7:51 PM: 7b4c416d-68b7-44d7-b793-a6190e (ID = 52239)
7:52 PM: 1598d603-e52a-4805-ab51-631c8d (ID = 167068)
8:03 PM: backup-20051121-164603-772.inf (ID = 187156)
8:05 PM: msxp.exe (ID = 185160)
8:06 PM: elite.ocx (ID = 187157)
8:06 PM: searchb.exe (ID = 185155)
8:07 PM: Found Adware: dealbar toolbar
8:07 PM: installer_pivotal_3_db.exe (ID = 185278)
8:07 PM: fc8f50fa-efd6-4cd7-be65-a15b42 (ID = 52238)
8:15 PM: Found Adware: mirar webband
8:15 PM: mit4f1.tmp.cab (ID = 133197)
8:31 PM: Found Adware: ieplugin
8:31 PM: kwv2.dat (ID = 63356)
8:36 PM: wydrmdev.dll (ID = 154598)
8:40 PM: uninstall_wh.exe (ID = 185158)
8:41 PM: linun.exe (ID = 185152)
8:49 PM: fde5cfb1-ad62-4df9-9146-be8afb (ID = 52238)
8:49 PM: 92a1af7b-0a65-47b4-9866-349275 (ID = 50571)
8:50 PM: 9e093d82-c065-4299-8f51-5067ae (ID = 52239)
8:50 PM: 1a762265-b1f5-4d7a-abf5-7a525d (ID = 50571)
8:51 PM: installer_pivotal_3_db.exe (ID = 185278)
8:53 PM: mit4f1.tmp (ID = 133197)
8:57 PM: Found Adware: virtualbouncer
8:57 PM: wrapperouter.exe (ID = 107514)
9:07 PM: Found Adware: elitemediagroup-mediamotor
9:07 PM: m67m.ocx (ID = 133214)
9:07 PM: Found Adware: zquest
9:07 PM: zqincontextactx1.exe (ID = 185495)
9:17 PM: Found Adware: 180search assistant/zango
9:17 PM: res4da.tmp (ID = 125071)
9:17 PM: res4f2.tmp (ID = 125071)
9:26 PM: m67m.inf (ID = 133213)
9:28 PM: 105816e9-7a44-43c7-8d04-7b13ec (ID = 185460)
9:32 PM: installer_pivotal_3_db.exe (ID = 185278)
9:36 PM: win320960-16649829.exe (ID = 185160)
9:37 PM: keywords[1].txt (ID = 146477)
9:38 PM: m67m.ocx (ID = 133214)
9:45 PM: sys11-1664982960.exe (ID = 185160)
9:45 PM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || sys11-1664982960 (ID = 0)
9:45 PM: ms05982960-1664.exe (ID = 185160)
9:45 PM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || ms05982960-1664 (ID = 0)
9:45 PM: sys02664982960-1.exe (ID = 185160)
9:45 PM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || sys02664982960-1 (ID = 0)
9:47 PM: win32072960-166498.exe (ID = 185160)
9:50 PM: win3208960-1664982.exe (ID = 185160)
9:53 PM: Found Adware: look2me
9:53 PM: mkl_qic.dll (ID = 159)
9:53 PM: ihssam.dll (ID = 159)
10:01 PM: wpwfaxui.dll (ID = 159)
10:02 PM: 180sainstallernu.exe (ID = 125069)
10:02 PM: res505.tmp (ID = 70517)
10:05 PM: kxdcz2.dll (ID = 159)
10:06 PM: guard.tmp (ID = 159)
10:06 PM: zqincontextactx1.exe (ID = 185495)
10:07 PM: lucwmi.dll (ID = 159)
10:07 PM: Found Adware: yadio
10:07 PM: yadiostubinstaller.exe (ID = 198009)
10:08 PM: ms0682960-16649.exe (ID = 185160)
10:09 PM: 110_elite_media_4_0_3_9.exe (ID = 197165)
10:09 PM: 876057.exe (ID = 185463)
10:10 PM: en66l1js1.dll (ID = 159)
10:11 PM: mgihnd.dll (ID = 154598)
10:11 PM: snc_os.dll (ID = 154598)
10:19 PM: cdt1006.sah (ID = 107431)
10:19 PM: searchb.lnk (ID = 185155)
10:21 PM: File Sweep Complete, Elapsed Time: 03:44:35
10:21 PM: Full Sweep has completed. Elapsed time 04:50:06
10:21 PM: Traces Found: 372
12:38 AM: Removal process initiated
