• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
    • Budfred

      PLEASE READ - Reversing upgrade   02/23/2017

      We have found that this new upgrade is somewhat of a disaster.  We are finding lots of glitches in being able to post and administer the forum.  Additionally, there are new costs associated with the upgrade that we simply cannot afford.  As a result, we have decided to reverse course and go back to the previous version of our software.  Since this will involve restoring it from a backup, we will lose posts that have been added since January 30 or possibly even some before that.    If you started a topic during that time, we urge you to make backups of your posts and you will need to start the topics over again after the change.  You can simply paste the copies of your posts that you created at that point.    If you joined the forum this month, you will need to re-register since your membership will be lost along with the posts.  Since you have a concealed password, we cannot simply restore your membership for you.   We are going to backup as much as we can so that it will reduce inconvenience for our members.  Unfortunately we cannot back everything up since much will be incompatible with the old version of our software.  We apologize for the confusion and regret the need to do this even though it is not viable to continue with this version of the software.   We plan to begin the process tomorrow evening and, if it goes smoothly, we shouldn't be offline for very long.  However, since we have not done this before, we are not sure how smoothly it will go.  We ask your patience as we proceed.   EDIT: I have asked our hosting service to do the restore at 9 PM Central time and it looks like it will go forward at that time.  Please prepare whatever you need to prepare so that we can restore your topics when the forum is stable again.
Sign in to follow this  
Followers 0
rleatham

Extortionware problem

25 posts in this topic

(edit: I noticed a new version of hijackthis but when I try to run it it failed with a windows has encountered an error and must close this file.)

 

I've been invaded with pop-ups. I use IE. The browser has not been hijacked or redirected. I have a search bar added wich redirects to

 

http://www.searchmiracle.com/bar/search.ph...urran02&qq=find

 

I have 2 new programs installed in search bar, Virtual Bouncer and Ad Destroyer. I can uninstall these but they always get reinstalled. I have run AdAware and Spybot S&D. These will not remove all problems and do not start on reboot. Pop-up I get are mostly for getting rid of spyware and popups and some gambling ones also. I have read through the Q&A and would really appreciate any help at all. Following is a hijackthis.log

 

Logfile of HijackThis v1.98.2

Scan saved at 9:30:17 PM, on 12/18/2004

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe

C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe

C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\PROGRA~1\Toolbar\TBPSSvc.exe

C:\Program Files\Common Files\WinTools\WToolsS.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\vyoovc.exe

C:\WINDOWS\system32\NVATray.exe

C:\WINDOWS\SOINTGR.EXE

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe

C:\Program Files\Microsoft Hardware\Mouse\point32.exe

C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe

C:\WINDOWS\ptjl.exe

C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe

C:\PROGRA~1\VBOUNCER\VirtualBouncer.exe

C:\PROGRA~1\Toolbar\TBPS.exe

C:\Program Files\skype\Phone\Skype.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\WinTools\WSup.exe

C:\PROGRA~1\Toolbar\PIB.exe

C:\Program Files\AdDestroyer\AdDestroyer.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Roger\My Documents\My Received Files\hiackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50032

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmiracle.com/sp.php

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://exmormon.org/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50032

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50032

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll

O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll

O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll

O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 58.dll

O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll

O4 - HKLM\..\Run: [NVIDIA nForce APU1 Utilities] NVATray.exe

O4 - HKLM\..\Run: [sO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup

O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe

O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [C:\WINDOWS\ptjl.exe] C:\WINDOWS\ptjl.exe

O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe

O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBOUNCER\VirtualBouncer.exe

O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvryc32.exe

O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files\skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Startup: PowerReg Scheduler V3.exe

O4 - Startup: AdDestroyer.lnk = C:\Program Files\AdDestroyer\AdDestroyer.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll

O16 - DPF: ConferenceRoom Java Client - http://216.152.65.174:8000/java/cr.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - https://www.gamespyid.com/alaunch.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab27513.cab

O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab

O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.companion....ebio5_1_6_0.cab

O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\Toolbar\toolbar.dll

 

Thanks for any help.

Edited by rleatham

Share this post


Link to post
Share on other sites

Hi rleatham

 

I'm taking a look at your log now.

Please be patient and do not attempt to fix any entries.

I will be back shortly with a response.

Share this post


Link to post
Share on other sites

Hi rleatham and Welcome to SWI.

 

Your log shows you have several infections, which will take several steps to completely clean up your system.

 

First, you will have to download LSPFix

  • Unzip and run LSPFix.
  • Select: (Advanced) “I know what I’m doing”
  • Select all the instance of “calsp.dll” (left pane)
  • Select all the instance of “aklsp.dll” (left pane)
  • Click the right arrow to bring it to REMOVE (right pane)
  • Then click the FINISH button.

Restart your PC.

After Windows has loaded, delete the following file:

 

C:\Windows\System32\aklsp.dll

C:\Windows\System32\calsp.dll

 

Next, run HJT and check off the following:


  • R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
  • R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50032
  • R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmiracle.com/sp.php
  • R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50032
  • R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
  • R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php
  • R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50032
  • R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
  • R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
  • R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
  • O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
  • O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
  • O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 58.dll
  • O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll
  • O4 - HKLM\..\Run: [C:\WINDOWS\ptjl.exe] C:\WINDOWS\ptjl.exe
  • O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
  • O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBOUNCER\VirtualBouncer.exe
  • O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvryc32.exe
  • O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
  • O4 - Startup: AdDestroyer.lnk = C:\Program Files\AdDestroyer\AdDestroyer.exe
  • O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\Toolbar\toolbar.dll

The following is an optional fix. It is a registration reminder used by many companies. Many believe that it reports back to the company about your computer, therefore I would recommend checking this off too.

 

O4 - Startup: PowerReg Scheduler V3.exe

 

Next, close ALL windows except for HJT and click “Fix Checked”

 

Next, restart your PC in Safe Mode by tapping the F8 key repeatly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode using the arrow keys.

Then press enter on your keyboard to boot into Safe Mode.

 

Make sure you can view Hidden Files & Folder

 

Delete the following:

C:\WINDOWS\ptjl.exe (Delete the file)

C:\PROGRA~1\COMMON~1\WinTools (Delete the folder)

C:\PROGRA~1\VBOUNCER (Delete the folder) C:\windows\system32\kalvryc32.exe (Delete the file)

C:\PROGRA~1\Toolbar (Delete the folder)

C:\Program Files\AdDestroyer (Delete the folder)

 

Next, go to Add/Remove Programs in the Control Panel and remove: (if found)

WinTools

Virtual Bouncer

AdDestroyer

Elite Toolbar

Huntbar

 

Restart your PC.

Run HJT and post a fresh log.

Share this post


Link to post
Share on other sites

New hjt log. Still getting popup but not as many as before. Also Virtual Bouncer reinstalled.

 

Logfile of HijackThis v1.97.7

Scan saved at 12:22:59 PM, on 12/19/2004

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe

C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe

C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\NVATray.exe

C:\WINDOWS\SOINTGR.EXE

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe

C:\Program Files\Microsoft Hardware\Mouse\point32.exe

C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe

C:\WINDOWS\system32\vyoovc.exe

C:\Program Files\skype\Phone\Skype.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\PROGRA~1\VBOUNCER\VIRTUA~1.EXE

C:\HJT\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://exmormon.org/

O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll (file missing)

O4 - HKLM\..\Run: [NVIDIA nForce APU1 Utilities] NVATray.exe

O4 - HKLM\..\Run: [sO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup

O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe

O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvryc32.exe

O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe

O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBOUNCER\VirtualBouncer.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files\skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)

O16 - DPF: ConferenceRoom Java Client - http://216.152.65.174:8000/java/cr.cab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - https://www.gamespyid.com/alaunch.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.com/CAB/...7482.6454861111

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab27513.cab

O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab

O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.companion....ebio5_1_6_0.cab

Share this post


Link to post
Share on other sites

Alright. Let's get started.

