Jump to content


Photo

Extortionware problem


  • This topic is locked This topic is locked
24 replies to this topic

#1 rleatham

rleatham

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 18 December 2004 - 11:49 PM

(edit: I noticed a new version of hijackthis but when I try to run it it failed with a windows has encountered an error and must close this file.)

I've been invaded with pop-ups. I use IE. The browser has not been hijacked or redirected. I have a search bar added wich redirects to

http://www.searchmir...urran02&qq=find

I have 2 new programs installed in search bar, Virtual Bouncer and Ad Destroyer. I can uninstall these but they always get reinstalled. I have run AdAware and Spybot S&D. These will not remove all problems and do not start on reboot. Pop-up I get are mostly for getting rid of spyware and popups and some gambling ones also. I have read through the Q&A and would really appreciate any help at all. Following is a hijackthis.log

Logfile of HijackThis v1.98.2
Scan saved at 9:30:17 PM, on 12/18/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\Toolbar\TBPSSvc.exe
C:\Program Files\Common Files\WinTools\WToolsS.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\vyoovc.exe
C:\WINDOWS\system32\NVATray.exe
C:\WINDOWS\SOINTGR.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\WINDOWS\ptjl.exe
C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
C:\PROGRA~1\VBOUNCER\VirtualBouncer.exe
C:\PROGRA~1\Toolbar\TBPS.exe
C:\Program Files\skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\WinTools\WSup.exe
C:\PROGRA~1\Toolbar\PIB.exe
C:\Program Files\AdDestroyer\AdDestroyer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Roger\My Documents\My Received Files\hiackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch...spx?tb_id=50032
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmiracle.com/sp.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://exmormon.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch...spx?tb_id=50032
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch...spx?tb_id=50032
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 58.dll
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll
O4 - HKLM\..\Run: [NVIDIA nForce APU1 Utilities] NVATray.exe
O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [C:\WINDOWS\ptjl.exe] C:\WINDOWS\ptjl.exe
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBOUNCER\VirtualBouncer.exe
O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvryc32.exe
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: AdDestroyer.lnk = C:\Program Files\AdDestroyer\AdDestroyer.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll
O16 - DPF: ConferenceRoom Java Client - http://216.152.65.174:8000/java/cr.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - https://www.gamespyid.com/alaunch.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab27513.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.c...ebio5_1_6_0.cab
O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\Toolbar\toolbar.dll

Thanks for any help.

Edited by rleatham, 19 December 2004 - 01:10 AM.


#2 CTS

CTS

    Wall Street

  • Helper
  • PipPipPipPipPip
  • 540 posts

Posted 19 December 2004 - 11:45 AM

Hi rleatham

I'm taking a look at your log now.
Please be patient and do not attempt to fix any entries.
I will be back shortly with a response.
CTS
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
If you have found our help useful and wish to keep this site running, please consider a donation


. . . . . . . . . . . . . . . . Cleaning . . . . . . . . . . . . . . . .
. Ad-Aware . Spybot S&D . Spysweeper . HijackThis . CWShredder .

. . . . . . . . . . . . . . . . Scanning . . . . . . . . . . . . . . . .
. SpywareBlaster . SpywareGuard . MVP Hosts File . IESpyad . "How Did I Get Infected?" .

. . . . . . . . . . . . . . . . Protecting . . . . . . . . . . . . . . . .
. AVG Anti-Virus . Trend Micro Virusscan . ZoneAlarm Firewall . TrojanHunter . Panda Virusscan .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

user posted image
Proud Member Since 2004

#3 CTS

CTS

    Wall Street

  • Helper
  • PipPipPipPipPip
  • 540 posts

Posted 19 December 2004 - 12:00 PM

Hi rleatham and Welcome to SWI.

Your log shows you have several infections, which will take several steps to completely clean up your system.

First, you will have to download LSPFix
  • Unzip and run LSPFix.
  • Select: (Advanced) “I know what I’m doing”
  • Select all the instance of “calsp.dll” (left pane)
  • Select all the instance of “aklsp.dll” (left pane)
  • Click the right arrow to bring it to REMOVE (right pane)
  • Then click the FINISH button.

Restart your PC.
After Windows has loaded, delete the following file:

C:\Windows\System32\aklsp.dll
C:\Windows\System32\calsp.dll

Next, run HJT and check off the following:
  • R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
  • R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch...spx?tb_id=50032
  • R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmiracle.com/sp.php
  • R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch...spx?tb_id=50032
  • R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
  • R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php
  • R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch...spx?tb_id=50032
  • R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
  • R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
  • R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
  • O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
  • O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
  • O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 58.dll
  • O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll
  • O4 - HKLM\..\Run: [C:\WINDOWS\ptjl.exe] C:\WINDOWS\ptjl.exe
  • O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
  • O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBOUNCER\VirtualBouncer.exe
  • O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvryc32.exe
  • O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
  • O4 - Startup: AdDestroyer.lnk = C:\Program Files\AdDestroyer\AdDestroyer.exe
  • O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\Toolbar\toolbar.dll
The following is an optional fix. It is a registration reminder used by many companies. Many believe that it reports back to the company about your computer, therefore I would recommend checking this off too.

O4 - Startup: PowerReg Scheduler V3.exe

Next, close ALL windows except for HJT and click “Fix Checked”

Next, restart your PC in Safe Mode by tapping the F8 key repeatly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode.

Make sure you can view Hidden Files & Folder

Delete the following:
C:\WINDOWS\ptjl.exe (Delete the file)
C:\PROGRA~1\COMMON~1\WinTools (Delete the folder)
C:\PROGRA~1\VBOUNCER (Delete the folder) C:\windows\system32\kalvryc32.exe (Delete the file)
C:\PROGRA~1\Toolbar (Delete the folder)
C:\Program Files\AdDestroyer (Delete the folder)

Next, go to Add/Remove Programs in the Control Panel and remove: (if found)
WinTools
Virtual Bouncer
AdDestroyer
Elite Toolbar
Huntbar

Restart your PC.
Run HJT and post a fresh log.
CTS
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
If you have found our help useful and wish to keep this site running, please consider a donation


. . . . . . . . . . . . . . . . Cleaning . . . . . . . . . . . . . . . .
. Ad-Aware . Spybot S&D . Spysweeper . HijackThis . CWShredder .

. . . . . . . . . . . . . . . . Scanning . . . . . . . . . . . . . . . .
. SpywareBlaster . SpywareGuard . MVP Hosts File . IESpyad . "How Did I Get Infected?" .

. . . . . . . . . . . . . . . . Protecting . . . . . . . . . . . . . . . .
. AVG Anti-Virus . Trend Micro Virusscan . ZoneAlarm Firewall . TrojanHunter . Panda Virusscan .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

user posted image
Proud Member Since 2004

#4 rleatham

rleatham

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 19 December 2004 - 02:26 PM

New hjt log. Still getting popup but not as many as before. Also Virtual Bouncer reinstalled.

Logfile of HijackThis v1.97.7
Scan saved at 12:22:59 PM, on 12/19/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NVATray.exe
C:\WINDOWS\SOINTGR.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\WINDOWS\system32\vyoovc.exe
C:\Program Files\skype\Phone\Skype.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\VBOUNCER\VIRTUA~1.EXE
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://exmormon.org/
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll (file missing)
O4 - HKLM\..\Run: [NVIDIA nForce APU1 Utilities] NVATray.exe
O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvryc32.exe
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBOUNCER\VirtualBouncer.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: ConferenceRoom Java Client - http://216.152.65.174:8000/java/cr.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - https://www.gamespyid.com/alaunch.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupd...7482.6454861111
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab27513.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.c...ebio5_1_6_0.cab

#5 CTS

CTS

    Wall Street

  • Helper
  • PipPipPipPipPip
  • 540 posts

Posted 19 December 2004 - 02:39 PM

Alright. Let's get started.

First, I would like you to download Trojan Hunter (Trial)
http://www.trojanhun...rojanHunter.exe

Install, and then update the definitions.
Boot into safe mode.

Run TrojanHunter and let it clean/delete anything it finds.
Be sure to post the log/results in the next reply.

Next, restart your PC.
Perform an online scan at Trend Micro.
http://housecall.trendmicro.com
Again, be sure to note the names and paths of the malware, and post them in the next reply.

Restart your PC.
Run HJT and check off the following:
O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll (file missing)
O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvryc32.exe
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBOUNCER\VirtualBouncer.exe

Next, close all windows except for HJT and click Fix Checked.
Next, restart your PC in safe mode.