12:39 AM: Quarantining All Traces: 180search assistant/zango
12:39 AM: Quarantining All Traces: clkoptimizer
12:39 AM: Quarantining All Traces: icannnews
12:39 AM: Quarantining All Traces: look2me
12:40 AM: Quarantining All Traces: trojan downloader matcash
12:40 AM: Quarantining All Traces: comet cursor
12:40 AM: Quarantining All Traces: enbrowser
12:41 AM: enbrowser is in use. It will be removed on reboot.
12:41 AM: sys11-1664982960.exe is in use. It will be removed on reboot.
12:41 AM: ms05982960-1664.exe is in use. It will be removed on reboot.
12:41 AM: sys02664982960-1.exe is in use. It will be removed on reboot.
12:41 AM: ms0682960-16649.exe is in use. It will be removed on reboot.
12:41 AM: Quarantining All Traces: yadio
12:41 AM: Quarantining All Traces: zquest
12:41 AM: Quarantining All Traces: cws_xplugin
12:41 AM: Quarantining All Traces: dealbar toolbar
12:41 AM: Quarantining All Traces: elitemediagroup-mediamotor
12:41 AM: Quarantining All Traces: elitemediagroup-pop64
12:41 AM: Quarantining All Traces: exact cashback/bargain buddy
12:41 AM: Quarantining All Traces: ezula ilookup
12:41 AM: Quarantining All Traces: ieplugin
12:41 AM: Quarantining All Traces: mirar webband
12:41 AM: Quarantining All Traces: shopathomeselect
12:41 AM: Quarantining All Traces: syncroad
12:41 AM: Quarantining All Traces: targetsaver
12:41 AM: Quarantining All Traces: virtualbouncer
12:41 AM: Quarantining All Traces: winad
12:41 AM: Quarantining All Traces: 2o7.net cookie
12:41 AM: Quarantining All Traces: 64.62.232 cookie
12:41 AM: Quarantining All Traces: about cookie
12:41 AM: Quarantining All Traces: adjuggler cookie
12:41 AM: Quarantining All Traces: adknowledge cookie
12:41 AM: Quarantining All Traces: adminder cookie
12:41 AM: Quarantining All Traces: adorigin cookie
12:41 AM: Quarantining All Traces: affiliatefuel.com cookie
12:41 AM: Quarantining All Traces: anm.co.uk cookie
12:41 AM: Quarantining All Traces: apmebf cookie
12:41 AM: Quarantining All Traces: ask cookie
12:41 AM: Quarantining All Traces: askmen cookie
12:41 AM: Quarantining All Traces: atwola cookie
12:41 AM: Quarantining All Traces: banner cookie
12:41 AM: Quarantining All Traces: banners cookie
12:41 AM: Quarantining All Traces: bannerspace cookie
12:41 AM: Quarantining All Traces: belnk cookie
12:41 AM: Quarantining All Traces: bravenet cookie
12:41 AM: Quarantining All Traces: burstbeacon cookie
12:41 AM: Quarantining All Traces: burstnet cookie
12:41 AM: Quarantining All Traces: callwave cookie
12:41 AM: Quarantining All Traces: cc214142 cookie
12:41 AM: Quarantining All Traces: clickandtrack cookie
12:41 AM: Quarantining All Traces: customer cookie
12:41 AM: Quarantining All Traces: dealtime cookie
12:41 AM: Quarantining All Traces: delfinproject cookie
12:41 AM: Quarantining All Traces: directtrack cookie
12:41 AM: Quarantining All Traces: domain sponsor cookie
12:41 AM: Quarantining All Traces: domainsponsor cookie
12:41 AM: Quarantining All Traces: exitexchange cookie