 

First, I would like you to download Trojan Hunter (Trial)

http://www.trojanhunter.com/products/TrojanHunter.exe

 

Install, and then update the definitions.

Boot into safe mode.

 

Run TrojanHunter and let it clean/delete anything it finds.

Be sure to post the log/results in the next reply.

 

Next, restart your PC.

Perform an online scan at Trend Micro.

http://housecall.trendmicro.com

Again, be sure to note the names and paths of the malware, and post them in the next reply.

 

Restart your PC.

Run HJT and check off the following:

O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll (file missing)

O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvryc32.exe

O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe

O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBOUNCER\VirtualBouncer.exe

 

Next, close all windows except for HJT and click Fix Checked.

Next, restart your PC in safe mode.

 

Delete the following:

C:\windows\system32\kalvryc32.exe (Delete the file)

C:\Program Files\Toolbar (Delete the folder)

C:\Program Files\VBouncer (Delete the folder)

 

Next, go to Add/Remove in Control Panel

Remove (if found)

 

VBouncer

Huntbar

Toolbar

Elite Toolbar

 

Restart your PC.

Run HJT and post a fresh log along with the results of the scans done earlier.

Edited by CTS

Share this post


Link to post
Share on other sites

Popups and virtual bouncer.

 

From trojanhunter:

 

Registry scan

Registry key exists: HKEY_CLASSES_ROOT\CLSID\{825CF5BD-8862-4430-B771-0C15C5CA8DEF} (matches Adware.CoolWebSearch.119)

Registry key exists: HKEY_CLASSES_ROOT\CLSID\{825CF5BD-8862-4430-B771-0C15C5CA8DEF} (matches Adware.EliteToolbar.100)

Registry key exists: HKEY_LOCAL_MACHINE\SOFTWARE\Toolbar (matches Adware.IBIS.Toolbar.100)

Registry key exists: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Recommended Hotfix - 421701D (matches Adware.SmartPops.100)

Registry value and data exist: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Services\RURL=https://www.spywarelabs.com/CcTransSwl/CcTrans.asmx/CcSubmit (matches Adware.SpywareLabs.VirtualBouncer.100)

Registry key exists: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Virtual Bouncer (matches Adware.SpywareLabs.VirtualBouncer.101)

Registry key exists: HKEY_LOCAL_MACHINE\SOFTWARE\Elitum (matches Elitum.100)

Inifile scan

No suspicious entries found

Port scan

No suspicious open ports found

Memory scan

No trojans found in memory

File scan

Found trojan file: C:\WINDOWS\system32\dxmsvinn.dll (Adware.LookToMe.102)

Found trojan file: C:\WINDOWS\system32\bwotvid.dll (Adware.LookToMe.102)

Found trojan file: C:\WINDOWS\system32\kxcom.dll (Adware.LookToMe.102)

Found trojan file: C:\WINDOWS\system32\demsvinn.dll (Adware.LookToMe.102)

Found trojan file: C:\WINDOWS\system32\micoree.dll (Adware.LookToMe.102)

Found trojan file: C:\WINDOWS\system32\dlghelp.dll (Adware.LookToMe.102)

Found trojan file: C:\WINDOWS\system32\dkmsvinn.dll (Adware.LookToMe.102)

Found trojan file: C:\WINDOWS\system32\kucom.dll (Adware.LookToMe.102)

Found trojan file: C:\WINDOWS\system32\kicom.dll (Adware.LookToMe.102)

Found trojan file: C:\WINDOWS\system32\dgmsvinn.dll (Adware.LookToMe.102)

Found trojan file: C:\WINDOWS\system32\dsmsvinn.dll (Adware.LookToMe.102)

Found trojan file: C:\WINDOWS\system32\SWLAD2.dll (Adware.SpywareLabs.AdDestroyer.102)

Found trojan file: C:\WINDOWS\system32\kalvuej32.exe (Adware.CoolWebSearch.134)

Found trojan file: C:\WINDOWS\system32\kalvbym32.exe (Adware.CoolWebSearch.134)

Found trojan file: C:\WINDOWS\system32\bbotvid.dll (Adware.LookToMe.102)

Found trojan file: C:\WINDOWS\system32\kalvbdi32.exe (Adware.CoolWebSearch.134)

Found trojan file: C:\WINDOWS\system32\kalvjka32.exe (Adware.CoolWebSearch.134)

Found trojan file: C:\WINDOWS\system32\kalvxut32.exe (Adware.CoolWebSearch.134)

Found trojan file: C:\WINDOWS\system32\PopOops2.dll (Adware.SpywareLabs.AdDestroyer.102)

Found trojan file: C:\WINDOWS\system32\QuickBrowser.exe (Adware.CoolWebSearch.135)

Found trojan file: C:\WINDOWS\system32\PopOops.dll (Adware.SpywareLabs.AdDestroyer.102)

Found trojan file: C:\WINDOWS\system32\kalvjtu32.exe (Adware.CoolWebSearch.134)

Found trojan file: C:\WINDOWS\system32\kalvvdp32.exe (Adware.CoolWebSearch.134)

Found trojan file: C:\WINDOWS\system32\kalvbsx32.exe (Adware.CoolWebSearch.134)

Found trojan file: C:\WINDOWS\system32\kalvxas32.exe (Adware.CoolWebSearch.134)

Found trojan file: C:\WINDOWS\system32\kalvvaj32.exe (Adware.CoolWebSearch.134)

Found trojan file: C:\WINDOWS\system32\kalvxlm32.exe (Adware.CoolWebSearch.134)

Found trojan file: C:\WINDOWS\system32\kalvflf32.exe (Adware.CoolWebSearch.134)

Found trojan file: C:\WINDOWS\system32\kalvyzx32.exe (Adware.CoolWebSearch.134)

Found trojan file: C:\WINDOWS\system32\kalvlme32.exe (Adware.CoolWebSearch.134)

Found trojan file: C:\WINDOWS\system32\kalveys32.exe (Adware.CoolWebSearch.134)

Found trojan file: C:\WINDOWS\system32\kalvjxa32.exe (Adware.CoolWebSearch.134)

Found trojan file: C:\WINDOWS\system32\kalvbva32.exe (Adware.CoolWebSearch.134)

Found trojan file: C:\WINDOWS\system32\kalvjel32.exe (Adware.CoolWebSearch.134)

Found trojan file: C:\WINDOWS\system32\kalvyrl32.exe (Adware.CoolWebSearch.134)

Found trojan file: C:\WINDOWS\Temp\1612781.dll (Adware.EliteToolbar.103)

Found trojan file: C:\WINDOWS\Temp\1365953.dll (Adware.EliteToolbar.103)

Found trojan file: C:\WINDOWS\Temp\1584515.dll (Adware.EliteToolbar.103)

Found trojan file: C:\WINDOWS\Temp\1352031.dll (Adware.EliteToolbar.103)

Found trojan file: C:\WINDOWS\Temp\1580640.dll (Adware.EliteToolbar.103)

Found trojan file: C:\WINDOWS\Temp\1441250.dll (Adware.EliteToolbar.103)

Found trojan file: C:\WINDOWS\Temp\1876203.dll (Adware.EliteToolbar.103)

Found trojan file: C:\WINDOWS\Temp\1350203.dll (Adware.EliteToolbar.103)

Found trojan file: C:\WINDOWS\Temp\1381078.dll (Adware.EliteToolbar.103)

Found trojan file: C:\WINDOWS\Temp\1168687.dll (Adware.EliteToolbar.103)

Found trojan file: C:\WINDOWS\Temp\1112734.dll (Adware.EliteToolbar.103)