Delete the following:
C:\windows\system32\kalvryc32.exe (Delete the file)
C:\Program Files\Toolbar (Delete the folder)
C:\Program Files\VBouncer (Delete the folder)

Next, go to Add/Remove in Control Panel
Remove (if found)

VBouncer
Huntbar
Toolbar
Elite Toolbar

Restart your PC.
Run HJT and post a fresh log along with the results of the scans done earlier.

Edited by CTS, 19 December 2004 - 02:39 PM.

CTS
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
If you have found our help useful and wish to keep this site running, please consider a donation


. . . . . . . . . . . . . . . . Cleaning . . . . . . . . . . . . . . . .
. Ad-Aware . Spybot S&D . Spysweeper . HijackThis . CWShredder .

. . . . . . . . . . . . . . . . Scanning . . . . . . . . . . . . . . . .
. SpywareBlaster . SpywareGuard . MVP Hosts File . IESpyad . "How Did I Get Infected?" .

. . . . . . . . . . . . . . . . Protecting . . . . . . . . . . . . . . . .
. AVG Anti-Virus . Trend Micro Virusscan . ZoneAlarm Firewall . TrojanHunter . Panda Virusscan .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

user posted image
Proud Member Since 2004

#6 rleatham

rleatham

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 19 December 2004 - 08:07 PM

Popups and virtual bouncer.

From trojanhunter:

Registry scan
Registry key exists: HKEY_CLASSES_ROOT\CLSID\{825CF5BD-8862-4430-B771-0C15C5CA8DEF} (matches Adware.CoolWebSearch.119)
Registry key exists: HKEY_CLASSES_ROOT\CLSID\{825CF5BD-8862-4430-B771-0C15C5CA8DEF} (matches Adware.EliteToolbar.100)
Registry key exists: HKEY_LOCAL_MACHINE\SOFTWARE\Toolbar (matches Adware.IBIS.Toolbar.100)
Registry key exists: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Recommended Hotfix - 421701D (matches Adware.SmartPops.100)
Registry value and data exist: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Services\RURL=https://www.spywarelabs.com/CcTransSwl/CcTrans.asmx/CcSubmit (matches Adware.SpywareLabs.VirtualBouncer.100)
Registry key exists: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Virtual Bouncer (matches Adware.SpywareLabs.VirtualBouncer.101)
Registry key exists: HKEY_LOCAL_MACHINE\SOFTWARE\Elitum (matches Elitum.100)
Inifile scan
No suspicious entries found
Port scan
No suspicious open ports found
Memory scan
No trojans found in memory
File scan
Found trojan file: C:\WINDOWS\system32\dxmsvinn.dll (Adware.LookToMe.102)
Found trojan file: C:\WINDOWS\system32\bwotvid.dll (Adware.LookToMe.102)
Found trojan file: C:\WINDOWS\system32\kxcom.dll (Adware.LookToMe.102)
Found trojan file: C:\WINDOWS\system32\demsvinn.dll (Adware.LookToMe.102)
Found trojan file: C:\WINDOWS\system32\micoree.dll (Adware.LookToMe.102)
Found trojan file: C:\WINDOWS\system32\dlghelp.dll (Adware.LookToMe.102)
Found trojan file: C:\WINDOWS\system32\dkmsvinn.dll (Adware.LookToMe.102)
Found trojan file: C:\WINDOWS\system32\kucom.dll (Adware.LookToMe.102)
Found trojan file: C:\WINDOWS\system32\kicom.dll (Adware.LookToMe.102)
Found trojan file: C:\WINDOWS\system32\dgmsvinn.dll (Adware.LookToMe.102)
Found trojan file: C:\WINDOWS\system32\dsmsvinn.dll (Adware.LookToMe.102)
Found trojan file: C:\WINDOWS\system32\SWLAD2.dll (Adware.SpywareLabs.AdDestroyer.102)
Found trojan file: C:\WINDOWS\system32\kalvuej32.exe (Adware.CoolWebSearch.134)
Found trojan file: C:\WINDOWS\system32\kalvbym32.exe (Adware.CoolWebSearch.134)
Found trojan file: C:\WINDOWS\system32\bbotvid.dll (Adware.LookToMe.102)
Found trojan file: C:\WINDOWS\system32\kalvbdi32.exe (Adware.CoolWebSearch.134)
Found trojan file: C:\WINDOWS\system32\kalvjka32.exe (Adware.CoolWebSearch.134)
Found trojan file: C:\WINDOWS\system32\kalvxut32.exe (Adware.CoolWebSearch.134)
Found trojan file: C:\WINDOWS\system32\PopOops2.dll (Adware.SpywareLabs.AdDestroyer.102)
Found trojan file: C:\WINDOWS\system32\QuickBrowser.exe (Adware.CoolWebSearch.135)
Found trojan file: C:\WINDOWS\system32\PopOops.dll (Adware.SpywareLabs.AdDestroyer.102)
Found trojan file: C:\WINDOWS\system32\kalvjtu32.exe (Adware.CoolWebSearch.134)
Found trojan file: C:\WINDOWS\system32\kalvvdp32.exe (Adware.CoolWebSearch.134)
Found trojan file: C:\WINDOWS\system32\kalvbsx32.exe (Adware.CoolWebSearch.134)
Found trojan file: C:\WINDOWS\system32\kalvxas32.exe (Adware.CoolWebSearch.134)
Found trojan file: C:\WINDOWS\system32\kalvvaj32.exe (Adware.CoolWebSearch.134)
Found trojan file: C:\WINDOWS\system32\kalvxlm32.exe (Adware.CoolWebSearch.134)
Found trojan file: C:\WINDOWS\system32\kalvflf32.exe (Adware.CoolWebSearch.134)
Found trojan file: C:\WINDOWS\system32\kalvyzx32.exe (Adware.CoolWebSearch.134)
Found trojan file: C:\WINDOWS\system32\kalvlme32.exe (Adware.CoolWebSearch.134)
Found trojan file: C:\WINDOWS\system32\kalveys32.exe (Adware.CoolWebSearch.134)
Found trojan file: C:\WINDOWS\system32\kalvjxa32.exe (Adware.CoolWebSearch.134)
Found trojan file: C:\WINDOWS\system32\kalvbva32.exe (Adware.CoolWebSearch.134)
Found trojan file: C:\WINDOWS\system32\kalvjel32.exe (Adware.CoolWebSearch.134)
Found trojan file: C:\WINDOWS\system32\kalvyrl32.exe (Adware.CoolWebSearch.134)
Found trojan file: C:\WINDOWS\Temp\1612781.dll (Adware.EliteToolbar.103)
Found trojan file: C:\WINDOWS\Temp\1365953.dll (Adware.EliteToolbar.103)
Found trojan file: C:\WINDOWS\Temp\1584515.dll (Adware.EliteToolbar.103)
Found trojan file: C:\WINDOWS\Temp\1352031.dll (Adware.EliteToolbar.103)
Found trojan file: C:\WINDOWS\Temp\1580640.dll (Adware.EliteToolbar.103)
Found trojan file: C:\WINDOWS\Temp\1441250.dll (Adware.EliteToolbar.103)
Found trojan file: C:\WINDOWS\Temp\1876203.dll (Adware.EliteToolbar.103)
Found trojan file: C:\WINDOWS\Temp\1350203.dll (Adware.EliteToolbar.103)
Found trojan file: C:\WINDOWS\Temp\1381078.dll (Adware.EliteToolbar.103)
Found trojan file: C:\WINDOWS\Temp\1168687.dll (Adware.EliteToolbar.103)
Found trojan file: C:\WINDOWS\Temp\1112734.dll (Adware.EliteToolbar.103)
Found trojan file: C:\WINDOWS\Temp\1612687.dll (Adware.EliteToolbar.103)
Found trojan file: C:\WINDOWS\Temp\1107187.dll (Adware.EliteToolbar.103)
Found trojan file: C:\WINDOWS\Temp\1625968.dll (Adware.EliteToolbar.103)
Found trojan file: C:\WINDOWS\Temp\1351875.dll (Adware.EliteToolbar.103)
Found trojan file: C:\WINDOWS\EliteToolBar\EliteToolBar version 58.dll (Adware.EliteToolbar.103)
Found trojan file: C:\WINDOWS\systb.exe/sck3O.exe (Adware.IEPlugin.100)
Found trojan file: C:\WINDOWS\EliteSideBar\EliteSideBar 07.dll/EdBkU.exe (Adware.EliteToolbar.101)
Found trojan file: C:\Documents and Settings\Roger\Local Settings\Temp\Temporary Internet Files\Content.IE5\0J550OIT\silent_install[1].exe (Adware.CoolWebSearch.132)
Found trojan file: C:\Documents and Settings\Roger\Local Settings\Temp\Temporary Internet Files\Content.IE5\SE5HWTPA\protector[1].exe (Adware.CoolWebSearch.134)
Found trojan file: C:\Program Files\Web Offer\CHPON.dll (Adware.Ezula.WebOffer.100)
Found trojan file: C:\Program Files\Web Offer\eapbh.dll (Adware.Ezula.TopText-iLookup.104)
Found trojan file: C:\Program Files\Web Offer\sepng.dll (Adware.Ezula.TopText-iLookup.104)
Found trojan file: C:\HJT\backup-20041219-113154-558.dll (Adware.EliteToolbar.103)
Found trojan file: C:\HJT\backup-20041219-113154-423.dll (Adware.IBIS.WinTools.105)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP497\A0723544.exe (TrojanDownloader.QDown.102)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP497\A0723546.exe (Adware.BargainBuddy.104)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP497\A0723547.exe (Adware.BargainBuddy.104)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP497\A0723548.exe (Adware.BargainBuddy.104)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP497\A0723553.exe/grejhoMX.exe (Adware.LookToMe.125)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP497\A0724224.exe (Adware.BargainBuddy.104)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP497\A0724229.exe (Adware.BargainBuddy.104)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP497\A0724240.exe (Adware.BargainBuddy.104)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP497\A0724242.exe (Adware.BargainBuddy.104)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP497\A0724246.exe (Adware.BargainBuddy.104)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP497\A0724257.exe (Adware.BargainBuddy.104)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP497\A0724258.exe (Adware.BargainBuddy.104)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP497\A0724260.exe (Adware.BargainBuddy.104)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP497\A0724278.exe (Adware.BargainBuddy.101)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP497\A0724278.exe (Adware.BargainBuddy.104)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP497\A0724282.exe (Adware.BargainBuddy.101)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP497\A0724282.exe (Adware.BargainBuddy.104)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP497\A0724322.exe (Adware.BargainBuddy.101)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP497\A0724322.exe (Adware.BargainBuddy.104)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP497\A0724326.exe (Adware.BargainBuddy.101)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP497\A0724326.exe (Adware.BargainBuddy.104)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP497\A0724339.exe (Adware.BargainBuddy.101)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP497\A0724340.exe (Adware.BargainBuddy.104)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP497\A0724347.exe (Adware.BargainBuddy.104)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP497\A0726204.exe/TMoyhoq5.exe (Adware.LookToMe.125)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP497\A0726210.exe (Adware.BargainBuddy.104)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP497\A0726211.exe (Adware.BargainBuddy.104)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP497\A0726278.dll/vOx.exe (Adware.AvenueMedia.Dyfuca.104)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP497\A0726297.dll/MVyDwIwQ.exe (Adware.AvenueMedia.Dyfuca.104)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP497\A0726535.exe/Q2bHBTIi.exe (Adware.LookToMe.125)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP497\A0726685.exe/jp47YE45.exe (Adware.LookToMe.125)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP500\A0727185.exe (Adware.BargainBuddy.101)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP500\A0727185.exe (Adware.BargainBuddy.104)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP500\A0727209.exe/5zXpN.exe (Adware.LookToMe.125)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP501\A0727340.dll (Adware.Ezula.TopText-iLookup.104)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP501\A0727348.dll (Adware.Ezula.WebOffer.100)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP502\A0727642.exe (Adware.BargainBuddy.101)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP502\A0727642.exe (Adware.BargainBuddy.104)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP502\A0728567.exe/bn3lTr.exe (Adware.LookToMe.125)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP502\A0728690.exe/uoXJMVm.exe (Adware.LookToMe.125)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP502\A0728774.exe/S5IrnXt.exe (Adware.LookToMe.125)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP502\A0729774.exe/revg4.exe (Adware.LookToMe.125)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP502\A0729898.exe (Adware.BargainBuddy.101)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP502\A0729898.exe (Adware.BargainBuddy.104)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP502\A0729906.exe (Adware.IBIS.Toolbar.101)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP502\A0729907.exe/Okl.exe (Adware.LookToMe.125)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP502\A0729922.exe (Adware.IBIS.Toolbar.101)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP502\A0729935.exe (Adware.BargainBuddy.101)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP502\A0729935.exe (Adware.BargainBuddy.104)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP503\A0730002.exe (Adware.BargainBuddy.101)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP503\A0730002.exe (Adware.BargainBuddy.104)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP503\A0730015.exe (Adware.IEPlugin.100)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP504\A0730078.exe (Adware.BargainBuddy.101)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP504\A0730078.exe (Adware.BargainBuddy.104)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP504\A0730091.exe (Adware.BargainBuddy.101)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP504\A0730091.exe (Adware.BargainBuddy.104)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP504\A0730105.exe/UF1.exe (Adware.LookToMe.125)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP505\A0730146.exe (Adware.BargainBuddy.101)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP505\A0730146.exe (Adware.BargainBuddy.104)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP507\A0730263.exe (Adware.BargainBuddy.101)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP507\A0730263.exe (Adware.BargainBuddy.104)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP507\A0730320.exe (Adware.BargainBuddy.101)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP507\A0730320.exe (Adware.BargainBuddy.104)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP508\A0730491.dll (Adware.Ezula.TopText-iLookup.104)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP508\A0730494.dll (Adware.Ezula.WebOffer.100)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP508\A0730696.exe (Adware.BargainBuddy.101)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP508\A0730696.exe (Adware.BargainBuddy.104)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP508\A0730730.exe (Adware.BargainBuddy.101)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP508\A0730730.exe (Adware.BargainBuddy.104)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP508\A0730749.exe (Adware.BargainBuddy.101)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP508\A0730749.exe (Adware.BargainBuddy.104)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP509\A0730801.exe (Adware.BargainBuddy.101)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP509\A0730801.exe (Adware.BargainBuddy.104)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP509\A0730827.exe (Adware.BargainBuddy.101)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP509\A0730827.exe (Adware.BargainBuddy.104)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP509\A0730841.exe/ohyw.exe (Adware.LookToMe.125)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP509\A0730940.exe (Adware.BargainBuddy.101)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP509\A0730940.exe (Adware.BargainBuddy.104)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP509\A0731031.exe/Kysi.exe (Adware.LookToMe.125)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP509\A0731083.exe (Adware.BargainBuddy.101)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP509\A0731083.exe (Adware.BargainBuddy.104)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP509\A0731180.exe (Adware.BargainBuddy.101)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP509\A0731180.exe (Adware.BargainBuddy.104)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP509\A0731221.exe (Adware.BargainBuddy.101)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP509\A0731221.exe (Adware.BargainBuddy.104)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP510\A0731306.exe (Adware.BargainBuddy.101)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP510\A0731306.exe (Adware.BargainBuddy.104)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP511\A0731355.exe (Adware.BargainBuddy.101)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP511\A0731355.exe (Adware.BargainBuddy.104)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP512\A0731486.exe (Adware.BargainBuddy.101)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP512\A0731486.exe (Adware.BargainBuddy.104)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP513\A0731561.exe (Adware.BargainBuddy.101)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP513\A0731561.exe (Adware.BargainBuddy.104)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP513\A0731562.exe/9HoBi.exe (Adware.LookToMe.125)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP515\A0731683.exe (Adware.BargainBuddy.101)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP515\A0731683.exe (Adware.BargainBuddy.104)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP515\A0731721.exe/DwdR.exe (Adware.LookToMe.125)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP515\A0731793.exe (Adware.BargainBuddy.101)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP515\A0731793.exe (Adware.BargainBuddy.104)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP515\A0731853.exe/dnE.exe (Adware.LookToMe.125)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP515\A0731857.exe (Adware.Ezula.TopText-iLookup.106)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP515\A0731940.exe/IIts0S.exe (Adware.LookToMe.125)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP515\A0731942.exe (Adware.Ezula.TopText-iLookup.106)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP515\A0732097.DLL (Adware.IBIS.Toolbar.101)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP515\A0732098.DLL (Adware.IBIS.Toolbar.101)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP515\A0732176.exe/1W1HL1.exe (Adware.LookToMe.125)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP516\A0732299.exe (Adware.BargainBuddy.101)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP516\A0732299.exe (Adware.BargainBuddy.104)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP516\A0732352.EXE (Adware.SpywareLabs.AdDestroyer.101)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP516\A0732468.exe/1Zre9he.exe (Adware.LookToMe.125)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP516\A0732470.exe (Adware.Ezula.TopText-iLookup.106)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP517\A0732580.exe (Adware.BargainBuddy.101)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP517\A0732580.exe (Adware.BargainBuddy.104)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP517\A0732639.dll (Adware.Ezula.TopText-iLookup.104)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP517\A0732643.DLL (Adware.Ezula.TopText-iLookup.105)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP517\A0732646.dll (Adware.Ezula.WebOffer.100)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP517\A0732663.exe (Adware.BargainBuddy.101)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP517\A0732663.exe (Adware.BargainBuddy.104)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP517\A0732804.exe (Adware.IBIS.Toolbar.101)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP517\A0732805.dll (Adware.IBIS.Toolbar.101)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP517\A0732806.dll (Adware.IBIS.Toolbar.101)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP517\A0732807.exe (Adware.IBIS.Toolbar.101)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP517\A0732826.exe (Adware.BargainBuddy.101)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP517\A0732826.exe (Adware.BargainBuddy.104)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP518\A0732882.exe (Adware.BargainBuddy.101)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP518\A0732882.exe (Adware.BargainBuddy.104)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP518\A0732942.exe (Adware.BargainBuddy.101)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP518\A0732942.exe (Adware.BargainBuddy.104)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP519\A0732989.exe (Adware.BargainBuddy.101)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP519\A0732989.exe (Adware.BargainBuddy.104)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP520\A0733053.EXE (Adware.SpywareLabs.AdDestroyer.101)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP520\A0733077.exe (Adware.BargainBuddy.101)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP520\A0733077.exe (Adware.BargainBuddy.104)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP520\A0733109.exe (Adware.BargainBuddy.101)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP520\A0733109.exe (Adware.BargainBuddy.104)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP520\A0734010.exe/KDOH8q.exe (Adware.LookToMe.125)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP520\A0734017.exe (Adware.IBIS.Toolbar.101)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP520\A0734018.DLL (Adware.IBIS.Toolbar.101)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP520\A0734019.DLL (Adware.IBIS.Toolbar.101)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP520\A0734020.exe (Adware.IBIS.Toolbar.101)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP520\A0734027.dll (Adware.Ezula.TopText-iLookup.104)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP520\A0734075.exe/g1AJw8c.exe (Adware.LookToMe.125)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP520\A0734125.dll (Adware.Ezula.WebOffer.100)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP520\A0734180.exe (Adware.BargainBuddy.101)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP520\A0734180.exe (Adware.BargainBuddy.104)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP520\A0734183.exe (Adware.Ezula.TopText-iLookup.104)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP520\A0734185.dll (Adware.Ezula.TopText-iLookup.104)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP520\A0734186.dll (Adware.Ezula.TopText-iLookup.104)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP520\A0735176.exe/J8E.exe (Adware.LookToMe.125)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP520\A0735193.exe (Adware.BargainBuddy.101)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP520\A0735193.exe (Adware.BargainBuddy.104)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP520\A0735303.exe (Adware.BargainBuddy.101)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP520\A0735303.exe (Adware.BargainBuddy.104)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP520\A0735368.exe/IVg2ztU.exe (Adware.LookToMe.125)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP520\A0735395.EXE (Adware.SpywareLabs.AdDestroyer.101)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP520\A0735440.exe/pTL.exe (Adware.LookToMe.125)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP520\A0736440.exe/R42i.exe (Adware.LookToMe.125)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP520\A0737468.exe (Adware.BargainBuddy.101)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP520\A0737468.exe (Adware.BargainBuddy.104)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP520\A0737548.exe/atKgw.exe (Adware.LookToMe.125)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP520\A0737601.dll (Adware.Ezula.TopText-iLookup.104)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP520\A0737607.dll (Adware.Ezula.TopText-iLookup.105)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP520\A0737608.dll (Adware.Ezula.WebOffer.100)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP521\A0737697.exe (Adware.BargainBuddy.101)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP521\A0737697.exe (Adware.BargainBuddy.104)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP521\A0737737.dll (Adware.Ezula.WebOffer.100)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP521\A0737739.dll (Adware.Ezula.TopText-iLookup.104)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP521\A0737744.dll (Adware.Ezula.TopText-iLookup.104)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP521\A0737760.dll (Adware.SpywareLabs.AdDestroyer.102)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP521\A0737761.dll (Adware.SpywareLabs.AdDestroyer.102)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP521\A0737763.dll (Adware.SpywareLabs.AdDestroyer.102)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP521\A0737796.EXE (Adware.SpywareLabs.AdDestroyer.101)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP521\A0737833.exe (Adware.BargainBuddy.101)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP521\A0737833.exe (Adware.BargainBuddy.104)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP521\A0737936.exe (Adware.BargainBuddy.101)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP521\A0737936.exe (Adware.BargainBuddy.104)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP521\A0738010.EXE (Adware.SpywareLabs.AdDestroyer.101)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP521\A0738060.exe (Adware.BargainBuddy.101)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP521\A0738060.exe (Adware.BargainBuddy.104)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP521\A0738122.dll (Adware.SpywareLabs.AdDestroyer.102)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP521\A0738123.dll (Adware.SpywareLabs.AdDestroyer.102)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP521\A0738125.dll (Adware.SpywareLabs.AdDestroyer.102)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP521\A0738131.exe (Adware.Ezula.TopText-iLookup.106)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP521\A0738135.dll (Adware.Ezula.TopText-iLookup.105)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP521\A0738138.dll (Adware.Ezula.WebOffer.100)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP521\A0739086.exe (Adware.IBIS.Toolbar.101)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP521\A0739087.exe (Adware.Ezula.TopText-iLookup.106)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP521\A0739088.exe/JnrM.exe (Adware.LookToMe.125)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP521\A0739097.exe (Adware.IBIS.Toolbar.101)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP521\A0740085.exe/5xmsjw.exe (Adware.LookToMe.125)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP521\A0740119.exe/8zTXnf.exe (Adware.LookToMe.125)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP521\A0741121.exe/fUkE.exe (Adware.LookToMe.125)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP521\A0742119.exe/rAnfLurg.exe (Adware.LookToMe.125)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP521\A0742187.exe/JO5twny7.exe (Adware.LookToMe.125)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP521\A0745335.EXE (Adware.BargainBuddy.101)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP521\A0745335.EXE (Adware.BargainBuddy.104)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP521\A0747294.exe/adp7SkMz.exe (Adware.LookToMe.125)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP521\A0747388.EXE (Adware.SpywareLabs.AdDestroyer.101)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP522\A0747440.DLL (Adware.SpywareLabs.AdDestroyer.102)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP522\A0747441.DLL (Adware.SpywareLabs.AdDestroyer.102)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP522\A0747443.dll (Adware.SpywareLabs.AdDestroyer.102)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP522\A0748294.exe/WGq2F.exe (Adware.LookToMe.125)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP522\A0748297.dll (Adware.IBIS.Toolbar.101)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP522\A0748319.exe/MGQA.exe (Adware.LookToMe.125)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP523\A0749318.exe/RRlJG.exe (Adware.LookToMe.125)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP523\A0750349.dll (Adware.Ezula.WebOffer.100)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP523\A0750350.dll (Adware.Ezula.TopText-iLookup.104)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP523\A0750351.dll (Adware.Ezula.TopText-iLookup.104)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP524\A0753191.exe (Adware.IBIS.Toolbar.102)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP524\A0753203.exe (Adware.IBIS.Toolbar.102)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP524\A0753216.EXE (Adware.IBIS.Toolbar.102)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP526\A0757342.exe (Adware.BargainBuddy.101)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP526\A0757342.exe (Adware.BargainBuddy.104)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP526\A0757373.exe (Adware.IBIS.Toolbar.102)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP526\A0757405.DLL (Adware.Ezula.TopText-iLookup.104)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP526\A0757407.DLL (Adware.Ezula.TopText-iLookup.105)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP526\A0757408.DLL (Adware.Ezula.WebOffer.100)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP526\A0757414.exe (Adware.IBIS.Toolbar.102)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP526\A0757433.EXE (Adware.SpywareLabs.AdDestroyer.101)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP526\A0757471.exe (Adware.IBIS.Toolbar.102)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP526\A0758488.exe (Adware.IBIS.Toolbar.102)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP526\A0758518.exe (Adware.IBIS.Toolbar.102)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP526\A0759535.exe (Adware.Ezula.TopText-iLookup.106)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP526\A0759545.exe (Adware.IBIS.Toolbar.102)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP526\A0760535.exe (Adware.Ezula.TopText-iLookup.106)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP526\A0760563.exe (Adware.IBIS.Toolbar.102)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP526\A0760569.exe (Adware.Ezula.TopText-iLookup.106)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP526\A0761572.exe (Adware.IBIS.Toolbar.102)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP526\A0761606.exe (Adware.IBIS.Toolbar.102)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP526\A0761614.exe (Adware.Ezula.TopText-iLookup.106)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP526\A0761645.exe (Adware.IBIS.Toolbar.102)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP527\A0761669.exe (Adware.IBIS.Toolbar.102)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP527\A0761697.exe (Adware.IBIS.Toolbar.102)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP527\A0762614.exe (Adware.Ezula.TopText-iLookup.106)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP527\A0762649.exe (Adware.IBIS.Toolbar.102)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP527\A0763614.exe (Adware.Ezula.TopText-iLookup.106)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP527\A0763651.exe (Adware.IBIS.Toolbar.102)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP527\A0763668.exe (Adware.IBIS.Toolbar.102)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP527\A0763687.exe (Adware.IBIS.Toolbar.102)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP527\A0763717.exe (Adware.IBIS.Toolbar.102)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP527\A0763732.DLL (Adware.IBIS.Toolbar.101)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP527\A0763734.EXE (Adware.IBIS.Toolbar.102)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP527\A0763735.DLL (Adware.IBIS.Toolbar.102)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP527\A0763736.exe (Adware.IBIS.Toolbar.102)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP527\A0763796.exe (Adware.IBIS.Toolbar.102)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP527\A0763828.exe (Adware.Ezula.TopText-iLookup.106)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP527\A0763845.exe (Adware.IBIS.Toolbar.102)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP527\A0764828.exe (Adware.Ezula.TopText-iLookup.106)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP527\A0764848.exe (Adware.IBIS.Toolbar.102)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP527\A0766882.exe (Adware.BargainBuddy.101)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP527\A0766882.exe (Adware.BargainBuddy.104)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP527\A0767828.exe (Adware.Ezula.TopText-iLookup.106)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP527\A0769854.dll (Adware.Ezula.TopText-iLookup.104)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP527\A0769856.dll (Adware.Ezula.TopText-iLookup.105)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP528\A0769946.exe (Adware.BargainBuddy.101)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP528\A0769946.exe (Adware.BargainBuddy.104)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP528\A0770004.EXE (Adware.SpywareLabs.AdDestroyer.101)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP528\A0770019.exe (Adware.IBIS.Toolbar.102)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP528\A0770028.exe (Adware.IBIS.Toolbar.102)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP528\A0770034.DLL (Adware.Ezula.TopText-iLookup.104)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP528\A0770037.dll (Adware.Ezula.TopText-iLookup.105)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP528\A0770039.DLL (Adware.Ezula.WebOffer.100)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP528\A0770073.exe (Adware.IBIS.Toolbar.102)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP528\A0770102.exe (Adware.CoolWebSearch.132)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP528\A0770105.exe (Adware.CoolWebSearch.132)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP528\A0770107.exe (Adware.IBIS.Toolbar.102)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP528\A0770148.exe (Adware.IBIS.Toolbar.102)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP528\A0770171.exe (Adware.Ezula.TopText-iLookup.106)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP528\A0770195.exe (Adware.IBIS.Toolbar.102)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP529\A0770244.exe (Adware.IBIS.Toolbar.102)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP529\A0770262.exe (Adware.BargainBuddy.101)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP529\A0770262.exe (Adware.BargainBuddy.104)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP529\A0770284.EXE (Adware.SpywareLabs.AdDestroyer.101)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP529\A0770291.exe (Adware.IBIS.Toolbar.102)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP529\A0770323.exe (Adware.IBIS.Toolbar.102)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP529\A0770331.exe (Adware.IBIS.Toolbar.102)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP529\A0770333.dll (Adware.IBIS.Toolbar.102)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP529\A0770334.exe (Adware.IBIS.Toolbar.102)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP529\A0770377.exe (Adware.IBIS.Toolbar.102)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP530\A0770446.dll (Adware.Ezula.WebOffer.100)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP530\A0770449.exe (Adware.Ezula.TopText-iLookup.106)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP530\A0770454.dll (Adware.Ezula.WebOffer.100)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP530\A0770455.dll (Adware.Ezula.TopText-iLookup.104)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP530\A0770456.dll (Adware.Ezula.TopText-iLookup.104)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP530\A0770464.dll (Adware.SpywareLabs.AdDestroyer.102)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP530\A0770465.dll (Adware.SpywareLabs.AdDestroyer.102)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP530\A0770467.dll (Adware.SpywareLabs.AdDestroyer.102)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP530\A0770475.dll (Adware.Ezula.TopText-iLookup.104)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP530\A0770478.dll (Adware.Ezula.TopText-iLookup.105)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP530\A0770479.dll (Adware.Ezula.WebOffer.100)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP530\A0770482.exe (Adware.BargainBuddy.101)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP530\A0770482.exe (Adware.BargainBuddy.104)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP530\A0770491.exe (Adware.CoolWebSearch.132)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP530\A0770512.exe (Adware.CoolWebSearch.132)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP530\A0771532.exe (Adware.Ezula.TopText-iLookup.106)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP530\A0771545.EXE (Adware.SpywareLabs.AdDestroyer.101)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP531\A0771719.exe (Adware.IBIS.Toolbar.102)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP531\A0771721.dll (Adware.IBIS.Toolbar.102)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP531\A0771723.exe (Adware.IBIS.Toolbar.102)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP531\A0771773.exe (Adware.BargainBuddy.101)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP531\A0771773.exe (Adware.BargainBuddy.104)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP532\A0771790.EXE (Adware.SpywareLabs.AdDestroyer.101)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP532\A0771866.exe (Adware.BargainBuddy.101)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP532\A0771866.exe (Adware.BargainBuddy.104)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP532\A0771904.dll (Adware.Ezula.TopText-iLookup.104)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP532\A0771906.dll (Adware.Ezula.TopText-iLookup.105)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP532\A0771907.dll (Adware.Ezula.WebOffer.100)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP532\A0771950.exe (Adware.Ezula.TopText-iLookup.106)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP532\A0772037.exe (Adware.CoolWebSearch.132)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP533\A0772147.dll (Adware.Ezula.WebOffer.100)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP533\A0773071.dll (Adware.Ezula.TopText-iLookup.104)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP533\A0773079.exe (Adware.CoolWebSearch.132)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP533\A0773165.exe (Adware.BargainBuddy.101)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP533\A0773165.exe (Adware.BargainBuddy.104)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP533\A0773181.exe (Adware.IBIS.Toolbar.102)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP533\A0773182.dll (Adware.IBIS.Toolbar.102)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP533\A0773184.exe (Adware.IBIS.Toolbar.102)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP534\A0773235.EXE (Adware.SpywareLabs.AdDestroyer.101)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP534\A0773258.exe (Adware.BargainBuddy.101)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP534\A0773258.exe (Adware.BargainBuddy.104)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP534\A0773291.dll (Adware.SpywareLabs.AdDestroyer.102)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP534\A0773292.dll (Adware.SpywareLabs.AdDestroyer.102)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP534\A0773294.dll (Adware.SpywareLabs.AdDestroyer.102)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP534\A0773298.exe (Adware.Ezula.TopText-iLookup.106)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP534\A0773299.dll (Adware.Ezula.TopText-iLookup.104)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP535\A0773328.exe (Adware.CoolWebSearch.132)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP536\A0773389.exe (Adware.BargainBuddy.101)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP536\A0773389.exe (Adware.BargainBuddy.104)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP536\A0773399.EXE (Adware.SpywareLabs.AdDestroyer.101)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP536\A0773429.exe (Adware.Ezula.TopText-iLookup.106)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP536\A0774461.exe (Adware.Ezula.TopText-iLookup.106)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP536\A0774490.dll (Adware.Ezula.WebOffer.100)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP536\A0775569.exe (Adware.CoolWebSearch.132)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP536\A0782811.exe (Adware.BargainBuddy.101)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP536\A0782811.exe (Adware.BargainBuddy.104)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP536\A0776542.exe (Adware.CoolWebSearch.132)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP536\A0776557.exe (Adware.IBIS.Toolbar.102)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP536\A0776611.exe (Adware.Ezula.TopText-iLookup.106)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP536\A0776612.dll (Adware.Ezula.TopText-iLookup.104)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP536\A0776613.dll (Adware.Ezula.TopText-iLookup.105)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP536\A0776618.dll (Adware.Ezula.WebOffer.100)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP536\A0776619.dll (Adware.Ezula.TopText-iLookup.104)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP536\A0776620.dll (Adware.Ezula

