« previous next »
Pages: [1]

Author Topic: Unwanted websites when going online  (Read 1651 times)

Offline Marcia

  • Jr. Member
  • **
  • Posts: 56
  • Karma: +0/-0
    • View Profile
    • http://
Unwanted websites when going online
« on: May 27, 2005, 01:04:58 PM »
Hi, I'm a newbie here..little patience please. http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />   I just cleaned my sister's laptop using Ad-Aware, Spybot Search & Destroy,CleanUp, SpywareBlaster.  I guess her kids have downloaded all kinds of junk onto her pc.  I finally got it clean, as far as I know.  I then brought it back to her home and went online.  Websites start popping up out of nowhere when she signs on.  I went offline and ran Ad-Aware and couldn't believe the 30-something problems that showed up just from opening Internet Explorer.   What should I do now?  How do I stop all these websites from loading up automatically?
Logged

Offline spiro

  • Newbie
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
    • http://
Unwanted websites when going online
« Reply #1 on: May 29, 2005, 09:49:00 AM »
Hi there.

What you should do, is gain a copy of STOPZilla, from: http://www.stopzilla.com/

After you install this, you will have a 15 day trial limit. Do what I and most people would do, and download a keygen.

Go to this website and click on "Download File"
http://mscracks.com/get.php?id=206359

Unzip and open "Keygen.exe"

When I first tried I typed in James and up came the code. I put this into the registration field in STOPZilla and it said that it was maxed out or something like that. Try typing in a rare name, or even just type any random text and it will have a code.

Copy the text that's in the name field of the Keygen and paste it into the E-Mail section of the STOPZilla registration form. Do the same with the serial number/registration key sections.

Congratulations, you now have the full STOPZilla.

[color=\"red\"]NOTE: I STRONGLY RECOMMEND USING AD-AWARE AFTER VISITING MSCRACKS.COM AS CRACK WEBSITES PRETTY MUCH ALWAYS HAVE SPYWARE AND ADWARE.[/color]

Hope this helps
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Unwanted websites when going online
« Reply #2 on: May 29, 2005, 10:40:27 AM »
Could you post a Hijackthis log instead of download Stopzilla please
Post it too this thread

Here's the instructions
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Marcia

  • Jr. Member
  • **
  • Posts: 56
  • Karma: +0/-0
    • View Profile
    • http://
Unwanted websites when going online
« Reply #3 on: May 29, 2005, 07:13:27 PM »
Logfile of HijackThis v1.99.1
Scan saved at 8:08:02 PM, on 5/29/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\McAfee\McAfee VirusScan\VSStat.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
c:\windows\system32\rnylxf.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell TrueMobile 1150\Client Manager\CmDEL.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\Program Files\HiJackThis 1.99.1\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;http://localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_0.dll
O2 - BHO: RsyncHlpr Class - {16B238D5-80DE-47CE-8F17-B3ECE2C2248D} - C:\WINDOWS\System32\rsyncmon.dll
O2 - BHO: BolgerObj Class - {302A3240-4805-4a34-97D7-1645A0B08410} - C:\WINDOWS\Bolger.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ohb Class - {999A06FF-10EF-4A29-8640-69E99882C26B} - C:\WINDOWS\System32\nss3E.dll
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_0.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKLM\..\Run: [VirusScanMSC] "C:\Program Files\McAfee\McAfee VirusScan\VSStat.exe" /EMBEDDING
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [grrygrs] c:\windows\system32\rnylxf.exe
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: TrueMobile 1150 Client Manager.lnk = C:\Program Files\Dell TrueMobile 1150\Client Manager\CmDEL.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1113595546275
O23 - Service: AVSync Manager (AvSynMgr) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: System Startup Service  (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: WinPPPoverEthernet - Unknown owner - C:\Program Files\Verizon Online\WinPoET\WrOS.EXE (file missing)
Logged

Offline Marcia

  • Jr. Member
  • **
  • Posts: 56
  • Karma: +0/-0
    • View Profile
    • http://
Unwanted websites when going online
« Reply #4 on: June 02, 2005, 07:43:45 PM »
still waiting questolo...please don't forget me
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Unwanted websites when going online
« Reply #5 on: June 05, 2005, 07:18:21 AM »
Sorry for the delay murphey,
Can I have you post a fresh Hijackthis log and we'll get you started fixing this thing
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Marcia

  • Jr. Member
  • **
  • Posts: 56
  • Karma: +0/-0
    • View Profile
    • http://
Unwanted websites when going online
« Reply #6 on: June 05, 2005, 02:44:03 PM »
Logfile of HijackThis v1.99.1
Scan saved at 3:40:36 PM, on 6/5/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\McAfee\McAfee VirusScan\VSStat.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
c:\windows\system32\ibnuhqd.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell TrueMobile 1150\Client Manager\CmDEL.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\HiJackThis 1.99.1\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;http://localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_0.dll
O2 - BHO: RsyncHlpr Class - {16B238D5-80DE-47CE-8F17-B3ECE2C2248D} - C:\WINDOWS\System32\rsyncmon.dll
O2 - BHO: BolgerObj Class - {302A3240-4805-4a34-97D7-1645A0B08410} - C:\WINDOWS\Bolger.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ohb Class - {999A06FF-10EF-4A29-8640-69E99882C26B} - C:\WINDOWS\System32\nss3E.dll
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_0.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKLM\..\Run: [VirusScanMSC] "C:\Program Files\McAfee\McAfee VirusScan\VSStat.exe" /EMBEDDING
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [eszijps] c:\windows\system32\ibnuhqd.exe
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: TrueMobile 1150 Client Manager.lnk = C:\Program Files\Dell TrueMobile 1150\Client Manager\CmDEL.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1113595546275
O23 - Service: AVSync Manager (AvSynMgr) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: System Startup Service  (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: WinPPPoverEthernet - Unknown owner - C:\Program Files\Verizon Online\WinPoET\WrOS.EXE (file missing)
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Unwanted websites when going online
« Reply #7 on: June 05, 2005, 05:28:32 PM »
Can you do the following please
Just want to get you some tools to help clean the problems you have
==Can you download and save too desktop
FixAprop by Symantec's
We'll need this in a bit

==Download the Nail/Aurora Spyware Fix from NoIdea.US
Unzip it to the desktop but do NOT run yet.