12:41 AM: Quarantining All Traces: expage cookie
12:41 AM: Quarantining All Traces: fe.lea.lycos.com cookie
12:41 AM: Quarantining All Traces: fortunecity cookie
12:41 AM: Quarantining All Traces: go.com cookie
12:41 AM: Quarantining All Traces: gostats cookie
12:41 AM: Quarantining All Traces: hbmediapro cookie
12:41 AM: Quarantining All Traces: hitboss.com cookie
12:41 AM: Quarantining All Traces: howstuffworks cookie
12:41 AM: Quarantining All Traces: inet-traffic.com cookie
12:41 AM: Quarantining All Traces: infospace cookie
12:41 AM: Quarantining All Traces: kmpads cookie
12:41 AM: Quarantining All Traces: kount cookie
12:41 AM: Quarantining All Traces: megago cookie
12:41 AM: Quarantining All Traces: metareward.com cookie
12:41 AM: Quarantining All Traces: mircx cookie
12:41 AM: Quarantining All Traces: myaffiliateprogram.com cookie
12:41 AM: Quarantining All Traces: mygeek cookie
12:41 AM: Quarantining All Traces: nextag cookie
12:41 AM: Quarantining All Traces: offeroptimizer cookie
12:41 AM: Quarantining All Traces: partypoker cookie
12:41 AM: Quarantining All Traces: paypopup cookie
12:41 AM: Quarantining All Traces: precisead cookie
12:41 AM: Quarantining All Traces: qksrv cookie
12:41 AM: Quarantining All Traces: realmedia cookie
12:41 AM: Quarantining All Traces: redzip cookie
12:41 AM: Quarantining All Traces: reliablestats cookie
12:41 AM: Quarantining All Traces: reunion cookie
12:41 AM: Quarantining All Traces: rightmedia cookie
12:41 AM: Quarantining All Traces: rn11 cookie
12:41 AM: Quarantining All Traces: screensavers.com cookie
12:41 AM: Quarantining All Traces: search123 cookie
12:41 AM: Quarantining All Traces: specificclick.com cookie
12:41 AM: Quarantining All Traces: spywarelabs install cookie
12:41 AM: Quarantining All Traces: starware.com cookie
12:41 AM: Quarantining All Traces: tickle cookie
12:41 AM: Quarantining All Traces: touchclarity cookie
12:41 AM: Quarantining All Traces: tracking cookie
12:41 AM: Quarantining All Traces: tripod cookie
12:41 AM: Quarantining All Traces: ugl.adtrak cookie
12:41 AM: Quarantining All Traces: ugo cookie
12:41 AM: Quarantining All Traces: upspiral cookie
12:41 AM: Quarantining All Traces: websponsors cookie
12:41 AM: Quarantining All Traces: xiti cookie
12:41 AM: Quarantining All Traces: yieldmanager cookie
12:41 AM: Quarantining All Traces: zango cookie
12:42 AM: Preparing to restart your computer. Please wait...
12:42 AM: Removal process completed. Elapsed time 00:04:02
1:30 AM: Processing Startup Alerts
1:30 AM: Removed Startup entry: ms0682960-16649
1:35 AM: Memory Shield: Found: Memory-resident threat enbrowser, version 1.0.0.0
1:35 AM: Detected running threat: enbrowser
1:36 AM: | End of Session, Thursday, December 01, 2005 |
********
5:22 PM: | Start of Session, Wednesday, November 30, 2005 |
5:22 PM: Spy Sweeper started
5:31 PM: Your spyware definitions have been updated.
5:31 PM: | End of Session, Wednesday, November 30, 2005 |

