Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot Get Rid Of Adrotator


  • This topic is locked This topic is locked
11 replies to this topic

#1 iduaaudi

iduaaudi

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:47 PM

Posted 04 December 2005 - 10:00 PM

Tried to remove using MS Spyware, keeps comming back.

Thanks!

Logfile of HijackThis v1.99.1
Scan saved at 8:54:51 PM, on 12/4/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\QuickSet.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\bokja.exe
C:\windows\temp\kf.exe
C:\WINDOWS\jawa32.exe
C:\WINDOWS\System32\atitvo32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\blackbox.exe
C:\DOCUME~1\MARYWA~1\LOCALS~1\Temp\gstin.exe
C:\WINDOWS\iisvers.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\AOL\1126580615\ee\AOLHostManager.exe
C:\WINDOWS\System32\l?ass.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Common Files\AOL\1126580615\ee\AOLServiceHost.exe
C:\Program Files\nrpn\osoa.exe
C:\SCANJET\PrecisionScan\hpppt.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Common Files\AOL\1126580615\ee\AOLServiceHost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50171
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\RealBar.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {A1C75DCB-925A-EADD-2C07-BD89197C69B7} - C:\WINDOWS\System32\aubwwp.dll
O2 - BHO: (no name) - {B6CD4E7E-85C0-8A69-980E-DDC86DFC2C96} - C:\WINDOWS\System32\xhg.dll (file missing)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {D3D7D556-4EE1-1E4D-E6DC-106477AE1B92} - C:\WINDOWS\System32\cwgf.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\RealBar.dll
O3 - Toolbar: (no name) - {D848A3CA-0BFB-4DE0-BA9E-A57F0CCA1C13} - (no file)
O3 - Toolbar: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
O3 - Toolbar: (no name) - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [bokja] C:\WINDOWS\bokja.exe
O4 - HKLM\..\Run: [kf] C:\windows\temp\kf.exe
O4 - HKLM\..\Run: [yrSVl6k] C:\windows\temp\yrSVl6k.exe
O4 - HKLM\..\Run: [Jawa32] C:\WINDOWS\jawa32.exe
O4 - HKLM\..\Run: [14cd0e6fe648] C:\WINDOWS\System32\atitvo32.exe
O4 - HKLM\..\Run: [Jawa322] C:\WINDOWS\jawa32.exe
O4 - HKLM\..\Run: [Rzvdnu] C:\WINDOWS\svchost.exe
O4 - HKLM\..\Run: [58acd0050a8d] C:\WINDOWS\System32\blackbox.exe
O4 - HKLM\..\Run: [stmin] C:\DOCUME~1\MARYWA~1\LOCALS~1\Temp\gstin.exe
O4 - HKLM\..\Run: [iisvers] C:\WINDOWS\iisvers.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1126580615\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Jawa32] C:\WINDOWS\jawa32.exe
O4 - HKCU\..\Run: [Jawa322] C:\WINDOWS\jawa32.exe
O4 - HKCU\..\Run: [Jzf] C:\WINDOWS\System32\l?ass.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Ncao] "C:\Program Files\nrpn\osoa.exe" -vt rbnd
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Parallel Port Test.lnk = C:\SCANJET\PrecisionScan\hpppt.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O16 - DPF: {0122955E-1FB0-11D2-A238-006097FAEE8B} (CscClnt Class) - http://205.159.125.199/central/02030106/cc...everContent.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1117306788805
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

BC AdBot (Login to Remove)

 


m

#2 iduaaudi

iduaaudi
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:47 PM

Posted 05 December 2005 - 03:28 PM

Adrotater seems to be gone but cannot identify why I am getting so many POP-UP's. Can anyone help?

#3 JG427

JG427

  • Members
  • 241 posts
  • OFFLINE
  •  
  • Local time:11:47 AM

Posted 09 December 2005 - 08:58 PM

Hi, iduaaudi.


Please download, install, and update the free version of ewido security suite:
When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
Click on update in the left menu, then click the Start update button.
After the update finishes, exit from ewido as it should be run in safemode.

Reboot into safemode
Restart the computer, as soon as the BIOS has finished loading, begin tapping the F8 key .
Continue to do so until the Windows Advanced Options menu appears.
Using the arrow keys, scroll to and select Safemode, then press Enter.

Open Ewido and click on the Scanner button in the left menu, then click on complete system scan.
When ewido finds something, it will pop up a notification.
Select "clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on ok.
When the scan finishes, click on "Save Report".

Reboot to normal mode.

Post the report from ewido.
It's located in the folder at C:\Program Files\ewido\security suite\Reports.
Also scan with hijackthis and post the new log.
Posted Image

#4 iduaaudi

iduaaudi
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:47 PM

Posted 11 December 2005 - 11:09 PM

OK, Look at these.

Thanks!

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 9:33:19 PM, 12/11/2005
+ Report-Checksum: 773AE081

+ Scan result:

HKLM\SOFTWARE\AutoLoader -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\AutoLoader\qwt01PKUKKLJ -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\AutoLoader\qwtM1PKUKKLJ -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\AtlBrowser.EXE -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\dhbrwsr.EXE -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\{0818D423-6247-11D1-ABEE-00D049C10000} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\AtlBrCon.AtlBrCon -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\AtlBrCon.AtlBrCon\CurVer -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1A2883F2-FDC7-4AF2-B136-203ADB475DD7} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{50B4D2B3-723F-41B3-AEC4-0BD66F0F45FF} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{5E3E1DC0-239A-4067-A4A0-88902C108E58} -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A166C1B0-5CDB-447A-894A-4B9FD7149D51} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BFEF1779-0E92-45A1-BF5E-55991007F912} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Dealhlpr.Band -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\Dealhlpr.Band\CLSID -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\Dealhlpr.Band\CurVer -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\Dealhlpr.Band.1 -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\DealPop.CDealHelperPopup -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\DealPop.CDealHelperPopup\CLSID -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\DealPop.CDealHelperPopup\CurVer -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\DealPop.CDealHelperPopup.1 -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\DealPop.DealPopEvents -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\DealPop.DealPopEvents\CLSID -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\DealPop.DealPopEvents\CurVer -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\DealPop.DealPopEvents.1 -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\Dhbrwsr.BrowserWindows -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\Dhbrwsr.BrowserWindows\CLSID -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\Dhbrwsr.BrowserWindows\CurVer -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\Dhbrwsr.BrowserWindows.1 -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\DHP.DHEvents -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\DHP.DHEvents\CLSID -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\DHP.DHEvents\CurVer -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\DHP.DHEvents.1 -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\DHP.Popup -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\DHP.Popup\CLSID -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\DHP.Popup\CurVer -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\DHP.Popup.1 -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\Dhsvr.CFileDatabase -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\Dhsvr.CFileDatabase\CLSID -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\Dhsvr.CFileDatabase\CurVer -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\Dhsvr.CFileDatabase.1 -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\Dhsvr.DBHelper -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\Dhsvr.DBHelper\CLSID -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\Dhsvr.DBHelper\CurVer -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\Dhsvr.DBHelper.1 -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\Dhsvr.Even -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\Dhsvr.Even\CLSID -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\Dhsvr.Even\CurVer -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\Dhsvr.Even.1 -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\Dhsvr.WebDealEvents -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\Dhsvr.WebDealEvents\CLSID -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\Dhsvr.WebDealEvents\CurVer -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\Dhsvr.WebDealEvents.1 -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{06E53101-654C-45EB-BFF6-E37E13B5972A} -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{0B16B278-B2E3-4CBF-85B5-E058878F728F} -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{0F2A4ADC-DABF-4980-8DB4-19F67D7B1F95} -> Spyware.ClearSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{1CFB8B32-4053-4144-AF6F-1540EEC7F101} -> Spyware.Adlogix : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{1DA40091-14B4-4C21-8170-A2CEEDE90B10} -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{241667A3-EC83-4885-84DD-C2DAAFC1C5EA} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{25630B50-53C6-4E66-A945-9D7B6B2171FF} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9} -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{370F6327-41C4-4FA6-A2DF-1BA57EE0FBB9} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{370F6353-41C4-4FA6-A2DF-1BA57EE0FBB9} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{3A951AF0-53F8-4803-A565-0E1DEE4B11F5} -> Spyware.SEP : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{3AFAE37A-56A3-4850-B599-4DA9A9104B82} -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{3D89A731-9F4A-418F-A997-2D633C7C404C} -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{788C6F6E-C2EA-4A63-9C38-CE7D8F43BCE4} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{78BCF936-45B0-40A7-9391-DCC03420DB35} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{81739076-56B7-42EC-A0AA-692794FDED1A} -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{8C53BD8E-B12D-4C8F-AD0E-C9DDC39D1273} -> Spyware.SecondThought : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{8EEE58D5-130E-4CBD-9C83-35A0564E2468} -> Spyware.NaviSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{955CBF48-4313-4B1F-872B-254B7822CCF2} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{96B3B1B9-A510-4603-BD66-2BB2C9F21542} -> Spyware.AdRotator : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{9CFA26C2-81DA-4C9D-A501-F144A4A000FA} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{A2CDAFB4-EB9C-4EFC-BCFC-A7AA6745FF7E} -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{A62560E9-6F80-42D6-A234-040B5C05DC62} -> Spyware.404Search : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{AA4939C3-DECA-4A48-A454-97CD587C0EF5} -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{AF286CEA-635D-40C5-A891-B40A0F520539} -> Spyware.SEP : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{B548B7D8-3D03-4AED-A6A1-4251FAD00C10} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{BF9EE3A0-1A02-4265-A65F-AC4D4447F6BF} -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C2E6831B-822B-4A1F-9EF1-1D3EB7D3E985} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C6906A23-4717-4E1F-B6FD-F06EBED12468} -> Spyware.NaviSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C9679631-7060-443F-BD37-88F9410ED8C3} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD} -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{DEBA1742-2BEC-4B78-A987-5837971193F7} -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{E318D698-27B3-44D5-8998-C35EAFB9C034} -> Spyware.MidAddle : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{EEE4A2E5-9F56-432F-A6ED-F6F625B551E0} -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{EFA52460-8822-4191-BA38-FACDD2007910} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{F3816084-9608-485A-B63B-CAD8F931577E} -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\SWin32.SDWin32.1 -> Spyware.Adlogix : Cleaned with backup