Edited by rleatham, 19 December 2004 - 08:08 PM.


#7 rleatham

rleatham

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 19 December 2004 - 08:15 PM

hjt log ( wouldn't fit in above)

Logfile of HijackThis v1.97.7
Scan saved at 6:02:13 PM, on 12/19/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NVATray.exe
C:\WINDOWS\SOINTGR.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\WINDOWS\system32\vyoovc.exe
C:\Program Files\TrojanHunter 4.0\THGuard.exe
C:\Program Files\skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe
C:\PROGRA~1\VBOUNCER\VIRTUA~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://exmormon.org/
O4 - HKLM\..\Run: [NVIDIA nForce APU1 Utilities] NVATray.exe
O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.0\THGuard.exe"
O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvgva32.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: ConferenceRoom Java Client - http://216.152.65.174:8000/java/cr.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - https://www.gamespyid.com/alaunch.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupd...7482.6454861111
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab27513.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.c...ebio5_1_6_0.cab

#8 CTS

CTS

    Wall Street

  • Helper
  • PipPipPipPipPip
  • 540 posts

Posted 19 December 2004 - 08:25 PM

Alright, when you said volume system, I was thinking that it was in the restore points.

You still have some malware in your restore points, from System Restore.
Therefore, we will have to reset your restore points.

IMPORTANT NOTES:
  • You must be logged in as an Administrator to do this. If you are not logged in as an Administrator, the System Restore tab will not be displayed.
To turn off Windows XP System Restore:

NOTE: These instructions assume that you are using the default Windows XP Start Menu and have not changed to the Classic Start menu. To re-enable the default menu, right-click Start, click Properties, click Start menu (not Classic) and then click OK.
1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore" or "Turn off System Restore on all drives" as shown in this illustration:
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.

Restart your PC.
Next, it is extremely important that you turn System Restore back on.

To turn on Windows XP System Restore:
1. Repeat steps #1-3
2. Uncheck "Turn off System Restore" or "Turn off System Restore on all drives."
3. Click Apply, and then click OK.

Next run Trend Micro and Trojan Hunter again.
Have it delete/clean everything that it finds.
Restart your PC.
Run HJT and post a fresh log.

Edited by CTS, 19 December 2004 - 08:26 PM.

CTS
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
If you have found our help useful and wish to keep this site running, please consider a donation


. . . . . . . . . . . . . . . . Cleaning . . . . . . . . . . . . . . . .
. Ad-Aware . Spybot S&D . Spysweeper . HijackThis . CWShredder .

. . . . . . . . . . . . . . . . Scanning . . . . . . . . . . . . . . . .
. SpywareBlaster . SpywareGuard . MVP Hosts File . IESpyad . "How Did I Get Infected?" .

. . . . . . . . . . . . . . . . Protecting . . . . . . . . . . . . . . . .
. AVG Anti-Virus . Trend Micro Virusscan . ZoneAlarm Firewall . TrojanHunter . Panda Virusscan .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

user posted image
Proud Member Since 2004

#9 rleatham

rleatham

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 19 December 2004 - 10:42 PM

Still popups and virtual bouncer

Logfile of HijackThis v1.97.7
Scan saved at 8:41:48 PM, on 12/19/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\vyoovc.exe
C:\WINDOWS\system32\NVATray.exe
C:\WINDOWS\SOINTGR.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\TrojanHunter 4.0\THGuard.exe
C:\PROGRA~1\VBOUNCER\VirtualBouncer.exe
C:\Program Files\skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://exmormon.org/
O2 - BHO: (no name) - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 58.dll (file missing)
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 58.dll (file missing)
O4 - HKLM\..\Run: [NVIDIA nForce APU1 Utilities] NVATray.exe
O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.0\THGuard.exe"
O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvmay32.exe
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBOUNCER\VirtualBouncer.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: ConferenceRoom Java Client - http://216.152.65.174:8000/java/cr.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - https://www.gamespyid.com/alaunch.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupd...7482.6454861111
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab27513.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.c...ebio5_1_6_0.cab

#10 CTS

CTS

    Wall Street

  • Helper
  • PipPipPipPipPip
  • 540 posts

Posted 19 December 2004 - 10:49 PM

What were the results of the scan the second time around?
CTS
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
If you have found our help useful and wish to keep this site running, please consider a donation


. . . . . . . . . . . . . . . . Cleaning . . . . . . . . . . . . . . . .
. Ad-Aware . Spybot S&D . Spysweeper . HijackThis . CWShredder .

. . . . . . . . . . . . . . . . Scanning . . . . . . . . . . . . . . . .
. SpywareBlaster . SpywareGuard . MVP Hosts File . IESpyad . "How Did I Get Infected?" .

. . . . . . . . . . . . . . . . Protecting . . . . . . . . . . . . . . . .
. AVG Anti-Virus . Trend Micro Virusscan . ZoneAlarm Firewall . TrojanHunter . Panda Virusscan .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

user posted image
Proud Member Since 2004

#11 rleatham

rleatham

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 20 December 2004 - 12:11 AM

Here are both again sorry.

Logfile of HijackThis v1.97.7
Scan saved at 10:09:07 PM, on 12/19/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NVATray.exe
C:\WINDOWS\SOINTGR.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\WINDOWS\system32\vyoovc.exe
C:\Program Files\TrojanHunter 4.0\THGuard.exe
C:\PROGRA~1\VBOUNCER\VirtualBouncer.exe
C:\Program Files\skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://exmormon.org/
O2 - BHO: (no name) - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 58.dll (file missing)
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 58.dll (file missing)
O4 - HKLM\..\Run: [NVIDIA nForce APU1 Utilities] NVATray.exe
O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.0\THGuard.exe"
O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvmay32.exe
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBOUNCER\VirtualBouncer.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: ConferenceRoom Java Client - http://216.152.65.174:8000/java/cr.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - https://www.gamespyid.com/alaunch.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupd...7482.6454861111
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab27513.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.c...ebio5_1_6_0.cab


Registry scan
Registry key exists: HKEY_CLASSES_ROOT\CLSID\{28CAEFF3-0F18-4036-B504-51D73BD81ABC} (matches Adware.CoolWebSearch.119)
Registry key exists: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EliteBar Internet Explorer Toolbar (matches Adware.CoolWebSearch.119)
Registry key exists: HKEY_CLASSES_ROOT\CLSID\{825CF5BD-8862-4430-B771-0C15C5CA8DEF} (matches Adware.CoolWebSearch.119)
Registry key exists: HKEY_CLASSES_ROOT\CLSID\{825CF5BD-8862-4430-B771-0C15C5CA8DEF} (matches Adware.EliteToolbar.100)
Registry key exists: HKEY_CLASSES_ROOT\CLSID\{28CAEFF3-0F18-4036-B504-51D73BD81ABC} (matches Adware.EliteToolbar.100)
Registry key exists: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EliteBar Internet Explorer Toolbar (matches Adware.EliteToolbar.100)
Registry key exists: HKEY_LOCAL_MACHINE\SOFTWARE\Toolbar (matches Adware.IBIS.Toolbar.100)
Registry key exists: HKEY_CURRENT_USER\Software\WinTools (matches Adware.IBIS.WinTools.100)
Registry key exists: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Recommended Hotfix - 421701D (matches Adware.SmartPops.100)
Registry key exists: HKEY_CURRENT_USER\Software\VB and VBA Program Settings\AdDestroyer (matches Adware.SpywareLabs.AdDestroyer.100)
Registry key exists: HKEY_CURRENT_USER\Software\VB and VBA Program Settings\VBouncer (matches Adware.SpywareLabs.VirtualBouncer.100)
Registry key exists: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Virtual Bouncer (matches Adware.SpywareLabs.VirtualBouncer.101)
Registry key exists: HKEY_LOCAL_MACHINE\SOFTWARE\Elitum (matches Elitum.100)
Inifile scan
No suspicious entries found
Port scan
No suspicious open ports found
Memory scan
Found trojan module EliteToolBar version 58.dll loaded into process iexplore.exe (4088): Adware.EliteToolbar.103
File scan
Found trojan file: C:\WINDOWS\system32\dfghelp.dll (Adware.LookToMe.102)
Found trojan file: C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\4D6RG5AN\protector[1].exe (Adware.CoolWebSearch.134)
Found trojan file: C:\WINDOWS\EliteToolBar\EliteToolBar version 58.dll (Adware.EliteToolbar.103)
Found trojan file: C:\WINDOWS\EliteSideBar\EliteSideBar 07.dll/Wy8.exe (Adware.EliteToolbar.101)
Found trojan file: C:\Documents and Settings\Roger\Local Settings\Temp\Temporary Internet Files\Content.IE5\SBYDGJYR\silent_install[1].exe (Adware.CoolWebSearch.132)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP1\A0000020.dll (Adware.LookToMe.102)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP1\A0000021.dll (Adware.LookToMe.102)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP1\A0000022.dll (Adware.LookToMe.102)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP1\A0000023.dll (Adware.LookToMe.102)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP1\A0000024.dll (Adware.LookToMe.102)
Found trojan file: C:\System Volume Information\_restore{3516953C-55A1-48BF-94AE-4D0884B964C6}\RP1\A0000025.dll (Adware.LookToMe.102)
Found trojan file: C:\silent093.exe (Adware.CoolWebSearch.132)
12 trojan files found

