computer lagging badly

  1. 07-02-2006  #1
    shorty1_wt
    shorty1_wt is offline Newbie

    computer lagging badly

    #1 Old Yesterday, 08:19 PM
    Edit Add to shorty1_wt's Reputation
    Options

    let me start by saying Hello to everyone.


    I use Mozilla Firefox, sometimes when I use my dial-up connection the computer lags horribly, after connecting I try to open my browser (this occurs only AFTER connecting though) and the computer sits there like its not responding, I hit ctrl alt del, and still nothing, generally about 20 minutes after I connect the browser finally pops up, along with anything else I have tried to open.

    I have run ad-aware, hijack this, and AVG free, but none of them seem to do any good, as a matter of fact, ad-aware and avg havent found anything in about 2 months, other than a few cookies and the file usage log (I guess thats what it's for)

    I am hoping someone can see a problem in this log




    here is my hijack this log

    Logfile of HijackThis v1.99.1
    Scan saved at 5:40:59 PM, on 2/6/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 9.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\MYWEBS~1\bar\4.bin\mwsoemon.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\SYSTEM32\notepad.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\SYSTEM32\notepad.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
    O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: RefresherBand Class - {B24BA06E-FB7B-4757-95C2-DC01125F750E} - C:\PROGRA~1\YREFRE~1\YREFRE~1.DLL
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 9.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe -b
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://jcs.chat.dcn.yahoo.com/v45/yacscom.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8910B7F3-E57C-4DE3-90BD-6E90D90B0F61}: NameServer = 216.226.19.11 216.226.19.12
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    Last edited by shorty1_wt; 07-02-2006 at 07:57 AM.
  2. 07-02-2006  #2
    Neal
    Neal is offline Dedicated Member
    Welcome to DAL,


    Go into add/remove program and remove if present: mywebsearch

    ---------------------------------------------------------------------------------------------------
    This line below:
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

    Have you turned off any malware related items if so we need to see those items
    -----------------------------------------------------------------------------------------------------

    Download Clean.bat to your desktop(Save page as or Save as): for later use to clean out your TEMPORARY and PREFETCH files.
    http://www.thatcomputerguy.us/downloads/clean.bat


    Download CCleaner from here:
    http://www.majorgeeks.com/download4191.html
    or here:
    http://www.filehippo.com/download_ccleaner.html

    don't run the tool just yet please.
    Install it. The windows tab should be opened in the upper left of the program. Click analyze and then click run cleaner. Just use the windows tab that is up front by default.

    1.Uncheck "Cookies" under "Internet Explorer".

    2.If you are running Firefox: ,then click on the "Applications" tab and uncheck "Cookies" under "Firefox".


    Run hijackthis and click on scan button and put a check next to this:

    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)

    O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)


    Nothing open but hijackthis and click on fix checked.


    Now reboot into safe mode by tapping your F8 key upon restart and safe mode screen appears, select safe mode and press enter.


    Hunt for and delete if present:

    C:\Program Files\MywebSearch < folder


    Now while in safe mode run CCleaner useing the windows tab only please.


    Now run that clean batch file you created earlier, type in 'Y' a couple of times and press enter at the prompts.


    Reboot


    Make sure you are set to normal startup. Click Start -> Run -> Type Msconfig -> Press Enter -> make sure Startup is set to Normal Start


    Post a new HJT log for further review
  3. 10-02-2006  #3
    shorty1_wt
    shorty1_wt is offline Newbie
    sorry this took so long, I have been very busy lately, still having same problem after following your instructions, im starting to wondering if it could be an irq conflict somewhere seeing how it only happens when I am connected to the internet, but that wouldn't explain why it only occurs most of the time but not always.

    Logfile of HijackThis v1.99.1
    Scan saved at 3:59:48 PM, on 2/10/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 9.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\HijackThis\HijackThis.exe

    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: RefresherBand Class - {B24BA06E-FB7B-4757-95C2-DC01125F750E} - C:\PROGRA~1\YREFRE~1\YREFRE~1.DLL
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 9.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - Startup: MyWebSearch Email Plugin.lnk = ?
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://jcs.chat.dcn.yahoo.com/v45/yacscom.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8910B7F3-E57C-4DE3-90BD-6E90D90B0F61}: NameServer = 216.226.19.11 216.226.19.12
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
  4. 10-02-2006  #4
    Neal
    Neal is offline Dedicated Member
    Hi,


    Please download, install, and update the NEW free version of Ewido trojan scanner:
    [*]When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
    [*]When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
    [*]From the main ewido screen, click on update in the left menu, then click the Start update button.
    [*]After the update finishes (the status bar at the bottom will display "Update successful")
    [*]Click on the Scanner button in the left menu, then click on Complete System Scan. This scan can take quite a while to run.
    [*]If ewido finds anything, it will pop up a notification. We have been finding some cases of false positives with the new version of Ewido, so we need to step through the fixes one-by-one. If Ewido finds something that you KNOW is legitimate (for example, parts of AVG Antivirus, pcAnywhere and the game "Risk" have been flagged), select "none" as the action. DO NOT check "Perform action with all infections". If you are unsure of an entry, select "none" for the time being. I'll see that in the log you will post later and let you know if ewido needs to be run again.
    [*]When the scan finishes, click on "Save Report". This will create a text file. Make sure you know where to find this file again.