Found trojan file: C:\WINDOWS\Temp\1612687.dll (Adware.EliteToolbar.103)

Found trojan file: C:\WINDOWS\Temp\1107187.dll (Adware.EliteToolbar.103)

Found trojan file: C:\WINDOWS\Temp\1625968.dll (Adware.EliteToolbar.103)

Found trojan file: C:\WINDOWS\Temp\1351875.dll (Adware.EliteToolbar.103)

Found trojan file: C:\WINDOWS\EliteToolBar\EliteToolBar version 58.dll (Adware.EliteToolbar.103)

Found trojan file: C:\WINDOWS\systb.exe/sck3O.exe (Adware.IEPlugin.100)

Found trojan file: C:\WINDOWS\EliteSideBar\EliteSideBar 07.dll/EdBkU.exe (Adware.EliteToolbar.101)

Found trojan file: C:\Documents and Settings\Roger\Local Settings\Temp\Temporary Internet Files\Content.IE5\0J550OIT\silent_install[1].exe (Adware.CoolWebSearch.132)

Found trojan file: C:\Documents and Settings\Roger\Local Settings\Temp\Temporary Internet Files\Content.IE5\SE5HWTPA\protector[1].exe (Adware.CoolWebSearch.134)

Found trojan file: C:\Program Files\Web Offer\CHPON.dll (Adware.Ezula.WebOffer.100)

Found trojan file: C:\Program Files\Web Offer\eapbh.dll (Adware.Ezula.TopText-iLookup.104)

Found trojan file: C:\Program Files\Web Offer\sepng.dll (Adware.Ezula.TopText-iLookup.104)

Found trojan file: C:\HJT\backup-20041219-113154-558.dll (Adware.EliteToolbar.103)