#12 CTS

CTS

    Wall Street

  • Helper
  • PipPipPipPipPip
  • 540 posts

Posted 20 December 2004 - 12:55 AM

Alright.

Your log shows that you have a Look2Me infection.
  • Download VX2Finder
  • Run VX2Finder
  • Click on “Click to find VX2.BetterInternet* button
  • Then click “Make Log”
I’ll be happy to continue when you copy and paste the contents of the log into your next reply.
CTS
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
If you have found our help useful and wish to keep this site running, please consider a donation


. . . . . . . . . . . . . . . . Cleaning . . . . . . . . . . . . . . . .
. Ad-Aware . Spybot S&D . Spysweeper . HijackThis . CWShredder .

. . . . . . . . . . . . . . . . Scanning . . . . . . . . . . . . . . . .
. SpywareBlaster . SpywareGuard . MVP Hosts File . IESpyad . "How Did I Get Infected?" .

. . . . . . . . . . . . . . . . Protecting . . . . . . . . . . . . . . . .
. AVG Anti-Virus . Trend Micro Virusscan . ZoneAlarm Firewall . TrojanHunter . Panda Virusscan .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

user posted image
Proud Member Since 2004

#13 rleatham

rleatham

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 20 December 2004 - 01:17 AM

vx2 log file.

Log for VX2.BetterInternet File Finder (ALL)

Files Found---
C:\WINDOWS\system32\bcotvid.dll
C:\WINDOWS\system32\dwghelp.dll_tobedeleted
C:\WINDOWS\system32\nwtfxperf.dll

Additional Files---

Keys Under Notify---
AtiExtEvent
Compatibility32
crypt32chain
cryptnet
cscdll
IMM
Perflib
Ports
ScCertProp
Schedule
sclgntfy
SeCEdit
SensLogn
Setup
SvcHost
SystemRestore
Terminal Server
termsrv
Tracing
Type 1 Installer
Wdf
wlballoon
WPAEvents


Guardian Key--- is called: WPAEvents
Asynchronous 000
DllName C:\WINDOWS\system32\nwtfxperf.dll
Impersonate 000
Logon WinLogon
Logoff WinLogoff
Version 126
ID {1F397446-0A2F-4447-B627-E0C23DE49D20}
IDex L2Ma

Guardian Key--- :

User Agent String---
{1F397446-0A2F-4447-B627-E0C23DE49D20}

#14 CTS

CTS

    Wall Street

  • Helper
  • PipPipPipPipPip
  • 540 posts

Posted 20 December 2004 - 01:31 AM

Hey rleatham
Here we go.

Please print out these instructions because you won’t be on the internet to read it.

*Disconnect from the internet and stay off until the entire procedure is complete
  • Open VX2Finder
  • Click the “Click to find VX2.BetterInternet” button.
  • Select the “Delete these files” button.
You will be left with notice about one to be deleted on reboot.
It will ask to reboot on deletion of the last file.
  • Reboot your PC.
After you have restarted, run VX2Finder again.
  • Click on these buttons in the right pane:
  • User Agent
  • Guardian.reg
  • Restore Policy
Exit and restart your PC.

Next, run VX2Finder again and click on “Click to find VX2.BetterInternet”.
Then click “Make Log”.
Copy and paste this log with your next reply.
CTS
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
If you have found our help useful and wish to keep this site running, please consider a donation


. . . . . . . . . . . . . . . . Cleaning . . . . . . . . . . . . . . . .
. Ad-Aware . Spybot S&D . Spysweeper . HijackThis . CWShredder .

. . . . . . . . . . . . . . . . Scanning . . . . . . . . . . . . . . . .
. SpywareBlaster . SpywareGuard . MVP Hosts File . IESpyad . "How Did I Get Infected?" .

. . . . . . . . . . . . . . . . Protecting . . . . . . . . . . . . . . . .
. AVG Anti-Virus . Trend Micro Virusscan . ZoneAlarm Firewall . TrojanHunter . Panda Virusscan .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

user posted image
Proud Member Since 2004

#15 rleatham

rleatham

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 20 December 2004 - 01:59 AM

Still virtual Bouncer but no popups yet.

vx2 log.

Log for VX2.BetterInternet File Finder (ALL)

Files Found---

Additional Files---

Keys Under Notify---
AtiExtEvent
Compatibility32
crypt32chain
cryptnet
cscdll
IMM
Perflib
Ports
ScCertProp
Schedule
sclgntfy
SeCEdit
SensLogn
Setup
SvcHost
SystemRestore
Terminal Server
termsrv
Tracing
Type 1 Installer
Wdf
wlballoon


Guardian Key--- is called: Wdf
Asynchronous 000
DllName C:\WINDOWS\system32\nwtfxperf.dll
Impersonate 000
Logon WinLogon
Logoff WinLogoff
Version 126
ID {744910FE-295D-43A3-830F-997B790BB910}
IDex L2Ma

Guardian Key--- :

User Agent String---
{1F397446-0A2F-4447-B627-E0C23DE49D20}

#16 CTS

CTS

    Wall Street

  • Helper
  • PipPipPipPipPip
  • 540 posts

Posted 20 December 2004 - 02:02 AM

I'm sorry,
I forgot to ask for a fresh HJT log too.

VirtualBouncer is still there because I haven't dealth with it yet.
L2M is much more serious and a probable reason the other malware kept regenerating so we took care of L2M first.
CTS
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
If you have found our help useful and wish to keep this site running, please consider a donation


. . . . . . . . . . . . . . . . Cleaning . . . . . . . . . . . . . . . .
. Ad-Aware . Spybot S&D . Spysweeper . HijackThis . CWShredder .

. . . . . . . . . . . . . . . . Scanning . . . . . . . . . . . . . . . .
. SpywareBlaster . SpywareGuard . MVP Hosts File . IESpyad . "How Did I Get Infected?" .

. . . . . . . . . . . . . . . . Protecting . . . . . . . . . . . . . . . .
. AVG Anti-Virus . Trend Micro Virusscan . ZoneAlarm Firewall . TrojanHunter . Panda Virusscan .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

user posted image
Proud Member Since 2004

#17 rleatham

rleatham

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 20 December 2004 - 02:06 AM

Popups back. HJT log.