    Post the log Ewido makes back here and a new hijackthis log please.
  5. 11-02-2006  #5
    shorty1_wt
    shorty1_wt is offline Newbie
    here's the log files you requested
    thanks again for all your help.
    ---------------------------------------------------------
    ewido anti-malware - Scan report
    ---------------------------------------------------------

    + Created on: 1:17:22 PM, 2/11/2006
    + Report-Checksum: BC9F3915

    + Scan result:

    :mozilla.26:C:\Documents and Settings\Janice\Application Data\Mozilla\Firefox\Profiles\835r8pn9.default\coo kies.txt -> TrackingCookie.Atdmt : Ignored
    :mozilla.64:C:\Documents and Settings\Janice\Application Data\Mozilla\Firefox\Profiles\835r8pn9.default\coo kies.txt -> TrackingCookie.Overture : Ignored
    :mozilla.65:C:\Documents and Settings\Janice\Application Data\Mozilla\Firefox\Profiles\835r8pn9.default\coo kies.txt -> TrackingCookie.Overture : Ignored
    :mozilla.74:C:\Documents and Settings\Janice\Application Data\Mozilla\Firefox\Profiles\835r8pn9.default\coo kies.txt -> TrackingCookie.Questionmarket : Ignored
    :mozilla.83:C:\Documents and Settings\Janice\Application Data\Mozilla\Firefox\Profiles\835r8pn9.default\coo kies.txt -> TrackingCookie.2o7 : Ignored
    :mozilla.80:C:\Documents and Settings\Janice\Application Data\Mozilla\Firefox\Profiles\835r8pn9.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    C:\System Volume Information\_restore{8A67BDEA-BD1B-49A3-921E-2B8A035D62F0}\RP295\A0029827.scr -> Downloader.Agent.a : Cleaned with backup
    C:\System Volume Information\_restore{8A67BDEA-BD1B-49A3-921E-2B8A035D62F0}\RP295\A0029828.dll -> Downloader.Lemmy.q : Cleaned with backup
    C:\System Volume Information\_restore{8A67BDEA-BD1B-49A3-921E-2B8A035D62F0}\RP295\A0029829.exe -> Downloader.IstBar.cl : Cleaned with backup
    C:\System Volume Information\_restore{8A67BDEA-BD1B-49A3-921E-2B8A035D62F0}\RP295\A0029830.dll -> Downloader.Lemmy.q : Cleaned with backup
    C:\System Volume Information\_restore{8A67BDEA-BD1B-49A3-921E-2B8A035D62F0}\RP295\A0029831.exe -> Downloader.IstBar.cl : Cleaned with backup
    C:\System Volume Information\_restore{8A67BDEA-BD1B-49A3-921E-2B8A035D62F0}\RP295\A0029832.exe -> Hijacker.VB.bt : Cleaned with backup
    C:\System Volume Information\_restore{8A67BDEA-BD1B-49A3-921E-2B8A035D62F0}\RP295\A0029833.dll -> Adware.Webdir : Cleaned with backup
    C:\William's Stuff\WILLIAMDISK (E)\zip and install\miclockers.zip/yaheek.dll -> Not-A-Virus.Monitor.Win32.Dafunk : Cleaned with backup


    ::Report End

    Logfile of HijackThis v1.99.1
    Scan saved at 1:26:59 PM, on 2/11/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\HijackThis\HijackThis.exe

    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: RefresherBand Class - {B24BA06E-FB7B-4757-95C2-DC01125F750E} - C:\PROGRA~1\YREFRE~1\YREFRE~1.DLL
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 9.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - Startup: MyWebSearch Email Plugin.lnk = ?
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://jcs.chat.dcn.yahoo.com/v45/yacscom.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
  6. 11-02-2006  #6
    Neal
    Neal is offline Dedicated Member
    Looks like Ewido found some bad boys. Any different/


    Run hijackthis, click scan button and put a check next to this:

    O4 - Startup: MyWebSearch Email Plugin.lnk = ?


    Nothing open and click fix checked.



    * Download Find it
    * Unzip the contents of finditnt2000xp.zip to a convenient location.
    * Navigate to the Find It NT-2K-XP folder and double-click on find.bat.
    * A command prompt will open and it will search your computer for malicious files.
    * Once it has finished a Notepad window will pop up with output.txt.
    * Copy the entire contents of output.txt into your next post.
    * DON'T delete/modify any files yet


    Please download SilentRunners from here:
    http://www.silentrunners.org/Silent%20Runners.zip
    Unzip it to the desktop and double-click on it. If you get any kind of warning message about scripts, please choose to allow the script to run. When the scan is finished, a message will pop up and a logfile will have been created on the desktop. Please post the entire contents of this logfile for me to see.
  7. 12-02-2006  #7
    shorty1_wt
    shorty1_wt is offline Newbie
    Warning! This utility will find legitimate files in addition to malware.
    Do not remove anything unless you are sure you know what you're doing.