I see signs you may of had problems with Elitebar
Could you Please download miekiemoes' LQfix batch here:
http://www.downloads.subratam.org/LQfix.zip
Unzip it to the desktop but do NOT run it yet.

==I'm uploading a couple zip files, can you do the following
Download and UNZIP both ClrBegin.zip and Remove.zip to desktop
So you now have ClrBegin.reg and Remove.reg extracted
We'll need these later
[attachment=251:attachment]
[attachment=252:attachment]

==Download and then Install
Ewido Trojan Scanner

When installing, under "Additional Options" Uncheck "Install background guard" and "Install scan via context menu".
When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We'll fix that later
From the main ewido screen, click on Update in the left menu, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful")
Close out Ewido

Set Windows To Show Hidden Files and Folders
    * Click Start.
    * Open My Computer.
    * Select the Tools menu and click Folder Options.
    * Select the View Tab.
    * Under the Hidden files and folders heading select Show hidden files and folders.
    * Uncheck the Hide protected operating system files (recommended) option.
    * Uncheck the Hide Extensions for known file types
    * Click Yes to confirm.
    * Click OK.

Please Print this out or save these instructions to a Notepad file and save it to your Desktop
Disconnect from the Internet, stay disconnected until we are done with these fixes

Run FixAprop.exe from Symantec's, let it scan your drive
and fix what it finds
When it's done

RESTART your Computer in SAFE MODE
You can do this by tapping the F8 key as the system is restarting, after the single post beep, or use the link
I supplied for a more detailed explanation

Once in Safe mode
==Double-click on Nailfix.cmd.  Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

==Double click to run LQFix.bat you unzipped earlier
Let it finish, it won't take long

Manually navigate to and delete these file or folders if found, some may not exist
C:\WINDOWS\netsync.exe <-file
C:\WINDOWS\rsyncmon.dll
C:\WINDOWS\svcproc.exe
C:\WINDOWS\Bolger.dll
C:\WINDOWS\Nail.exe
C:\WINDOWS\system32\netsync.exe
C:\WINDOWS\System32\rsyncmon.dll
C:\WINDOWS\System32\nss3E.dll
c:\windows\system32\ibnuhqd.exe

C:\Program Files\CxtPls <-folder
C:\Program Files\AutoUpdate <-folder

==Open Windows CleanUp!>>START>>programs>>Cleanup!
Click on the CleanUp button, let it finish scanning for files, when it's done
Decline to Log off

Double click on Remove.reg and allow to add or Merge to the registry
Double click on ClrBegin.reg also allow it

==Open Ewido trojan scanner
Click on the Scanner button in the left menu, then click on the Start button. This scan can take a while, so give it time to run
If ewido finds anything, it will pop up a notification. You can select "clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.
When the scan finishes, click on "Save Report". This will create a text file.
Save the report

Do another scan with Hijackthis and put a check next to these entries:
Not all may be found, but fix what appears

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe

O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll

O2 - BHO: RsyncHlpr Class - {16B238D5-80DE-47CE-8F17-B3ECE2C2248D} - C:\WINDOWS\System32\rsyncmon.dll
O2 - BHO: BolgerObj Class - {302A3240-4805-4a34-97D7-1645A0B08410} - C:\WINDOWS\Bolger.dll

O2 - BHO: ohb Class - {999A06FF-10EF-4A29-8640-69E99882C26B} - C:\WINDOWS\System32\nss3E.dll

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [eszijps] c:\windows\system32\ibnuhqd.exe

O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe

After you have ticked the above entries, close All other open windows,
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Restart back to Normal mode

Run another scan with Hijackthis and post a fresh log
along with the report from Ewidos

Could you also let me know the following
Open Ad-Aware and click on DETAILS
under the Initialization status windows and let me know Reference number and Internal build

Could you open Spybot and click on HELP
Let me know Latest detection date and Spybot version
« Last Edit: June 05, 2005, 05:34:48 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Marcia

  • Jr. Member
  • **
  • Posts: 56
  • Karma: +0/-0
    • View Profile
    • http://
Unwanted websites when going online
« Reply #8 on: June 07, 2005, 06:11:39 PM »
Ad Aware reference no. 01R347 26.10.2004
              internal build 281

Spy Bot Search & Destroy 1.3  
              latest detection date 2005-04-27

Logfile of HijackThis v1.99.1
Scan saved at 7:04:26 PM, on 6/7/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\Program Files\McAfee\McAfee VirusScan\VSStat.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell TrueMobile 1150\Client Manager\CmDEL.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\HiJackThis 1.99.1\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;http://localhost
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_0.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_0.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKLM\..\Run: [VirusScanMSC] "C:\Program Files\McAfee\McAfee VirusScan\VSStat.exe" /EMBEDDING
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: TrueMobile 1150 Client Manager.lnk = C:\Program Files\Dell TrueMobile 1150\Client Manager\CmDEL.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1113595546275
O23 - Service: AVSync Manager (AvSynMgr) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: WinPPPoverEthernet - Unknown owner - C:\Program Files\Verizon Online\WinPoET\WrOS.EXE (file missing)

---------------------------------------------------------
« Last Edit: June 07, 2005, 06:14:22 PM by murphrey2001 »
Logged