HKLM\SOFTWARE\Classes\SWin32.SDWin32.1\CLSID -> Spyware.Adlogix : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{25AB1639-3F81-45A8-8318-2DAFBA8B8F3D} -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{327CFC3D-140D-4862-BEDA-3A26A7604DD4} -> Spyware.404Search : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{370F6327-41C4-4FA6-A2DF-1BA57EE0FBB9} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{4B76F69E-247A-4617-ABA9-95774658AFC5} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{4D84A744-C3DD-4BFF-B119-AC08F54714D7} -> Spyware.AdRotator : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{5E19A321-635E-4BA5-8828-A5B6427CC61D} -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{5E594162-60A9-487D-84B8-DBDD716CB862} -> Spyware.VirtualBouncer : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{69DB5061-FF0A-418B-ADA6-68AC77D69E44} -> Spyware.AdRotator : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{771262E0-8FEB-4E78-B292-B01C4071B9D1} -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{9CFA26C0-81DA-4C9D-A501-F144A4A000FA} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{9CFA26C1-81DA-4C9D-A501-F144A4A000FA} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{B82B9ECF-40AE-46F2-B98E-B87CF17F70D0} -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{BAF13496-8F72-47A1-9CEE-09238EFC75F0} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{ECB25A48-E6E0-49AF-99AF-07C763E31389} -> Spyware.MidAddle : Cleaned with backup
HKLM\SOFTWARE\Classes\US.US -> Spyware.SeekSeek : Cleaned with backup
HKLM\SOFTWARE\Classes\US.US\CLSID -> Spyware.SeekSeek : Cleaned with backup
HKLM\SOFTWARE\Classes\US.US\CurVer -> Spyware.SeekSeek : Cleaned with backup
HKLM\SOFTWARE\Classes\US.US.1 -> Spyware.SeekSeek : Cleaned with backup
HKLM\SOFTWARE\Classes\VoiceIPDll.VoiceIPDllObj.1 -> Spyware.BetterInternet : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{D848A3CA-0BFB-4DE0-BA9E-A57F0CCA1C13} -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} -> Spyware.AdRoar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{120E090D-9136-4b78-8258-F0B44B4BD2AC} -> Spyware.Maxspeed : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{8F9FBEB8-D216-4d6c-8D21-513157E09C0D} -> Spyware.Maxspeed : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MediaTickets -> Spyware.PurityScan : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SEP -> Spyware.SEP : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TimeSync -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8F9FBEB8-D216-4d6c-8D21-513157E09C0D} -> Spyware.Maxspeed : Cleaned with backup
HKLM\SOFTWARE\Mvu -> Spyware.Delfin : Cleaned with backup
HKLM\SOFTWARE\Policies\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Wast -> Spyware.BroadCastPC : Cleaned with backup
HKLM\SOFTWARE\WildMedia -> Spyware.MidAddle : Cleaned with backup
HKLM\SOFTWARE\WildMedia\LicenseStores -> Spyware.MidAddle : Cleaned with backup
HKU\S-1-5-21-1603163162-1925696267-1849412549-1008\Software\2nd -> Spyware.SecondThought : Cleaned with backup
HKU\S-1-5-21-1603163162-1925696267-1849412549-1008\Software\2nd\Client -> Spyware.SecondThought : Cleaned with backup
HKU\S-1-5-21-1603163162-1925696267-1849412549-1008\Software\Policies\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-21-1603163162-1925696267-1849412549-1008\Software\Search404 -> Spyware.404Search : Cleaned with backup
HKU\S-1-5-21-1603163162-1925696267-1849412549-1008\Software\Search404\all -> Spyware.404Search : Cleaned with backup
HKU\S-1-5-21-1603163162-1925696267-1849412549-1008\Software\TimeSynchonization -> Spyware.DealHelper : Cleaned with backup
HKU\S-1-5-21-1603163162-1925696267-1849412549-1008\Software\TimeSynchonization\Time Synchronize -> Spyware.DealHelper : Cleaned with backup
HKU\S-1-5-21-1603163162-1925696267-1849412549-1008\Software\VoiceIP -> Spyware.BetterInternet : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Cookies\mary walkup@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Cookies\mary walkup@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Cookies\mary walkup@adopt.specificclick[1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Cookies\mary walkup@adorigin[2].txt -> Spyware.Cookie.Adorigin : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Cookies\mary walkup@ads.addynamix[1].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Cookies\mary walkup@ads.pointroll[1].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Cookies\mary walkup@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Cookies\mary walkup@as-us.falkag[1].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Cookies\mary walkup@as1.falkag[2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Cookies\mary walkup@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Cookies\mary walkup@bfast[2].txt -> Spyware.Cookie.Bfast : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Cookies\mary walkup@bs.serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Cookies\mary walkup@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Cookies\mary walkup@centrport[1].txt -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Cookies\mary walkup@citi.bridgetrack[1].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Cookies\mary walkup@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Cookies\mary walkup@data.coremetrics[1].txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Cookies\mary walkup@doubleclick[2].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Cookies\mary walkup@e-2dj6wfk4wpdpefo.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Cookies\mary walkup@e-2dj6wfliwocpcdp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Cookies\mary walkup@e-2dj6wflownd5wbo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Cookies\mary walkup@e-2dj6wjlyggcjckq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Cookies\mary walkup@e-2dj6wjmysmcjaaq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Cookies\mary walkup@e-2dj6wjmywhd5ghp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Cookies\mary walkup@e-2dj6wjny-1ncpse.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Cookies\mary walkup@e-2dj6wjnyumczsaq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Cookies\mary walkup@edge.ru4[1].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Cookies\mary walkup@ehg-dig.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Cookies\mary walkup@evergladesdirect.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Cookies\mary walkup@fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Cookies\mary walkup@hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Cookies\mary walkup@linksynergy[2].txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Cookies\mary walkup@media.fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Cookies\mary walkup@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Cookies\mary walkup@msnportal.112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Cookies\mary walkup@overture[2].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Cookies\mary walkup@perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Cookies\mary walkup@qksrv[2].txt -> Spyware.Cookie.Qksrv : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Cookies\mary walkup@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Cookies\mary walkup@revenue[1].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Cookies\mary walkup@rotator.adjuggler[1].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Cookies\mary walkup@sales.liveperson[2].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Cookies\mary walkup@server.iad.liveperson[1].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Cookies\mary walkup@serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Cookies\mary walkup@shopathomeselect[2].txt -> Spyware.Cookie.Shopathomeselect : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Cookies\mary walkup@stat.onestat[2].txt -> Spyware.Cookie.Onestat : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Cookies\mary walkup@tradedoubler[1].