    Find.bat is running from: C:\Documents and Settings\Janice\Desktop\finditnt2000xp\Find It NT-2K-XP

    ------- System Files in System32 Directory -------

    Volume in drive C is HP_PAVILION
    Volume Serial Number is 5C97-B7C8

    Directory of C:\WINDOWS\System32

    01/11/2006 05:44 PM <DIR> dllcache
    01/17/2002 07:58 PM <DIR> Microsoft
    0 File(s) 0 bytes
    2 Dir(s) 11,154,227,200 bytes free

    ------- Hidden Files in System32 Directory -------

    Volume in drive C is HP_PAVILION
    Volume Serial Number is 5C97-B7C8

    Directory of C:\WINDOWS\System32

    01/11/2006 05:44 PM <DIR> dllcache
    10/11/2005 03:52 PM 8,628 ppainter.GID
    06/28/2005 08:58 AM 488 logonui.exe.manifest
    06/28/2005 08:58 AM 488 WindowsLogon.manifest
    06/28/2005 08:58 AM 749 nwc.cpl.manifest
    06/28/2005 08:58 AM 749 sapi.cpl.manifest
    06/28/2005 08:58 AM 749 ncpa.cpl.manifest
    06/28/2005 08:58 AM 749 cdplayer.exe.manifest
    06/28/2005 08:58 AM 749 wuaucpl.cpl.manifest
    8 File(s) 13,349 bytes
    1 Dir(s) 11,154,223,104 bytes free

    ------------ Files Named "Guard" ---------------

    Volume in drive C is HP_PAVILION
    Volume Serial Number is 5C97-B7C8

    Directory of C:\WINDOWS\System32


    ------ Temp Files in System32 Directory ------

    Volume in drive C is HP_PAVILION
    Volume Serial Number is 5C97-B7C8

    Directory of C:\WINDOWS\System32

    03/31/2003 06:00 AM 2,577 CONFIG.TMP
    1 File(s) 2,577 bytes
    0 Dir(s) 11,154,210,816 bytes free

    ------------------ User Agent ----------------

    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Internet Settings\User Agent\Post Platform]
    "SV1"=""


    ------------- Keys Under Notify -------------

    REGEDIT4

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000000
    "DllName"=hex(2):63,72,79,70,74,33,32,2e,64,6c,6c, 00
    "Logoff"="ChainWlxLogoffEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000000
    "DllName"=hex(2):63,72,79,70,74,6e,65,74,2e,64,6c, 6c,00
    "Logoff"="CryptnetWlxLogoffEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    "DLLName"="cscdll.dll"
    "Logon"="WinlogonLogonEvent"
    "Logoff"="WinlogonLogoffEvent"
    "ScreenSaver"="WinlogonScreenSaverEvent"
    "Startup"="WinlogonStartupEvent"
    "Shutdown"="WinlogonShutdownEvent"
    "StartShell"="WinlogonStartShellEvent"
    "Impersonate"=dword:00000000
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    "DLLName"="wlnotify.dll"
    "Logon"="SCardStartCertProp"
    "Logoff"="SCardStopCertProp"
    "Lock"="SCardSuspendCertProp"
    "Unlock"="SCardResumeCertProp"
    "Enabled"=dword:00000001
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    "Asynchronous"=dword:00000000
    "DllName"=hex(2):77,6c,6e,6f,74,69,66,79,2e,64,6c, 6c,00
    "Impersonate"=dword:00000000
    "StartShell"="SchedStartShell"
    "Logoff"="SchedEventLogOff"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    "Logoff"="WLEventLogoff"
    "Impersonate"=dword:00000000
    "Asynchronous"=dword:00000001
    "DllName"=hex(2):73,63,6c,67,6e,74,66,79,2e,64,6c, 6c,00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    "DLLName"="WlNotify.dll"
    "Lock"="SensLockEvent"
    "Logon"="SensLogonEvent"
    "Logoff"="SensLogoffEvent"
    "Safe"=dword:00000001
    "MaxWait"=dword:00000258
    "StartScreenSaver"="SensStartScreenSaverEvent"
    "StopScreenSaver"="SensStopScreenSaverEvent"
    "Startup"="SensStartupEvent"
    "Shutdown"="SensShutdownEvent"
    "StartShell"="SensStartShellEvent"
    "PostShell"="SensPostShellEvent"
    "Disconnect"="SensDisconnectEvent"
    "Reconnect"="SensReconnectEvent"
    "Unlock"="SensUnlockEvent"
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    "Asynchronous"=dword:00000000
    "DllName"=hex(2):77,6c,6e,6f,74,69,66,79,2e,64,6c, 6c,00
    "Impersonate"=dword:00000000
    "Logoff"="TSEventLogoff"
    "Logon"="TSEventLogon"
    "PostShell"="TSEventPostShell"
    "Shutdown"="TSEventShutdown"
    "StartShell"="TSEventStartShell"
    "Startup"="TSEventStartup"
    "MaxWait"=dword:00000258
    "Reconnect"="TSEventReconnect"
    "Disconnect"="TSEventDisconnect"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    "DLLName"="wlnotify.dll"
    "Logon"="RegisterTicketExpiredNotificationEven t"
    "Logoff"="UnregisterTicketExpiredNotificationEvent "
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001


    ------------- Locate.com Results -------------

    No matches found.