Offline Marcia

  • Jr. Member
  • **
  • Posts: 56
  • Karma: +0/-0
    • View Profile
    • http://
Unwanted websites when going online
« Reply #9 on: June 07, 2005, 06:15:16 PM »
---------------------------------------------------------
 ewido security suite - Scan report
---------------------------------------------------------

 + Created on:         6:58:24 PM, 6/7/2005
 + Report-Checksum:      E459C98

 + Date of database:      6/7/2005
 + Version of scan engine:   v3.0

 + Duration:            38 min
 + Scanned Files:         47407
 + Speed:            20.53 Files/Second
 + Infected files:         419
 + Removed files:         419
 + Files put in quarantine:      419
 + Files that could not be opened:   0
 + Files that could not be cleaned:   0

 + Binder:      Yes
 + Crypter:      Yes
 + Archives:      Yes

 + Scanned items:
   C:\

 + Scan result:
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP188\A0018210.ax/C:/WINDOWS/System32/mscb.dll -> Spyware.BargainBuddy.i -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP188\A0018210.ax/C:/Program Files/CashBack/bin/cashback.exe -> Spyware.BargainBuddy -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP188\A0018210.ax/C:/Program Files/CashBack/bin/cb.exe -> Spyware.CashBack.b -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP188\A0018210.ax/C:/Program Files/CashBack/bin/flash.exe -> Spyware.CashBack.d -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP188\A0018211.exe -> Spyware.BargianBuddy.n -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP188\A0018212.vxd/C:/WINDOWS/System32/exdl.exe -> Spyware.BargianBuddy.n -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP188\A0018212.vxd/C:/WINDOWS/System32/mqexdlm.srg -> Spyware.BargianBuddy.n -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP188\A0018212.vxd/C:/WINDOWS/System32/exul.exe -> Spyware.BargainBuddy.q -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP188\A0018212.vxd/C:/WINDOWS/System32/javexulm.vxd -> Spyware.BargainBuddy.q -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP188\A0018212.vxd/C:/WINDOWS/System32/bbchk.exe -> Spyware.Bargainbuddy -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP188\A0018212.vxd/C:/WINDOWS/System32/msexreg.exe -> Spyware.Bargainbuddy -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP188\A0018212.vxd/C:/WINDOWS/System32/instsrv.exe -> Spyware.BargainBuddy -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP188\A0018212.vxd/C:/WINDOWS/System32/exclean.exe -> Spyware.BargainBuddy -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP188\A0018213.exe -> Spyware.BargainBuddy.q -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP188\A0018214.dll -> Spyware.EliteBar.z -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP188\A0018215.dll -> Spyware.DlMax.a -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP188\A0018218.exe -> Trojan.VB.ux -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP188\A0018226.exe -> Spyware.BargainBuddy -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP188\A0018227.exe -> Spyware.CashBack.b -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP188\A0018228.exe -> Spyware.CashBack.d -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP188\A0018230.dll -> Spyware.BargainBuddy.i -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP188\A0018234.EXE -> Spyware.VirtualBouncer.j -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP188\A0018235.EXE -> Spyware.VirtualBouncer.j -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP188\A0018236.EXE -> Spyware.VirtualBouncer -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP188\A0018239.exe -> Spyware.BargainBuddy.n -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP188\A0018240.exe -> Spyware.BargainBuddy.n -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP188\A0018241.exe -> Spyware.BargainBuddy.n -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP188\A0018243.dll -> Spyware.BargainBuddy.n -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP188\A0018256.exe -> Spyware.Sahat.o -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP188\A0018259.dll -> Spyware.TotalVelocity.v -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP188\A0018260.dll -> Spyware.SurfSide.k -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP188\A0018261.exe -> Spyware.SurfSide.k -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP188\A0018262.vxd/C:/WINDOWS/System32/nvms.dll -> Spyware.Bargainbuddy -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP188\A0018262.vxd/C:/Program Files/NaviSearch/bin/nls.exe -> Spyware.ExactSearchBar -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP188\A0018263.dll -> Spyware.Bargainbuddy -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP188\A0018264.srg -> Spyware.BargianBuddy.n -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP188\A0018265.exe -> Spyware.BargianBuddy.n -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP188\A0018266.vxd -> Spyware.BargainBuddy.q -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP188\A0018267.exe -> Spyware.BargainBuddy.q -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP188\A0018268.exe -> Spyware.Bargainbuddy -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP188\A0018269.exe -> Spyware.BargainBuddy.n -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP188\A0018270.exe -> Spyware.Bargainbuddy -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP188\A0018271.exe -> Spyware.BargainBuddy.n -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP188\A0018272.exe -> Spyware.ExactSearchBar -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP188\A0018274.exe -> Spyware.DealHelper.ac -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP189\A0018277.exe -> TrojanDownloader.Dyfuca.dx -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP189\A0018278.exe -> Spyware.VirtualBouncer.i -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP189\A0018283.exe -> Spyware.VirtualBouncer.g -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP189\A0018284.exe -> Spyware.Sahat.o -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP189\A0018285.dll -> Spyware.Sahat.l -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP189\A0018286.exe -> Spyware.Sahat.o -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP189\A0018287.exe -> Spyware.BargianBuddy.n -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP189\A0018288.exe -> Spyware.BargainBuddy -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP189\A0018292.exe -> Spyware.WebSearch.af -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP189\A0018293.exe -> Spyware.Wintol.y -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP189\A0018305.exe -> Spyware.WebSearch.af -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP189\A0018306.exe -> Spyware.Wintol.y -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP191\A0018331.exe -> TrojanDownloader.Small.apm -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP191\A0018335.exe -> Spyware.Websearch -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP191\A0018336.exe -> Spyware.WebSearch.af -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP191\A0018337.exe -> Spyware.WebSearch.ad -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP191\A0018342.dll -> Spyware.Toolbar -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP191\A0018343.exe -> Spyware.IBIS -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP191\A0018344.exe -> Spyware.WebSearch.af -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP191\A0018345.dll -> Spyware.WebSearch.ae -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP191\A0018351.exe -> Spyware.180solutions -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP191\A0018352.exe -> Spyware.Wintol.y -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP191\A0018357.exe -> Spyware.BargainBuddy.n -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP191\A0018358.exe -> Spyware.BargainBuddy -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP191\A0018359.dll -> Backdoor.Generic -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP191\A0018362.dll -> Spyware.DlMax.a -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP191\A0019340.exe -> Spyware.BetterInternet -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP191\A0019341.srg -> Spyware.BargianBuddy.n -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP191\A0019348.exe -> Spyware.Wintol.y -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP191\A0019355.ax/C:/WINDOWS/System32/mscb.dll -> Spyware.BargainBuddy.i -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP191\A0019355.ax/C:/Program Files/CashBack/bin/cashback.exe -> Spyware.BargainBuddy -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP191\A0019355.ax/C:/Program Files/CashBack/bin/cb.exe -> Spyware.CashBack.b -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP191\A0019355.ax/C:/Program Files/CashBack/bin/flash.exe -> Spyware.CashBack.d -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP191\A0019356.vxd/C:/WINDOWS/System32/exdl.exe -> Spyware.BargianBuddy.n -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP191\A0019356.vxd/C:/WINDOWS/System32/mqexdlm.srg -> Spyware.BargianBuddy.n -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP191\A0019356.vxd/C:/WINDOWS/System32/exul.exe -> Spyware.BargainBuddy.q -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP191\A0019356.vxd/C:/WINDOWS/System32/javexulm.vxd -> Spyware.BargainBuddy.q -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP191\A0019356.vxd/C:/WINDOWS/System32/bbchk.exe -> Spyware.Bargainbuddy -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP191\A0019356.vxd/C:/WINDOWS/System32/msexreg.exe -> Spyware.Bargainbuddy -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP191\A0019356.vxd/C:/WINDOWS/System32/instsrv.exe -> Spyware.BargainBuddy -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP191\A0019356.vxd/C:/WINDOWS/System32/exclean.exe -> Spyware.BargainBuddy -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP191\A0019357.exe -> Spyware.BargainBuddy -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP191\A0019358.exe -> Spyware.CashBack.b -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP191\A0019359.exe -> Spyware.CashBack.d -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP191\A0019361.exe -> Spyware.BargianBuddy.n -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP191\A0019362.exe -> Spyware.BargainBuddy.q -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP191\A0019368.exe -> Spyware.180solutions -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP191\A0019369.dll -> Spyware.180solutions -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP191\A0019370.exe -> Spyware.180Solutions -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP191\A0019371.exe -> TrojanDownloader.Wintool.f -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP191\A0019383.exe -> Spyware.BargainBuddy.n -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP191\A0019384.exe -> Spyware.BargainBuddy.n -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP191\A0019385.exe -> Spyware.BargainBuddy.n -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP191\A0019387.exe -> Spyware.BargianBuddy.n -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP191\A0019388.exe -> Spyware.BargainBuddy.q -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP191\A0019389.exe -> Spyware.Sahat.o -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP191\A0019390.exe -> Spyware.Sahat.o -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP192\snapshot\MFEX-4.DAT -> Spyware.Wintol.y -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP192\snapshot\MFEX-5.DAT -> Spyware.Wintol.y -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP193\A0019740.exe -> Spyware.Sahat.m -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP193\A0019752.dll -> Spyware.BargainBuddy.i -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP193\A0019754.exe -> Spyware.Wintol.y -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP193\A0019755.dll -> Spyware.Wintol.y -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP193\A0019756.exe -> Spyware.Sahat.m -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP193\A0019757.dll -> Spyware.BargainBuddy.n -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP193\A0019758.dll -> Spyware.Sahat.l -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP193\A0019759.exe -> Spyware.Sahat.o -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP193\A0019763.exe -> Spyware.UrlSpy.a -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP193\A0019766.exe -> Spyware.UrlSpy -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP193\A0019771.exe -> Spyware.BargianBuddy.n -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP193\A0019772.srg -> Spyware.BargianBuddy.n -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP193\A0019773.exe -> Trojan.Agent.cp -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP193\A0019774.exe -> Spyware.BargainBuddy.q -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP193\A0019775.vxd -> Spyware.BargainBuddy.q -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP193\A0019776.exe -> Spyware.Bargainbuddy -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP193\A0019777.exe -> Spyware.Bargainbuddy -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP193\A0019778.exe -> Spyware.BargainBuddy -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP193\A0019792.exe -> Trojan.VB.ux -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP193\A0019805.exe -> Trojan.Agent.cp -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP193\A0019811.exe -> Spyware.BargianBuddy.n -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP193\A0019812.srg -> Spyware.BargianBuddy.n -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP193\A0019813.exe -> Spyware.BargainBuddy.q -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP193\A0019815.vxd -> Spyware.BargainBuddy.q -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP193\A0019817.exe -> Spyware.Bargainbuddy -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP193\A0019818.exe -> Spyware.Bargainbuddy -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP193\A0019819.exe -> Spyware.BargainBuddy -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP193\A0020804.exe -> Trojan.Agent.cp -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP193\A0020805.exe -> Spyware.BargianBuddy.n -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP193\A0020808.srg -> Spyware.BargianBuddy.n -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP193\A0020809.exe -> Spyware.BargainBuddy.q -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP193\A0020810.vxd -> Spyware.BargainBuddy.q -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP193\A0020812.exe -> Spyware.Bargainbuddy -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP193\A0020814.exe -> Spyware.Bargainbuddy -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP193\A0020817.exe -> Spyware.BargainBuddy -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP193\A0021801.exe -> TrojanDownloader.Wintool.e -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP193\A0021805.exe -> Spyware.WebSearch.af -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP193\A0021806.exe -> Spyware.BargianBuddy.n -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP193\A0021807.srg -> Spyware.BargianBuddy.n -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP193\A0021808.exe -> Trojan.Agent.cp -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP193\A0021809.exe -> Spyware.BargainBuddy.q -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP193\A0021810.vxd -> Spyware.BargainBuddy.q -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP193\A0021811.exe -> Spyware.Bargainbuddy -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP193\A0021812.exe -> Spyware.Bargainbuddy -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP193\A0021813.exe -> Spyware.BargainBuddy -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP193\A0021814.exe -> Spyware.Wintol.y -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP193\A0021825.exe -> Spyware.WebRebates.d -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP193\A0021826.exe -> Spyware.WebRebates.d -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP193\A0021827.exe -> Spyware.WebRebates.c -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP193\A0021831.exe -> Spyware.Sahat.o -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP193\A0021832.exe -> Spyware.Sahat.o -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP193\A0021835.exe -> Spyware.Websearch -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP193\A0021836.exe -> Spyware.IBIS -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP193\A0021837.exe -> Spyware.WebSearch.ad -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP193\A0021838.dll -> Spyware.WebSearch.ae -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP193\A0021848.exe -> TrojanDownloader.Wintool.f -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP193\A0021849.dll -> Spyware.Wintol.y -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP193\A0021856.dll -> Spyware.Sahat.l -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP193\A0021857.exe -> Spyware.Sahat.o -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP193\A0021858.dll -> Spyware.Toolbar -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP193\A0021859.exe -> Spyware.WebSearch.af -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP193\A0021860.exe -> Spyware.Wintol.y -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP193\A0021864.exe -> Trojan.Agent.cp -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP193\A0021865.exe -> Spyware.BargianBuddy.n -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP193\A0021866.srg -> Spyware.BargianBuddy.n -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP193\A0021868.exe -> Spyware.BargainBuddy.q -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP193\A0021869.vxd -> Spyware.BargainBuddy.q -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP193\A0021871.exe -> Spyware.Bargainbuddy -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP193\A0021873.exe -> Spyware.Bargainbuddy -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP193\A0021874.exe -> Spyware.BargainBuddy -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP193\snapshot\MFEX-4.DAT -> Spyware.Wintol.y -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP193\snapshot\MFEX-5.DAT -> Spyware.Wintol.y -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP196\A0022101.dll -> Spyware.ImiBar.d -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP196\A0022103.exe -> Trojan.Agent.cp -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP196\A0022132.exe -> Spyware.BargianBuddy.n -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP196\A0022133.srg -> Spyware.BargianBuddy.n -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP196\A0022134.exe -> Trojan.Agent.cp -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP196\A0022135.exe -> Spyware.BargainBuddy.q -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP196\A0022136.vxd -> Spyware.BargainBuddy.q -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP196\A0022137.exe -> Spyware.Bargainbuddy -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP196\A0022138.exe -> Spyware.Bargainbuddy -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP196\A0022139.exe -> Spyware.BargainBuddy -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP198\A0022163.dll -> Spyware.BetterInternet -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP198\A0022167.exe -> Spyware.WinAD.am -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP198\A0023106.exe -> TrojanDownloader.Small.aly -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP198\A0023108.exe -> Spyware.WinAD -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP198\A0023109.exe -> Spyware.Searcher.h -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP198\A0023112.exe -> Trojan.Agent.ay -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP198\A0023113.dll -> Spyware.Small.ez -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP198\A0023114.dll -> Spyware.DlMax.a -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP198\A0023115.dll -> Spyware.BookedSpace -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP198\A0023116.dll -> Spyware.Delf.r -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP198\A0023117.dll -> Spyware.Beginto.c -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP198\A0023122.exe -> Spyware.BargianBuddy.n -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP198\A0023123.srg -> Spyware.BargianBuddy.n -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP198\A0023124.exe -> Spyware.BargainBuddy.q -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP198\A0023125.vxd -> Spyware.BargainBuddy.q -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP198\A0023126.exe -> Spyware.Bargainbuddy -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP198\A0023127.exe -> Spyware.Bargainbuddy -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP198\A0023128.exe -> Spyware.BargainBuddy -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP199\A0023132.exe -> Trojan.Agent.cp -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0023229.exe -> Trojan.Agent.cp -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0023236.exe -> Trojan.Agent.cp -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0023237.exe -> Spyware.BargianBuddy.n -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0023238.srg -> Spyware.BargianBuddy.n -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0023240.exe -> Spyware.BargainBuddy.q -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0023243.vxd -> Spyware.BargainBuddy.q -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0023244.exe -> Spyware.Bargainbuddy -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0023246.exe -> Spyware.Bargainbuddy -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0023247.exe -> Spyware.BargainBuddy -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0023252.exe -> Trojan.Stervis.b -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0023254.exe -> Trojan.Nail -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0023258.dll -> Trojan.Agent.db -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0023265.exe -> Spyware.BargianBuddy.n -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0023267.srg -> Spyware.BargianBuddy.n -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0023268.exe -> Spyware.BargainBuddy.q -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0023269.vxd -> Spyware.BargainBuddy.q -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0023271.exe -> Spyware.Bargainbuddy -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0023272.exe -> Trojan.Agent.cp -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0023273.exe -> Spyware.Bargainbuddy -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0023275.exe -> Spyware.BargainBuddy -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0023279.exe -> Spyware.Sahat.m -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0023287.exe -> Trojan.Stervis.b -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0023295.exe -> Spyware.BargianBuddy.n -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0023296.srg -> Spyware.BargianBuddy.n -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0023297.exe -> Spyware.BargainBuddy.q -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0023298.exe -> Trojan.Agent.cp -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0023299.vxd -> Spyware.BargainBuddy.q -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0023300.exe -> Spyware.Bargainbuddy -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0023301.exe -> Spyware.Bargainbuddy -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0023302.exe -> Spyware.BargainBuddy -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0023317.exe -> Trojan.Agent.cp -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0023318.exe -> Spyware.BargianBuddy.n -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0023319.srg -> Spyware.BargianBuddy.n -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0023320.exe -> Spyware.BargainBuddy.q -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0023321.vxd -> Spyware.BargainBuddy.q -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0023322.exe -> Spyware.Bargainbuddy -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0023323.exe -> Spyware.Bargainbuddy -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0023324.exe -> Spyware.BargainBuddy -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0023339.exe -> Spyware.Sahat.o -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0023340.exe -> Spyware.Sahat.o -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0023344.dll -> Spyware.Sahat.l -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0023345.exe -> Spyware.Sahat.o -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0023350.exe -> Spyware.BargianBuddy.n -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0023351.srg -> Spyware.BargianBuddy.n -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0023352.exe -> Spyware.BargainBuddy.q -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0023354.vxd -> Spyware.BargainBuddy.q -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0023355.exe -> Spyware.Bargainbuddy -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0023356.exe -> Spyware.Bargainbuddy -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0023358.exe -> Trojan.Agent.cp -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0023359.exe -> Spyware.BargainBuddy -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0023366.exe -> Spyware.BetterInternet -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0023368.dll -> Spyware.VirtualBouncer.g -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0023369.dll -> Spyware.VirtualBouncer.g -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0023370.dll -> Spyware.VirtualBouncer.g -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0023371.dll -> Spyware.VirtualBouncer.g -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0023372.exe -> Spyware.BargainBuddy -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0023373.exe -> Spyware.BargainBuddy.n -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0023376.exe -> Spyware.ConsCorr -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0023378.exe -> TrojanDownloader.Intexp.c -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0023381.exe -> Spyware.180solutions -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0023382.dll -> Spyware.Apropos.f -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0023387.dll -> Spyware.PeopleOnPage -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0023390.dll -> Spyware.WinAD.ag -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0023395.srg -> Spyware.BargianBuddy.n -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0023396.exe -> Spyware.Bargainbuddy -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0023397.exe -> Trojan.Agent.cp -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0023422.exe -> Spyware.BargianBuddy.n -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0023423.srg -> Spyware.BargianBuddy.n -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0023424.exe -> Spyware.BargainBuddy.q -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0023425.vxd -> Spyware.BargainBuddy.q -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0023426.exe -> Spyware.Bargainbuddy -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0023427.exe -> Spyware.Bargainbuddy -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0023428.exe -> Trojan.Agent.cp -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0023429.exe -> Spyware.BargainBuddy -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0023433.exe -> Spyware.Sahat.m -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0023444.exe -> Trojan.Stervis.b -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0023446.exe -> Trojan.StealthDown -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0023447.exe -> Trojan.StealthDown -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0023448.exe -> Trojan.StealthDown -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0023449.exe -> Trojan.Nail -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0023450.exe -> Trojan.StealthDown -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0023451.exe -> Trojan.StealthDown -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0023453.exe -> Trojan.StealthDown -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0023454.exe -> Trojan.StealthDown -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0023455.exe -> Trojan.StealthDown -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0023456.exe -> Trojan.StealthDown -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0023457.exe -> Trojan.StealthDown -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0023458.exe -> Trojan.StealthDown -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0023459.exe -> Trojan.StealthDown -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0023460.exe -> Trojan.StealthDown -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0023461.exe -> Trojan.StealthDown -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0023462.exe -> Trojan.StealthDown -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0023463.exe -> Trojan.StealthDown -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0023464.exe -> Trojan.StealthDown -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0023465.exe -> Trojan.StealthDown -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0023466.exe -> Trojan.StealthDown -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0023467.exe -> Spyware.BetterInternet -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0024415.exe -> Spyware.Sahat.m -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0024421.exe -> Spyware.BargianBuddy.n -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0024422.srg -> Spyware.BargianBuddy.n -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0024423.exe -> Spyware.BargainBuddy.q -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0024424.vxd -> Spyware.BargainBuddy.q -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0024425.exe -> Spyware.Bargainbuddy -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0024426.exe -> Spyware.Bargainbuddy -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0024428.exe -> Spyware.BargainBuddy -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0024431.exe -> Trojan.Agent.cp -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0024445.exe -> Trojan.Stervis.c -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0024446.exe -> Trojan.Nail -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP202\A0024451.exe -> TrojanDownloader.Agent.lg -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP203\A0024467.exe -> Spyware.BetterInternet -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP203\A0024468.exe -> Spyware.BetterInternet -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP203\A0024471.exe -> Spyware.Sahat.o -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP203\A0024472.dll -> Spyware.Sahat.l -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP203\A0024473.exe -> Spyware.Sahat.o -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP203\A0024474.exe -> Spyware.Sahat.o -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP203\A0024475.exe -> Spyware.Sahat.o -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP203\A0024478.exe -> Spyware.180solutions -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP203\A0024479.dll -> Spyware.180solutions -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP203\A0024480.exe -> Spyware.180Solutions.e -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP203\A0024484.exe -> Spyware.SafeSurfing.d -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP203\A0024485.dll -> Spyware.Sahat.l -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP203\A0024486.exe -> Spyware.Sahat.o -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP203\A0024492.exe -> Spyware.BargianBuddy.n -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP203\A0024493.srg -> Spyware.BargianBuddy.n -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP203\A0024494.exe -> Spyware.BargainBuddy.q -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP203\A0024495.vxd -> Spyware.BargainBuddy.q -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP203\A0024496.exe -> Spyware.Bargainbuddy -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP203\A0024498.exe -> Spyware.Bargainbuddy -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP203\A0024499.exe -> Spyware.BargainBuddy -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP203\A0024502.exe -> Trojan.Agent.cp -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP203\A0024516.exe -> Spyware.BetterInternet -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP203\A0024517.exe -> Spyware.BetterInternet -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP203\snapshot\MFEX-3.DAT -> Spyware.SafeSurfing.d -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP204\A0024525.vxd -> Spyware.MediaPass -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP204\A0024526.dll -> TrojanDownloader.Dyfuca -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP204\A0024527.vxd -> Spyware.BargainBuddy.q -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP204\A0024528.exe -> Spyware.Bargainbuddy -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP204\A0024529.exe -> Spyware.BargainBuddy -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP204\A0024530.exe -> Spyware.Bargainbuddy -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP204\A0024531.exe -> Spyware.BargainBuddy.q -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP204\A0024532.exe -> Spyware.BargainBuddy.n -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP204\A0024533.exe -> Spyware.BargainBuddy -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP204\A0024534.dll -> Spyware.CoolBar.a -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP204\A0024537.exe -> Trojan.Agent.cp -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP204\A0024544.exe -> TrojanDownloader.Agent.nj -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP204\A0024554.exe -> Trojan.Agent.cp -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP204\A0024555.exe -> TrojanSpy.Agent.dq -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP204\A0024556.exe -> Trojan.Stervis.c -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP204\A0024557.exe -> Trojan.Nail -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP204\A0025547.exe -> Trojan.Agent.cp -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP204\A0025555.exe -> Spyware.BetterInternet -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP205\A0025559.exe -> Spyware.BargianBuddy.n -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP206\A0025563.exe -> Trojan.Agent.cp -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP206\A0025571.exe -> Trojan.Agent.cp -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP209\A0026573.exe -> Trojan.Agent.cp -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP209\A0027573.exe -> Trojan.Agent.cp -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP209\A0028573.exe -> Trojan.Agent.cp -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP209\A0029579.exe -> Trojan.Agent.cp -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP209\A0030580.exe -> Trojan.Agent.cp -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP209\A0031580.exe -> Trojan.Agent.cp -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP210\A0031596.exe -> Trojan.Agent.cp -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP211\A0031610.exe -> Trojan.Agent.cp -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP211\A0031616.exe -> Trojan.Agent.cp -> Cleaned with backup
Bump
« Last Edit: June 07, 2005, 06:20:08 PM by murphrey2001 »
Logged

