Tech Support Forum banner
Cancel
Create thread New Forums
Status
Not open for further replies.

After Effect of a Trojan, Need Help

Jump to Latest
1.4K views 8 replies 4 participants last post by  POADB  
O
#1 · (Edited)
I was hit by a trojan yesterday , thanks to one of my friends using my computer -_-

anyways i was able to get rid of it as well as fixing most of the damage, some things still confuse me though as i have no clue as on how to fix them.


such as:
Image


thats my display properties, no clue on how to fix this, anny suggestions?

as well theres some code which makes my i-net browsers trust every site on the internet. thats never good =\


So heres my HJT log to hopefully help:
Logfile of HijackThis v1.99.0
Scan saved at 10:28:45 AM, on 6/23/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\csrss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\System32\nvsvc32.exe
C:\windows\System32\svchost.exe
C:\Games\Games\easy comp\Processes\procexp.exe
C:\Program Files\Avant Browser\avant.exe
C:\Documents and Settings\silo\Desktop\Runescape Stuff\SocketServer.exe
C:\windows\System32\ssstars.scr
C:\windows\explorer.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\windows\regedit.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Games\Games\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://C:\windows\system32\shdocpv.dll/security.htm#subID=PSFV;6384
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R3 - Default URLSearchHook is missing
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Documents and Settings\silo\Application Data\Mozilla\Profiles\default\0559uh3k.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\silo\Application Data\Mozilla\Profiles\default\0559uh3k.slt\prefs.js)
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\System32\NvCpl.dll,NvStartup
O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
O12 - Plugin for .png: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.static.topconverting.com
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.static.topconverting.com (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {23912BB0-CC9F-4C69-83D4-19C2B183BA91} - http://ns-radio.netscape.com/radio/cabs/radiox.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zone.msn.com/binary/ZAxRcMgr.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe
Click to expand...

The highlighted stuff i know is the thing messing with my browser, but i cant remove it, i remove it and its back - i have no clue on how (Oo)

anyways, any help is appreciated
~ Owl
 
See less See more
Preview image for a collapsed post.
1
J
#2 ·
Greetings, and welcome to TSF!

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that 'Display the contents of system folders' is checked. If you have Windows XP, the search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that 'Search system folders', 'Search hidden files and folders', and 'Search subfolders' are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Right click on this link http://www.greyknight17.com/spy/DelO15Domains.inf and choose Save As. Save it to your desktop. Right click on that file and choose Install. It will run immediately (you won't be able to see anything happen). You may delete it afterwards.


===============

Download, unzip to your desktop CWShredder and run it, then:

1. Click "Check For Update"

(If an update isn't available, skip to step #4.)

2. Click "Click here to Download the upate".
3. When the new version has been downloaded, click "Save".
4. Click "Fix ->"


===============

Download, then unzip to "C:\HJT", the newest version of HiJackThis; version 1.99.1. Then repost your log, either now, or after following the steps in the solution (if provided in this post). This version has features that might be more helpful in 'cleaning' up your system.

===============

Run HiJackThis and click "Scan", then check(tick) the following, if present:


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://C:\windows\system32\shdocpv.dll/security.htm#subID=PSFV;6384
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R3 - Default URLSearchHook is missing

O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.static.topconverting.com
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.static.topconverting.com (HKLM)


Now, with all windows closed except HiJackThis, click "Fix checked".

===============

Locate and delete the following item(s), if present. Make sure your able to view system and hidden files/ folders:

files...

C:\windows\system32\shdocpv.dll

-

Note that some of these file(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them from "Safe Mode".

===============

Post back a new log, and let us know how everything goes.
 
O
#3 ·
well heres my new HJT log file:

Logfile of HijackThis v1.99.1
Scan saved at 01:37:36 PM, on 6/23/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\csrss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\System32\nvsvc32.exe
C:\windows\System32\svchost.exe
C:\Games\Games\easy comp\Processes\procexp.exe
C:\Documents and Settings\silo\Desktop\Runescape Stuff\SocketServer.exe
C:\windows\System32\ssstars.scr
C:\windows\explorer.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\Games\Games\HijackThis.exe
C:\Program Files\Avant Browser\avant.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\silo\Desktop\fixing computer\HijackThis.exe

N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Documents and Settings\silo\Application Data\Mozilla\Profiles\default\0559uh3k.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\silo\Application Data\Mozilla\Profiles\default\0559uh3k.slt\prefs.js)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\System32\NvCpl.dll,NvStartup
O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
O12 - Plugin for .png: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {23912BB0-CC9F-4C69-83D4-19C2B183BA91} - http://ns-radio.netscape.com/radio/cabs/radiox.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zone.msn.com/binary/ZAxRcMgr.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe
Click to expand...

my display properties are still messed up -_- id like to get rid of this


"your computer is infected" background on my desktop as well as turning active desktop back on so i can hide my files ( i got too many but i cant delete any =\ )
 
#4 ·
Hi Owl,

Let's see if we can restore functionality back to your Desktop

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.

During the course of disinfection, I may ask you to fix a program that you wish to retain. Please post back to inform me.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Download CleanUp! - Install but do not run it yet.

Download Hoster - Save to desktop.

Download KillBox v2.0.0.175 - Save to desktop.

Download DelO15Domains.inf - Right click & choose "Save As...". Save it to Desktop as DelO15Domains.inf.

Download Ewido Security Suite - Install & Update it’s database but do not run it yet.

Download Smitfraud.reg - Right click & choose "Save As...". Save it to Desktop as Smitfraud.reg.

Disconnect from the internet & close all browsers.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Some Anti-Spyware Programmes are known to intefere with HJT fixes. If you have these programmes, please disable them by doing so ...

Search & Destroy Spybot's TeaTimer
  • Go to Tools>Resident - Deselect TeaTimer.

Microsoft AntiSpyware
  • Click on Options>Settings.
  • In the left pane, click on Real-time Protection.
  • Under Startup Options, Deselect Enable the Microsoft AntiSpyware Security Agents on startup.
  • Under Real-time spyware threat protection, Deselect Enable real-time spyware threat protection.
  • After you've done these, click on the Save button and close Microsoft AntiSpyware.
  • Right click on the Microsoft AntiSpyware icon on the taskbar and select Shutdown Microsoft AntiSpyware.

Webroot SpySweeper
  • Go to the Options>Program Options.
  • Deselect Load at Windows Startup.
  • Click Shields and Deselect all items there.
  • Deselect Home page shield.
  • Deselect Automaticly restore default without notifiction.

Ad-aware's Ad-Watch
  • Right-click on the Ad-Watch icon in the system tray
    At the bottom of the screen you will see 2 options Active and Automatic.
  • Deselect Active
  • Deselect Automatic
  • Go to "Tools & Preferences">Options
  • Deselectt "Load Ad-Watch at Windows startup"

~~~~~~~~~~~~~~~

Uninstall the following programs using Control Panel>Add/Remove Programs :

  • Security IGuard
    Virtual Maid
    Search Maid
    AntivirusGold

~~~~~~~~~~~~~~~

Right click on DelO15Domains.inf and choose Install. It will run immediately (you won't be able to see anything happen).

Run Hoster.exe. Choose the 'Restore Original Hosts' button and press OK.

Double click on Smitfraud.reg and answer "Yes" when prompted to merge into the registry.

Right click on your Desktop and go to Properties. Next go to Desktop tab>Customize Desktop button>Web tab. Uncheck everything listed there. Then delete all the entries listed except for "My Current Home Page".


~~~~~~~~~~~~~~~

Close all other windows.
Run a HiJackThis Scan & Select(tick) the following, if present:

O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone (HKLM)

Click "Fix checked" for HJT to fix them

~~~~~~~~~~~~~~~

Using KillBox

Copy to clipboard, all the items below by highlighting them & pressing [CTRL]+[C] on your keyboard.
  • C:\WINDOWS\System32\hp596C.tmp
    C:\WINDOWS\System32\hp5F27.tmp
    C:\WINDOWS\System32\hpC776.tmp
    C:\WINDOWS\System32\hookdump.exe
    C:\wp.exe
    C:\wp.bmp
    C:\bsw.exe
    C:\WINDOWS\sites.ini
    C:\WINDOWS\popuper.exe
    C:\WINDOWS\system32\hhk.dll
    C:\WINDOWS\System32\helper.exe
    C:\WINDOWS\System32\intmonp.exe
    C:\WINDOWS\System32\msmsgs.exe
    C:\WINDOWS\System32\ole32vbs.exe
    C:\WINDOWS\system32\msole32.exe
    C:\WINDOWS\System32\shnlog.exe
    C:\WINDOWS\System32\intmon.exe
    C:\WINDOWS\System32\msmsgs.exe
    C:\WINDOWS\System32\LogFiles\A5281300.so
    C:\WINDOWS\System32\winnook.exe
    C:\WINDOWS\desktop.html
    C:\WINDOWS\screen.html
    C:\WINDOWS\zloader3.exe
    C:\WINDOWS\system32\oleadm.dll
    C:\WINDOWS\system32\oleadm32.dll

Start KillBox.
  1. Go to the File menu, and choose "Paste from Clipboard".
    Verify that you've done this properly by clicking the dropdown-arrow next to the "Full Path of File to Delete" field. The filenames you pasted will be found in there.
  2. Select/tick the following:
    • "Delete on Reboot"
    • "End Explorer Shell While Killing File"
    • "Unregister.dll Before Deleting" if it's not grayed out.
  3. Click the RED X button.
  4. Click "Yes" at the 'Delete on Reboot' prompt. Click "Yes" at the Pending Operations prompt.

* If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here to download and run missingfilesetup.exe. Then try Killbox again.


~~~~~~~~~~~~~~~

Reboot Your Computer

Locate and delete the following folder(s), if present:

  • C:\Program Files\AntivirusGold\
    C:\Program Files\Search Maid\
    C:\Program Files\Virtual Maid\
    C:\Windows\System32\Log Files\
    C:\Program Files\Security iGuard\

~~~~~~~~~~~~~~~

Run CleanUp!...Click 'Yes' when asked to logoff.

Do an online scan at one of the following sites:
Take note the names and locations of any file it detects but fails to clean.


Reboot Again & run a new HiJackThis scan. Save the log file and run KRC HiJackThis Analyzer in the same folder to get the result.txt log. Just post the contents of the result.txt file in your next reply.

In your next post, please include:
  • Copy of KRC HiJackThis Analyzer log
  • List of files that online scans failed to disinfect

Please provide details of any problems you encountered whilst performing the above steps.
 