    -------- Strings.exe Qoologic Results --------


    --------- Strings.exe Aspack Results ---------

    C:\WINDOWS\SYSTEM32\MRT.exe: (ASPack)
    C:\WINDOWS\SYSTEM32\MRT.exe: (AsPack2k)
    C:\WINDOWS\SYSTEM32\MRT.exe: (ASPack 1.00b)
    C:\WINDOWS\SYSTEM32\MRT.exe: (ASPack 2.1)
    C:\WINDOWS\SYSTEM32\MRT.exe: (ASPack 2.12)
    C:\WINDOWS\SYSTEM32\MRT.exe: (ASPack 2.11)
    C:\WINDOWS\SYSTEM32\MRT.exe: (ASPack 2.000)
    C:\WINDOWS\SYSTEM32\MRT.exe: (ASPack 2.001)
    C:\WINDOWS\SYSTEM32\MRT.exe: (ASPack 2.11x)
    C:\WINDOWS\SYSTEM32\MRT.exe: ASPack2000
    C:\WINDOWS\SYSTEM32\MRT.exe: ASPack 1.61
    C:\WINDOWS\SYSTEM32\MRT.exe: ASPack 1.084
    C:\WINDOWS\SYSTEM32\MRT.exe: ASPack 1.083
    C:\WINDOWS\SYSTEM32\MRT.exe: ASPack 1.08.02b
    C:\WINDOWS\SYSTEM32\MRT.exe: ASPack 1.07b
    C:\WINDOWS\SYSTEM32\MRT.exe: ASPack 1.05b
    C:\WINDOWS\SYSTEM32\MRT.exe: ASPack 1.02
    C:\WINDOWS\SYSTEM32\MRT.exe: ASPACK
    C:\WINDOWS\SYSTEM32\MRT.exe: aspACK
    C:\WINDOWS\SYSTEM32\MRT.exe: aspACK
    C:\WINDOWS\SYSTEM32\MRT.exe: aspACK
    C:\WINDOWS\SYSTEM32\MRT.exe: aspACK
    C:\WINDOWS\SYSTEM32\MRT.exe: aspACK
    C:\WINDOWS\SYSTEM32\MRT.exe: aspACK
    C:\WINDOWS\SYSTEM32\MRT.exe: aspACK
    C:\WINDOWS\SYSTEM32\ntdll.dll: .aspack

    -------------- HKLM Run Key ----------------

    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
    "HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w 32x86\\3\\hpztsb09.exe"
    "HP Software Update"="\"C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd.exe\""
    "HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
    "DeviceDiscovery"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpotdd01.exe"
    "SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
    "KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72, 6f,6f,74,25,5c,73,79,73,74,\
    65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b ,00
    "Microsoft Works Update Detection"="C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe"
    "gcasServ"="\"C:\\Program Files\\Microsoft AntiSpyware\\gcasServ.exe\""
    "AVG7_EMC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgem c.exe"
    "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc. exe /STARTUP"


    

    "Silent Runners.vbs", revision 43, http://www.silentrunners.org/
    Operating System: Windows XP SP2
    Output limited to non-default values, except where indicated by "{++}"


    Startup items buried in registry:
    ---------------------------------

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run \ {++}
    "HPDJ Taskbar Utility" = "C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb 09.exe" ["HP"]
    "HP Software Update" = ""C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"" ["Hewlett-Packard"]
    "HP Component Manager" = ""C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"" ["Hewlett-Packard Company"]
    "DeviceDiscovery" = "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" ["Hewlett-Packard"]
    "SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" ["Sun Microsystems, Inc."]
    "KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k" [MS]
    "Microsoft Works Update Detection" = "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" ["Microsoft® Corporation"]
    "gcasServ" = ""C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"" [MS]
    "AVG7_EMC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" ["GRISOFT, s.r.o."]
    "AVG7_CC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
    {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}\(Default) = "UberButton Class" [from CLSID]
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Common\yiesrvc.dll" ["Yahoo!"]
    {65D886A2-7CA7-479B-BB95-14D1EFB7946A}\(Default) = "YahooTaggedBM Class" [from CLSID]
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Common\YIeTagBm.dll" ["Yahoo! Inc."]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = "SSVHelper Class" [from CLSID]
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]

    HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\
    "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
    -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
    "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
    "{e57ce731-33e8-4c51-8354-bb4de9d215d1}" = "Universal Plug and Play Devices"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\upnpui.dll" [MS]
    "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
    "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
    "{5464D816-CF16-4784-B9F3-75C0DB52B499}" = "Yahoo! Mail"
    -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi.dll" ["Yahoo! Inc."]
    "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
    "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
    "{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
    "{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellExecuteHooks\
    INFECTION WARNING! "{9EF34FF2-3396-4527-9D27-04C8C1C67806}" = "Microsoft AntiSpyware Service Hook"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft AntiSpyware\shellextension.dll" [MS]
    INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ewido anti-malware\shellhook.dll" ["TODO: <Firmenname>"]

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\
    "AppInit_DLLs" = (value not set)

    HKLM\Software\Classes\*\shellex\ContextMenuHandler s\
    AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
    ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ewido anti-malware\context.dll" ["ewido networks"]
    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
    Yahoo! Mail\(Default) = "{5464D816-CF16-4784-B9F3-75C0DB52B499}"
    -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi.dll" ["Yahoo! Inc."]

    HKLM\Software\Classes\Directory\shellex\ContextMen uHandlers\
    ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ewido anti-malware\context.dll" ["ewido networks"]
    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

    HKLM\Software\Classes\Folder\shellex\ContextMenuHa ndlers\
    AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


    Active Desktop and Wallpaper:
    -----------------------------

    Active Desktop is disabled at this entry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellState

    HKCU\Control Panel\Desktop\
    "Wallpaper" = "C:\Documents and Settings\Janice\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"


    Enabled Screen Saver:
    ---------------------

    HKCU\Control Panel\Desktop\
    "SCRNSAVE.EXE" = "C:\WINDOWS\System32\ssmypics.scr" [MS]


    Startup items in "Janice" & "All Users" startup folders:
    --------------------------------------------------------

    C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup
    "Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]