Found trojan file: C:\HJT\backup-20041219-113154-423.dll (Adware.IBIS.WinTools.105)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP497\A0723544.exe (TrojanDownloader.QDown.102)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP497\A0723546.exe (Adware.BargainBuddy.104)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP497\A0723547.exe (Adware.BargainBuddy.104)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP497\A0723548.exe (Adware.BargainBuddy.104)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP497\A0723553.exe/grejhoMX.exe (Adware.LookToMe.125)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP497\A0724224.exe (Adware.BargainBuddy.104)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP497\A0724229.exe (Adware.BargainBuddy.104)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP497\A0724240.exe (Adware.BargainBuddy.104)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP497\A0724242.exe (Adware.BargainBuddy.104)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP497\A0724246.exe (Adware.BargainBuddy.104)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP497\A0724257.exe (Adware.BargainBuddy.104)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP497\A0724258.exe (Adware.BargainBuddy.104)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP497\A0724260.exe (Adware.BargainBuddy.104)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP497\A0724278.exe (Adware.BargainBuddy.101)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP497\A0724278.exe (Adware.BargainBuddy.104)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP497\A0724282.exe (Adware.BargainBuddy.101)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP497\A0724282.exe (Adware.BargainBuddy.104)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP497\A0724322.exe (Adware.BargainBuddy.101)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP497\A0724322.exe (Adware.BargainBuddy.104)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP497\A0724326.exe (Adware.BargainBuddy.101)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP497\A0724326.exe (Adware.BargainBuddy.104)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP497\A0724339.exe (Adware.BargainBuddy.101)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP497\A0724340.exe (Adware.BargainBuddy.104)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP497\A0724347.exe (Adware.BargainBuddy.104)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP497\A0726204.exe/TMoyhoq5.exe (Adware.LookToMe.125)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP497\A0726210.exe (Adware.BargainBuddy.104)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP497\A0726211.exe (Adware.BargainBuddy.104)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP497\A0726278.dll/vOx.exe (Adware.AvenueMedia.Dyfuca.104)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP497\A0726297.dll/MVyDwIwQ.exe (Adware.AvenueMedia.Dyfuca.104)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP497\A0726535.exe/Q2bHBTIi.exe (Adware.LookToMe.125)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP497\A0726685.exe/jp47YE45.exe (Adware.LookToMe.125)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP500\A0727185.exe (Adware.BargainBuddy.101)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP500\A0727185.exe (Adware.BargainBuddy.104)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP500\A0727209.exe/5zXpN.exe (Adware.LookToMe.125)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP501\A0727340.dll (Adware.Ezula.TopText-iLookup.104)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP501\A0727348.dll (Adware.Ezula.WebOffer.100)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP502\A0727642.exe (Adware.BargainBuddy.101)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP502\A0727642.exe (Adware.BargainBuddy.104)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP502\A0728567.exe/bn3lTr.exe (Adware.LookToMe.125)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP502\A0728690.exe/uoXJMVm.exe (Adware.LookToMe.125)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP502\A0728774.exe/S5IrnXt.exe (Adware.LookToMe.125)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP502\A0729774.exe/revg4.exe (Adware.LookToMe.125)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP502\A0729898.exe (Adware.BargainBuddy.101)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP502\A0729898.exe (Adware.BargainBuddy.104)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP502\A0729906.exe (Adware.IBIS.Toolbar.101)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP502\A0729907.exe/Okl.exe (Adware.LookToMe.125)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP502\A0729922.exe (Adware.IBIS.Toolbar.101)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP502\A0729935.exe (Adware.BargainBuddy.101)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP502\A0729935.exe (Adware.BargainBuddy.104)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP503\A0730002.exe (Adware.BargainBuddy.101)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP503\A0730002.exe (Adware.BargainBuddy.104)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP503\A0730015.exe (Adware.IEPlugin.100)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP504\A0730078.exe (Adware.BargainBuddy.101)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP504\A0730078.exe (Adware.BargainBuddy.104)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP504\A0730091.exe (Adware.BargainBuddy.101)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP504\A0730091.exe (Adware.BargainBuddy.104)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP504\A0730105.exe/UF1.exe (Adware.LookToMe.125)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP505\A0730146.exe (Adware.BargainBuddy.101)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP505\A0730146.exe (Adware.BargainBuddy.104)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP507\A0730263.exe (Adware.BargainBuddy.101)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP507\A0730263.exe (Adware.BargainBuddy.104)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP507\A0730320.exe (Adware.BargainBuddy.101)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP507\A0730320.exe (Adware.BargainBuddy.104)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP508\A0730491.dll (Adware.Ezula.TopText-iLookup.104)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP508\A0730494.dll (Adware.Ezula.WebOffer.100)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP508\A0730696.exe (Adware.BargainBuddy.101)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP508\A0730696.exe (Adware.BargainBuddy.104)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP508\A0730730.exe (Adware.BargainBuddy.101)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP508\A0730730.exe (Adware.BargainBuddy.104)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP508\A0730749.exe (Adware.BargainBuddy.101)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP508\A0730749.exe (Adware.BargainBuddy.104)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP509\A0730801.exe (Adware.BargainBuddy.101)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP509\A0730801.exe (Adware.BargainBuddy.104)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP509\A0730827.exe (Adware.BargainBuddy.101)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP509\A0730827.exe (Adware.BargainBuddy.104)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP509\A0730841.exe/ohyw.exe (Adware.LookToMe.125)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP509\A0730940.exe (Adware.BargainBuddy.101)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP509\A0730940.exe (Adware.BargainBuddy.104)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP509\A0731031.exe/Kysi.exe (Adware.LookToMe.125)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP509\A0731083.exe (Adware.BargainBuddy.101)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP509\A0731083.exe (Adware.BargainBuddy.104)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP509\A0731180.exe (Adware.BargainBuddy.101)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP509\A0731180.exe (Adware.BargainBuddy.104)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP509\A0731221.exe (Adware.BargainBuddy.101)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP509\A0731221.exe (Adware.BargainBuddy.104)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP510\A0731306.exe (Adware.BargainBuddy.101)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP510\A0731306.exe (Adware.BargainBuddy.104)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP511\A0731355.exe (Adware.BargainBuddy.101)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP511\A0731355.exe (Adware.BargainBuddy.104)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP512\A0731486.exe (Adware.BargainBuddy.101)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP512\A0731486.exe (Adware.BargainBuddy.104)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP513\A0731561.exe (Adware.BargainBuddy.101)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP513\A0731561.exe (Adware.BargainBuddy.104)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP513\A0731562.exe/9HoBi.exe (Adware.LookToMe.125)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP515\A0731683.exe (Adware.BargainBuddy.101)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP515\A0731683.exe (Adware.BargainBuddy.104)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP515\A0731721.exe/DwdR.exe (Adware.LookToMe.125)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP515\A0731793.exe (Adware.BargainBuddy.101)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP515\A0731793.exe (Adware.BargainBuddy.104)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP515\A0731853.exe/dnE.exe (Adware.LookToMe.125)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP515\A0731857.exe (Adware.Ezula.TopText-iLookup.106)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP515\A0731940.exe/IIts0S.exe (Adware.LookToMe.125)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP515\A0731942.exe (Adware.Ezula.TopText-iLookup.106)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP515\A0732097.DLL (Adware.IBIS.Toolbar.101)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP515\A0732098.DLL (Adware.IBIS.Toolbar.101)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP515\A0732176.exe/1W1HL1.exe (Adware.LookToMe.125)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP516\A0732299.exe (Adware.BargainBuddy.101)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP516\A0732299.exe (Adware.BargainBuddy.104)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP516\A0732352.EXE (Adware.SpywareLabs.AdDestroyer.101)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP516\A0732468.exe/1Zre9he.exe (Adware.LookToMe.125)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP516\A0732470.exe (Adware.Ezula.TopText-iLookup.106)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP517\A0732580.exe (Adware.BargainBuddy.101)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP517\A0732580.exe (Adware.BargainBuddy.104)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP517\A0732639.dll (Adware.Ezula.TopText-iLookup.104)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP517\A0732643.DLL (Adware.Ezula.TopText-iLookup.105)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP517\A0732646.dll (Adware.Ezula.WebOffer.100)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP517\A0732663.exe (Adware.BargainBuddy.101)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP517\A0732663.exe (Adware.BargainBuddy.104)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP517\A0732804.exe (Adware.IBIS.Toolbar.101)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP517\A0732805.dll (Adware.IBIS.Toolbar.101)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP517\A0732806.dll (Adware.IBIS.Toolbar.101)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP517\A0732807.exe (Adware.IBIS.Toolbar.101)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP517\A0732826.exe (Adware.BargainBuddy.101)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP517\A0732826.exe (Adware.BargainBuddy.104)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP518\A0732882.exe (Adware.BargainBuddy.101)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP518\A0732882.exe (Adware.BargainBuddy.104)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP518\A0732942.exe (Adware.BargainBuddy.101)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP518\A0732942.exe (Adware.BargainBuddy.104)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP519\A0732989.exe (Adware.BargainBuddy.101)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP519\A0732989.exe (Adware.BargainBuddy.104)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP520\A0733053.EXE (Adware.SpywareLabs.AdDestroyer.101)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP520\A0733077.exe (Adware.BargainBuddy.101)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP520\A0733077.exe (Adware.BargainBuddy.104)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP520\A0733109.exe (Adware.BargainBuddy.101)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP520\A0733109.exe (Adware.BargainBuddy.104)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP520\A0734010.exe/KDOH8q.exe (Adware.LookToMe.125)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP520\A0734017.exe (Adware.IBIS.Toolbar.101)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP520\A0734018.DLL (Adware.IBIS.Toolbar.101)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP520\A0734019.DLL (Adware.IBIS.Toolbar.101)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP520\A0734020.exe (Adware.IBIS.Toolbar.101)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP520\A0734027.dll (Adware.Ezula.TopText-iLookup.104)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP520\A0734075.exe/g1AJw8c.exe (Adware.LookToMe.125)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP520\A0734125.dll (Adware.Ezula.WebOffer.100)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP520\A0734180.exe (Adware.BargainBuddy.101)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP520\A0734180.exe (Adware.BargainBuddy.104)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP520\A0734183.exe (Adware.Ezula.TopText-iLookup.104)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP520\A0734185.dll (Adware.Ezula.TopText-iLookup.104)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP520\A0734186.dll (Adware.Ezula.TopText-iLookup.104)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP520\A0735176.exe/J8E.exe (Adware.LookToMe.125)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP520\A0735193.exe (Adware.BargainBuddy.101)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP520\A0735193.exe (Adware.BargainBuddy.104)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP520\A0735303.exe (Adware.BargainBuddy.101)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP520\A0735303.exe (Adware.BargainBuddy.104)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP520\A0735368.exe/IVg2ztU.exe (Adware.LookToMe.125)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP520\A0735395.EXE (Adware.SpywareLabs.AdDestroyer.101)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP520\A0735440.exe/pTL.exe (Adware.LookToMe.125)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP520\A0736440.exe/R42i.exe (Adware.LookToMe.125)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP520\A0737468.exe (Adware.BargainBuddy.101)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP520\A0737468.exe (Adware.BargainBuddy.104)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP520\A0737548.exe/atKgw.exe (Adware.LookToMe.125)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP520\A0737601.dll (Adware.Ezula.TopText-iLookup.104)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP520\A0737607.dll (Adware.Ezula.TopText-iLookup.105)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP520\A0737608.dll (Adware.Ezula.WebOffer.100)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP521\A0737697.exe (Adware.BargainBuddy.101)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP521\A0737697.exe (Adware.BargainBuddy.104)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP521\A0737737.dll (Adware.Ezula.WebOffer.100)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP521\A0737739.dll (Adware.Ezula.TopText-iLookup.104)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP521\A0737744.dll (Adware.Ezula.TopText-iLookup.104)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP521\A0737760.dll (Adware.SpywareLabs.AdDestroyer.102)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP521\A0737761.dll (Adware.SpywareLabs.AdDestroyer.102)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP521\A0737763.dll (Adware.SpywareLabs.AdDestroyer.102)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP521\A0737796.EXE (Adware.SpywareLabs.AdDestroyer.101)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP521\A0737833.exe (Adware.BargainBuddy.101)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP521\A0737833.exe (Adware.BargainBuddy.104)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP521\A0737936.exe (Adware.BargainBuddy.101)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP521\A0737936.exe (Adware.BargainBuddy.104)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP521\A0738010.EXE (Adware.SpywareLabs.AdDestroyer.101)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP521\A0738060.exe (Adware.BargainBuddy.101)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP521\A0738060.exe (Adware.BargainBuddy.104)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP521\A0738122.dll (Adware.SpywareLabs.AdDestroyer.102)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP521\A0738123.dll (Adware.SpywareLabs.AdDestroyer.102)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP521\A0738125.dll (Adware.SpywareLabs.AdDestroyer.102)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP521\A0738131.exe (Adware.Ezula.TopText-iLookup.106)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP521\A0738135.dll (Adware.Ezula.TopText-iLookup.105)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP521\A0738138.dll (Adware.Ezula.WebOffer.100)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP521\A0739086.exe (Adware.IBIS.Toolbar.101)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP521\A0739087.exe (Adware.Ezula.TopText-iLookup.106)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP521\A0739088.exe/JnrM.exe (Adware.LookToMe.125)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP521\A0739097.exe (Adware.IBIS.Toolbar.101)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP521\A0740085.exe/5xmsjw.exe (Adware.LookToMe.125)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP521\A0740119.exe/8zTXnf.exe (Adware.LookToMe.125)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP521\A0741121.exe/fUkE.exe (Adware.LookToMe.125)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP521\A0742119.exe/rAnfLurg.exe (Adware.LookToMe.125)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP521\A0742187.exe/JO5twny7.exe (Adware.LookToMe.125)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP521\A0745335.EXE (Adware.BargainBuddy.101)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP521\A0745335.EXE (Adware.BargainBuddy.104)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP521\A0747294.exe/adp7SkMz.exe (Adware.LookToMe.125)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP521\A0747388.EXE (Adware.SpywareLabs.AdDestroyer.101)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP522\A0747440.DLL (Adware.SpywareLabs.AdDestroyer.102)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP522\A0747441.DLL (Adware.SpywareLabs.AdDestroyer.102)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP522\A0747443.dll (Adware.SpywareLabs.AdDestroyer.102)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP522\A0748294.exe/WGq2F.exe (Adware.LookToMe.125)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP522\A0748297.dll (Adware.IBIS.Toolbar.101)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP522\A0748319.exe/MGQA.exe (Adware.LookToMe.125)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP523\A0749318.exe/RRlJG.exe (Adware.LookToMe.125)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP523\A0750349.dll (Adware.Ezula.WebOffer.100)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP523\A0750350.dll (Adware.Ezula.TopText-iLookup.104)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP523\A0750351.dll (Adware.Ezula.TopText-iLookup.104)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP524\A0753191.exe (Adware.IBIS.Toolbar.102)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP524\A0753203.exe (Adware.IBIS.Toolbar.102)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP524\A0753216.EXE (Adware.IBIS.Toolbar.102)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP526\A0757342.exe (Adware.BargainBuddy.101)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP526\A0757342.exe (Adware.BargainBuddy.104)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP526\A0757373.exe (Adware.IBIS.Toolbar.102)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP526\A0757405.DLL (Adware.Ezula.TopText-iLookup.104)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP526\A0757407.DLL (Adware.Ezula.TopText-iLookup.105)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP526\A0757408.DLL (Adware.Ezula.WebOffer.100)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP526\A0757414.exe (Adware.IBIS.Toolbar.102)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP526\A0757433.EXE (Adware.SpywareLabs.AdDestroyer.101)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP526\A0757471.exe (Adware.IBIS.Toolbar.102)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP526\A0758488.exe (Adware.IBIS.Toolbar.102)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP526\A0758518.exe (Adware.IBIS.Toolbar.102)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP526\A0759535.exe (Adware.Ezula.TopText-iLookup.106)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP526\A0759545.exe (Adware.IBIS.Toolbar.102)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP526\A0760535.exe (Adware.Ezula.TopText-iLookup.106)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP526\A0760563.exe (Adware.IBIS.Toolbar.102)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP526\A0760569.exe (Adware.Ezula.TopText-iLookup.106)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP526\A0761572.exe (Adware.IBIS.Toolbar.102)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP526\A0761606.exe (Adware.IBIS.Toolbar.102)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP526\A0761614.exe (Adware.Ezula.TopText-iLookup.106)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP526\A0761645.exe (Adware.IBIS.Toolbar.102)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP527\A0761669.exe (Adware.IBIS.Toolbar.102)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP527\A0761697.exe (Adware.IBIS.Toolbar.102)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP527\A0762614.exe (Adware.Ezula.TopText-iLookup.106)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP527\A0762649.exe (Adware.IBIS.Toolbar.102)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP527\A0763614.exe (Adware.Ezula.TopText-iLookup.106)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP527\A0763651.exe (Adware.IBIS.Toolbar.102)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP527\A0763668.exe (Adware.IBIS.Toolbar.102)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP527\A0763687.exe (Adware.IBIS.Toolbar.102)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP527\A0763717.exe (Adware.IBIS.Toolbar.102)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP527\A0763732.DLL (Adware.IBIS.Toolbar.101)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP527\A0763734.EXE (Adware.IBIS.Toolbar.102)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP527\A0763735.DLL (Adware.IBIS.Toolbar.102)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP527\A0763736.exe (Adware.IBIS.Toolbar.102)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP527\A0763796.exe (Adware.IBIS.Toolbar.102)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP527\A0763828.exe (Adware.Ezula.TopText-iLookup.106)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP527\A0763845.exe (Adware.IBIS.Toolbar.102)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP527\A0764828.exe (Adware.Ezula.TopText-iLookup.106)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP527\A0764848.exe (Adware.IBIS.Toolbar.102)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP527\A0766882.exe (Adware.BargainBuddy.101)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP527\A0766882.exe (Adware.BargainBuddy.104)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP527\A0767828.exe (Adware.Ezula.TopText-iLookup.106)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP527\A0769854.dll (Adware.Ezula.TopText-iLookup.104)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP527\A0769856.dll (Adware.Ezula.TopText-iLookup.105)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP528\A0769946.exe (Adware.BargainBuddy.101)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP528\A0769946.exe (Adware.BargainBuddy.104)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP528\A0770004.EXE (Adware.SpywareLabs.AdDestroyer.101)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP528\A0770019.exe (Adware.IBIS.Toolbar.102)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP528\A0770028.exe (Adware.IBIS.Toolbar.102)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP528\A0770034.DLL (Adware.Ezula.TopText-iLookup.104)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP528\A0770037.dll (Adware.Ezula.TopText-iLookup.105)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP528\A0770039.DLL (Adware.Ezula.WebOffer.100)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP528\A0770073.exe (Adware.IBIS.Toolbar.102)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP528\A0770102.exe (Adware.CoolWebSearch.132)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP528\A0770105.exe (Adware.CoolWebSearch.132)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP528\A0770107.exe (Adware.IBIS.Toolbar.102)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP528\A0770148.exe (Adware.IBIS.Toolbar.102)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP528\A0770171.exe (Adware.Ezula.TopText-iLookup.106)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP528\A0770195.exe (Adware.IBIS.Toolbar.102)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP529\A0770244.exe (Adware.IBIS.Toolbar.102)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP529\A0770262.exe (Adware.BargainBuddy.101)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP529\A0770262.exe (Adware.BargainBuddy.104)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP529\A0770284.EXE (Adware.SpywareLabs.AdDestroyer.101)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP529\A0770291.exe (Adware.IBIS.Toolbar.102)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP529\A0770323.exe (Adware.IBIS.Toolbar.102)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP529\A0770331.exe (Adware.IBIS.Toolbar.102)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP529\A0770333.dll (Adware.IBIS.Toolbar.102)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP529\A0770334.exe (Adware.IBIS.Toolbar.102)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP529\A0770377.exe (Adware.IBIS.Toolbar.102)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP530\A0770446.dll (Adware.Ezula.WebOffer.100)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP530\A0770449.exe (Adware.Ezula.TopText-iLookup.106)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP530\A0770454.dll (Adware.Ezula.WebOffer.100)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP530\A0770455.dll (Adware.Ezula.TopText-iLookup.104)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP530\A0770456.dll (Adware.Ezula.TopText-iLookup.104)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP530\A0770464.dll (Adware.SpywareLabs.AdDestroyer.102)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP530\A0770465.dll (Adware.SpywareLabs.AdDestroyer.102)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP530\A0770467.dll (Adware.SpywareLabs.AdDestroyer.102)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP530\A0770475.dll (Adware.Ezula.TopText-iLookup.104)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP530\A0770478.dll (Adware.Ezula.TopText-iLookup.105)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP530\A0770479.dll (Adware.Ezula.WebOffer.100)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP530\A0770482.exe (Adware.BargainBuddy.101)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP530\A0770482.exe (Adware.BargainBuddy.104)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP530\A0770491.exe (Adware.CoolWebSearch.132)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP530\A0770512.exe (Adware.CoolWebSearch.132)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP530\A0771532.exe (Adware.Ezula.TopText-iLookup.106)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP530\A0771545.EXE (Adware.SpywareLabs.AdDestroyer.101)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP531\A0771719.exe (Adware.IBIS.Toolbar.102)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP531\A0771721.dll (Adware.IBIS.Toolbar.102)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP531\A0771723.exe (Adware.IBIS.Toolbar.102)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP531\A0771773.exe (Adware.BargainBuddy.101)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP531\A0771773.exe (Adware.BargainBuddy.104)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP532\A0771790.EXE (Adware.SpywareLabs.AdDestroyer.101)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP532\A0771866.exe (Adware.BargainBuddy.101)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP532\A0771866.exe (Adware.BargainBuddy.104)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP532\A0771904.dll (Adware.Ezula.TopText-iLookup.104)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP532\A0771906.dll (Adware.Ezula.TopText-iLookup.105)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP532\A0771907.dll (Adware.Ezula.WebOffer.100)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP532\A0771950.exe (Adware.Ezula.TopText-iLookup.106)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP532\A0772037.exe (Adware.CoolWebSearch.132)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP533\A0772147.dll (Adware.Ezula.WebOffer.100)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP533\A0773071.dll (Adware.Ezula.TopText-iLookup.104)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP533\A0773079.exe (Adware.CoolWebSearch.132)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP533\A0773165.exe (Adware.BargainBuddy.101)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP533\A0773165.exe (Adware.BargainBuddy.104)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP533\A0773181.exe (Adware.IBIS.Toolbar.102)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP533\A0773182.dll (Adware.IBIS.Toolbar.102)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP533\A0773184.exe (Adware.IBIS.Toolbar.102)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP534\A0773235.EXE (Adware.SpywareLabs.AdDestroyer.101)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP534\A0773258.exe (Adware.BargainBuddy.101)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP534\A0773258.exe (Adware.BargainBuddy.104)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP534\A0773291.dll (Adware.SpywareLabs.AdDestroyer.102)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP534\A0773292.dll (Adware.SpywareLabs.AdDestroyer.102)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP534\A0773294.dll (Adware.SpywareLabs.AdDestroyer.102)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP534\A0773298.exe (Adware.Ezula.TopText-iLookup.106)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP534\A0773299.dll (Adware.Ezula.TopText-iLookup.104)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP535\A0773328.exe (Adware.CoolWebSearch.132)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP536\A0773389.exe (Adware.BargainBuddy.101)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP536\A0773389.exe (Adware.BargainBuddy.104)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP536\A0773399.EXE (Adware.SpywareLabs.AdDestroyer.101)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP536\A0773429.exe (Adware.Ezula.TopText-iLookup.106)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP536\A0774461.exe (Adware.Ezula.TopText-iLookup.106)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP536\A0774490.dll (Adware.Ezula.WebOffer.100)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP536\A0775569.exe (Adware.CoolWebSearch.132)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP536\A0782811.exe (Adware.BargainBuddy.101)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP536\A0782811.exe (Adware.BargainBuddy.104)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP536\A0776542.exe (Adware.CoolWebSearch.132)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP536\A0776557.exe (Adware.IBIS.Toolbar.102)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP536\A0776611.exe (Adware.Ezula.TopText-iLookup.106)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP536\A0776612.dll (Adware.Ezula.TopText-iLookup.104)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP536\A0776613.dll (Adware.Ezula.TopText-iLookup.105)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP536\A0776618.dll (Adware.Ezula.WebOffer.100)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP536\A0776619.dll (Adware.Ezula.TopText-iLookup.104)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP536\A0776620.dll (Adware.Ezula