O
#5 ·
====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 6/3/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 07:40:53 AM, on 6/24/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Games\Games\easy comp\Processes\procexp.exe
C:\windows\System32\ssstars.scr
C:\windows\System32\unuunl.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Documents and Settings\silo\Desktop\fixing computer\HijackThis.exe

N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Documents and Settings\silo\Application Data\Mozilla\Profiles\default\0559uh3k.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\silo\Application Data\Mozilla\Profiles\default\0559uh3k.slt\prefs.js)
O4 - HKLM\..\Run: [KavSvc] C:\windows\System32\unuunl.exe reg_run
O4 - Global Startup: rtrr.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
O12 - Plugin for .png: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {23912BB0-CC9F-4C69-83D4-19C2B183BA91} - http://ns-radio.netscape.com/radio/cabs/radiox.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zone.msn.com/binary/ZAxRcMgr.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe


End of KRC HijackThis Analyzer Log.
====================================================================
Click to expand...


im running panda scan agian, as last time it prompted me to restart i did, but it wasnt near done scaning, it was at file cound 130k when i have over 150k files so =\ i will show the results soon after, and the trusted sites wont go away (OO)
 
O
#6 · (Edited)
Code: 
[FONT=Courier New]
Incident                      Status                        Location                                                          

Adware:Adware/DelFinMedia     No disinfected                C:\keys.ini                                                       
Adware:Adware/CWS.Yexe        No disinfected                C:\WINDOWS\SYSTEM\services\2.01.00.dll                            
Adware:Adware/ClkOptimizer    No disinfected                C:\WINDOWS\SYSTEM32\wvwwv.dat                                     
Adware:Adware/PowerSearch     No disinfected                C:\WINDOWS\SYSTEM32\stlb2.xml                                     
Adware:Adware/VirtualBouncer  No disinfected                C:\WINDOWS\SYSTEM32\2ndsrch.dll                                   
Adware:Adware/SuperSpider     No disinfected                C:\WINDOWS\SYSTEM32\system32.dll                                  
Spyware:Spyware/Virtumonde    No disinfected                C:\WINDOWS\SYSTEM32\akupd.dll                                     
Adware:Adware/Look2Me         No disinfected                C:\WINDOWS\SYSTEM32\wihelp2.dll                                   
Adware:Adware/Look2Me         No disinfected                C:\WINDOWS\SYSTEM32\JEFS500.DLL                                   
Adware:Adware/MyDailyHoroscopeNo disinfected                C:\WINDOWS\SYSTEM32\setup_silent_26222.exe                        
Adware:Adware/Look2Me         No disinfected                C:\WINDOWS\SYSTEM32\wnaueng1.dll                                  
Adware:Adware/PurityScan      No disinfected                C:\WINDOWS\SYSTEM32\mt-uninstaller.exe                            
Spyware:Spyware/BetterInet    No disinfected                C:\WINDOWS\SYSTEM32\thin-94-2-x-x.exe                             
Spyware:Spyware/BargainBuddy  No disinfected                C:\WINDOWS\SYSTEM32\mset_bbi8010.exe                              
Adware:Adware/Alexa-Toolbar   No disinfected                C:\WINDOWS\SYSTEM32\WinExplore.exe                                
Adware:Adware/Look2Me         No disinfected                C:\WINDOWS\SYSTEM32\dn4801hue.dll                                 
Adware:Adware/Look2Me         No disinfected                C:\WINDOWS\SYSTEM32\mhvcp50.dll                                   
Adware:Adware/Look2Me         No disinfected                C:\WINDOWS\SYSTEM32\dqkquota.dll                                  
Adware:Adware/Look2Me         No disinfected                C:\WINDOWS\SYSTEM32\suripto.dll                                   
Adware:Adware/Startpage.HD    No disinfected                C:\WINDOWS\SYSTEM32\jsconsole.dll                                 
Spyware:Spyware/Virtumonde    No disinfected                C:\WINDOWS\SYSTEM32\AKLSP.DLL                                     
Spyware:Spyware/BargainBuddy  No disinfected                C:\WINDOWS\SYSTEM32\javex80.vxd                                   
Spyware:Spyware/BargainBuddy  No disinfected                C:\WINDOWS\SYSTEM32\javex80.vxd[nvms.dll]                         
Adware:Adware/ExactSearch     No disinfected                C:\WINDOWS\SYSTEM32\javex80.vxd[nls.exe]                          
Adware:Adware/Look2Me         No disinfected                C:\WINDOWS\SYSTEM32\rYsapi32.dll                                  
Adware:Adware/PurityScan      No disinfected                C:\WINDOWS\SYSTEM32\wnsintsu.exe                                  
Spyware:Spyware/BargainBuddy  No disinfected                C:\WINDOWS\SYSTEM32\psis80ex.ax                                   
Spyware:Spyware/BargainBuddy  No disinfected                C:\WINDOWS\SYSTEM32\psis80ex.ax[mscb.dll]                         
Spyware:Spyware/BargainBuddy  No disinfected                C:\WINDOWS\SYSTEM32\psis80ex.ax[bb_welcome.html]                  
Spyware:Spyware/BargainBuddy  No disinfected                C:\WINDOWS\SYSTEM32\psis80ex.ax[icon.gif]                         
Spyware:Spyware/BargainBuddy  No disinfected                C:\WINDOWS\SYSTEM32\psis80ex.ax[cashback.exe]                     
Spyware:Spyware/BargainBuddy  No disinfected                C:\WINDOWS\SYSTEM32\psis80ex.ax[cb.exe]                           
Spyware:Spyware/BargainBuddy  No disinfected                C:\WINDOWS\SYSTEM32\psis80ex.ax[flash.exe]                        
Adware:Adware/DelFinMedia     No disinfected                C:\WINDOWS\SYSTEM32\wsxsvc\wsx.dll                                
Adware:Adware/DelFinMedia     No disinfected                C:\WINDOWS\SYSTEM32\wsxsvc\wsx.ocx                                
Adware:Adware/Look2Me         No disinfected                C:\WINDOWS\SYSTEM32\dxdlgs.dll                                    
Adware:Adware/Look2Me         No disinfected                C:\WINDOWS\SYSTEM32\nshkapi.dll                                   
Adware:Adware/Look2Me         No disinfected                C:\WINDOWS\SYSTEM32\gpr0l39m1.dll                                 
Adware:Adware/Look2Me         No disinfected                C:\WINDOWS\SYSTEM32\MJXBSE35.DLL                                  
Spyware:Spyware/Virtumonde    No disinfected                C:\WINDOWS\SYSTEM32\akcore.dll                                    
Spyware:Spyware/Virtumonde    No disinfected                C:\WINDOWS\SYSTEM32\akrules.dll                                   
Spyware:Spyware/CouponAge     No disinfected                C:\WINDOWS\SYSTEM32\CALSP.DLL                                     
Adware:Adware/Look2Me         No disinfected                C:\WINDOWS\SYSTEM32\vpt3216.dll                                   
Spyware:Spyware/BargainBuddy  No disinfected                C:\WINDOWS\SYSTEM32\netut80ex.vxd                                 
Adware:Adware/ExactSearch     No disinfected                C:\WINDOWS\SYSTEM32\netut80ex.vxd[exdl.exe]                       
Adware:Adware/ExactSearch     No disinfected                C:\WINDOWS\SYSTEM32\netut80ex.vxd[mqexdlm.srg]                    
Adware:Adware/ExactSearch     No disinfected                C:\WINDOWS\SYSTEM32\netut80ex.vxd[exul.exe]                       
Adware:Adware/ExactSearch     No disinfected                C:\WINDOWS\SYSTEM32\netut80ex.vxd[javexulm.vxd]                   
Spyware:Spyware/BargainBuddy  No disinfected                C:\WINDOWS\SYSTEM32\netut80ex.vxd[msexreg.exe]                    
Adware:Adware/Beginto         No disinfected                C:\WINDOWS\SYSTEM32\reg6523.exe                                   
Adware:Adware/Look2Me         No disinfected                C:\WINDOWS\SYSTEM32\cdl3dv2.dll                                   
Adware:Adware/Look2Me         No disinfected                C:\WINDOWS\SYSTEM32\kodusr.dll                                    
Adware:Adware/Look2Me         No disinfected                C:\WINDOWS\SYSTEM32\dcdskmgr.dll                                  
Adware:Adware/Look2Me         No disinfected                C:\WINDOWS\SYSTEM32\mglbui.dll                                    
Adware:Adware/Startpage.CED   No disinfected                C:\WINDOWS\SYSTEM32\msxslab.dll                                   
Adware:Adware/Startpage.FP    No disinfected                C:\WINDOWS\SYSTEM32\msxword.dll                                   
Adware:Adware/Apropos         No disinfected                C:\WINDOWS\SYSTEM32\wmrrmap.exe                                   
Adware:Adware/Look2Me         No disinfected                C:\WINDOWS\SYSTEM32\dvrgres.dll                                   
Adware:Adware/Look2Me         No disinfected                C:\WINDOWS\SYSTEM32\kt8ml7l11.dll                                 
Adware:Adware/Look2Me         No disinfected                C:\WINDOWS\SYSTEM32\nlunzip.dll                                   
Adware:Adware/Look2Me         No disinfected                C:\WINDOWS\SYSTEM32\ir40l5hm1.dll                                 
Adware:Adware/Look2Me         No disinfected                C:\WINDOWS\SYSTEM32\dmImg010.dll                                  
Adware:Adware/Look2Me         No disinfected                C:\WINDOWS\SYSTEM32\p08q0al5edq.dll                               
Adware:Adware/Look2Me         No disinfected                C:\WINDOWS\SYSTEM32\dn0001dme.dll                                 
Adware:Adware/nCase           No disinfected                C:\WINDOWS\SYSTEM32\saie.log                                      
Adware:Adware/Look2Me         No disinfected                C:\WINDOWS\SYSTEM32\rEsauto.dll                                   
Adware:Adware/BrowserAid      No disinfected                C:\WINDOWS\SYSTEM32\stlb2.dll                                     
Adware:Adware/IGetNet         No disinfected                C:\WINDOWS\SYSTEM32\NLNP!3.exe                                    
Adware:Adware/nCase           No disinfected                C:\WINDOWS\SYSTEM32\saieau.dat                                    
Adware:Adware/Look2Me         No disinfected                C:\WINDOWS\SYSTEM32\we2_32.dll                                    
Adware:Adware/CWS.Searchmeup  No disinfected                C:\WINDOWS\SYSTEM32\msrexe.exe                                    
Adware:Adware/AdDestroyer     No disinfected                C:\WINDOWS\SYSTEM32\SWLAD2.dll                                    
Adware:Adware/AdDestroyer     No disinfected                C:\WINDOWS\SYSTEM32\SWLAD1.dll                                    
Adware:Adware/AdDestroyer     No disinfected                C:\WINDOWS\SYSTEM32\PopOops2.dll                                  
Adware:Adware/PortalScan      No disinfected                C:\WINDOWS\SYSTEM32\winupdt.bin                                   
Adware:Adware/Look2Me         No disinfected                C:\WINDOWS\SYSTEM32\ayicap.dll                                    
Adware:Adware/PortalScan      No disinfected                C:\WINDOWS\SYSTEM32\winupdtl.exe                                  
Adware:Adware/nCase           No disinfected                C:\WINDOWS\SYSTEM32\saie_kyf.dat                                  
Adware:Adware/Look2Me         No disinfected                C:\WINDOWS\SYSTEM32\p2n8lc5u1f.dll                                
Adware:Adware/PortalScan      No disinfected                C:\WINDOWS\SYSTEM32\winupdt.exe                                   
Adware:Adware/nCase           No disinfected                C:\WINDOWS\SYSTEM32\saie_gdf.dat                                  
Adware:Adware/Look2Me         No disinfected                C:\WINDOWS\SYSTEM32\s8pu0i79e8.dll                                
Adware:Adware/Look2Me         No disinfected                C:\WINDOWS\SYSTEM32\irl2l53o1.dll                                 
Adware:Adware/AdDestroyer     No disinfected                C:\WINDOWS\SYSTEM32\PopOops.dll                                   
Adware:Adware/Look2Me         No disinfected                C:\WINDOWS\SYSTEM32\Sjdmux.dll                                    
Adware:Adware/Apropos         No disinfected                C:\WINDOWS\SYSTEM32\Cache\cxtpls_loader.exe                       
Adware:Adware/Apropos         No disinfected                C:\WINDOWS\SYSTEM32\chatdown.exe                                  
Adware:Adware/Look2Me         No disinfected                C:\WINDOWS\SYSTEM32\svrmdll.dll                                   
Adware:Adware/BrowserAid      No disinfected                C:\WINDOWS\SYSTEM32\e6f1873b.dll                                  
Adware:Adware/Look2Me         No disinfected                C:\WINDOWS\SYSTEM32\AK3API.DLL                                    
Adware:Adware/Look2Me         No disinfected                C:\WINDOWS\SYSTEM32\mnxml2r.dll                                   
Adware:Adware/Look2Me         No disinfected                C:\WINDOWS\SYSTEM32\wtavideo.dll                                  
Adware:Adware/Look2Me         No disinfected                C:\WINDOWS\SYSTEM32\iwetcomm.dll                                  
Adware:Adware/SAHAgent        No disinfected                C:\WINDOWS\SYSTEM32\Agent.dll                                     
Adware:Adware/Look2Me         No disinfected                C:\WINDOWS\SYSTEM32\slrialui.dll                                  