&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&

Logfile of HijackThis v1.99.1
Scan saved at 7:21:02 PM, on 12/1/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\ahead\InCD\InCD.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\CallWave\IAM.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\ms0682960-16649.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [VB1.exe] C:\Documents and Settings\Owner\Application Data\System Restore\VB1.exe
O4 - HKCU\..\Run: [Setup75.exe] C:\WINDOWS\system32\Setup75.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Global Startup: Internet Answering Machine.lnk = C:\Program Files\CallWave\IAM.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.metalink.net/
O15 - Trusted Zone: http://www.pandasoftware.com
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: WebWorks Help 2.0 - file://C:\Program Files\Painter 7 Trial Version\Help\wwhelp2.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potd_x.cab
O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://makeover.substance.com/save/makeover.cab
O16 - DPF: {1DA3C4AB-E6B6-47A6-B0F3-1BD81524B51B} (ActiveWorldsDownload Control) - http://www.activeworlds.com/products/Activ...ldsDownload.cab
O16 - DPF: {1DEFB8C0-22A7-4E58-B735-43A169CDA2AB} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/24d29e460517ab909506/...ip/RdxIE601.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1130300704312
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CE4B62FF-3747-4F34-8453-58A150C83619}: NameServer = 207.19.167.2 207.19.167.7
O20 - Winlogon Notify: OptimalLayout - C:\WINDOWS\system32\fp2803fue.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&

Also, AVG is constantly telling me about Trojan hourse Generic.DPP in C:\WINDOWS\SYS98.exe, and I'll click "heal" and it says "object successfully healed", but it will pop up again an hour later. I'm sorry I didn't mention that earlier, I don't know if that will help you figure out what's wrong or not......


Thank you again for your help!

#6 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:10:55 AM

Posted 02 December 2005 - 11:53 AM

Please download ewido security suite it is a free version of the program.
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck.
    • Install background guard
    • Install scan via context menu
  • Launch ewido, there should be an icon on your desktop, double-click it.
  • The program will now open to the main screen.
  • When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display ("Update successful") Posted Image
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Once the updates are installed do the following:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • You will be prompted to clean the first infection.
  • Select "Perform action on all infections", then proceed.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.
Close ewido security suite.

Post a new HJT log and the ewido log at the end! :thumbsup:
David

#7 tipsygypsy

tipsygypsy
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 02 December 2005 - 07:11 PM

Here is my HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 7:04:30 PM, on 12/2/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\ahead\InCD\InCD.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\CallWave\IAM.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [VB1.exe] C:\Documents and Settings\Owner\Application Data\System Restore\VB1.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Global Startup: Internet Answering Machine.lnk = C:\Program Files\CallWave\IAM.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.metalink.net/
O15 - Trusted Zone: http://www.pandasoftware.com
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: WebWorks Help 2.0 - file://C:\Program Files\Painter 7 Trial Version\Help\wwhelp2.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potd_x.cab
O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://makeover.substance.com/save/makeover.cab
O16 - DPF: {1DA3C4AB-E6B6-47A6-B0F3-1BD81524B51B} (ActiveWorldsDownload Control) - http://www.activeworlds.com/products/Activ...ldsDownload.cab
O16 - DPF: {1DEFB8C0-22A7-4E58-B735-43A169CDA2AB} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/24d29e460517ab909506/...ip/RdxIE601.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1130300704312
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CE4B62FF-3747-4F34-8453-58A150C83619}: NameServer = 207.19.167.2 207.19.167.7
O20 - Winlogon Notify: OptimalLayout - C:\WINDOWS\system32\fp2803fue.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe


And here's my ewido log:


---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 7:03:11 PM, 12/2/2005
+ Report-Checksum: 8AA21495

+ Scan result:

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9E248641-0E24-4DDB-9A1F-705087832AD6}\\CLSID -> Spyware.VX2 : Cleaned with backup
HKU\S-1-5-21-2052111302-1972579041-839522115-1003\Software\Microsoft\Internet Explorer\Explorer Bars\{BE8D0059-D24D-4919-B76F-99F4A2203647} -> Spyware.EliteBar : Cleaned with backup
HKU\S-1-5-21-2052111302-1972579041-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{28CAEFF3-0F18-4036-B504-51D73BD81ABC} -> Spyware.SearchMiracle : Cleaned with backup
HKU\S-1-5-21-2052111302-1972579041-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ED103D9F-3070-4580-AB1E-E5C179C1AE41} -> Spyware.SearchMiracle : Cleaned with backup
HKU\S-1-5-21-2052111302-1972579041-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000EF1-0786-4633-87C6-1AA7A44296DA} -> Spyware.FavoriteMan : Cleaned with backup
HKU\S-1-5-21-2052111302-1972579041-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9} -> Spyware.BookedSpace : Cleaned with backup
HKU\S-1-5-21-2052111302-1972579041-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -> Spyware.WinFavorites : Cleaned with backup
HKU\S-1-5-21-2052111302-1972579041-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1678F7E1-C422-11D0-AD7D-00400515CAAA} -> Spyware.CometCursor : Cleaned with backup
HKU\S-1-5-21-2052111302-1972579041-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28CAEFF3-0F18-4036-B504-51D73BD81ABC} -> Spyware.SearchMiracle : Cleaned with backup
HKU\S-1-5-21-2052111302-1972579041-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30402FF4-3E71-4A1C-9B4B-1CD3486A9FB2} -> Spyware.SAHA : Cleaned with backup
HKU\S-1-5-21-2052111302-1972579041-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Spyware.NewDotNet : Cleaned with backup
HKU\S-1-5-21-2052111302-1972579041-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5D60FF48-95BE-4956-B4C6-6BB168A70310} -> Spyware.KeenValue : Cleaned with backup
HKU\S-1-5-21-2052111302-1972579041-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{669695BC-A811-4A9D-8CDF-BA8C795F261C} -> Spyware.PowerStrip : Cleaned with backup
HKU\S-1-5-21-2052111302-1972579041-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82315A18-6CFB-44A7-BDFD-90E36537C252} -> Spyware.NewDotNet : Cleaned with backup
HKU\S-1-5-21-2052111302-1972579041-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{825CF5BD-8862-4430-B771-0C15C5CA8DEF} -> Spyware.EliteBar : Cleaned with backup
HKU\S-1-5-21-2052111302-1972579041-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{96DA5BEE-4ACC-476C-B3EC-54C6730C4293} -> Spyware.CometCursor : Cleaned with backup
HKU\S-1-5-21-2052111302-1972579041-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} -> Spyware.Mirar : Cleaned with backup
HKU\S-1-5-21-2052111302-1972579041-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} -> Spyware.BargainBuddy : Cleaned with backup
HKU\S-1-5-21-2052111302-1972579041-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D14D6793-9B65-11D3-80B6-00500487BDBA} -> Spyware.CometCursor : Cleaned with backup
HKU\S-1-5-21-2052111302-1972579041-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E0CE16CB-741C-4B24-8D04-A817856E07F4} -> Spyware.Roimoi : Cleaned with backup
HKU\S-1-5-21-2052111302-1972579041-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ED103D9F-3070-4580-AB1E-E5C179C1AE41} -> Spyware.SearchMiracle : Cleaned with backup
HKU\S-1-5-21-2052111302-1972579041-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} -> Spyware.BargainBuddy : Cleaned with backup
HKU\S-1-5-21-2052111302-1972579041-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE6BC4EF-5676-484B-88AE-883323913256} -> Spyware.CometCursor : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k7bohrkr.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.133:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k7bohrkr.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.231:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k7bohrkr.default\cookies.txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
:mozilla.295:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k7bohrkr.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.312:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k7bohrkr.default\cookies.txt -> Spyware.Cookie.Adtrak : Cleaned with backup
:mozilla.313:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k7bohrkr.default\cookies.txt -> Spyware.Cookie.Adtrak : Cleaned with backup
:mozilla.350:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k7bohrkr.default\cookies.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
:mozilla.389:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k7bohrkr.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.390:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k7bohrkr.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.393:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k7bohrkr.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.407:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k7bohrkr.default\cookies.txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
:mozilla.408:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k7bohrkr.default\cookies.txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
:mozilla.556:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k7bohrkr.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.596:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k7bohrkr.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.694:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k7bohrkr.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.740:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k7bohrkr.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.762:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k7bohrkr.default\cookies.txt -> Spyware.Cookie.Adorigin : Cleaned with backup