Edited by rleatham

Share this post


Link to post
Share on other sites

hjt log ( wouldn't fit in above)

 

Logfile of HijackThis v1.97.7

Scan saved at 6:02:13 PM, on 12/19/2004

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe

C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe

C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\NVATray.exe

C:\WINDOWS\SOINTGR.EXE

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe

C:\Program Files\Microsoft Hardware\Mouse\point32.exe

C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe

C:\WINDOWS\system32\vyoovc.exe

C:\Program Files\TrojanHunter 4.0\THGuard.exe

C:\Program Files\skype\Phone\Skype.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\HJT\HijackThis.exe

C:\PROGRA~1\VBOUNCER\VIRTUA~1.EXE

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://exmormon.org/

O4 - HKLM\..\Run: [NVIDIA nForce APU1 Utilities] NVATray.exe

O4 - HKLM\..\Run: [sO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup

O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe

O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.0\THGuard.exe"

O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvgva32.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files\skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)

O16 - DPF: ConferenceRoom Java Client - http://216.152.65.174:8000/java/cr.cab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - https://www.gamespyid.com/alaunch.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.com/CAB/...7482.6454861111

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab27513.cab

O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab

O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.companion....ebio5_1_6_0.cab

Share this post


Link to post
Share on other sites

Alright, when you said volume system, I was thinking that it was in the restore points.

 

You still have some malware in your restore points, from System Restore.

Therefore, we will have to reset your restore points.

 

IMPORTANT NOTES:

  • You must be logged in as an Administrator to do this. If you are not logged in as an Administrator, the System Restore tab will not be displayed.

To turn off Windows XP System Restore:

 

NOTE: These instructions assume that you are using the default Windows XP Start Menu and have not changed to the Classic Start menu. To re-enable the default menu, right-click Start, click Properties, click Start menu (not Classic) and then click OK.

1. Click Start.

2. Right-click the My Computer icon, and then click Properties.

3. Click the System Restore tab.

4. Check "Turn off System Restore" or "Turn off System Restore on all drives" as shown in this illustration:

5. Click Apply.

6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.

7. Click OK.

 

Restart your PC.

Next, it is extremely important that you turn System Restore back on.

 

To turn on Windows XP System Restore:

1. Repeat steps #1-3

2. Uncheck "Turn off System Restore" or "Turn off System Restore on all drives."

3. Click Apply, and then click OK.

 

Next run Trend Micro and Trojan Hunter again.

Have it delete/clean everything that it finds.

Restart your PC.

Run HJT and post a fresh log.

Edited by CTS

Share this post


Link to post
Share on other sites

Still popups and virtual bouncer

 

Logfile of HijackThis v1.97.7

Scan saved at 8:41:48 PM, on 12/19/2004

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe

C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe

C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\vyoovc.exe

C:\WINDOWS\system32\NVATray.exe

C:\WINDOWS\SOINTGR.EXE

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe

C:\Program Files\Microsoft Hardware\Mouse\point32.exe

C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe

C:\Program Files\TrojanHunter 4.0\THGuard.exe

C:\PROGRA~1\VBOUNCER\VirtualBouncer.exe

C:\Program Files\skype\Phone\Skype.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\HJT\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://exmormon.org/

O2 - BHO: (no name) - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 58.dll (file missing)

O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 58.dll (file missing)

O4 - HKLM\..\Run: [NVIDIA nForce APU1 Utilities] NVATray.exe

O4 - HKLM\..\Run: [sO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup

O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe

O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.0\THGuard.exe"

O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvmay32.exe

O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBOUNCER\VirtualBouncer.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files\skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)

O16 - DPF: ConferenceRoom Java Client - http://216.152.65.174:8000/java/cr.cab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - https://www.gamespyid.com/alaunch.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.com/CAB/...7482.6454861111

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab27513.cab

O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab

O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.companion....ebio5_1_6_0.cab

Share this post


Link to post
Share on other sites

Here are both again sorry.