    Winsock2 Service Provider DLLs:
    -------------------------------

    Namespace Service Providers

    HKLM\System\CurrentControlSet\Services\Winsock2\Pa rameters\NameSpace_Catalog5\Catalog_Entries\ {++}
    000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
    000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
    000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
    000000000004\LibraryPath = "C:\WINDOWS\system32\pnrpnsp.dll" [MS]
    000000000005\LibraryPath = "C:\WINDOWS\system32\pnrpnsp.dll" [MS]

    Transport Service Providers

    HKLM\System\CurrentControlSet\Services\Winsock2\Pa rameters\Protocol_Catalog9\Catalog_Entries\ {++}
    0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
    %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 18
    %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


    Toolbars, Explorer Bars, Extensions:
    ------------------------------------

    Toolbars

    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
    "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = "Yahoo! Toolbar" [from CLSID]
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]

    "{B24BA06E-FB7B-4757-95C2-DC01125F750E}" = "RefresherBand Class" [from CLSID]
    -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\YREFRE~1\YREFRE~1.DLL" [empty string]

    HKLM\Software\Microsoft\Internet Explorer\Toolbar\
    "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = "Yahoo! Toolbar" [from CLSID]
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]

    "{B24BA06E-FB7B-4757-95C2-DC01125F750E}" = "0"
    -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\YREFRE~1\YREFRE~1.DLL" [empty string]

    Explorer Bars

    HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\
    {4528BBE0-4E08-11D5-AD55-00010333D0AD}\ = "&Yahoo! Messenger" [from CLSID]
    -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\yhexbmesus.dll" ["Yahoo! Inc."]

    HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
    {4528BBE0-4E08-11D5-AD55-00010333D0AD}\ = "&Yahoo! Messenger" [from CLSID]
    -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\yhexbmesus.dll" ["Yahoo! Inc."]

    Extensions (Tools menu items, main toolbar menu buttons)

    HKLM\Software\Microsoft\Internet Explorer\Extensions\
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
    "MenuText" = "Sun Java Console"
    "CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."]

    {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}\
    "ButtonText" = "Yahoo! Services"
    "CLSIDExtension" = "{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Common\yiesrvc.dll" ["Yahoo!"]

    {AC9E2541-2814-11D5-BC6D-00B0D0A1DE45}\
    "ButtonText" = "AIM"
    "Exec" = "C:\Program Files\AIM\aim.exe" ["America Online, Inc."]

    {FB5F1910-F110-11D2-BB9E-00C04F795683}\
    "ButtonText" = "Messenger"
    "MenuText" = "Windows Messenger"
    "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


    Running Services (Display Name, Service Name, Path {Service DLL}):
    ------------------------------------------------------------------

    AVG7 Alert Manager Server, Avg7Alrt, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe" ["GRISOFT, s.r.o."]
    AVG7 Update Service, Avg7UpdSvc, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe" ["GRISOFT, s.r.o."]
    ewido security suite control, ewido security suite control, "C:\Program Files\ewido anti-malware\ewidoctrl.exe" ["ewido networks"]
    IPv6 Helper Service, 6to4, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\6to4svc.dll" [MS]}
    RIP Listener, Iprip, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\iprip.dll" [MS]}
    Simple TCP/IP Services, SimpTcp, "C:\WINDOWS\System32\tcpsvcs.exe" [MS]
    Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS]


    Print Monitors:
    ---------------

    HKLM\System\CurrentControlSet\Control\Print\Monito rs\
    hpzsnt09\Driver = "hpzsnt09.dll" ["HP"]
    Microsoft Shared Fax Monitor\Driver = "FXSMON.DLL" [MS]


    ----------
    + This report excludes default entries except where indicated.
    + To see *everywhere* the script checks and *everything* it finds,
    launch it from a command prompt or a shortcut with the -all parameter.
    + The search for DESKTOP.INI DLL launch points on all local fixed drives
    took 168 seconds.
    + The search for all Registry CLSIDs containing dormant Explorer Bars
    took 23 seconds.
    ---------- (total run time: 244 seconds)
  8. 13-02-2006  #8
    Neal
    Neal is offline Dedicated Member
    Still not seeing anything.



    http://www.kaspersky.com/virusscanner

    Please do an online scan with Kaspersky WebScanner

    Click on Kaspersky Online Scanner

    You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

    * The program will launch and then begin downloading the latest definition files:
    * Once the files have been downloaded click on NEXT
    * Now click on Scan Settings
    * In the scan settings make sure that the following are selected:
    o Scan using the following Anti-Virus database:
    - Extended (if available otherwise Standard)
    o Scan Options:
    - Scan Archives
    - Scan Mail Bases
    * Click OK
    * Now under select a target to scan:
    o Select My Computer
    * This program will start and scan your system.
    * The scan will take a while so be patient and let it run.
    * Once the scan is complete it will display if your system has been infected.
    o Now click on the Save as Text button:
    * Save the file to your desktop.
    * Copy and paste that information in your next post.
  9. 14-02-2006  #9
    shorty1_wt
    shorty1_wt is offline Newbie
    -------------------------------------------------------------------------------
    KASPERSKY ON-LINE SCANNER REPORT
    Monday, February 13, 2006 8:50:44 PM
    Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
    Kaspersky On-line Scanner version: 5.0.78.0
    Kaspersky Anti-Virus database last update: 14/02/2006
    Kaspersky Anti-Virus database records: 176633
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    A:\
    C:\
    D:\

    Scan Statistics:
    Total number of scanned objects: 111606
    Number of viruses found: 28
    Number of infected objects: 143
    Number of suspicious objects: 18
    Duration of the scan process: 02:01:03