Offline Marcia

  • Jr. Member
  • **
  • Posts: 56
  • Karma: +0/-0
    • View Profile
    • http://
Unwanted websites when going online
« Reply #10 on: June 07, 2005, 06:21:07 PM »
here's the last of the ewido report

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP211\A0031637.exe -> Trojan.Agent.cp -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP211\A0031651.exe -> Trojan.Agent.cp -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP211\A0031659.dll -> Spyware.DlMax.a -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP211\A0031671.exe -> Trojan.Agent.cp -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP211\A0031678.exe -> Backdoor.Ruledor.f -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP211\A0031689.exe -> Trojan.Agent.cp -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP211\A0031692.exe -> TrojanDownloader.Delf.ky -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP211\A0031699.exe -> Trojan.Agent.cp -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP211\A0031709.exe -> Trojan.Agent.cp -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP211\A0031717.exe -> Trojan.Agent.cp -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP211\A0031725.exe -> Trojan.Agent.cp -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP211\A0031762.exe -> Spyware.BetterInternet -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP211\A0031911.exe -> Trojan.StealthDown -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP211\A0031912.exe -> Trojan.Agent.cp -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP211\A0031915.dll -> Spyware.ImiBar.d -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP211\A0031916.exe -> Trojan.Imiserv.c -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP211\A0031918.exe -> TrojanDownloader.Agent.mw -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP211\A0031919.exe -> Trojan.Elzio -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP211\A0031920.exe -> TrojanDownloader.Agent.lg -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP211\A0031922.dll -> Spyware.EliteBar.z -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP211\A0031923.dll -> Spyware.EliteBar.af -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP211\A0031929.exe -> Trojan.Agent.cp -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP211\A0031936.exe -> Trojan.Agent.cp -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP211\A0031944.exe -> Trojan.Agent.cp -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP211\A0031947.exe -> Trojan.Pakes -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP211\A0031949.dll -> Trojan.Pakes -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP211\A0031951.dll -> Trojan.Pakes -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP211\A0031952.exe -> Trojan.Pakes -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP211\A0031960.exe -> Trojan.Agent.cp -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP211\A0031961.exe -> Trojan.Agent.cp -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP211\A0031966.exe -> Trojan.Nail -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP211\A0031967.exe -> Trojan.Stervis.c -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP211\A0031968.dll -> Trojan.Agent.db -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP211\A0031969.exe -> Spyware.Hijacker.Generic -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP211\A0031970.exe -> Spyware.Hijacker.Generic -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP211\A0031971.exe -> Spyware.Hijacker.Generic -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP211\A0031972.exe -> Spyware.Hijacker.Generic -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP211\A0031973.exe -> Spyware.Hijacker.Generic -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP211\A0031974.exe -> Spyware.Hijacker.Generic -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP211\A0031975.exe -> Spyware.Hijacker.Generic -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP211\A0031980.dll -> Spyware.BetterInternet -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP211\A0032041.exe -> Spyware.MSWSearch -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP211\A0032042.dll -> Spyware.Wheaterbug.a -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP211\A0032043.exe -> TrojanDownloader.VB.eu -> Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP211\A0032044.exe -> TrojanSpy.Agent.dq -> Cleaned with backup
   C:\WINDOWS\auosdfwa.exe -> Spyware.BookedSpace.e -> Cleaned with backup
   C:\WINDOWS\autoheal.exe -> Spyware.BargainBuddy.n -> Cleaned with backup
   C:\WINDOWS\Downloaded Program Files\abasa5jrp_.exe -> Spyware.Sahat.o -> Cleaned with backup
   C:\WINDOWS\Downloaded Program Files\lkir8l2gm_.dll -> Spyware.Sahat.l -> Cleaned with backup
   C:\WINDOWS\gsehctjpc.exe -> Spyware.BetterInternet -> Cleaned with backup
   C:\WINDOWS\Pynix.dll -> Spyware.DlMax.a -> Cleaned with backup