 

Logfile of HijackThis v1.97.7

Scan saved at 10:09:07 PM, on 12/19/2004

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe

C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe

C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\NVATray.exe

C:\WINDOWS\SOINTGR.EXE

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe

C:\Program Files\Microsoft Hardware\Mouse\point32.exe

C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe

C:\WINDOWS\system32\vyoovc.exe

C:\Program Files\TrojanHunter 4.0\THGuard.exe

C:\PROGRA~1\VBOUNCER\VirtualBouncer.exe

C:\Program Files\skype\Phone\Skype.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\System32\svchost.exe

C:\HJT\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://exmormon.org/

O2 - BHO: (no name) - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 58.dll (file missing)

O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 58.dll (file missing)

O4 - HKLM\..\Run: [NVIDIA nForce APU1 Utilities] NVATray.exe

O4 - HKLM\..\Run: [sO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup

O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe

O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.0\THGuard.exe"

O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvmay32.exe

O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBOUNCER\VirtualBouncer.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files\skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)

O16 - DPF: ConferenceRoom Java Client - http://216.152.65.174:8000/java/cr.cab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - https://www.gamespyid.com/alaunch.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.com/CAB/...7482.6454861111

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab27513.cab

O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab

O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.companion....ebio5_1_6_0.cab

 

 

Registry scan

Registry key exists: HKEY_CLASSES_ROOT\CLSID\{28CAEFF3-0F18-4036-B504-51D73BD81ABC} (matches Adware.CoolWebSearch.119)

Registry key exists: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EliteBar Internet Explorer Toolbar (matches Adware.CoolWebSearch.119)

Registry key exists: HKEY_CLASSES_ROOT\CLSID\{825CF5BD-8862-4430-B771-0C15C5CA8DEF} (matches Adware.CoolWebSearch.119)

Registry key exists: HKEY_CLASSES_ROOT\CLSID\{825CF5BD-8862-4430-B771-0C15C5CA8DEF} (matches Adware.EliteToolbar.100)

Registry key exists: HKEY_CLASSES_ROOT\CLSID\{28CAEFF3-0F18-4036-B504-51D73BD81ABC} (matches Adware.EliteToolbar.100)

Registry key exists: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EliteBar Internet Explorer Toolbar (matches Adware.EliteToolbar.100)

Registry key exists: HKEY_LOCAL_MACHINE\SOFTWARE\Toolbar (matches Adware.IBIS.Toolbar.100)

Registry key exists: HKEY_CURRENT_USER\Software\WinTools (matches Adware.IBIS.WinTools.100)

Registry key exists: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Recommended Hotfix - 421701D (matches Adware.SmartPops.100)

Registry key exists: HKEY_CURRENT_USER\Software\VB and VBA Program Settings\AdDestroyer (matches Adware.SpywareLabs.AdDestroyer.100)

Registry key exists: HKEY_CURRENT_USER\Software\VB and VBA Program Settings\VBouncer (matches Adware.SpywareLabs.VirtualBouncer.100)

Registry key exists: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Virtual Bouncer (matches Adware.SpywareLabs.VirtualBouncer.101)

Registry key exists: HKEY_LOCAL_MACHINE\SOFTWARE\Elitum (matches Elitum.100)

Inifile scan

No suspicious entries found

Port scan

No suspicious open ports found

Memory scan

Found trojan module EliteToolBar version 58.dll loaded into process iexplore.exe (4088): Adware.EliteToolbar.103

File scan

Found trojan file: C:\WINDOWS\system32\dfghelp.dll (Adware.LookToMe.102)

Found trojan file: C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\4D6RG5AN\protector[1].exe (Adware.CoolWebSearch.134)

Found trojan file: C:\WINDOWS\EliteToolBar\EliteToolBar version 58.dll (Adware.EliteToolbar.103)

Found trojan file: C:\WINDOWS\EliteSideBar\EliteSideBar 07.dll/Wy8.exe (Adware.EliteToolbar.101)

Found trojan file: C:\Documents and Settings\Roger\Local Settings\Temp\Temporary Internet Files\Content.IE5\SBYDGJYR\silent_install[1].exe (Adware.CoolWebSearch.132)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP1\A0000020.dll (Adware.LookToMe.102)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP1\A0000021.dll (Adware.LookToMe.102)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP1\A0000022.dll (Adware.LookToMe.102)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP1\A0000023.dll (Adware.LookToMe.102)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP1\A0000024.dll (Adware.LookToMe.102)

Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP1\A0000025.dll (Adware.LookToMe.102)

Found trojan file: C:\silent093.exe (Adware.CoolWebSearch.132)

12 trojan files found

Share this post


Link to post
Share on other sites

Alright.

 

Your log shows that you have a Look2Me infection.

  • Download VX2Finder
  • Run VX2Finder
  • Click on “Click to find VX2.BetterInternet* button
  • Then click “Make Log”

I’ll be happy to continue when you copy and paste the contents of the log into your next reply.

Share this post


Link to post
Share on other sites

vx2 log file.

 

Log for VX2.BetterInternet File Finder (ALL)

 

Files Found---

C:\WINDOWS\system32\bcotvid.dll

C:\WINDOWS\system32\dwghelp.dll_tobedeleted

C:\WINDOWS\system32\nwtfxperf.dll

 

Additional Files---

 

Keys Under Notify---

AtiExtEvent

Compatibility32

crypt32chain

cryptnet

cscdll

IMM

Perflib

Ports

ScCertProp

Schedule

sclgntfy

SeCEdit

SensLogn

Setup

SvcHost

SystemRestore

Terminal Server

termsrv

Tracing

Type 1 Installer

Wdf

wlballoon

WPAEvents

 

 

Guardian Key--- is called: WPAEvents

Asynchronous 000

DllName C:\WINDOWS\system32\nwtfxperf.dll

Impersonate 000

Logon WinLogon

Logoff WinLogoff

Version 126

ID {1F397446-0A2F-4447-B627-E0C23DE49D20}

IDex L2Ma

 

Guardian Key--- :

 

User Agent String---

{1F397446-0A2F-4447-B627-E0C23DE49D20}

Share this post


Link to post
Share on other sites

Hey rleatham

Here we go.

 

Please print out these instructions because you won’t be on the internet to read it.

 

*Disconnect from the internet and stay off until the entire procedure is complete


  • Open VX2Finder
  • Click the “Click to find VX2.BetterInternet” button.
  • Select the “Delete these files” button.

You will be left with notice about one to be deleted on reboot.

It will ask to reboot on deletion of the last file.


  • Reboot your PC.

After you have restarted, run VX2Finder again.

  • Click on these buttons in the right pane:

  1. User Agent
  2. Guardian.reg
  3. Restore Policy

Exit and restart your PC.

 

Next, run VX2Finder again and click on “Click to find VX2.BetterInternet”.

Then click “Make Log”.

Copy and paste this log with your next reply.

Share this post


Link to post
Share on other sites

Still virtual Bouncer but no popups yet.

 

vx2 log.

 

Log for VX2.BetterInternet File Finder (ALL)

 

Files Found---

 

Additional Files---

 

Keys Under Notify---

AtiExtEvent

Compatibility32

crypt32chain

cryptnet

cscdll

IMM

Perflib

Ports

ScCertProp

Schedule

sclgntfy

SeCEdit

SensLogn

Setup

SvcHost

SystemRestore

Terminal Server

termsrv

Tracing

Type 1 Installer

Wdf

wlballoon

 

 

Guardian Key--- is called: Wdf

Asynchronous 000

DllName C:\WINDOWS\system32\nwtfxperf.dll

Impersonate 000

Logon WinLogon

Logoff WinLogoff

Version 126

ID {744910FE-295D-43A3-830F-997B790BB910}

IDex L2Ma

 

Guardian Key--- :

 

User Agent String---

{1F397446-0A2F-4447-B627-E0C23DE49D20}

Share this post


Link to post
Share on other sites

I'm sorry,

I forgot to ask for a fresh HJT log too.

 

VirtualBouncer is still there because I haven't dealth with it yet.

L2M is much more serious and a probable reason the other malware kept regenerating so we took care of L2M first.

Share this post


Link to post
Share on other sites

Popups back. HJT log.