Adware:Adware/Look2Me         No disinfected                C:\WINDOWS\SYSTEM32\kedtuq.dll                                    
Adware:Adware/Look2Me         No disinfected                C:\WINDOWS\SYSTEM32\l60u0gd9e60.dll                               
Adware:Adware/Look2Me         No disinfected                C:\WINDOWS\SYSTEM32\mkicda.dll                                    
Spyware:Spyware/Bridge        No disinfected                C:\WINDOWS\SYSTEM32\jao.dll                                       
Adware:Adware/AdLogix         No disinfected                C:\WINDOWS\SYSTEM32\qyxpyd.exe                                    
Adware:Adware/Look2Me         No disinfected                C:\WINDOWS\SYSTEM32\gpnol3531.dll                                 
Adware:Adware/PortalScan      No disinfected                C:\WINDOWS\SYSTEM32\stcloader.exe                                 
Adware:Adware/BrowserAid      No disinfected                C:\WINDOWS\SYSTEM32\D0CE0C16B1.DLL                                
Adware:Adware/eZula           No disinfected                C:\WINDOWS\SYSTEM32\ezPopStub.exe                                 
Adware:Adware/Look2Me         No disinfected                C:\WINDOWS\SYSTEM32\mpjetoledb40.dll                              
Adware:Adware/AdLogix         No disinfected                C:\WINDOWS\SYSTEM32\skowsd.exe                                    
Adware:Adware/AdLogix         No disinfected                C:\WINDOWS\SYSTEM32\skowsc.exe                                    
Adware:Adware/AdLogix         No disinfected                C:\WINDOWS\SYSTEM32\skowsf.exe                                    
Adware:Adware/SearchAid       No disinfected                C:\WINDOWS\SYSTEM32\sdkre32.exe                                   
Adware:Adware/SearchExe       No disinfected                C:\WINDOWS\SYSTEM32\hoih.dll                                      
Adware:Adware/CWS.Aboutblank  No disinfected                C:\WINDOWS\SYSTEM32\lkka.dll                                      
Virus:W32/Smitfraud.A         Disinfected                   C:\WINDOWS\SYSTEM32\wininet.dll                                   
Adware:Adware/Look2Me         No disinfected                C:\WINDOWS\SYSTEM32\mwgina.dll                                    
Adware:Adware/Smitfraud       No disinfected                C:\WINDOWS\SYSTEM32\wp.bmp                                        
Adware:Adware/Look2Me         No disinfected                C:\WINDOWS\SYSTEM32\wjv8dmoe.dll                                  
Adware:Adware/Look2Me         No disinfected                C:\WINDOWS\SYSTEM32\lv2m09f1e.dll                                 
Adware:Adware/Look2Me         No disinfected                C:\WINDOWS\SYSTEM32\dHdpmesh.dll                                  
Adware:Adware/Look2Me         No disinfected                C:\WINDOWS\SYSTEM32\r4p8le7u1h.dll                                
Adware:Adware/Look2Me         No disinfected                C:\WINDOWS\SYSTEM32\q886lils18q6.dll                              
Adware:Adware/Look2Me         No disinfected                C:\WINDOWS\SYSTEM32\m046lahs1d46.dll                              
Adware:Adware/Look2Me         No disinfected                C:\WINDOWS\SYSTEM32\i060lajm1doa.dll                              
Adware:Adware/Look2Me         No disinfected                C:\WINDOWS\SYSTEM32\udimdmat.dll                                  
Adware:Adware/Look2Me         No disinfected                C:\WINDOWS\SYSTEM32\kmdcan.dll                                    
Adware:Adware/Look2Me         No disinfected                C:\WINDOWS\SYSTEM32\fpp0037me.dll                                 
Adware:Adware/Look2Me         No disinfected                C:\WINDOWS\SYSTEM32\OZTLCOMM.DLL                                  
Spyware:Spyware/FastSearchWeb No disinfected                C:\WINDOWS\SYSTEM32\msab.dll                                      
Adware:Adware/Look2Me         No disinfected                C:\WINDOWS\SYSTEM32\lifil11n.dll                                  
Adware:Adware/nCase           No disinfected                C:\WINDOWS\SYSTEM32\saie_kyf_update.dat                           
Adware:Adware/Look2Me         No disinfected                C:\WINDOWS\SYSTEM32\jtj4071qe.dll                                 
Adware:Adware/Look2Me         No disinfected                C:\WINDOWS\SYSTEM32\pegfilt.dll                                   
Adware:Adware/Look2Me         No disinfected                C:\WINDOWS\SYSTEM32\nxtrap.dll                                    
Adware:Adware/Look2Me         No disinfected                C:\WINDOWS\SYSTEM32\cfmsvcs.dll                                   
Adware:Adware/Look2Me         No disinfected                C:\WINDOWS\SYSTEM32\hrj8051ue.dll                                 
Possible Virus.               No disinfected                C:\WINDOWS\SYSTEM32\tibs3.exe                                     
Adware:Adware/Look2Me         No disinfected                C:\WINDOWS\SYSTEM32\hr6405jqe.dll                                 
Adware:Adware/Look2Me         No disinfected                C:\WINDOWS\SYSTEM32\j04olah31d4.dll                               
Adware:Adware/Look2Me         No disinfected                C:\WINDOWS\SYSTEM32\mooert2.dll                                   
Adware:Adware/Look2Me         No disinfected                C:\WINDOWS\SYSTEM32\p48q0el5ehq.dll                               
Adware:Adware/Look2Me         No disinfected                C:\WINDOWS\SYSTEM32\f20o0cd3ef0.dll                               
Adware:Adware/Look2Me         No disinfected                C:\WINDOWS\SYSTEM32\sgtupapi.dll                                  
Adware:Adware/Look2Me         No disinfected                C:\WINDOWS\SYSTEM32\Rrboex32.dll                                  
Adware:Adware/Look2Me         No disinfected                C:\WINDOWS\SYSTEM32\dqconfig.dll                                  
Adware:Adware/Look2Me         No disinfected                C:\WINDOWS\SYSTEM32\cacdll.dll                                    
Adware:Adware/Look2Me         No disinfected                C:\WINDOWS\SYSTEM32\mlmtapi.dll                                   
Adware:Adware/Look2Me         No disinfected                C:\WINDOWS\SYSTEM32\sdlstr.dll                                    
Adware:Adware/Look2Me         No disinfected                C:\WINDOWS\SYSTEM32\disapi.dll                                    
Adware:Adware/Look2Me         No disinfected                C:\WINDOWS\SYSTEM32\kfduzb.dll                                    
Adware:Adware/Look2Me         No disinfected                C:\WINDOWS\SYSTEM32\poisdecd.dll                                  
Adware:Adware/Look2Me         No disinfected                C:\WINDOWS\SYSTEM32\JEEM500.DLL                                   
Adware:Adware/Look2Me         No disinfected                C:\WINDOWS\SYSTEM32\lgbmp10N.dll                                  
Adware:Adware/Look2Me         No disinfected                C:\WINDOWS\SYSTEM32\jtr2079oe.dll                                 
Adware:Adware/EliteBar        No disinfected                C:\WINDOWS\SYSTEM32\doolsav.dat                                   
Adware:Adware/Startpage.PC    No disinfected                C:\WINDOWS\SYSTEM32\yOMrolNETA.dll                                
Adware:Adware/P2PNetworking   No disinfected                C:\WINDOWS\SYSTEM32\P2P Networking v124.cpl.disabled              
Adware:Adware/Look2Me         No disinfected                C:\WINDOWS\SYSTEM32\r4p80e7ueh.dll                                
Adware:Adware/Look2Me         No disinfected                C:\WINDOWS\SYSTEM32\n24slch71f4.dll                               
Adware:Adware/Look2Me         No disinfected                C:\WINDOWS\SYSTEM32\pZutoenr.dll                                  
Adware:Adware/Look2Me         No disinfected                C:\WINDOWS\SYSTEM32\pwcCllct.dll                                  
Adware:Adware/Look2Me         No disinfected                C:\WINDOWS\SYSTEM32\l08mlal11dq.dll                               
Adware:Adware/Look2Me         No disinfected                C:\WINDOWS\SYSTEM32\ebjsl1171.dll                                 
Adware:Adware/Look2Me         No disinfected                C:\WINDOWS\SYSTEM32\en62l1jo1.dll                                 
Adware:Adware/Look2Me         No disinfected                C:\WINDOWS\SYSTEM32\Mgvcrt10.dll                                  
Adware:Adware/ExactSearch     No disinfected                C:\WINDOWS\SYSTEM32\mqexdlm.srg                                   
Adware:Adware/Look2Me         No disinfected                C:\WINDOWS\SYSTEM32\rUsmontr.dll                                  
Adware:Adware/Look2Me         No disinfected                C:\WINDOWS\SYSTEM32\irl8l53u1.dll                                 
Spyware:Spyware/BargainBuddy  No disinfected                C:\WINDOWS\SYSTEM32\vx1.nls                                       
Spyware:Spyware/BargainBuddy  No disinfected                C:\WINDOWS\SYSTEM32\vx1x.nls                                      
Spyware:Spyware/BargainBuddy  No disinfected                C:\WINDOWS\SYSTEM32\mac80ex.idf                                   
Spyware:Spyware/BargainBuddy  No disinfected                C:\WINDOWS\SYSTEM32\mac80ex.idf[msbe.dll]                         
Spyware:Spyware/BargainBuddy  No disinfected                C:\WINDOWS\SYSTEM32\mac80ex.idf[Uninstall.exe]                    
Spyware:Spyware/BargainBuddy  No disinfected                C:\WINDOWS\SYSTEM32\mac80ex.idf[bargains.exe]                     
Spyware:Spyware/BargainBuddy  No disinfected                C:\WINDOWS\SYSTEM32\mac80ex.idf[adv.exe]                          
Spyware:Spyware/BargainBuddy  No disinfected                C:\WINDOWS\SYSTEM32\mac80ex.idf[adx.exe]                          
Spyware:Spyware/BargainBuddy  No disinfected                C:\WINDOWS\SYSTEM32\vx2x.nls                                      
Spyware:Spyware/BargainBuddy  No disinfected                C:\WINDOWS\SYSTEM32\vx2.nls                                       
Spyware:Spyware/BargainBuddy  No disinfected                C:\WINDOWS\SYSTEM32\vx3.nls                                       
Spyware:Spyware/BargainBuddy  No disinfected                C:\WINDOWS\SYSTEM32\vx3x.nls                                      
Spyware:Spyware/BargainBuddy  No disinfected                C:\WINDOWS\SYSTEM32\vx0.nls                                       
Adware:Adware/Look2Me         No disinfected                C:\WINDOWS\SYSTEM32\m4640ejqehoe0.dll                             
Spyware:Spyware/Virtumonde    No disinfected                C:\WINDOWS\bsx32.ini                                              
Adware:Adware/QoolAid         No disinfected                C:\WINDOWS\pss\knkknf.exeCommon Startup                           
Adware:Adware/ClkOptimizer    No disinfected                C:\WINDOWS\pss\rtrr.exeCommon Startup                             
Adware:Adware/SearchAid       No disinfected                C:\WINDOWS\hdxguu.dat                                             
Adware:Adware/SearchAid       No disinfected                C:\WINDOWS\cpzydo.dat                                             
Adware:Adware/nCase           No disinfected                C:\WINDOWS\bundles\saie1101.exe                                   
Spyware:Spyware/BetterInet    No disinfected                C:\WINDOWS\bundles\thin-8-1-x-x.exe                               
Adware:Adware/PortalScan      No disinfected                C:\WINDOWS\bundles\optimizejames.exe                              
Adware:Adware/PortalScan      No disinfected                C:\WINDOWS\bundles\2504041110.exe                                 
Adware:Adware/PortalScan      No disinfected                C:\WINDOWS\bundles\setupactiv2.exe                                
Adware:Adware/TopRebates      No disinfected                C:\WINDOWS\bundles\WebRebates_Auto_InstallSilent.exe              
Spyware:Spyware/ClearSearch   No disinfected                C:\WINDOWS\bundles\CSv10P070.exe                                  
Spyware:Spyware/SurfSideKick  No disinfected                C:\WINDOWS\bundles\SSK_B5.EXE                                     
Adware:Adware/eZula           No disinfected                C:\WINDOWS\bundles\ezStubseedcorn.exe                             
Adware:Adware/PortalScan      No disinfected                C:\WINDOWS\bundles\b2s-162813.exe                                 
Adware:Adware/PortalScan      No disinfected                C:\WINDOWS\bundles\Beryllium.exe                                  
Adware:Adware/PortalScan      No disinfected                C:\WINDOWS\bundles\adv0ltc0m.exe                                  
Adware:Adware/AdLogix         No disinfected                C:\WINDOWS\bundles\shopinst.exe                                   
Adware:Adware/PortalScan      No disinfected                C:\WINDOWS\bundles\cxt_wmg.exe                                    
Adware:Adware/PortalScan      No disinfected                C:\WINDOWS\bundles\runsearch.exe                                  
Adware:Adware/PortalScan      No disinfected                C:\WINDOWS\bundles\stlb2_seed.exe                                 
Adware:Adware/PortalScan      No disinfected                C:\WINDOWS\bundles\cxt_big.exe                                    
Adware:Adware/PortalScan      No disinfected                C:\WINDOWS\bundles\Decade.exe                                     
Adware:Adware/PortalScan      No disinfected                C:\WINDOWS\bundles\ast_5_adsav.exe                                
Adware:Adware/PortalScan      No disinfected                C:\WINDOWS\bundles\icmedia2_56.exe                                