::Report End
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Unwanted websites when going online
« Reply #11 on: June 07, 2005, 09:56:08 PM »
Many of those bad files are in your System Restore folder
We'll deal with them later

Can you do the following please
One more round of cleanup, then we'll do some preventive measures

Your versions of Ad-Aware and Spybot are out of date
Can you download the newest versions please

Follow these steps
Open Spybot
Click on RECOVERY
Select all objects and Purge selected objects
Click on the Immunize button
OK it and then click UNDO at the top
Also uncheck Enable permanent blocking of bad addresses in IE
Close out Spybot

Afterwards,
can you enter your Add/Remove programs via Control panel and Remove first
Ad-Aware
then remove Spybot 1.3

Restart your computer

Come back here
Download and Install the free version of Ad-Aware SE Personal 1.06
Open Ad-Aware, ensure to click the  check for updates now link and Connect to download the latest updates
Perform a Full system scan
When it's finished scanning
At this point you should either right click on the screen and and choose the "Select All" Objects option or individually put a checkmark in each objects checkbox
click on the Next button. Ad-Aware SE will now present you with a confirmation box as to whether or not you would like to remove the objects you have just selected. Press the "OK" button

RESTART your computer to finish the cleaning process

Back in Windows

You can download Spybot 1.4 from either of these links
Click HERE or HERE

After installation it may be best to restart the computer again
While installing I would allow to enable permanent blocking of bad address with SDHelper
Run a scan but first do the following
Click the UPDATE button on the left
SEARCH FOR UPDATES on the right
Check, and download all updates
Click the Search & Destroy button on the left
Check for Problems---When the Scan is complete
FIX all selected promblems in RED

RESTART the computer to finish the cleaning process
When installing Spybot
If you didn't choose to Immunize while installing
Ensure you do it now
Click the Immunize button>>OK>>Immunize at the top
Do this after every update

Let me know how everythings running afterwards

Also, post back one last hijackthis log
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Marcia

  • Jr. Member
  • **
  • Posts: 56
  • Karma: +0/-0
    • View Profile
    • http://
Unwanted websites when going online
« Reply #12 on: June 08, 2005, 07:14:01 PM »
Logfile of HijackThis v1.99.1
Scan saved at 8:05:50 PM, on 6/8/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\McAfee\McAfee VirusScan\VSStat.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell TrueMobile 1150\Client Manager\CmDEL.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\HiJackThis 1.99.1\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;http://localhost
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_0.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_0.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKLM\..\Run: [VirusScanMSC] "C:\Program Files\McAfee\McAfee VirusScan\VSStat.exe" /EMBEDDING
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: TrueMobile 1150 Client Manager.lnk = C:\Program Files\Dell TrueMobile 1150\Client Manager\CmDEL.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1113595546275
O23 - Service: AVSync Manager (AvSynMgr) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: WinPPPoverEthernet - Unknown owner - C:\Program Files\Verizon Online\WinPoET\WrOS.EXE (file missing)
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Unwanted websites when going online
« Reply #13 on: June 08, 2005, 07:23:53 PM »
I'll assume everything is running better?

If everything is running better

You should disable system restore---restart your computer--enable system restore
This will clear all your restore points and ensure you don't restore any nasties
Once reenabled it will create a fresh restore point
How to Disable and Re-enable System Restore feature

Once back in Windows and System Restore is reenabled

You should set up protection against future attacks

SpywareBlaster 3.4 by JavaCool
*Will block bad ActiveX Controls
*Block Malevolent cookies in Internet Explorer and Firefox
*Restrict actions of potentially dangerous sites in Internet Explorer
After installation, Check for updates and then click the "Enable all protection"

IE-Spyad---IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
Here is a tutorial and download link
TUTORIAL==Link to Tutorial
Download link

With both, Check for updates every couple of weeks
Keep the link to IE-Spyad bookmarked so you can check for updates
SpywareBlaster, after every update just simply click the "enable all protection"

You should consider updating to Windows Service pack 2
to help keep your system secure
and then stay up to date on all Latest Critical(High priority) updates afterwards
Please read this
http://www.microsoft.com/windowsxp/sp2/default.mspx
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Marcia

  • Jr. Member
  • **
  • Posts: 56
  • Karma: +0/-0
    • View Profile
    • http://
Unwanted websites when going online
« Reply #14 on: June 09, 2005, 05:55:57 AM »
Thanks a million questolo...it took a little time but everything seems to be working alright now.  I also ran some of the update versions of adaware and spybot on my own laptop and found problems.  Now I know to regularly run these programs and I will be downloading SP2 today.  Once again.....thank you, thank you, thank you http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Unwanted websites when going online
« Reply #15 on: June 09, 2005, 10:03:43 PM »
Glad to help
I'll lock this topic as your problems appear resolved
If you need it reopened, please PM myself or the site Admin and supply a link to this thread

Stay safe  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' />
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Pages: [1]
« previous next »