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Cookies\mary walkup@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Cookies\mary walkup@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Cookies\mary walkup@valueclick[1].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Cookies\mary walkup@vitacost.122.2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Cookies\mary walkup@www.burstbeacon[2].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Cookies\mary walkup@www.epilot[1].txt -> Spyware.Cookie.Epilot : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Cookies\mary walkup@yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Cookies\mary walkup@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Local Settings\Temp\180sainstallernu.exe/clientax.dll -> Spyware.180Solutions : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Local Settings\Temp\180sainstallernu.exe/clientax.dll -> Spyware.180Solutions : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Local Settings\Temp\404SearchUninstall.exe -> Spyware.404Search : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Local Settings\Temp\adlinstallwin32.exe_ -> Spyware.Adstart.a : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Local Settings\Temp\alchem.cab/alchem.exe -> Downloader.Alchemic : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Local Settings\Temp\B9B17.tmp/iisver.exe -> Spyware.Hijacker.Generic : Error during cleaning
C:\Documents and Settings\Mary Walkup\Local Settings\Temp\C8C14.tmp/mwsvm.exe -> Spyware.Suggestor : Error during cleaning
C:\Documents and Settings\Mary Walkup\Local Settings\Temp\fEGhYef.exe -> Downloader.IstBar.fg : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Local Settings\Temp\furYaGs.exe -> Downloader.IstBar.fj : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Local Settings\Temp\gstin.exe -> Downloader.Delmed.a : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Local Settings\Temp\i12.tmp -> Downloader.Totavel.a : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Local Settings\Temp\i16.tmp_ -> Downloader.Small.id : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Local Settings\Temp\i26.tmp_ -> Downloader.Small.id : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Local Settings\Temp\i45.tmp_ -> Downloader.Small.id : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Local Settings\Temp\i4A2.tmp -> Downloader.Small.id : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Local Settings\Temp\i4E6.tmp -> Downloader.Small.id : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Local Settings\Temp\i527.tmp -> Downloader.Small.id : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Local Settings\Temp\i580.tmp -> Downloader.Small.id : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Local Settings\Temp\i581.tmp -> Downloader.Small.id : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Local Settings\Temp\i585.tmp -> Downloader.Small.id : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Local Settings\Temp\i59F.tmp -> Downloader.Small.id : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Local Settings\Temp\i5AF.tmp -> Downloader.Small.id : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Local Settings\Temp\i5D3.tmp -> Downloader.Small.id : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Local Settings\Temp\i5FA.tmp -> Downloader.Small.id : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Local Settings\Temp\i62E.tmp -> Downloader.Small.id : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Local Settings\Temp\i64.tmp_ -> Downloader.Small.id : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Local Settings\Temp\i687.tmp -> Downloader.Small.id : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Local Settings\Temp\i6A8.tmp -> Downloader.Small.id : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Local Settings\Temp\i6B1.tmp -> Downloader.Small.id : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Local Settings\Temp\i6C8.tmp -> Downloader.Small.id : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Local Settings\Temp\i6D8.tmp -> Downloader.Small.id : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Local Settings\Temp\i701.tmp -> Downloader.Small.id : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Local Settings\Temp\i75B.tmp -> Downloader.Small.id : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Local Settings\Temp\i78B.tmp -> Downloader.Small.id : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Local Settings\Temp\i7A6.tmp -> Downloader.Small.id : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Local Settings\Temp\i7E.tmp_ -> Downloader.Small.id : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Local Settings\Temp\i80C.tmp -> Downloader.Small.id : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Local Settings\Temp\i80E.tmp -> Downloader.Small.id : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Local Settings\Temp\i828.tmp -> Downloader.Small.id : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Local Settings\Temp\i867.tmp -> Downloader.Small.id : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Local Settings\Temp\i89A.tmp -> Downloader.Small.id : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Local Settings\Temp\i8A.tmp -> Spyware.SurfSide : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Local Settings\Temp\iB5.tmp_ -> Downloader.Small.id : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Local Settings\Temp\iE5.tmp_ -> Downloader.Small.id : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Local Settings\Temp\iF2.tmp_ -> Downloader.Small.id : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Local Settings\Temp\instnotify.exe -> Trojan.VB.kq : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Local Settings\Temp\res5DA.tmp -> Spyware.180Solutions : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Local Settings\Temp\temp.cab/IExploreSkins.exe -> Spyware.WebSearch : Error during cleaning
C:\Documents and Settings\Mary Walkup\Local Settings\Temp\temp.cab/toolbar.dll -> Spyware.WebSearch : Error during cleaning
C:\Documents and Settings\Mary Walkup\Local Settings\Temp\toolbar.dll -> Spyware.WebSearch : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Local Settings\Temp\WToolsB.dll -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Local Settings\Temp\~19326.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Local Settings\Temp\~399161.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Local Settings\Temp\~465757.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Local Settings\Temp\~621454.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Local Settings\Temp\~637684.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Local Settings\Temp\~709958.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Local Settings\Temp\~710237.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Local Settings\Temp\~747496.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Local Settings\Temp\~793768.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Local Settings\Temp\~799894.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Local Settings\Temp\~8068859248.tmp -> Downloader.Siboco : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Local Settings\Temp\~842423.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Local Settings\Temp\~845523.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Local Settings\Temp\~848640.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Local Settings\Temp\~874961.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Local Settings\Temp\~881065.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Local Settings\Temp\~889463.tmp -> Spyware.Wintools : Cleaned with backup