Adware:Adware/PortalScan      No disinfected                C:\WINDOWS\bundles\ICMMedia_1cmm3d1a.exe                          
Adware:Adware/PortalScan      No disinfected                C:\WINDOWS\bundles\winversion.exe                                 
Adware:Adware/PortalScan      No disinfected                C:\WINDOWS\bundles\HLInstaller.exe                                
Adware:Adware/PortalScan      No disinfected                C:\WINDOWS\bundles\sahagent-dectest1001.exe                       
Adware:Adware/PortalScan      No disinfected                C:\WINDOWS\bundles\AdSmartMedia_bundle.exe                        
Adware:Adware/PortalScan      No disinfected                C:\WINDOWS\bundles\iehost.exe                                     
Adware:Adware/PortalScan      No disinfected                C:\WINDOWS\bundles\bs5-goodyr1.exe                                
Adware:Adware/PortalScan      No disinfected                C:\WINDOWS\bundles\sahagent-seedcorn1002.exe                      
Adware:Adware/PortalScan      No disinfected                C:\WINDOWS\bundles\d_ic.exe                                       
Adware:Adware/AdLogix         No disinfected                C:\WINDOWS\bundles\videoinst.exe                                  
Adware:Adware/PortalScan      No disinfected                C:\WINDOWS\bundles\activeshopper.exe                              
Adware:Adware/PortalScan      No disinfected                C:\WINDOWS\bundles\e2g51.exe                                      
Adware:Adware/PortalScan      No disinfected                C:\WINDOWS\bundles\newmb.exe                                      
Adware:Adware/PortalScan      No disinfected                C:\WINDOWS\bundles\58kd52fg.exe                                   
Adware:Adware/DelFinMedia     No disinfected                C:\WINDOWS\bundles\adl_mteststub.exe                              
Adware:Adware/PortalScan      No disinfected                C:\WINDOWS\bundles\adl_dh.exe                                     
Adware:Adware/PortalScan      No disinfected                C:\WINDOWS\bundles\package8033_MARKETING5.exe                     
Adware:Adware/PortalScan      No disinfected                C:\WINDOWS\bundles\ropbundle.exe                                  
Adware:Adware/PortalScan      No disinfected                C:\WINDOWS\bundles\rop_marketing_1_168.exe                        
Adware:Adware/PortalScan      No disinfected                C:\WINDOWS\bundles\KnNe1.exe                                      
Adware:Adware/PortalScan      No disinfected                C:\WINDOWS\bundles\NzI0MDo4OjEy.exe                               
Adware:Adware/VirtualBouncer  No disinfected                C:\WINDOWS\bundles\wrapperouter.exe                               
Adware:Adware/PortalScan      No disinfected                C:\WINDOWS\bundles\installcasino.exe                              
Adware:Adware/PortalScan      No disinfected                C:\WINDOWS\bundles\adl_hl.exe                                     
Adware:Adware/PortalScan      No disinfected                C:\WINDOWS\bundles\setup_Incredifind_TrafficSpec.exe              
Adware:Adware/PortalScan      No disinfected                C:\WINDOWS\bundles\gogotoolsSILAWO8pi.exe                         
Adware:Adware/PortalScan      No disinfected                C:\WINDOWS\bundles\vrinstall_icmedia.exe                          
Adware:Adware/PortalScan      No disinfected                C:\WINDOWS\bundles\pounder.exe                                    
Adware:Adware/PortalScan      No disinfected                C:\WINDOWS\bundles\ssee.exe                                       
Adware:Adware/PortalScan      No disinfected                C:\WINDOWS\bundles\SetupCasino.exe                                
Adware:Adware/PortalScan      No disinfected                C:\WINDOWS\bundles\new_vcm.exe                                    
Adware:Adware/PortalScan      No disinfected                C:\WINDOWS\bundles\sahagent-onlinetrafficbroker1001.exe           
Adware:Adware/PortalScan      No disinfected                C:\WINDOWS\bundles\EDow_vl.exe                                    
Adware:Adware/PortalScan      No disinfected                C:\WINDOWS\bundles\mfsetup.exe                                    
Adware:Adware/PortalScan      No disinfected                C:\WINDOWS\bundles\dh_vl.exe                                      
Adware:Adware/PortalScan      No disinfected                C:\WINDOWS\bundles\adl_ibis_AS2.exe                               
Adware:Adware/PortalScan      No disinfected                C:\WINDOWS\bundles\adl_zeno.exe                                   
Adware:Adware/PortalScan      No disinfected                C:\WINDOWS\bundles\Setup1171.exe                                  
Adware:Adware/PortalScan      No disinfected                C:\WINDOWS\bundles\ventura1.exe                                   
Adware:Adware/PortalScan      No disinfected                C:\WINDOWS\bundles\search_toolbar.exe                             
Spyware:Spyware/Overpro       No disinfected                C:\WINDOWS\WildApp.dll                                            
Adware:Adware/EliteBar        No disinfected                C:\WINDOWS\EliteToolBar\EliteToolBar.dll                          
Adware:Adware/EliteBar        No disinfected                C:\WINDOWS\EliteToolBar\EliteToolBar version 59.dll               
Adware:Adware/EliteBar        No disinfected                C:\WINDOWS\EliteSideBar\EliteSideBar 07.dll                       
Adware:Adware/EliteBar        No disinfected                C:\WINDOWS\EliteSideBar\EliteSideBar 08.dll                       
Spyware:Spyware/SurfSideKick  No disinfected                C:\WINDOWS\SSK_B5.EXE                                             
Adware:Adware/Envolo          No disinfected                C:\WINDOWS\yoswqnaf.exe                                           
Adware:Adware/OneMore.A       No disinfected                C:\WINDOWS\hdxgu.dll                                              
Adware:Adware/SearchAid       No disinfected                C:\WINDOWS\sdkpc32.exe                                            
Adware:Adware/SearchAid       No disinfected                C:\WINDOWS\bgpcob.dat                                             
Adware:Adware/SearchAid       No disinfected                C:\WINDOWS\czuwre.dat                                             
Adware:Adware/Smitfraud       No disinfected                C:\WINDOWS\uninstIU.exe                                           
Adware:Adware/Startpage.QJ    No disinfected                C:\WINDOWS\Downloaded Program Files\CONFLICT.1\load.exe           
Adware:Adware/SearchExe       No disinfected                C:\WINDOWS\Downloaded Program Files\on-line.exe                   
Adware:Adware/SAHAgent        No disinfected                C:\WINDOWS\Downloaded Program Files\bunSetup.cab                  
Adware:Adware/SAHAgent        No disinfected                C:\WINDOWS\Downloaded Program Files\bunSetup.cab[xmlparse_.dll]   
Adware:Adware/SAHAgent        No disinfected                C:\WINDOWS\Downloaded Program Files\bunSetup.cab[xmltok_.dll]     
Adware:Adware Program         No disinfected                C:\WINDOWS\Downloaded Program Files\svchost.exe                   
Spyware:Spyware/Bridge        No disinfected                C:\WINDOWS\Downloaded Program Files\bridge.inf                    
Adware:Adware/SBSoft          No disinfected                C:\WINDOWS\Downloaded Program Files\webdlg32.inf                  
Adware:Adware/Transponder     No disinfected                C:\WINDOWS\POLALL1T.EXE                                           
Spyware:Spyware/Dyfuca        No disinfected                C:\WINDOWS\WSEM218.DLL12                                          
Spyware:Spyware/Dyfuca        No disinfected                C:\WINDOWS\NEM218.DLL12                                           
Adware:Adware/Twain-Tech      No disinfected                C:\WINDOWS\TWAINTEC.DLL12                                         
Adware:Adware/PortalScan      No disinfected                C:\stcupdt.exe                                                    
Adware:Adware/EliteBar        No disinfected                C:\protas.exe                                                     
Adware:Adware/ILookup         No disinfected                C:\Program Files\Common Files\svchost.exe                         
Adware:Adware/LookNSearch     No disinfected                C:\Program Files\Internet Explorer\Iesearch.exe                   
Adware:Adware/LookNSearch     No disinfected                C:\Program Files\Internet Explorer\guardian.dll                   
Adware:Adware/LookNSearch     No disinfected                C:\Program Files\Internet Explorer\hookDLL.dll                    
Adware:Adware/LookNSearch     No disinfected                C:\Program Files\Internet Explorer\r_process.dll                  
Adware:Adware/Startpage.SE    No disinfected                C:\Program Files\Internet Explorer\a.exe                          
Spyware:Spyware/ClearSearch   No disinfected                C:\Program Files\CSBB\CSv10P070.exe                               
Adware:Adware/MyWay           No disinfected                C:\Program Files\MySearch\bar\1.bin\NPMYSRCH.DLL                  
Adware:Adware/MyWay           No disinfected                C:\Program Files\MySearch\bar\1.bin\S42NS.EXE                     
Adware:Adware/MyWay           No disinfected                C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL                     
Adware:Adware/eZula           No disinfected                C:\Program Files\Web Offer\CHPON.dll                              
Adware:Adware/eZula           No disinfected                C:\Program Files\Web Offer\eapbh.dll                              
Spyware:Spyware/ISTbar        No disinfected                C:\Program Files\Avant Browser\Skins\ISTactivex.dll               
Adware:Adware/BookedSpace     No disinfected                C:\Program Files\Avant Browser\Skins\newdevin.exe                 
Adware:Adware/NetPals         No disinfected                C:\Program Files\Avant Browser\Skins\06wu29rd.exe                 
Adware:Adware/Alexa-Toolbar   No disinfected                C:\Program Files\Avant Browser\Skins\julie.exe                    
Spyware:Spyware/ISTbar        No disinfected                C:\Program Files\Avant Browser\Skins\istinstall_154074.exe        
Spyware:Spyware/Spydeleter    No disinfected                C:\Program Files\Avant Browser\Skins\sd.exe                       
Adware:Adware/Beginto         No disinfected                C:\Program Files\Avant Browser\Skins\449166.exe                   
Adware:Adware/DownloadPlus    No disinfected                C:\Program Files\Avant Browser\Skins\dp807615.exe                 
Adware:Adware/Startpage.CED   No disinfected                C:\Program Files\Q330994.exe                                      
Adware:Adware/TopSearch       No disinfected                C:\Program Files\Kazaa\TopSearch.dll                              
Adware:Adware/TopConvert      No disinfected                C:\Program Files\TopConverting\arkanoid\arkanoid.exe              
Adware:Adware/VirtualBouncer  No disinfected                C:\Program Files\AdDestroyer\AdDestroyer.exe                      
Spyware:Spyware/SurfSideKick  No disinfected                C:\Program Files\SurfSideKick 2\SskBho.dll                        
Spyware:Spyware/SurfSideKick  No disinfected                C:\Program Files\SurfSideKick 2\SskCore.dll                       
Spyware:Spyware/SurfSideKick  No disinfected                C:\Program Files\SurfSideKick 2\Ssk.exe                           
Adware:Adware/PortalScan      No disinfected                C:\Program Files\STC\STC.exe                                      
Virus:Trj/Downloader.AJV      Disinfected                   C:\Program Files\STC\bundles.exe                                  
Adware:Adware/PortalScan      No disinfected                C:\Program Files\STC\bundles53.exe                                
Adware:Adware/PortalScan      No disinfected                C:\Program Files\STC\bundles118.exe                               
Adware:Adware/SearchExe       No disinfected                C:\Program Files\SED\SE.exe                                       
Virus:Trj/Downloader.ADD      Disinfected                   C:\Q8276112.exe                                                   
Virus:Trj/WmvDownloader.A     Disinfected                   C:\Games\New\Sexy Latina Teen teg_vod.wmv                         
Virus:Trj/WmvDownloader.A     Disinfected                   C:\Games\New\Sexy Latina Teen - GOOD.wmv                          
Adware:Adware/QoolAid         No disinfected                C:\Games\Games\backups\backup-20050122-235200-995-knkknf.exe      
Adware:Adware/EliteBar        No disinfected                C:\silent093.exe                                                  
Adware:Adware/EliteBar        No disinfected                C:\sidebDD.exe                                                    
Adware:Adware/VirtualBouncer  No disinfected                C:\myPcsearch.exe                                                 
Virus:W32/Admincash.A         Disinfected                   C:\twulingr.exe                                                   
Virus:W32/Fib.A.worm          Disinfected                   C:\itrd32.dll                                                     
Adware:Adware/PurityScan      No disinfected                C:\System Volume Information\_restore{C97A982D-7C36-49F7-B711-F7FB7FA4AB63}\RP262\A0259785.EXE                                   