 

Logfile of HijackThis v1.97.7

Scan saved at 12:05:34 AM, on 12/20/2004

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe

C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe

C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\System32\wdfmgr.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

C:\WINDOWS\system32\NVATray.exe

C:\WINDOWS\SOINTGR.EXE

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe

C:\Program Files\Microsoft Hardware\Mouse\point32.exe

C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe

C:\WINDOWS\system32\vyoovc.exe

C:\PROGRA~1\VBOUNCER\VirtualBouncer.exe

C:\Program Files\skype\Phone\Skype.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\HJT\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://exmormon.org/

O2 - BHO: (no name) - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 58.dll (file missing)

O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 58.dll (file missing)

O4 - HKLM\..\Run: [NVIDIA nForce APU1 Utilities] NVATray.exe

O4 - HKLM\..\Run: [sO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup

O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe

O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.0\THGuard.exe"

O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvmay32.exe

O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBOUNCER\VirtualBouncer.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files\skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)

O16 - DPF: ConferenceRoom Java Client - http://216.152.65.174:8000/java/cr.cab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - https://www.gamespyid.com/alaunch.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.com/CAB/...7482.6454861111

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab27513.cab

O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab

O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.companion....ebio5_1_6_0.cab

Share this post


Link to post
Share on other sites

Your HijackThis is outdated. The current version is 1.99.0

Please download 'Hijack This!'. http://www.spywareinfo.com/~merijn/files/HijackThis.exe

Save it in a convenient permanent folder such as C:\HJT\, double click HijackThis.exe. Click “Do a system scan only”

 

Run HJT and check off the following:

 

O2 - BHO: (no name) - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 58.dll (file missing)

O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 58.dll (file missing)

O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvmay32.exe

O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBOUNCER\VirtualBouncer.exe

 

Next, close all windows and click Fix Checked.

Restart your PC in Safe Mode by tapping the F8 key repeatly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode using the arrow keys.

Then press enter on your keyboard to boot into Safe Mode.

 

Make sure you can view Hidden Files & Folder

 

Delete the following:

C:\Windows\System32\Kalvmay32.exe (Delete the file)

C:\Program Files\VBouncer (Delete the folder)

 

Go to Add/Remove in Control Panel and remove:

Virtual Bouncer (Be sure to choose the custom opposed to automatic)

Elite Toolbar

 

Restart your PC.

Run HJT and post a fresh log.

Let me know how it runs and if VBouncer is back again.

Share this post


Link to post
Share on other sites

No virtual bouncer or popups yet.

 

hjt log:

 

Logfile of HijackThis v1.99.0

Scan saved at 12:29:25 AM, on 12/20/2004

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\vyoovc.exe

C:\WINDOWS\system32\NVATray.exe

C:\WINDOWS\SOINTGR.EXE

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe

C:\Program Files\Microsoft Hardware\Mouse\point32.exe

C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe

C:\Program Files\skype\Phone\Skype.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe

C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe

C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\System32\wdfmgr.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

C:\Documents and Settings\Roger\My Documents\My Received Files\hiackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://exmormon.org/

O4 - HKLM\..\Run: [NVIDIA nForce APU1 Utilities] NVATray.exe

O4 - HKLM\..\Run: [sO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup

O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe

O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.0\THGuard.exe"

O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvmay32.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files\skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: ConferenceRoom Java Client - http://216.152.65.174:8000/java/cr.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - https://www.gamespyid.com/alaunch.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab27513.cab

O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab

O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.companion....ebio5_1_6_0.cab

O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\Toolbar\toolbar.dll (file missing)

O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe

O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE

O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe

O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

O23 - Service: WebSeach Toolbar support NT service - Unknown - C:\PROGRA~1\Toolbar\TBPSSvc.exe (file missing)

O23 - Service: ZESOFT - Unknown - C:\WINDOWS\zeta.exe (file missing)

Share this post


Link to post
Share on other sites

Still get popups when browsing the web from sights I normally would not. Such as this one.

 

hjt log.

 

Logfile of HijackThis v1.99.0

Scan saved at 8:42:13 AM, on 12/20/2004

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\system32\NVATray.exe

C:\WINDOWS\SOINTGR.EXE

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe

C:\Program Files\Microsoft Hardware\Mouse\point32.exe

C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe

C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe

C:\WINDOWS\system32\vyoovc.exe

C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE

C:\Program Files\skype\Phone\Skype.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe

C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\System32\wdfmgr.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Roger\My Documents\My Received Files\hiackthis\HijackThis.exe

C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://exmormon.org/

O4 - HKLM\..\Run: [NVIDIA nForce APU1 Utilities] NVATray.exe

O4 - HKLM\..\Run: [sO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup

O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe

O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.0\THGuard.exe"

O4 - HKCU\..\Run: [skype] "C:\Program Files\skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: ConferenceRoom Java Client - http://216.152.65.174:8000/java/cr.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - https://www.gamespyid.com/alaunch.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab27513.cab

O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab

O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.companion....ebio5_1_6_0.cab

O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - (no file)

O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe

O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE

O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe

O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

O23 - Service: WebSeach Toolbar support NT service - Unknown - C:\PROGRA~1\Toolbar\TBPSSvc.exe (file missing)

O23 - Service: ZESOFT - Unknown - C:\WINDOWS\zeta.exe (file missing)

Share this post


Link to post
Share on other sites

We're getting there :)

 

Run HJT and check off the following:

 

O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - (no file)

O23 - Service: WebSeach Toolbar support NT service - Unknown - C:\PROGRA~1\Toolbar\TBPSSvc.exe (file missing)

O23 - Service: ZESOFT - Unknown - C:\WINDOWS\zeta.exe (file missing)

 

Close all windows except HJT and click Fix Checked.

Restart your PC

Run HJT and post a fresh log.

Share this post


Link to post
Share on other sites

No problems yet.

 

New hjt

 

Logfile of HijackThis v1.99.0

Scan saved at 9:25:34 AM, on 12/20/2004

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\vyoovc.exe

C:\WINDOWS\system32\NVATray.exe

C:\WINDOWS\SOINTGR.EXE

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe

C:\Program Files\Microsoft Hardware\Mouse\point32.exe

C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe

C:\Program Files\skype\Phone\Skype.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe

C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe

C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\System32\wdfmgr.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

C:\Documents and Settings\Roger\My Documents\My Received Files\hiackthis\HijackThis.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\svchost.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://exmormon.org/

O4 - HKLM\..\Run: [NVIDIA nForce APU1 Utilities] NVATray.exe

O4 - HKLM\..\Run: [sO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup

O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe

O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.0\THGuard.exe"

O4 - HKCU\..\Run: [skype] "C:\Program Files\skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: ConferenceRoom Java Client - http://216.152.65.174:8000/java/cr.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - https://www.gamespyid.com/alaunch.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab27513.cab

O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab

O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.companion....ebio5_1_6_0.cab

O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe

O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE

O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe

O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Share this post


Link to post
Share on other sites

Looks clean to me.

How is it running?

 

Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:

  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
  • Spywareguard <= SpywareGuard offers real-time protection from spyware installation attempts.
  • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
  • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.

To protect yourself further:

  • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free Google toolbar to help stop pop up windows.

I also suggest that you delete any files from "temp", "tmp" folders. In Internet Explorer, click on "Tools" => "Internet Options" => "Delete Files" and select the box that says "Delete All Offline Content" and click on "OK" twice. Also, empty the recycle bin by right clicking on it and selecting "Empty Recycle Bin". These steps should be done on a regular basis.

 

I also recommend reading Tony Klein’s article How did I get infected?

Share this post


Link to post
Share on other sites

It has been a pleasure to help you :)

 

The problems here look to be resolved or the "Helper" has requested that the thread be closed, so I will close it. If you need this topic reopened, please request this by sending the moderating team an email with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0