C:\EXACTADVERTISING.exe -> Trojan.ExHosts : Cleaned with backup
C:\Overpro323.exe -> Downloader.Agent.ac : Cleaned with backup
C:\Program Files\AutoUpdate -> Spyware.AproposMedia : Cleaned with backup
C:\Program Files\AutoUpdate\libexpat.dll -> Spyware.AproposMedia : Cleaned with backup
C:\Program Files\Lycos\Sidesearch\ClrSchUninstall_78_86.exe -> Spyware.ClearSearch : Cleaned with backup
C:\Program Files\Lycos\Sidesearch\sidesearch1400.dll -> Spyware.SideSearch : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\00604FCC-2101-4F28-AA20-4AA2F6.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\008F8DF7-B961-462B-A7F1-A9D0C6.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\00C211DA-C1ED-4983-8ACC-9F729A.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\00C91E10-AA70-4862-8ACF-233CC4.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\014F6CCB-2CA3-4EBA-9E54-0E33D5.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\0196FB07-9060-4245-8EFB-641191.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\01C3A4B5-B425-454C-8229-BCCA3F.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\02B623B2-159B-49ED-A5C7-002901.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\0373697F-28F4-40E2-8DCD-AF6368.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\03C9A97D-447E-4735-96F3-076671.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\03E4F4B3-1A8C-49F7-9294-CD19F6.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\04ACB1EF-0B71-47B0-8F50-DB3123.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\04B2608E-6BBD-4308-AE1B-13EA17.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\050742E3-BF6E-411B-B86B-6AD3AB.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\0553BDE1-CB10-4301-92C1-2657BA.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\05550435-D749-4950-AD37-AF0720.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\056EBF7B-9098-43A1-B835-B7BB33.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\06439DB9-6AE8-4324-BF99-15118A.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\07137EC0-6F07-44CC-95C4-25A3A8.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\07931B08-DC64-461D-B32B-9040C3.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\07C2A99C-F54A-48E1-BF9D-ACB075.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\07DC00F3-3E42-490D-9971-63BC61.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\080E7147-471F-422A-BA03-B09F02.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\0828B919-324A-4A67-8CD4-F3E915.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\08A169FA-83B3-48F8-85AB-F15F0A.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\08DE90D9-3C10-4110-851E-DDFA15.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\0922A431-9765-4D9D-8BC5-CA7E59.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\092A80F6-3B6F-4A0F-B636-8641CD.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\0B1D10D4-726A-4268-AD7E-781FB4.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\0C3C4644-B359-48CA-8CD9-E15A71.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\0C413B61-9E7A-467C-913D-A71EAF.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\0C54743C-4361-4714-8883-E2B608.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\0D170964-F24B-4C44-9588-C6351F.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\0D24B0A4-4753-461B-989F-9F4C89.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\0DB32B8A-163D-492F-9217-23C420.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\0DD70A6D-DC7B-4AF5-9574-7B615F.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\0E3F0E81-9A10-4784-B9EE-E906AA.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\0EE3C80F-FFE1-4517-B2BD-F816D9.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\0EF08893-02A1-4A2C-AB84-312794.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\0EF36C55-912C-4934-B4CB-96B445.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\0F79094D-D0AF-4032-9BE7-316CAB.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\0FA6821F-43F0-4680-815E-6031DE.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\0FEB0D9A-5248-42F1-A868-3B3085.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\0FF53A3B-14FA-4A1E-9353-438F4F.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\0FF83F4C-DF06-4065-A6B2-E2BC5A.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\1074D672-A1B5-4AA0-8CEE-8EC33C.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\1074DF1C-234C-4751-AF80-DD608C.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\108A13C5-3BE2-4C56-B16B-655803.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\108D619A-C15C-4FED-8E11-7481A4.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\10E19238-D376-4E01-8FD6-B70846.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\11D62021-07DD-4758-9CC4-E19CF6.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\124BECAA-1A10-4192-8977-6FEDF8.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\1261F333-DE98-4212-A469-ADAE46.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\13139189-E1F2-4623-BCF2-E9C0AF.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\1373883D-1465-44AC-8225-8871EE.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\13CA6EFE-3AB4-45B2-8FE7-160A53.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\14728472-33A6-4EFD-B957-8F6641.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\157948EB-A7AD-4903-B8A4-527277.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\15EA2CAF-E3FF-4F4A-A3B8-49B082.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\15ECC4E7-5CB8-40AD-9696-54B38B.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\163767C1-F010-48D9-99A2-C6B2C6.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\16CBCDBB-CB06-4976-8EFA-104857.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\16CE61FD-C25F-4682-AF96-B13A57.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\16EFCF4B-1208-4A71-9D20-683F79.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\170075B8-7CEF-44BA-8036-6F085F.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\174F4280-2324-4A34-ACC8-A3B97E.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\1773E31F-E235-467A-8E59-2BB0D8.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\1785FB4D-8769-4C20-9749-6A925A.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\17BE87F4-73A1-4DEA-8CBF-3FAEB2.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\187A268F-7A51-4F8A-9679-2CB57C.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\19D96814-5311-4F8E-A523-9131BF.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\1A48E133-7B1A-49DE-AD98-87764D.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\1AA1441D-1CF6-4CCA-8078-743614.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\1AB6731E-3A74-48E1-A188-472467.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\1AD0EB0B-0F76-47A1-9A42-07543B.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\1B5B9D07-03D7-4099-8D7E-C3850F.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\1B8263C7-79B6-46EE-86FB-A18C66.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\1C4B29B0-AEDC-4C71-BD1B-6236E6.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\1CE24266-23C6-4A03-8C38-CC0DCE.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\1D5F78CE-5B54-4032-9CB5-04AE05.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\1DDF2972-D7A9-4399-943B-EAABFB.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\1E22FFDB-F850-4293-9C0E-25BBF2.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\1E32B5B4-95FF-426C-9EAE-B41C7F.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\1E33AEE2-D183-4551-9079-FDFF1F.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\1E81BAC3-EA80-4D85-8F4E-8CEBB0.