Spyware:Spyware/Bridge        No disinfected                C:\System Volume Information\_restore{C97A982D-7C36-49F7-B711-F7FB7FA4AB63}\RP262\A0259787.EXE                                   
Spyware:Spyware/Bridge        No disinfected                C:\System Volume Information\_restore{C97A982D-7C36-49F7-B711-F7FB7FA4AB63}\RP262\A0259788.EXE                                   
Adware:Adware/Transponder     No disinfected                C:\System Volume Information\_restore{C97A982D-7C36-49F7-B711-F7FB7FA4AB63}\RP262\A0259790.EXE                                   
Possible Virus.               No disinfected                C:\System Volume Information\_restore{C97A982D-7C36-49F7-B711-F7FB7FA4AB63}\RP262\A0259791.EXE                                   
Adware:Adware/MemoryWatcher   No disinfected                C:\System Volume Information\_restore{C97A982D-7C36-49F7-B711-F7FB7FA4AB63}\RP262\A0259792.EXE                                   
Adware:Adware/MemoryWatcher   No disinfected                C:\System Volume Information\_restore{C97A982D-7C36-49F7-B711-F7FB7FA4AB63}\RP262\A0259793.EXE                                   
Adware:Adware/MemoryWatcher   No disinfected                C:\System Volume Information\_restore{C97A982D-7C36-49F7-B711-F7FB7FA4AB63}\RP262\A0259794.EXE                                   
Adware:Adware/MemoryWatcher   No disinfected                C:\System Volume Information\_restore{C97A982D-7C36-49F7-B711-F7FB7FA4AB63}\RP262\A0259795.EXE                                   
Adware:Adware/MemoryWatcher   No disinfected                C:\System Volume Information\_restore{C97A982D-7C36-49F7-B711-F7FB7FA4AB63}\RP262\A0259796.EXE                                   
Adware:Adware/MemoryWatcher   No disinfected                C:\System Volume Information\_restore{C97A982D-7C36-49F7-B711-F7FB7FA4AB63}\RP262\A0259797.EXE                                   
Adware:Adware/MemoryWatcher   No disinfected                C:\System Volume Information\_restore{C97A982D-7C36-49F7-B711-F7FB7FA4AB63}\RP262\A0259798.EXE                                   
Adware:Adware/MemoryWatcher   No disinfected                C:\System Volume Information\_restore{C97A982D-7C36-49F7-B711-F7FB7FA4AB63}\RP262\A0259799.EXE                                   
Adware:Adware/MemoryWatcher   No disinfected                C:\System Volume Information\_restore{C97A982D-7C36-49F7-B711-F7FB7FA4AB63}\RP262\A0259800.EXE                                   
Adware:Adware/Apropos         No disinfected                C:\System Volume Information\_restore{C97A982D-7C36-49F7-B711-F7FB7FA4AB63}\RP262\A0259801.EXE                                   
Adware:Adware/WinTools        No disinfected                C:\System Volume Information\_restore{C97A982D-7C36-49F7-B711-F7FB7FA4AB63}\RP262\A0259802.exe                                   
Adware:Adware/WinTools        No disinfected                C:\System Volume Information\_restore{C97A982D-7C36-49F7-B711-F7FB7FA4AB63}\RP262\A0259803.dll                                   
Adware:Adware/WinTools        No disinfected                C:\System Volume Information\_restore{C97A982D-7C36-49F7-B711-F7FB7FA4AB63}\RP262\A0259804.exe                                   
Adware:Adware/WinTools        No disinfected                C:\System Volume Information\_restore{C97A982D-7C36-49F7-B711-F7FB7FA4AB63}\RP262\A0259807.cfg                                   
Spyware:Spyware/ISTbar        No disinfected                C:\System Volume Information\_restore{C97A982D-7C36-49F7-B711-F7FB7FA4AB63}\RP262\A0259808.exe                                   
Adware:Adware/SaveNow         No disinfected                C:\SaveInstCsSm.exe                                               
Adware:Adware/IEDriver        No disinfected                C:\Overpro323.exe                                                 
Adware:Adware/BootPorn        No disinfected                C:\boot.exe                                                       
Adware:Adware/QoolAid         No disinfected                C:\Documents and Settings\All Users\Application Data\SecTaskMan\vkvvkq.exe.q_8048200_q.old                                       
Adware:Adware/QoolAid         No disinfected                C:\Documents and Settings\All Users\Application Data\SecTaskMan\knkknf.exe.q_5A9A8200_q.old                                      
Adware:Adware/SearchAid       No disinfected                C:\Documents and Settings\silo\Favorites\Only sex website.url     
Adware:Adware/SearchAid       No disinfected                C:\Documents and Settings\silo\Favorites\Seven days of free porn.url                                                             
Spyware:Spyware/Petro-Line    No disinfected                C:\Documents and Settings\silo\Favorites\Sites about\Credit counseling.url                                                       
Spyware:Spyware/Petro-Line    No disinfected                C:\Documents and Settings\silo\Favorites\Sites about\Insurance home.url                                                          
Spyware:Spyware/Petro-Line    No disinfected                C:\Documents and Settings\silo\Favorites\Sites about\Mortgage life insurance.url                                                 
Spyware:Spyware/Petro-Line    No disinfected                C:\Documents and Settings\silo\Favorites\Sites about\Help desk software.url                                                      
Spyware:Spyware/Petro-Line    No disinfected                C:\Documents and Settings\silo\Favorites\Sites about\Ab scissor.url                                                              
Spyware:Spyware/Petro-Line    No disinfected                C:\Documents and Settings\silo\Favorites\Sites about\Videos.url   
Spyware:Spyware/Petro-Line    No disinfected                C:\Documents and Settings\silo\Favorites\Sites about\What is hydrocodone.url                                                     
Spyware:Spyware/Petro-Line    No disinfected                C:\Documents and Settings\silo\Favorites\Sites about\Online gambling casino.url                                                  
Spyware:Spyware/Petro-Line    No disinfected                C:\Documents and Settings\silo\Favorites\Sites about\Refinancing my mortgage.url                                                 
Spyware:Spyware/Petro-Line    No disinfected                C:\Documents and Settings\silo\Favorites\Sites about\Debt credit card.url                                                        
Spyware:Spyware/Petro-Line    No disinfected                C:\Documents and Settings\silo\Favorites\Sites about\Fha.url      
Spyware:Spyware/Petro-Line    No disinfected                C:\Documents and Settings\silo\Favorites\Sites about\Loan for debt consolidation.url                                             
Spyware:Spyware/Petro-Line    No disinfected                C:\Documents and Settings\silo\Favorites\Sites about\Health insurance.url                                                        
Spyware:Spyware/Petro-Line    No disinfected                C:\Documents and Settings\silo\Favorites\Sites about\Personal loans online.url                                                   
Spyware:Spyware/Petro-Line    No disinfected                C:\Documents and Settings\silo\Favorites\Sites about\Payroll advance.url                                                         
Spyware:Spyware/Petro-Line    No disinfected                C:\Documents and Settings\silo\Favorites\Sites about\Marketing email.url                                                         
Spyware:Spyware/Petro-Line    No disinfected                C:\Documents and Settings\silo\Favorites\Sites about\Prescription Drugs Rx Online.url                                            
Spyware:Spyware/Petro-Line    No disinfected                C:\Documents and Settings\silo\Favorites\Sites about\Credit report.url                                                           
Spyware:Spyware/Petro-Line    No disinfected                C:\Documents and Settings\silo\Favorites\Sites about\Tahoe vacation rental.url                                                   
Spyware:Spyware/Petro-Line    No disinfected                C:\Documents and Settings\silo\Favorites\Sites about\Escorts.url  
Spyware:Spyware/Petro-Line    No disinfected                C:\Documents and Settings\silo\Favorites\Sites about\Order phentermine.url                                                       
Spyware:Spyware/Petro-Line    No disinfected                C:\Documents and Settings\silo\Favorites\Sites about\Mortgage insurance.url                                                      
Spyware:Spyware/Petro-Line    No disinfected                C:\Documents and Settings\silo\Favorites\Sites about\Personal loans with bad credit.url                                          
Spyware:Spyware/Petro-Line    No disinfected                C:\Documents and Settings\silo\Favorites\Sites about\Crm software.url                                                            
Spyware:Spyware/Petro-Line    No disinfected                C:\Documents and Settings\silo\Favorites\Sites about\Nevada corporations.url                                                     
Spyware:Spyware/Petro-Line    No disinfected                C:\Documents and Settings\silo\Favorites\Sites about\Unsecured bad credit loans.url                                              
Spyware:Spyware/Petro-Line    No disinfected                C:\Documents and Settings\silo\Favorites\Sites about\Loan for people with bad credit.url                                         
Spyware:Spyware/Petro-Line    No disinfected                C:\Documents and Settings\silo\Favorites\Sites about\Broadband comparison.url                                                    
Spyware:Spyware/Petro-Line    No disinfected                C:\Documents and Settings\silo\Favorites\Sites about\Online Betting Site.url                                                     
Spyware:Spyware/Petro-Line    No disinfected                C:\Documents and Settings\silo\Favorites\Sites about\Online instant loan.url                                                     
Adware:Adware/WinTools        No disinfected                C:\Documents and Settings\silo\Favorites\100s of Porn Links, All Categories !!!.url                                              
Adware:Adware/WinTools        No disinfected                C:\Documents and Settings\silo\Favorites\Search the Web for Everything in One Click!.url                                         
Adware:Adware/Startpage.ACO   No disinfected                C:\Documents and Settings\silo\Favorites\Find Sexy Women In Your City!.url                                                       
Adware:Adware/Startpage.ACO   No disinfected                C:\Documents and Settings\silo\Favorites\Arabic Girls Exposed.url 
Adware:Adware/Startpage.ACO   No disinfected                C:\Documents and Settings\silo\Favorites\Nasty Mature Women.url   
Adware:Adware/Startpage.ACO   No disinfected                C:\Documents and Settings\silo\Favorites\Horny Housewives.url     
Adware:Adware/Startpage.ACO   No disinfected                C:\Documents and Settings\silo\Favorites\Adult Super Store.url    
Adware:Adware/PurityScan      No disinfected                C:\Documents and Settings\silo\Application Data\osam.exe          
Virus:Trj/Downloader.CZR      Disinfected                   C:\Documents and Settings\silo\Application Data\Mozilla\Profiles\Default User\8rrqezmc.slt\Mail\pop.east.cox.net\Inbox[iUEd.zip][pics.scr]                                                       
Virus:Trj/Downloader.CZR      Disinfected                   C:\Documents and Settings\silo\Application Data\Mozilla\Profiles\Default User\8rrqezmc.slt\Mail\pop.east.cox.net\Trash[iUEd.zip][pics.scr]                                                       
Virus:Exploit/ByteVerify      Disinfected                   C:\Documents and Settings\silo\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-6699b1e6-16508ebe.zip[BlackBox.class]                                                        
Virus:Exploit/ByteVerify      Disinfected                   C:\Documents and Settings\silo\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-6699b1e6-16508ebe.zip[VerifierBug.class]                                                     
Virus:Exploit/ByteVerify      Disinfected                   C:\Documents and Settings\silo\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-6699b1e6-16508ebe.zip[Dummy.class]                                                           
Virus:Exploit/ByteVerify      Disinfected                   C:\Documents and Settings\silo\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-6699b1e6-16508ebe.zip[Beyond.class]                                                          
Virus:Exploit/ByteVerify      Disinfected                   C:\Documents and Settings\silo\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\BlackBox.class-768a9cc6-1dda8976.class
Virus:Exploit/ByteVerify      Disinfected                   C:\Documents and Settings\silo\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-ff1654a-2d7633c8.class    
Virus:Exploit/ByteVerify      Disinfected                   C:\Documents and Settings\silo\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\VerifierBug.class-700bb8e0-157e9010.class                                                             
Spyware:Spyware/SurfSideKick  No disinfected                C:\Documents and Settings\silo\Application Data\Sskknwrd.dll      
Spyware:Spyware/SurfSideKick  No disinfected                C:\Documents and Settings\silo\Application Data\Sskuknwrd.dll     
Adware:Adware/CWS.008k        No disinfected                C:\msinfo.exe
[/FONT]