    Infected Object Name / Virus Name / Last Action
    C:\Documents and Settings\Janice\Desktop\New Folder\hijackthis_199\backups\backup-20060128-110944-497.dll Infected: not-a-virus:AdWare.Win32.MyWebSearch.l skipped
    C:\Old hard drive\games\janice\Application Data\Phoenix\Profiles\default\ixupsulw.slt\Cache\4 59347D2d01 Infected: Trojan-Downloader.JS.Small.af skipped
    C:\Old hard drive\My Documents\Data\all_files4.exe/data0003 Infected: Trojan-Downloader.Win32.Agent.ec skipped
    C:\Old hard drive\My Documents\Data\all_files4.exe/data0005 Infected: not-a-virus:AdWare.Win32.EZula skipped
    C:\Old hard drive\My Documents\Data\all_files4.exe/data0006 Infected: Trojan.Win32.SecondThought.h skipped
    C:\Old hard drive\My Documents\Data\all_files4.exe/data0007 Infected: Backdoor.Win32.Ruledor.c skipped
    C:\Old hard drive\My Documents\Data\all_files4.exe NSIS: infected - 4 skipped
    C:\Old hard drive\My Documents\Data\Data\all_files4.exe/data0003 Infected: Trojan-Downloader.Win32.Agent.ec skipped
    C:\Old hard drive\My Documents\Data\Data\all_files4.exe/data0005 Infected: not-a-virus:AdWare.Win32.EZula skipped
    C:\Old hard drive\My Documents\Data\Data\all_files4.exe/data0006 Infected: Trojan.Win32.SecondThought.h skipped
    C:\Old hard drive\My Documents\Data\Data\all_files4.exe/data0007 Infected: Backdoor.Win32.Ruledor.c skipped
    C:\Old hard drive\My Documents\Data\Data\all_files4.exe NSIS: infected - 4 skipped
    C:\Old hard drive\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
    C:\Old hard drive\WINDOWS\Profiles\janice\janice\Application Data\Phoenix\Profiles\default\ixupsulw.slt\Cache\4 59347D2d01 Infected: Trojan-Downloader.JS.Small.af skipped
    C:\Old hard drive\WINDOWS\Temporary Internet Files\Content.IE5\DC879PO9\CAQ3CLYN.htm Infected: Trojan-Downloader.JS.FlingStone skipped
    C:\Old hard drive\WINDOWS\Temporary Internet Files\Content.IE5\DC879PO9\loctest[1].hta Infected: Trojan-Dropper.VBS.Small.e skipped
    C:\Old hard drive\WINDOWS\Temporary Internet Files\Content.IE5\G9EJCLMJ\bridge[1].cab/bridge.dll Infected: Trojan-Spy.Win32.Briss.c skipped
    C:\Old hard drive\WINDOWS\Temporary Internet Files\Content.IE5\G9EJCLMJ\bridge[1].cab CAB: infected - 1 skipped
    C:\Old hard drive\WINDOWS\Temporary Internet Files\Content.IE5\IPYRSHEF\prompt[1].htm Infected: Trojan-Downloader.JS.FlingStone skipped
    C:\Old hard drive\WINDOWS\Temporary Internet Files\Content.IE5\Y1CF6XWL\CAQNWXMZ.htm Infected: Trojan-Downloader.JS.FlingStone skipped
    C:\Program Files\EarthLink 5.0\berleybarker@earthlink.net\mailbox\001.msf/[From shory1_wt <shory1_wt@yahoo.com>][Date Mon, 16 Jun 2003 16:00:46 -0700]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
    C:\Program Files\EarthLink 5.0\berleybarker@earthlink.net\mailbox\001.msf/[From shory1_wt <shory1_wt@yahoo.com>][Date Mon, 16 Jun 2003 16:00:46 -0700]/UNNAMED/opens, Infected: Email-Worm.Win32.Klez.h skipped
    C:\Program Files\EarthLink 5.0\berleybarker@earthlink.net\mailbox\001.msf/[From shory1_wt <shory1_wt@yahoo.com>][Date Mon, 16 Jun 2003 16:00:46 -0700]/UNNAMED Infected: Email-Worm.Win32.Klez.h skipped
    C:\Program Files\EarthLink 5.0\berleybarker@earthlink.net\mailbox\001.msf/[From postmaster <postmaster@earthlink.net>][Date Sat, 21 Jun 2003 16:57:16 -0700]/UNNAMED/online.bat Infected: Email-Worm.Win32.Klez.h skipped
    C:\Program Files\EarthLink 5.0\berleybarker@earthlink.net\mailbox\001.msf/[From postmaster <postmaster@earthlink.net>][Date Sat, 21 Jun 2003 16:57:16 -0700]/UNNAMED Infected: Email-Worm.Win32.Klez.h skipped
    C:\Program Files\EarthLink 5.0\berleybarker@earthlink.net\mailbox\001.msf/[From charmerboyjt <charmerboyjt@yahoo.com>][Date Thu, 26 Jun 2003 04:07:52 -0700]/UNNAMED/setup.exe Infected: Email-Worm.Win32.Klez.h skipped
    C:\Program Files\EarthLink 5.0\berleybarker@earthlink.net\mailbox\001.msf/[From charmerboyjt <charmerboyjt@yahoo.com>][Date Thu, 26 Jun 2003 04:07:52 -0700]/UNNAMED Infected: Email-Worm.Win32.Klez.h skipped