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\1EADB10A-0A13-4431-9B19-C78556.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\1F2296C7-D2D7-4EF0-9BA8-4653E5.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\20C999F2-CB9A-426B-AC21-AD61E3.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\216DCD3A-96BE-4C66-9682-CC2C72.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\21D5D09B-1B44-4065-AA24-81694A.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\2204529D-C078-4A18-8B06-B5233C.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\22380EEC-2155-4F69-8BAC-38F010.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\226E402E-B49B-44BB-BA9B-2286D9.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\235F5776-5D14-4A9F-91BD-7AFB16.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\2369A3A3-8805-4FB2-8CC1-B9FED2.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\23D3C2EC-F2FA-42ED-9D55-1932E7.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\23D6C4F5-70F8-419A-A7E9-34E242.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\23FDE9B6-C672-464F-9046-660B79.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\242564C0-4421-49AC-BE53-A427D3.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\24987E32-D647-4956-AEC0-CB6E68.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\24A1A7E2-2BD5-47E8-9C82-479955.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\24C150C3-3149-422D-BCF1-7D1645.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\255B6AE3-93FB-4F6E-9179-1198CD.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\25A2AF66-D73C-45F0-93AB-662052.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\2654F979-1AC1-4D16-A953-5C1E9B.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\26B4D8EE-7BDB-43AB-871B-89AD33.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\272D5A7A-1403-49AA-AEBD-1A62B1.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\272DF4F1-F138-4087-868B-B26248.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\27659D38-FD13-449A-B949-252C89.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\27C8A3FD-B64C-4FEF-A471-C8FC08.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\27F53B4A-ED65-49F2-927D-AD1E47.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\28BDE089-ADA9-4D4E-857E-AB93EF.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\28BE4CF6-B7D6-4459-9A46-B4E993.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\297FB41F-60EF-4E7B-80CA-6B0B3A.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\299041AF-EB75-46A5-BCFD-75B1D7.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\2A5CAD5E-05CA-47B0-886A-4BA7A9.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\2AF233FF-F10D-4C42-AC6B-5097F5.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\2AF86D9C-478F-4656-BF1F-7F63F0.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\2B357BCF-CCC2-4404-8383-513B0D.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\2D861EE5-DAC3-49E9-9741-EA3D38.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\2DBFA125-2185-4212-A89A-39C8F7.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\2DDC703E-4574-40CE-9601-CBD375.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\2E6C0C5F-1B6A-43BD-BBDA-1E6EC0.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\2F08632E-5FD2-46CD-874D-001322.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\30104869-6858-4AF1-8CB5-838E46.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\304AD087-364C-4838-8771-8F4723.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\309DB497-440F-4550-A033-B3661F.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\30ECC994-A7D0-4575-875F-409A59.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\31AF88D2-EAC7-4BB7-A0C9-F960A7.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\3250F4DE-B594-44DE-9E85-8A9475.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\3258B7A9-D8CD-4054-88B0-4EC168.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\325C6934-C1E2-4E30-BDE9-85DFEA.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\35D35D20-188C-41A5-ADA8-7AF894.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\36C9823C-DB7E-42B0-AE2E-631238.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\36F1A8E0-71D9-4BB1-8776-43A862.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\37B132C7-C670-4FDB-8F48-E37312.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\3888BB0A-BBB3-4799-A2DB-B00AB7.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\3A17CE1A-AB43-4448-AC4F-FAB11D.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\3B1AE235-FD63-42B0-B64C-0D4068.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\3B372E20-824F-4481-A06A-A03137.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\3B44ED67-FC08-4DE1-B023-E89C3A.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\3B668410-3C96-4EF0-BBFB-61C8D8.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\3B8D37DB-668C-4516-8221-CB9D29.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\3C00426C-0875-45C5-9248-4BA58E.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\3C31D985-ADD3-4BBB-A020-3413FF.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\3C36BE53-CAE6-4CB5-8A4D-56C167.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\3D255255-24F3-489A-86B2-1F37D9.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\3D32B54B-05D4-497E-A60F-6BCFE2.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\3D8E5353-D0C9-4FBA-8272-520268.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\3E035CB8-6A43-43B5-AD18-C0FB5C.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\3E50D936-5300-4F20-97FA-BA2399.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\3E7E90FB-CAAA-4DAE-8F74-BDFF0E.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\3ECCCE53-005C-4B1F-A002-11AE28.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\4064CD78-AD2F-4A4E-8550-798CCA.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\416C369A-611A-4213-9029-200A0D.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\41794C3C-4220-4788-822D-F04A1B.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\42462734-CA6B-4265-B1FF-364222.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\4365B1D8-3F81-44B3-AE73-6B15A8.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\43B1B32B-18DD-4447-B9EF-E2A90A.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\44466130-60DA-467E-B4C8-A7AEBD.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\45385B60-FD87-4690-9821-33E271.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\453D5B33-C2D3-4EE8-9C5D-7FE1DF.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\4616AEBF-ABF7-4C36-AEE7-4E260D.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\47844809-6B22-4710-8160-9E0D27.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\48861E86-BE04-44DD-8073-969C00.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\48A938FA-F2B6-40B8-BE4E-F75FBC.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\48CB4D22-1467-4DC4-9345-FFDD2F.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\48F61FF2-B64C-4EC1-84CA-2BDB35.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\49001734-084C-43BB-813D-6DBF8C.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\49084AAC-F30A-432D-B88D-8C3E49.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\498B602A-D3A4-4389-9693-8D5D05.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\4A09838C-C8C1-4C59-A224-FDE733.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\4A41EF3F-ED4B-4E1C-AFD4-573E4F.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\4A96A224-FDC6-40B1-B382-989165.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\4A9E6DED-460B-4DC6-BAC3-529F0F.asq -> Backdoor.Agent.bg : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\4AE991AD-47C1-4DE2-8D6C-