theres my pandascan result =\ its alot
 
#7 ·
You have a ridiculous amount of crap in your PC. We need to do this in multiple passes

Download rkfiles.zip and unzip the contents to a new folder on your desktop.

Download the remv3.zip at http://forums.skads.org/index.php?showtopic=80 (look for the attachment to download). Make a new folder on the root drive C:\ and unzip remv3.zip files into it.

Download ETRemover_v130.zip - Unzip to a new folder on Desktop.
  • From that folder, click on ETRemover_v130.exe
  • Click "About" >> "check for updates".
  • After it has updated itself, close that program. We'll run it later

===============

Download L2mfix from one of these two locations:

http://www.atribune.org/downloads/l2mfix.exe
http://www.downloads.subratam.org/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Close any programs you have open since this step requires a reboot.

From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter, then press any key to reboot your computer. After a reboot, your desktop and icons will appear, then disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, notepad will open with a log. Copy the contents of that log and paste it back into this thread.

IMPORTANT: Do NOT run any other files in the l2mfix folder unless you are asked to do so!


~~~~~~~~~~~~~~~

Uninstall the following programs using Control Panel>Add/Remove Programs :

  • EliteToolBar
    MySearch
    Web Offer
    TopConverting
    AdDestroyer
    SurfSideKick 2

~~~~~~~~~~~~~~~

Using KillBox


Copy to clipboard, all the items below by highlighting them & pressing [CTRL]+[C] on your keyboard.



C:\keys.ini
C:\WINDOWS\SYSTEM\services\2.01.00.dll
C:\WINDOWS\SYSTEM32\wvwwv.dat
C:\WINDOWS\SYSTEM32\stlb2.xml
C:\WINDOWS\SYSTEM32\2ndsrch.dll
C:\WINDOWS\SYSTEM32\system32.dll
C:\WINDOWS\SYSTEM32\akupd.dll
C:\WINDOWS\SYSTEM32\wihelp2.dll
C:\WINDOWS\SYSTEM32\JEFS500.DLL
C:\WINDOWS\SYSTEM32\setup_silent_26222.exe
C:\WINDOWS\SYSTEM32\wnaueng1.dll
C:\WINDOWS\SYSTEM32\mt-uninstaller.exe
C:\WINDOWS\SYSTEM32\thin-94-2-x-x.exe
C:\WINDOWS\SYSTEM32\mset_bbi8010.exe
C:\WINDOWS\SYSTEM32\WinExplore.exe
C:\WINDOWS\SYSTEM32\dn4801hue.dll
C:\WINDOWS\SYSTEM32\mhvcp50.dll
C:\WINDOWS\SYSTEM32\dqkquota.dll
C:\WINDOWS\SYSTEM32\suripto.dll
C:\WINDOWS\SYSTEM32\jsconsole.dll
C:\WINDOWS\SYSTEM32\AKLSP.DLL
C:\WINDOWS\SYSTEM32\javex80.vxd
C:\WINDOWS\SYSTEM32\rYsapi32.dll
C:\WINDOWS\SYSTEM32\wnsintsu.exe
C:\WINDOWS\SYSTEM32\psis80ex.ax
C:\WINDOWS\SYSTEM32\wsxsvc\wsx.dll
C:\WINDOWS\SYSTEM32\wsxsvc\wsx.ocx
C:\WINDOWS\SYSTEM32\dxdlgs.dll
C:\WINDOWS\SYSTEM32\nshkapi.dll