:mozilla.764:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k7bohrkr.default\cookies.txt -> Spyware.Cookie.Adorigin : Cleaned with backup
:mozilla.765:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k7bohrkr.default\cookies.txt -> Spyware.Cookie.Adorigin : Cleaned with backup
:mozilla.777:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k7bohrkr.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.779:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k7bohrkr.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.780:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k7bohrkr.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.783:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k7bohrkr.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.793:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k7bohrkr.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.822:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k7bohrkr.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.823:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k7bohrkr.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.852:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k7bohrkr.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.858:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k7bohrkr.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.859:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k7bohrkr.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.867:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k7bohrkr.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.868:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k7bohrkr.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.869:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k7bohrkr.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.870:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k7bohrkr.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.871:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k7bohrkr.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjnyolczsao.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@image.masterstats[1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@sales.liveperson[2].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\66186_2804_1740_3064_73.41.tmp -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@ad.yieldmanager[3].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@adopt.specificclick[1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@cnn.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@microsofteup.112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@msnportal.112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@paypopup[1].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@popunder.paypopup[1].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\i44B.tmp -> Spyware.SurfSide : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\61KRGHC7\mm[2].js -> Spyware.Chitika : Cleaned with backup
C:\Program Files\FileSubmit\Autumn Kittens 2\NNEZTA388.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\system32\Setup75.exe -> Dropper.Agent.acu : Cleaned with backup
C:\WINDOWS\system32\SHAgentNew.dll -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\Temp\Cookies\owner@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\WINDOWS\Temp\Cookies\owner@adopt.specificclick[1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\WINDOWS\Temp\Cookies\owner@burstnet[1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\WINDOWS\Temp\Cookies\owner@hypertracker[2].txt -> Spyware.Cookie.Hypertracker : Cleaned with backup
C:\WINDOWS\Temp\Cookies\owner@paypopup[1].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\WINDOWS\Temp\Cookies\owner@shopathomeselect[2].txt -> Spyware.Cookie.Shopathomeselect : Cleaned with backup
C:\WINDOWS\Temp\Cookies\owner@www.burstbeacon[1].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\WINDOWS\Temp\Cookies\owner@yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\WINDOWS\Temp\i414.tmp -> Spyware.SurfSide : Cleaned with backup
C:\WINDOWS\Temp\Setup75.exe -> Dropper.Agent.acu : Cleaned with backup


::Report End

Thank you! :thumbsup:

#8 tipsygypsy

tipsygypsy
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 03 December 2005 - 12:39 AM

David,

Since I ran ewido, so far so good. I've been online for quite some time and I've had NO POPUPS. The SearchB program is gone and I've had no more problems with "msxp". I think I'm good to go! Things are looking good, I'll post if it seems otherwise later on. Thank you very much for your help! :thumbsup:

#9 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:10:55 AM

Posted 03 December 2005 - 05:24 AM

Fix this:

O20 - Winlogon Notify: OptimalLayout - C:\WINDOWS\system32\fp2803fue.dll (file missing)

Ok! Glad i was able to help you! :thumbsup:

The log is clean! :flowers:

If i have helped you please consider making a donation using the "make a donation" button in my signature. My help is free, but please consider it to keep me fighting spyware for you and others! :trumpet: :inlove:

Now turn off System Restore:

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Restart your computer, turn System Restore back on and create a restore point.

To create a restore point:

Single-click Start and point to All Programs.
Mouse over Accessories, then System Tools, and select System Restore.In the System Restore wizard, select the box next the text labeled "Create a restore point" and click the Next button.
Type a description for your new restore point. Something like "After trojan/spyware cleanup". Click Create and you're done.

David




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users