#5 JG427

JG427

  • Members
  • 241 posts
  • OFFLINE
  •  
  • Local time:11:47 AM

Posted 11 December 2005 - 11:53 PM

It looks like ewido hit the jackpot!

The log from ewido was probably too long to fit into the post.
Lets run another scan with ewido and post the new report.
It should be much shorter this time.

I also still need to see a fresh log from hijackthis.
Restart your system after the ewido scan, then scan with hijackthis.

Post the new report from ewido and the log from hijackthis.
Posted Image

#6 iduaaudi

iduaaudi
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:47 PM

Posted 12 December 2005 - 03:06 PM

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 1:47:01 PM, 12/12/2005
+ Report-Checksum: B78ABD4C

+ Scan result:

C:\Documents and Settings\Mary Walkup\Cookies\mary walkup@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Cookies\mary walkup@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Cookies\mary walkup@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Cookies\mary walkup@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Local Settings\Temp\B9B17.tmp/iisver.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Local Settings\Temp\C8C14.tmp/mwsvm.exe -> Spyware.Suggestor : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Local Settings\Temp\temp.cab/IExploreSkins.exe -> Spyware.WebSearch : Cleaned with backup
C:\Documents and Settings\Mary Walkup\Local Settings\Temp\temp.cab/toolbar.dll -> Spyware.WebSearch : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP382\A0069530.exe -> Trojan.ExHosts : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP382\A0069531.exe -> Downloader.Agent.ac : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP382\A0069533.exe -> Spyware.ClearSearch : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP382\A0069534.dll -> Spyware.SideSearch : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP382\A0069535.exe -> Dropper.SurfSide.a : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP382\A0069536.exe -> Downloader.Small.kl : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP382\A0069537.exe -> Trojan.SecondThought.g : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP382\A0069538.exe -> Trojan.SecondThought.aa : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP382\A0069539.exe -> Spyware.iSearch : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP382\A0069540.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP382\A0069541.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP382\A0069542.exe -> Spyware.UrlSpy : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP382\A0069543.exe -> Spyware.IEDriver : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP382\A0069544.exe -> Spyware.UrlSpy : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP382\A0069545.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP382\A0069546.exe -> Downloader.3746.A : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP382\A0069547.exe -> Spyware.UrlSpy : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP382\A0069548.exe -> Spyware.VirtualBouncer : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP382\A0069549.dll -> Dropper.Mudrop.m : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP382\A0069550.exe -> Trojan.SecondThought.l : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP382\A0069551.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP382\A0069552.exe -> Downloader.IstBar.er : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP382\A0069553.exe -> Spyware.404Search : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP382\A0069554.exe -> Backdoor.VB.oq : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP382\A0069555.dll -> Spyware.ClientMan : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP382\A0069556.dll -> Spyware.Ipend : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP382\A0069557.dll -> Spyware.ClientMan : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP382\A0069558.exe -> Spyware.MediaTickets : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP382\A0069559.dll -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP382\A0069560.exe -> Downloader.Turown.G : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP382\A0069561.exe -> Downloader.Alogics.a : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP382\A0069562.exe -> Downloader.Apropo.f : Cleaned with backup
C:\WINDOWS\SYSTEM32\psis80ex.ax/C:/WINDOWS/System32/mscb.dll -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\SYSTEM32\psis80ex.ax/C:/Program Files/CashBack/bin/cashback.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\SYSTEM32\psis80ex.ax/C:/Program Files/CashBack/bin/cb.exe -> Spyware.CashBack : Cleaned with backup
C:\WINDOWS\SYSTEM32\psis80ex.ax/C:/Program Files/CashBack/bin/flash.exe -> Spyware.CashBack : Cleaned with backup
C:\WINDOWS\Temp\temp.cab/IExploreSkins.exe -> Spyware.WebSearch : Cleaned with backup
C:\WINDOWS\Temp\THI128D.tmp\VoiceIP.cab/VoiceIp.dll -> Spyware.BiSpy : Cleaned with backup


::Report End

Logfile of HijackThis v1.99.1
Scan saved at 1:51:04 PM, on 12/12/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\QuickSet.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\jawa32.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\l?ass.exe
C:\Program Files\Common Files\AOL\1126580615\ee\AOLHostManager.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\nrpn\osoa.exe
C:\Program Files\Common Files\AOL\1126580615\ee\AOLServiceHost.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\SCANJET\PrecisionScan\hpppt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Common Files\AOL\1126580615\ee\AOLServiceHost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50171
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\RealBar.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {A1C75DCB-925A-EADD-2C07-BD89197C69B7} - C:\WINDOWS\System32\aubwwp.dll
O2 - BHO: (no name) - {B6CD4E7E-85C0-8A69-980E-DDC86DFC2C96} - C:\WINDOWS\System32\xhg.dll (file missing)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {D3D7D556-4EE1-1E4D-E6DC-106477AE1B92} - C:\WINDOWS\System32\cwgf.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\RealBar.dll
O3 - Toolbar: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Jawa32] C:\WINDOWS\jawa32.exe
O4 - HKLM\..\Run: [Jawa322] C:\WINDOWS\jawa32.exe
O4 - HKLM\..\Run: [Rzvdnu] C:\WINDOWS\svchost.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1126580615\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Jawa32] C:\WINDOWS\jawa32.exe
O4 - HKCU\..\Run: [Jawa322] C:\WINDOWS\jawa32.exe
O4 - HKCU\..\Run: [Jzf] C:\WINDOWS\System32\l?ass.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Ncao] "C:\Program Files\nrpn\osoa.exe" -vt rbnd
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Parallel Port Test.lnk = C:\SCANJET\PrecisionScan\hpppt.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O16 - DPF: {0122955E-1FB0-11D2-A238-006097FAEE8B} (CscClnt Class) - http://205.159.125.199/central/02030106/cc...everContent.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1117306788805
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

#7 JG427

JG427

  • Members
  • 241 posts
  • OFFLINE
  •  
  • Local time:11:47 AM

Posted 12 December 2005 - 09:36 PM

You have Microsoft AntiSpyware running on your system. While it's a good program, it may try to block some of the changes made by hijackthis.
Please right click the Microsoft AntiSpyware icon in the system tray and choose shutdown before continuing the fix.