C:\WINDOWS\SYSTEM32\gpr0l39m1.dll
C:\WINDOWS\SYSTEM32\MJXBSE35.DLL
C:\WINDOWS\SYSTEM32\akcore.dll
C:\WINDOWS\SYSTEM32\akrules.dll
C:\WINDOWS\SYSTEM32\CALSP.DLL
C:\WINDOWS\SYSTEM32\vpt3216.dll
C:\WINDOWS\SYSTEM32\netut80ex.vxd
C:\WINDOWS\SYSTEM32\reg6523.exe
C:\WINDOWS\SYSTEM32\cdl3dv2.dll
C:\WINDOWS\SYSTEM32\kodusr.dll
C:\WINDOWS\SYSTEM32\dcdskmgr.dll
C:\WINDOWS\SYSTEM32\mglbui.dll
C:\WINDOWS\SYSTEM32\msxslab.dll
C:\WINDOWS\SYSTEM32\msxword.dll
C:\WINDOWS\SYSTEM32\wmrrmap.exe
C:\WINDOWS\SYSTEM32\dvrgres.dll
C:\WINDOWS\SYSTEM32\kt8ml7l11.dll
C:\WINDOWS\SYSTEM32\nlunzip.dll
C:\WINDOWS\SYSTEM32\ir40l5hm1.dll
C:\WINDOWS\SYSTEM32\dmImg010.dll
C:\WINDOWS\SYSTEM32\p08q0al5edq.dll
C:\WINDOWS\SYSTEM32\dn0001dme.dll
C:\WINDOWS\SYSTEM32\saie.log
C:\WINDOWS\SYSTEM32\rEsauto.dll
C:\WINDOWS\SYSTEM32\stlb2.dll
C:\WINDOWS\SYSTEM32\NLNP!3.exe
C:\WINDOWS\SYSTEM32\saieau.dat
C:\WINDOWS\SYSTEM32\we2_32.dll
C:\WINDOWS\SYSTEM32\msrexe.exe
C:\WINDOWS\SYSTEM32\SWLAD2.dll
C:\WINDOWS\SYSTEM32\SWLAD1.dll
C:\WINDOWS\SYSTEM32\PopOops2.dll
C:\WINDOWS\SYSTEM32\winupdt.bin
C:\WINDOWS\SYSTEM32\ayicap.dll
C:\WINDOWS\SYSTEM32\winupdtl.exe
C:\WINDOWS\SYSTEM32\saie_kyf.dat
C:\WINDOWS\SYSTEM32\p2n8lc5u1f.dll
C:\WINDOWS\SYSTEM32\winupdt.exe
C:\WINDOWS\SYSTEM32\saie_gdf.dat
C:\WINDOWS\SYSTEM32\s8pu0i79e8.dll
C:\WINDOWS\SYSTEM32\irl2l53o1.dll
C:\WINDOWS\SYSTEM32\PopOops.dll
C:\WINDOWS\SYSTEM32\Sjdmux.dll
C:\WINDOWS\SYSTEM32\Cache\cxtpls_loader.exe
C:\WINDOWS\SYSTEM32\chatdown.exe
C:\WINDOWS\SYSTEM32\svrmdll.dll
C:\WINDOWS\SYSTEM32\e6f1873b.dll
C:\WINDOWS\SYSTEM32\AK3API.DLL
C:\WINDOWS\SYSTEM32\mnxml2r.dll
C:\WINDOWS\SYSTEM32\wtavideo.dll
C:\WINDOWS\SYSTEM32\iwetcomm.dll
C:\WINDOWS\SYSTEM32\Agent.dll
C:\WINDOWS\SYSTEM32\slrialui.dll
C:\WINDOWS\SYSTEM32\kedtuq.dll
C:\WINDOWS\SYSTEM32\l60u0gd9e60.dll
C:\WINDOWS\SYSTEM32\mkicda.dll
C:\WINDOWS\SYSTEM32\jao.dll
C:\WINDOWS\SYSTEM32\qyxpyd.exe
C:\WINDOWS\SYSTEM32\gpnol3531.dll
C:\WINDOWS\SYSTEM32\stcloader.exe
C:\WINDOWS\SYSTEM32\D0CE0C16B1.DLL
C:\WINDOWS\SYSTEM32\ezPopStub.exe
C:\WINDOWS\SYSTEM32\mpjetoledb40.dll
C:\WINDOWS\SYSTEM32\skowsd.exe
C:\WINDOWS\SYSTEM32\skowsc.exe
C:\WINDOWS\SYSTEM32\skowsf.exe
C:\WINDOWS\SYSTEM32\sdkre32.exe
C:\WINDOWS\SYSTEM32\hoih.dll
C:\WINDOWS\SYSTEM32\lkka.dll
C:\WINDOWS\SYSTEM32\wininet.dll
C:\WINDOWS\SYSTEM32\mwgina.dll
C:\WINDOWS\SYSTEM32\wp.bmp
C:\WINDOWS\SYSTEM32\wjv8dmoe.dll
C:\WINDOWS\SYSTEM32\lv2m09f1e.dll
C:\WINDOWS\SYSTEM32\dHdpmesh.dll
C:\WINDOWS\SYSTEM32\r4p8le7u1h.dll
C:\WINDOWS\SYSTEM32\q886lils18q6.dll
C:\WINDOWS\SYSTEM32\m046lahs1d46.dll
C:\WINDOWS\SYSTEM32\i060lajm1doa.dll
C:\WINDOWS\SYSTEM32\udimdmat.dll
C:\WINDOWS\SYSTEM32\kmdcan.dll
C:\WINDOWS\SYSTEM32\fpp0037me.dll
C:\WINDOWS\SYSTEM32\OZTLCOMM.DLL
C:\WINDOWS\SYSTEM32\msab.dll
C:\WINDOWS\SYSTEM32\lifil11n.dll
C:\WINDOWS\SYSTEM32\saie_kyf_update.dat
C:\WINDOWS\SYSTEM32\jtj4071qe.dll
C:\WINDOWS\SYSTEM32\pegfilt.dll
C:\WINDOWS\SYSTEM32\nxtrap.dll
C:\WINDOWS\SYSTEM32\cfmsvcs.dll
C:\WINDOWS\SYSTEM32\hrj8051ue.dll
C:\WINDOWS\SYSTEM32\tibs3.exe
C:\WINDOWS\SYSTEM32\hr6405jqe.dll
C:\WINDOWS\SYSTEM32\j04olah31d4.dll
C:\WINDOWS\SYSTEM32\mooert2.dll
C:\WINDOWS\SYSTEM32\p48q0el5ehq.dll
C:\WINDOWS\SYSTEM32\f20o0cd3ef0.dll
C:\WINDOWS\SYSTEM32\sgtupapi.dll
C:\WINDOWS\SYSTEM32\Rrboex32.dll
C:\WINDOWS\SYSTEM32\dqconfig.dll
C:\WINDOWS\SYSTEM32\cacdll.dll
C:\WINDOWS\SYSTEM32\mlmtapi.dll
C:\WINDOWS\SYSTEM32\sdlstr.dll
C:\WINDOWS\SYSTEM32\disapi.dll
C:\WINDOWS\SYSTEM32\kfduzb.dll
C:\WINDOWS\SYSTEM32\poisdecd.dll
C:\WINDOWS\SYSTEM32\JEEM500.DLL
C:\WINDOWS\SYSTEM32\lgbmp10N.dll
C:\WINDOWS\SYSTEM32\jtr2079oe.dll
C:\WINDOWS\SYSTEM32\doolsav.dat
C:\WINDOWS\SYSTEM32\yOMrolNETA.dll
C:\WINDOWS\SYSTEM32\P2P Networking v124.cpl.disabled
C:\WINDOWS\SYSTEM32\r4p80e7ueh.dll
C:\WINDOWS\SYSTEM32\n24slch71f4.dll
C:\WINDOWS\SYSTEM32\pZutoenr.dll
C:\WINDOWS\SYSTEM32\pwcCllct.dll
C:\WINDOWS\SYSTEM32\l08mlal11dq.dll
C:\WINDOWS\SYSTEM32\ebjsl1171.dll
C:\WINDOWS\SYSTEM32\en62l1jo1.dll
C:\WINDOWS\SYSTEM32\Mgvcrt10.dll
C:\WINDOWS\SYSTEM32\mqexdlm.srg
C:\WINDOWS\SYSTEM32\rUsmontr.dll
C:\WINDOWS\SYSTEM32\irl8l53u1.dll
C:\WINDOWS\SYSTEM32\vx1.nls
C:\WINDOWS\SYSTEM32\vx1x.nls
C:\WINDOWS\SYSTEM32\mac80ex.idf
C:\WINDOWS\SYSTEM32\vx2x.nls
C:\WINDOWS\SYSTEM32\vx2.nls
C:\WINDOWS\SYSTEM32\vx3.nls
C:\WINDOWS\SYSTEM32\vx3x.nls
C:\WINDOWS\SYSTEM32\vx0.nls
C:\WINDOWS\SYSTEM32\m4640ejqehoe0.dll
C:\WINDOWS\bsx32.ini
C:\WINDOWS\pss\knkknf.exeCommon Startup
C:\WINDOWS\pss\rtrr.exeCommon Startup
C:\WINDOWS\hdxguu.dat
C:\WINDOWS\cpzydo.dat
C:\WINDOWS\bundles\saie1101.exe
C:\WINDOWS\bundles\thin-8-1-x-x.exe
C:\WINDOWS\bundles\optimizejames.exe
C:\WINDOWS\bundles\2504041110.exe
C:\WINDOWS\bundles\setupactiv2.exe
C:\WINDOWS\bundles\WebRebates_Auto_InstallSilent.exe
C:\WINDOWS\bundles\CSv10P070.exe
C:\WINDOWS\bundles\SSK_B5.EXE
C:\WINDOWS\bundles\ezStubseedcorn.exe
C:\WINDOWS\bundles\b2s-162813.exe
C:\WINDOWS\bundles\Beryllium.exe
C:\WINDOWS\bundles\adv0ltc0m.exe
C:\WINDOWS\bundles\shopinst.exe
C:\WINDOWS\bundles\cxt_wmg.exe
C:\WINDOWS\bundles\runsearch.exe
C:\WINDOWS\bundles\stlb2_seed.exe
C:\WINDOWS\bundles\cxt_big.exe
C:\WINDOWS\bundles\Decade.exe
C:\WINDOWS\bundles\ast_5_adsav.exe
C:\WINDOWS\bundles\icmedia2_56.exe
C:\WINDOWS\bundles\ICMMedia_1cmm3d1a.exe
C:\WINDOWS\bundles\winversion.exe
C:\WINDOWS\bundles\HLInstaller.exe
C:\WINDOWS\bundles\sahagent-dectest1001.exe
C:\WINDOWS\bundles\AdSmartMedia_bundle.exe
C:\WINDOWS\bundles\iehost.exe
C:\WINDOWS\bundles\bs5-goodyr1.exe
C:\WINDOWS\bundles\sahagent-seedcorn1002.exe
C:\WINDOWS\bundles\d_ic.exe
C:\WINDOWS\bundles\videoinst.exe
C:\WINDOWS\bundles\activeshopper.exe
C:\WINDOWS\bundles\e2g51.exe
C:\WINDOWS\bundles\newmb.exe
C:\WINDOWS\bundles\58kd52fg.exe
C:\WINDOWS\bundles\adl_mteststub.exe
C:\WINDOWS\bundles\adl_dh.exe
C:\WINDOWS\bundles\package8033_MARKETING5.exe
C:\WINDOWS\bundles\ropbundle.exe
C:\WINDOWS\bundles\rop_marketing_1_168.exe
C:\WINDOWS\bundles\KnNe1.exe
C:\WINDOWS\bundles\NzI0MDo4OjEy.exe
C:\WINDOWS\bundles\wrapperouter.exe
C:\WINDOWS\bundles\installcasino.exe
C:\WINDOWS\bundles\adl_hl.exe
C:\WINDOWS\bundles\setup_Incredifind_TrafficSpec.exe
C:\WINDOWS\bundles\gogotoolsSILAWO8pi.exe
C:\WINDOWS\bundles\vrinstall_icmedia.exe
C:\WINDOWS\bundles\pounder.exe
C:\WINDOWS\bundles\ssee.exe
C:\WINDOWS\bundles\SetupCasino.exe
C:\WINDOWS\bundles\new_vcm.exe
C:\WINDOWS\bundles\sahagent-onlinetrafficbroker1001.exe
C:\WINDOWS\bundles\EDow_vl.exe
C:\WINDOWS\bundles\mfsetup.exe
C:\WINDOWS\bundles\dh_vl.exe
C:\WINDOWS\bundles\adl_ibis_AS2.exe
C:\WINDOWS\bundles\adl_zeno.exe
C:\WINDOWS\bundles\Setup1171.exe
C:\WINDOWS\bundles\ventura1.exe
C:\WINDOWS\bundles\search_toolbar.exe
C:\WINDOWS\WildApp.dll
C:\WINDOWS\EliteToolBar\EliteToolBar.dll
C:\WINDOWS\EliteToolBar\EliteToolBar version 59.dll
C:\WINDOWS\EliteSideBar\EliteSideBar 07.dll
C:\WINDOWS\EliteSideBar\EliteSideBar 08.dll
C:\WINDOWS\SSK_B5.EXE
C:\WINDOWS\yoswqnaf.exe
C:\WINDOWS\hdxgu.dll
C:\WINDOWS\sdkpc32.exe
C:\WINDOWS\bgpcob.dat
C:\WINDOWS\czuwre.dat
C:\WINDOWS\uninstIU.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\load.exe
C:\WINDOWS\Downloaded Program Files\on-line.exe
C:\WINDOWS\Downloaded Program Files\bunSetup.cab
C:\WINDOWS\Downloaded Program Files\svchost.exe
C:\WINDOWS\Downloaded Program Files\bridge.inf
C:\WINDOWS\Downloaded Program Files\webdlg32.inf
C:\WINDOWS\POLALL1T.EXE
C:\WINDOWS\WSEM218.DLL12
C:\WINDOWS\NEM218.DLL12
C:\WINDOWS\TWAINTEC.DLL12
C:\stcupdt.exe
C:\protas.exe
C:\Program Files\Common Files\svchost.exe
C:\Program Files\Internet Explorer\Iesearch.exe
C:\Program Files\Internet Explorer\guardian.dll
C:\Program Files\Internet Explorer\hookDLL.dll
C:\Program Files\Internet Explorer\r_process.dll
C:\Program Files\Internet Explorer\a.exe
C:\Program Files\CSBB\CSv10P070.exe
C:\Program Files\MySearch\bar\1.bin\NPMYSRCH.DLL
C:\Program Files\MySearch\bar\1.bin\S42NS.EXE
C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
C:\Program Files\Web Offer\CHPON.dll
C:\Program Files\Web Offer\eapbh.dll
C:\Program Files\Q330994.exe
C:\Program Files\Kazaa\TopSearch.dll
C:\Program Files\TopConverting\arkanoid\arkanoid.exe
C:\Program Files\AdDestroyer\AdDestroyer.exe
C:\Program Files\SurfSideKick 2\SskBho.dll
C:\Program Files\SurfSideKick 2\SskCore.dll
C:\Program Files\SurfSideKick 2\Ssk.exe
C:\Program Files\STC\STC.exe
C:\Program Files\STC\bundles.exe
C:\Program Files\STC\bundles53.exe
C:\Program Files\STC\bundles118.exe
C:\Program Files\SED\SE.exe
C:\Q8276112.exe
C:\Games\New\Sexy Latina Teen teg_vod.wmv
C:\Games\New\Sexy Latina Teen - GOOD.wmv
C:\Games\Games\backups\backup-20050122-235200-995-knkknf.exe
C:\silent093.exe
C:\sidebDD.exe
C:\myPcsearch.exe
C:\twulingr.exe
C:\SaveInstCsSm.exe
C:\Overpro323.exe
C:\boot.exe
C:\Documents and Settings\All Users\Application Data\SecTaskMan\vkvvkq.exe.q_8048200_q.old
C:\Documents and Settings\All Users\Application Data\SecTaskMan\knkknf.exe.q_5A9A8200_q.old
C:\Documents and Settings\silo\Favorites\Only sex website.url
C:\Documents and Settings\silo\Favorites\Seven days of free porn.url
C:\Documents and Settings\silo\Favorites\Sites about\Credit counseling.url
C:\Documents and Settings\silo\Favorites\Sites about\Insurance home.url
C:\Documents and Settings\silo\Favorites\Sites about\Mortgage life insurance.url
C:\Documents and Settings\silo\Favorites\Sites about\Help desk software.url
C:\Documents and Settings\silo\Favorites\Sites about\Ab scissor.url
C:\Documents and Settings\silo\Favorites\Sites about\Videos.url
C:\Documents and Settings\silo\Favorites\Sites about\What is hydrocodone.url
C:\Documents and Settings\silo\Favorites\Sites about\Online gambling casino.url
C:\Documents and Settings\silo\Favorites\Sites about\Refinancing my mortgage.url
C:\Documents and Settings\silo\Favorites\Sites about\Debt credit card.url
C:\Documents and Settings\silo\Favorites\Sites about\Fha.url
C:\Documents and Settings\silo\Favorites\Sites about\Loan for debt consolidation.url
C:\Documents and Settings\silo\Favorites\Sites about\Health insurance.url
C:\Documents and Settings\silo\Favorites\Sites about\Personal loans online.url
C:\Documents and Settings\silo\Favorites\Sites about\Payroll advance.url
C:\Documents and Settings\silo\Favorites\Sites about\Marketing email.url
C:\Documents and Settings\silo\Favorites\Sites about\Prescription Drugs Rx Online.url
C:\Documents and Settings\silo\Favorites\Sites about\Credit report.url
C:\Documents and Settings\silo\Favorites\Sites about\Tahoe vacation rental.url
C:\Documents and Settings\silo\Favorites\Sites about\Escorts.url
C:\Documents and Settings\silo\Favorites\Sites about\Order phentermine.url
C:\Documents and Settings\silo\Favorites\Sites about\Mortgage insurance.url
C:\Documents and Settings\silo\Favorites\Sites about\Personal loans with bad credit.url
C:\Documents and Settings\silo\Favorites\Sites about\Crm software.url
C:\Documents and Settings\silo\Favorites\Sites about\Nevada corporations.url
C:\Documents and Settings\silo\Favorites\Sites about\Unsecured bad credit loans.url
C:\Documents and Settings\silo\Favorites\Sites about\Loan for people with bad credit.url
C:\Documents and Settings\silo\Favorites\Sites about\Broadband comparison.url
C:\Documents and Settings\silo\Favorites\Sites about\Online Betting Site.url
C:\Documents and Settings\silo\Favorites\Sites about\Online instant loan.url
C:\Documents and Settings\silo\Favorites\100s of Porn Links, All Categories !!!.url
C:\Documents and Settings\silo\Favorites\Search the Web for Everything in One Click!.url
C:\Documents and Settings\silo\Favorites\Find Sexy Women In Your City!.url
C:\Documents and Settings\silo\Favorites\Arabic Girls Exposed.url
C:\Documents and Settings\silo\Favorites\Nasty Mature Women.url
C:\Documents and Settings\silo\Favorites\Horny Housewives.url
C:\Documents and Settings\silo\Favorites\Adult Super Store.url
C:\Documents and Settings\silo\Application Data\osam.exe
C:\Documents and Settings\silo\Application Data\Mozilla\Profiles\Default User\8rrqezmc.slt\Mail\pop.east.cox.net\Inbox
C:\Documents and Settings\silo\Application Data\Mozilla\Profiles\Default User\8rrqezmc.slt\Mail\pop.east.cox.net\Trash
C:\Documents and Settings\silo\Application Data\Sskknwrd.dll
C:\msinfo.exe
  • Start KillBox.
  • Go to the File menu, and choose "Paste from Clipboard".
    Verify that you've done this properly by clicking the dropdown-arrow next to the "Full Path of File to Delete" field. The filenames you pasted will be found in there.
  • Select "Delete on Reboot", "End Explorer Shell While Killing File" & "Unregister.dll Before Deleting" if it's not grayed out.
  • Click the RED-and-white "Delete File" button.
  • Click "Yes" at the 'Delete on Reboot' prompt. Click "Yes" at the Pending Operations prompt.