Logfile of HijackThis v1.97.7
Scan saved at 12:05:34 AM, on 12/20/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\NVATray.exe
C:\WINDOWS\SOINTGR.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\WINDOWS\system32\vyoovc.exe
C:\PROGRA~1\VBOUNCER\VirtualBouncer.exe
C:\Program Files\skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://exmormon.org/
O2 - BHO: (no name) - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 58.dll (file missing)
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 58.dll (file missing)
O4 - HKLM\..\Run: [NVIDIA nForce APU1 Utilities] NVATray.exe
O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.0\THGuard.exe"
O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvmay32.exe
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBOUNCER\VirtualBouncer.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: ConferenceRoom Java Client - http://216.152.65.174:8000/java/cr.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - https://www.gamespyid.com/alaunch.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupd...7482.6454861111
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab27513.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.c...ebio5_1_6_0.cab

#18 CTS

CTS

    Wall Street

  • Helper
  • PipPipPipPipPip
  • 540 posts

Posted 20 December 2004 - 02:12 AM

Your HijackThis is outdated. The current version is 1.99.0
Please download 'Hijack This!'. http://www.spywarein.../HijackThis.exe
Save it in a convenient permanent folder such as C:\HJT\, double click HijackThis.exe. Click “Do a system scan only”

Run HJT and check off the following:

O2 - BHO: (no name) - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 58.dll (file missing)
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 58.dll (file missing)
O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvmay32.exe
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBOUNCER\VirtualBouncer.exe

Next, close all windows and click Fix Checked.
Restart your PC in Safe Mode by tapping the F8 key repeatly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode.

Make sure you can view Hidden Files & Folder

Delete the following:
C:\Windows\System32\Kalvmay32.exe (Delete the file)
C:\Program Files\VBouncer (Delete the folder)

Go to Add/Remove in Control Panel and remove:
Virtual Bouncer (Be sure to choose the custom opposed to automatic)
Elite Toolbar

Restart your PC.
Run HJT and post a fresh log.
Let me know how it runs and if VBouncer is back again.
CTS
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
If you have found our help useful and wish to keep this site running, please consider a donation


. . . . . . . . . . . . . . . . Cleaning . . . . . . . . . . . . . . . .
. Ad-Aware . Spybot S&D . Spysweeper . HijackThis . CWShredder .

. . . . . . . . . . . . . . . . Scanning . . . . . . . . . . . . . . . .
. SpywareBlaster . SpywareGuard . MVP Hosts File . IESpyad . "How Did I Get Infected?" .

. . . . . . . . . . . . . . . . Protecting . . . . . . . . . . . . . . . .
. AVG Anti-Virus . Trend Micro Virusscan . ZoneAlarm Firewall . TrojanHunter . Panda Virusscan .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

user posted image
Proud Member Since 2004

#19 rleatham

rleatham

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 20 December 2004 - 02:31 AM

No virtual bouncer or popups yet.

hjt log:

Logfile of HijackThis v1.99.0
Scan saved at 12:29:25 AM, on 12/20/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\vyoovc.exe
C:\WINDOWS\system32\NVATray.exe
C:\WINDOWS\SOINTGR.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Documents and Settings\Roger\My Documents\My Received Files\hiackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://exmormon.org/
O4 - HKLM\..\Run: [NVIDIA nForce APU1 Utilities] NVATray.exe
O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.0\THGuard.exe"
O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvmay32.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: ConferenceRoom Java Client - http://216.152.65.174:8000/java/cr.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - https://www.gamespyid.com/alaunch.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab27513.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.c...ebio5_1_6_0.cab
O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\Toolbar\toolbar.dll (file missing)
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WebSeach Toolbar support NT service - Unknown - C:\PROGRA~1\Toolbar\TBPSSvc.exe (file missing)
O23 - Service: ZESOFT - Unknown - C:\WINDOWS\zeta.exe (file missing)

#20 rleatham

rleatham

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 20 December 2004 - 10:42 AM

Still get popups when browsing the web from sights I normally would not. Such as this one.

hjt log.

Logfile of HijackThis v1.99.0
Scan saved at 8:42:13 AM, on 12/20/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\NVATray.exe
C:\WINDOWS\SOINTGR.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\WINDOWS\system32\vyoovc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\Program Files\skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Roger\My Documents\My Received Files\hiackthis\HijackThis.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://exmormon.org/
O4 - HKLM\..\Run: [NVIDIA nForce APU1 Utilities] NVATray.exe
O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.0\THGuard.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: ConferenceRoom Java Client - http://216.152.65.174:8000/java/cr.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - https://www.gamespyid.com/alaunch.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab27513.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.c...ebio5_1_6_0.cab
O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - (no file)
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WebSeach Toolbar support NT service - Unknown - C:\PROGRA~1\Toolbar\TBPSSvc.exe (file missing)
O23 - Service: ZESOFT - Unknown - C:\WINDOWS\zeta.exe (file missing)

#21 CTS

CTS

    Wall Street

  • Helper
  • PipPipPipPipPip
  • 540 posts

Posted 20 December 2004 - 11:04 AM

We're getting there :)

Run HJT and check off the following:

O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - (no file)
O23 - Service: WebSeach Toolbar support NT service - Unknown - C:\PROGRA~1\Toolbar\TBPSSvc.exe (file missing)
O23 - Service: ZESOFT - Unknown - C:\WINDOWS\zeta.exe (file missing)

Close all windows except HJT and click Fix Checked.
Restart your PC
Run HJT and post a fresh log.
CTS
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
If you have found our help useful and wish to keep this site running, please consider a donation


. . . . . . . . . . . . . . . . Cleaning . . . . . . . . . . . . . . . .
. Ad-Aware . Spybot S&D . Spysweeper . HijackThis . CWShredder .

. . . . . . . . . . . . . . . . Scanning . . . . . . . . . . . . . . . .
. SpywareBlaster . SpywareGuard . MVP Hosts File . IESpyad . "How Did I Get Infected?" .

. . . . . . . . . . . . . . . . Protecting . . . . . . . . . . . . . . . .
. AVG Anti-Virus . Trend Micro Virusscan . ZoneAlarm Firewall . TrojanHunter . Panda Virusscan .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

user posted image
Proud Member Since 2004

#22 rleatham

rleatham

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 20 December 2004 - 11:27 AM

No problems yet.

New hjt

Logfile of HijackThis v1.99.0
Scan saved at 9:25:34 AM, on 12/20/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\vyoovc.exe
C:\WINDOWS\system32\NVATray.exe
C:\WINDOWS\SOINTGR.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Documents and Settings\Roger\My Documents\My Received Files\hiackthis\HijackThis.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://exmormon.org/
O4 - HKLM\..\Run: [NVIDIA nForce APU1 Utilities] NVATray.exe
O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.0\THGuard.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: ConferenceRoom Java Client - http://216.152.65.174:8000/java/cr.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - https://www.gamespyid.com/alaunch.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab27513.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.c...ebio5_1_6_0.cab
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

#23 CTS

CTS

    Wall Street

  • Helper
  • PipPipPipPipPip
  • 540 posts

Posted 20 December 2004 - 11:31 AM

Looks clean to me.
How is it running?

Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:
  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
  • Spywareguard <= SpywareGuard offers real-time protection from spyware installation attempts.
  • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
  • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.
To protect yourself further:
  • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free Google toolbar to help stop pop up windows.
I also suggest that you delete any files from "temp", "tmp" folders. In Internet Explorer, click on "Tools" => "Internet Options" => "Delete Files" and select the box that says "Delete All Offline Content" and click on "OK" twice. Also, empty the recycle bin by right clicking on it and selecting "Empty Recycle Bin". These steps should be done on a regular basis.

I also recommend reading Tony Klein’s article How did I get infected?
CTS
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
If you have found our help useful and wish to keep this site running, please consider a donation


. . . . . . . . . . . . . . . . Cleaning . . . . . . . . . . . . . . . .
. Ad-Aware . Spybot S&D . Spysweeper . HijackThis . CWShredder .

. . . . . . . . . . . . . . . . Scanning . . . . . . . . . . . . . . . .
. SpywareBlaster . SpywareGuard . MVP Hosts File . IESpyad . "How Did I Get Infected?" .

. . . . . . . . . . . . . . . . Protecting . . . . . . . . . . . . . . . .
. AVG Anti-Virus . Trend Micro Virusscan . ZoneAlarm Firewall . TrojanHunter . Panda Virusscan .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

user posted image
Proud Member Since 2004

#24 rleatham

rleatham

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 20 December 2004 - 02:55 PM

It's working fine now. Thanks for your help and time.

#25 PGPhantom

PGPhantom

    Superman of SWI

  • Emeritus
  • PipPipPipPipPip
  • 3,494 posts

Posted 20 December 2004 - 03:04 PM

It has been a pleasure to help you :)

The problems here look to be resolved or the "Helper" has requested that the thread be closed, so I will close it. If you need this topic reopened, please request this by sending the moderating team an email with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button