Some files and folders may be hidden , change these settings to show them.
Open Windows Explorer & Go to Tools > Folder Options.
Click on the View tab
Place a checkmark at "Show hidden files and folders"
Uncheck "Hide protected operating system files"
Uncheck "hide extensions for known file types"
click "Apply to all folders"
Click "Apply" then "OK"

Scan with hijackthis and checkmark these lines:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50171
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: (no name) - {A1C75DCB-925A-EADD-2C07-BD89197C69B7} - C:\WINDOWS\System32\aubwwp.dll
O2 - BHO: (no name) - {B6CD4E7E-85C0-8A69-980E-DDC86DFC2C96} - C:\WINDOWS\System32\xhg.dll (file missing)

O2 - BHO: (no name) - {D3D7D556-4EE1-1E4D-E6DC-106477AE1B92} - C:\WINDOWS\System32\cwgf.dll (file missing)

O3 - Toolbar: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)

O4 - HKLM\..\Run: [Jawa32] C:\WINDOWS\jawa32.exe
O4 - HKLM\..\Run: [Jawa322] C:\WINDOWS\jawa32.exe
O4 - HKLM\..\Run: [Rzvdnu] C:\WINDOWS\svchost.exe

O4 - HKCU\..\Run: [Jawa32] C:\WINDOWS\jawa32.exe
O4 - HKCU\..\Run: [Jawa322] C:\WINDOWS\jawa32.exe
O4 - HKCU\..\Run: [Jzf] C:\WINDOWS\System32\l?ass.exe

O4 - HKCU\..\Run: [Ncao] "C:\Program Files\nrpn\osoa.exe" -vt rbnd

Close all browsers and open windows, except hijackthis, and click fix checked.
Exit from hijackthis.

Next, click the start button on the taskbar, then click control panel (or settings then control panel on xp pro )
In control panel, double click to open add/remove programs
Check for these in the list and click remove if found:
Purity Scan
Clickspring
nrpn
Cashback


Right click the start button on the taskbar and choose explore.
Navigate to and delete the files or folders marked in bold:
(some may be missing, delete any found)
C:\WINDOWS\jawa32.exe
C:\WINDOWS\svchost.exe<--- make sure your in the C:\WINDOWS\ folder NOT C:\WINDOWS\system32\
C:\Program Files\nrpn\<-- delete the folder
C:/Program Files/CashBack/<-- delete the folder


Clean out temporary and TIF files.
Click the start button, then click on Run..... and type in the box: cleanmgr.
Let it scan your system for files to remove.
Make sure these 3 are checked and then press *ok* to remove:
Temporary Files
Temporary Internet Files
Recycle Bin


Restart your system, scan with hijackthis and post the new log.

One file we need to delete, has a similar name as a windows system file.
Let's use the following batch file to list all copies of the file on your system.

Copy the contents of the quote box below.

Right click an empty area of the desktop and choose new > text document.
Right click and paste the text from the quote box into the new.txt
Click file >"Save as", name it FindFile.bat and change save as type to "all files".
Save to your desktop.

dir %Systemdrive%\l?ass.exe /a h /s > files.txt
start notepad files.txt

Double-click on FindFile.bat.
Your script blocking service may popup a warning, please allow it to run.
Wait for it to finish, then it will open files.txt
Please post the contents of files.txt here in your next reply along with the new hijackthis log.
Posted Image

#8 iduaaudi

iduaaudi
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:47 PM

Posted 12 December 2005 - 10:52 PM

Volume in drive C has no label.
Volume Serial Number is 344C-6177

Directory of C:\I386

08/29/2002 05:00 AM 11,776 LSASS.EXE
1 File(s) 11,776 bytes

Directory of C:\WINDOWS\SYSTEM32

08/29/2002 05:00 AM 11,776 LSASS.EXE
09/29/2005 07:33 AM 401,408 l?ass.exe
2 File(s) 413,184 bytes

Logfile of HijackThis v1.99.1
Scan saved at 9:40:04 PM, on 12/12/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\QuickSet.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Common Files\AOL\1126580615\ee\AOLHostManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Common Files\AOL\1126580615\ee\AOLServiceHost.exe
C:\SCANJET\PrecisionScan\hpppt.exe
C:\Program Files\Common Files\AOL\1126580615\ee\AOLServiceHost.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\RealBar.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\RealBar.dll
O3 - Toolbar: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1126580615\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Parallel Port Test.lnk = C:\SCANJET\PrecisionScan\hpppt.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O16 - DPF: {0122955E-1FB0-11D2-A238-006097FAEE8B} (CscClnt Class) - http://205.159.125.199/central/02030106/cc...everContent.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1117306788805
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

#9 JG427

JG427

  • Members
  • 241 posts
  • OFFLINE
  •  
  • Local time:11:47 AM

Posted 13 December 2005 - 07:04 PM

Here is the bad file to delete, 09/29/2005 07:33 AM 401,408 l?ass.exe
Notice the creation date and the file size. When you look for the file it will not have the question mark in the file name. The ? will be replaced with some aphabet character or odd symbol.

Open the folder at C:\WINDOWS\SYSTEM32 and scroll down to l?ass.exe.
Right click the file and check it's properties, the right one to delete will show the creation date of 09/29/2005
and a file size of 401,408 bytes.

Did you find and delete the file?

How is your system running now?
Posted Image

#10 iduaaudi

iduaaudi
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:47 PM

Posted 15 December 2005 - 10:09 PM

Couldn't delete, said it was in use by another program. Ant suggestions?

#11 JG427

JG427

  • Members
  • 241 posts
  • OFFLINE
  •  
  • Local time:11:47 AM

Posted 15 December 2005 - 10:38 PM

Try booting into safemode first.

Reboot into safemode
Restart the computer, as soon as the BIOS has finished loading, begin tapping the F8 key .
Continue to do so until the Windows Advanced Options menu appears.
Using the arrow keys, scroll to and select Safemode, then press Enter.
Posted Image

#12 JG427

JG427

  • Members
  • 241 posts
  • OFFLINE
  •  
  • Local time:11:47 AM

Posted 08 January 2006 - 12:53 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users