    C:\Program Files\EarthLink 5.0\berleybarker@earthlink.net\mailbox\001.msf/[From hillbilly_ok <hillbilly_ok@yahoo.com>][Date Mon, 30 Jun 2003 03:43:46 -0700]/UNNAMED/play.exe Infected: Email-Worm.Win32.Klez.h skipped
    C:\Program Files\EarthLink 5.0\berleybarker@earthlink.net\mailbox\001.msf/[From hillbilly_ok <hillbilly_ok@yahoo.com>][Date Mon, 30 Jun 2003 03:43:46 -0700]/UNNAMED Infected: Email-Worm.Win32.Klez.h skipped
    C:\Program Files\EarthLink 5.0\berleybarker@earthlink.net\mailbox\001.msf/[From snowangel_ok <snowangel_ok@yahoo.com>][Date Tue, 01 Jul 2003 03:04:58 -0700]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
    C:\Program Files\EarthLink 5.0\berleybarker@earthlink.net\mailbox\001.msf/[From snowangel_ok <snowangel_ok@yahoo.com>][Date Tue, 01 Jul 2003 03:04:58 -0700]/UNNAMED/ta.exe Infected: Email-Worm.Win32.Klez.h skipped
    C:\Program Files\EarthLink 5.0\berleybarker@earthlink.net\mailbox\001.msf/[From snowangel_ok <snowangel_ok@yahoo.com>][Date Tue, 01 Jul 2003 03:04:58 -0700]/UNNAMED Infected: Email-Worm.Win32.Klez.h skipped
    C:\Program Files\EarthLink 5.0\berleybarker@earthlink.net\mailbox\001.msf/[From dullnig <dullnig@onebox.com>][Date Wed, 02 Jul 2003 03:06:02 -0700]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
    C:\Program Files\EarthLink 5.0\berleybarker@earthlink.net\mailbox\001.msf/[From dullnig <dullnig@onebox.com>][Date Wed, 02 Jul 2003 03:06:02 -0700]/UNNAMED/online.exe Infected: Email-Worm.Win32.Klez.h skipped
    C:\Program Files\EarthLink 5.0\berleybarker@earthlink.net\mailbox\001.msf/[From dullnig <dullnig@onebox.com>][Date Wed, 02 Jul 2003 03:06:02 -0700]/UNNAMED Infected: Email-Worm.Win32.Klez.h skipped
    C:\Program Files\EarthLink 5.0\berleybarker@earthlink.net\mailbox\001.msf/[From snowangel_ok <snowangel_ok@yahoo.com>][Date Fri, 04 Jul 2003 03:46:08 -0700]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
    C:\Program Files\EarthLink 5.0\berleybarker@earthlink.net\mailbox\001.msf/[From snowangel_ok <snowangel_ok@yahoo.com>][Date Fri, 04 Jul 2003 03:46:08 -0700]/UNNAMED/ttmix.pif Infected: Email-Worm.Win32.Klez.h skipped
    C:\Program Files\EarthLink 5.0\berleybarker@earthlink.net\mailbox\001.msf/[From snowangel_ok <snowangel_ok@yahoo.com>][Date Fri, 04 Jul 2003 03:46:08 -0700]/UNNAMED Infected: Email-Worm.Win32.Klez.h skipped
    C:\Program Files\EarthLink 5.0\berleybarker@earthlink.net\mailbox\001.msf/[From snowangel_ok <snowangel_ok@yahoo.com>][Date Sat, 05 Jul 2003 06:43:33 -0700]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
    C:\Program Files\EarthLink 5.0\berleybarker@earthlink.net\mailbox\001.msf/[From snowangel_ok <snowangel_ok@yahoo.com>][Date Sat, 05 Jul 2003 06:43:33 -0700]/UNNAMED/2408862417[1].bat Infected: Email-Worm.Win32.Klez.h skipped
    C:\Program Files\EarthLink 5.0\berleybarker@earthlink.net\mailbox\001.msf/[From snowangel_ok <snowangel_ok@yahoo.com>][Date Sat, 05 Jul 2003 06:43:33 -0700]/UNNAMED Infected: Email-Worm.Win32.Klez.h skipped
    C:\Program Files\EarthLink 5.0\berleybarker@earthlink.net\mailbox\001.msf/[From postmaster <postmaster@earthlink.net>][Date Mon, 07 Jul 2003 03:14:27 -0700]/UNNAMED/width.bat Infected: Email-Worm.Win32.Klez.h skipped
    C:\Program Files\EarthLink 5.0\berleybarker@earthlink.net\mailbox\001.msf/[From postmaster <postmaster@earthlink.net>][Date Mon, 07 Jul 2003 03:14:27 -0700]/UNNAMED Infected: Email-Worm.Win32.Klez.h skipped
    C:\Program Files\EarthLink 5.0\berleybarker@earthlink.net\mailbox\001.msf/[From yourcandleconnection123 <yourcandleconnection123@yahoo.com>][Date Wed, 09 Jul 2003 10:58:38 -0700]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
    C:\Program Files\EarthLink 5.0\berleybarker@earthlink.net\mailbox\001.msf/[From yourcandleconnection123 <yourcandleconnection123@yahoo.com>][Date Wed, 09 Jul 2003 10:58:38 -0700]/UNNAMED/height.exe Infected: Email-Worm.Win32.Klez.h skipped
    C:\Program Files\EarthLink 5.0\berleybarker@earthlink.net\mailbox\001.msf/[From yourcandleconnection123 <yourcandleconnection123@yahoo.com>][Date Wed, 09 Jul 2003 10:58:38 -0700]/UNNAMED Infected: Email-Worm.Win32.Klez.h skipped