* If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here to download and run missingfilesetup.exe. Then try TheKillbox again.


===============

Reboot to Safe Mode


Run ETRemover_v130.exe, then click the "Kill Elite Toolbar" button and wait until it finishes its work.

* Occasionally a DOS box may appear asking your permission to delete some files in temporary Windows directories. You must accept the deletion of these to be sure of properly removing the malware!


~~~~~~~~~~~~~~~

Locate and delete the following folder(s), if present:

  • C:\Program Files\STC\
    C:\Program Files\SED\
    C:\WINDOWS\pss\
    C:\WINDOWS\bundles\
    C:\WINDOWS\EliteToolBar\
    C:\Program Files\CSBB\
    C:\Program Files\MySearch\
    C:\Program Files\Web Offer\
    C:\Program Files\TopConverting\
    C:\Program Files\AdDestroyer\
    C:\Program Files\SurfSideKick 2\
    C:\Documents and Settings\All Users\Application Data\SecTaskMan\
    C:\Documents and Settings\silo\Favorites\Sites about\

~~~~~~~~~~~~~~~

Double click rkfiles.bat file to run it. It will scan for a while, so please be patient. Wait until the DOS window closes. Open the C:\log.txt it created and rename it log1.txt.

Now open the folder where you saved remv3.zip files and double click the rem.bat file and let it run. It will delete the files and remove the infection and then make a log of the files it finds. The log file will be C:\log.txt and bad1.txt

**Note** Each tool uses log.txt as it’s output file so make sure you save the entries from one tools log before running the other as it will overwrite the file if you don’t.

Post the contents of both the log.txt and log1.txt in your next post


Reboot to Normal Mode.

Run a new HijackThis scan. Save the log file and run KRC HijackThis Analyzer in the same folder to get the result.txt log. Just post the contents of the result.txt file in your next reply.

In your next post, please include:
  • Copy of KRC HijackThis Analyzer log
  • L2mfix's log
  • Remv3 & rkfiles logs
 
O
#8 · (Edited)
C:\Documents and Settings\silo\Desktop\fixing computer

PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, THERE MIGHT BE LEGIT FILES LISTED AND PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Files Found in system Folder............
------------------------
C:\WINDOWS\SYSTEM32\wvwwv.dat: UPX!
C:\WINDOWS\SYSTEM32\NPSHAR2K.DLL: UPX!
C:\WINDOWS\SYSTEM32\prdtect.exe: UPX!
C:\WINDOWS\SYSTEM32\npdown_.dll: UPX!
C:\WINDOWS\SYSTEM32\NPSHARE.DLL: UPX!
C:\WINDOWS\SYSTEM32\NLNP13.dll: UPX!
C:\WINDOWS\SYSTEM32\devil.dll: UPX!
C:\WINDOWS\SYSTEM32\ilut.dll: UPX!
C:\WINDOWS\SYSTEM32\ilu.dll: UPX!
C:\WINDOWS\SYSTEM32\notepad.com: UPX!
C:\WINDOWS\SYSTEM32\svcnut32.exe: UPX!
C:\WINDOWS\SYSTEM32\npunzip.dll: pec2
C:\WINDOWS\SYSTEM32\NPSCAN.DLL: pec2
C:\WINDOWS\SYSTEM32\atl71.pdb: dwProvSpec2
C:\WINDOWS\SYSTEM32\mfc71.pdb: dwProvSpec2
C:\WINDOWS\SYSTEM32\mfc71u.pdb: dwProvSpec2
C:\WINDOWS\SYSTEM32\MFC71d.pdb: dwProvSpec2
C:\WINDOWS\SYSTEM32\mfc71ud.pdb: dwProvSpec2
C:\WINDOWS\SYSTEM32\dfrg.msc: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAwGpEc213
C:\WINDOWS\SYSTEM32\DivX.dll: PEC2

Files Found in all users startup Folder............
------------------------
Files Found in all users windows Folder............
------------------------
C:\WINDOWS\notepad.com: UPX!
C:\WINDOWS\IFinst25.exe: UPX!
C:\WINDOWS\q0102.exe: UPX!
Finished
bye
Click to expand...
rkfiles



The batch is run from -- C:\Documents and Settings\silo\Desktop\fixing computer

Files Found.................
----------------------------------------

Files Not deleted.................
----------------------------------------

Merging registry entries
-----------------------------------------------------------------
The Registry Entries Found...
-----------------------------------------------------------------


Other bad files to be Manually deleted.. Please note that this might also list legit Files, be careful while deleting
-----------------------------------------------------------------
Volume in drive C is TONY'S HDD
Volume Serial Number is 1477-17FC

Directory of C:\WINDOWS\SYSTEM32

msi.dll
Finished
Click to expand...
Rem3


====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 6/3/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 12:36:38 AM, on 6/26/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Avant Browser\avant.exe
C:\Documents and Settings\silo\Desktop\fixing computer\HijackThis.exe

N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Documents and Settings\silo\Application Data\Mozilla\Profiles\default\0559uh3k.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\silo\Application Data\Mozilla\Profiles\default\0559uh3k.slt\prefs.js)
O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
O12 - Plugin for .png: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {23912BB0-CC9F-4C69-83D4-19C2B183BA91} - http://ns-radio.netscape.com/radio/cabs/radiox.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zone.msn.com/binary/ZAxRcMgr.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe


End of KRC HijackThis Analyzer Log.
====================================================================
Click to expand...
HijackThis



( sorry it took so long, had to work almost all day everyday for the past few days )
 
#9 ·
Welcome back.

Please reboot your computer to Safe Mode.

Run KillBox and check the box that says 'End Explorer Shell While Killing File'. Next click on 'Delete on Reboot'. For each of the following files below, check the box that says 'Unregister .dll Before Deleting' if it's not grayed out. Copy and paste each of the following into KillBox (hitting the X button for each file - choose NO when it asks if you want to reboot): (you should be able to copy and paste them all at once.)

C:\WINDOWS\SYSTEM32\wvwwv.dat
C:\WINDOWS\SYSTEM32\NPSHAR2K.DLL
C:\WINDOWS\SYSTEM32\prdtect.exe
C:\WINDOWS\SYSTEM32\npdown_.dll
C:\WINDOWS\SYSTEM32\NPSHARE.DLL
C:\WINDOWS\SYSTEM32\NLNP13.dll
C:\WINDOWS\SYSTEM32\devil.dll
C:\WINDOWS\SYSTEM32\ilut.dll
C:\WINDOWS\SYSTEM32\ilu.dll
C:\WINDOWS\SYSTEM32\notepad.com
C:\WINDOWS\SYSTEM32\svcnut32.exe
C:\WINDOWS\SYSTEM32\atl71.pdb
C:\WINDOWS\SYSTEM32\mfc71.pdb
C:\WINDOWS\SYSTEM32\mfc71u.pdb
C:\WINDOWS\SYSTEM32\MFC71d.pdb
C:\WINDOWS\SYSTEM32\mfc71ud.pdb
C:\WINDOWS\notepad.com
C:\WINDOWS\IFinst25.exe
C:\WINDOWS\q0102.exe

Reboot your computer now, but I want you to go back into Safe Mode so that we can run a new Rkfiles scan. Double click rkfiles.bat file to run it. It will scan for a while, so please be patient. Wait until the DOS window closes. It will create a file called C:\log.txt.

Reboot back into Normal Mode. Run a new HJT log and copy paste the contents of the hijackthis.log in your next post. In addition, open the log.txt file created by rkfiles and bring the contents of that too.
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Tech Support Forum
  • 4.7M posts
  • 965K members
  • Since 2002
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Windows 7 , Windows Vista Support Motherboards, Bios|UEFI & CPU Networking Support Laptop Support Video Card Support