    C:\Program Files\EarthLink 5.0\berleybarker@earthlink.net\mailbox\001.msf/[From heavymetal <heavymetal@freewwweb.com>][Date Thu, 10 Jul 2003 10:49:30 -0700]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
    C:\Program Files\EarthLink 5.0\berleybarker@earthlink.net\mailbox\001.msf/[From heavymetal <heavymetal@freewwweb.com>][Date Thu, 10 Jul 2003 10:49:30 -0700]/UNNAMED/index_03[1].pif Infected: Email-Worm.Win32.Klez.h skipped
    C:\Program Files\EarthLink 5.0\berleybarker@earthlink.net\mailbox\001.msf/[From heavymetal <heavymetal@freewwweb.com>][Date Thu, 10 Jul 2003 10:49:30 -0700]/UNNAMED Infected: Email-Worm.Win32.Klez.h skipped
    C:\Program Files\EarthLink 5.0\berleybarker@earthlink.net\mailbox\001.msf Mail: infected - 22, suspicious - 7 skipped
    C:\Program Files\EarthLink 5.0\berleybarker@earthlink.net\mailbox\003.msf/[From birtha68 <birtha68@hotmail.com>][Date Sun, 15 Jun 2003 08:57:49 -0700]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
    C:\Program Files\EarthLink 5.0\berleybarker@earthlink.net\mailbox\003.msf/[From birtha68 <birtha68@hotmail.com>][Date Sun, 15 Jun 2003 08:57:49 -0700]/UNNAMED/lal.bat Infected: Email-Worm.Win32.Klez.h skipped
    C:\Program Files\EarthLink 5.0\berleybarker@earthlink.net\mailbox\003.msf/[From birtha68 <birtha68@hotmail.com>][Date Sun, 15 Jun 2003 08:57:49 -0700]/UNNAMED Infected: Email-Worm.Win32.Klez.h skipped
    C:\Program Files\EarthLink 5.0\berleybarker@earthlink.net\mailbox\003.msf/[From birtha68 <birtha68@hotmail.com>][Date Mon, 16 Jun 2003 08:23:57 -0700]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
    C:\Program Files\EarthLink 5.0\berleybarker@earthlink.net\mailbox\003.msf/[From birtha68 <birtha68@hotmail.com>][Date Mon, 16 Jun 2003 08:23:57 -0700]/UNNAMED/pan.bat Infected: Email-Worm.Win32.Klez.h skipped
    C:\Program Files\EarthLink 5.0\berleybarker@earthlink.net\mailbox\003.msf/[From birtha68 <birtha68@hotmail.com>][Date Mon, 16 Jun 2003 08:23:57 -0700]/UNNAMED Infected: Email-Worm.Win32.Klez.h skipped
    C:\Program Files\EarthLink 5.0\berleybarker@earthlink.net\mailbox\003.msf/[From dullnig <dullnig@onebox.com>][Date Mon, 16 Jun 2003 04:02:19 -0700]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
    C:\Program Files\EarthLink 5.0\berleybarker@earthlink.net\mailbox\003.msf/[From dullnig <dullnig@onebox.com>][Date Mon, 16 Jun 2003 04:02:19 -0700]/UNNAMED/see Infected: Email-Worm.Win32.Klez.h skipped
    C:\Program Files\EarthLink 5.0\berleybarker@earthlink.net\mailbox\003.msf/[From dullnig <dullnig@onebox.com>][Date Mon, 16 Jun 2003 04:02:19 -0700]/UNNAMED Infected: Email-Worm.Win32.Klez.h skipped
    C:\Program Files\EarthLink 5.0\berleybarker@earthlink.net\mailbox\003.msf/[From shory1_wt <shory1_wt@yahoo.com>][Date Mon, 16 Jun 2003 16:00:46 -0700]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
    C:\Program Files\EarthLink 5.0\berleybarker@earthlink.net\mailbox\003.msf/[From shory1_wt <shory1_wt@yahoo.com>][Date Mon, 16 Jun 2003 16:00:46 -0700]/UNNAMED/opens, Infected: Email-Worm.Win32.Klez.h skipped
    C:\Program Files\EarthLink 5.0\berleybarker@earthlink.net\mailbox\003.msf/[From shory1_wt <shory1_wt@yahoo.com>][Date Mon, 16 Jun 2003 16:00:46 -0700]/UNNAMED Infected: Email-Worm.Win32.Klez.h skipped
    C:\Program Files\EarthLink 5.0\berleybarker@earthlink.net\mailbox\003.msf/[From shory1_wt <shory1_wt@yahoo.com>][Date Tue, 17 Jun 2003 04:02:30 -0700]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
    C:\Program Files\EarthLink 5.0\berleybarker@earthlink.net\mailbox\003.msf/[From shory1_wt <shory1_wt@yahoo.com>][Date Tue, 17 Jun 2003 04:02:30 -0700]/UNNAMED/height.bat Infected: Email-Worm.Win32.Klez.h skipped
    C:\Program Files\EarthLink 5.0\berleybarker@earthlink.net\mailbox\003.msf/[From shory1_wt <shory1_wt@yahoo.com>][Date Tue, 17 Jun 2003 04:02:30 -0700]/UNNAMED Infected: Email-Worm.Win32.Klez.h skipped
    C:\Program Files\EarthLink 5.0\berleybarker@earthlink.net\mailbox\003.msf/[From hillbilly_ok <hillbilly_ok@yahoo.com>][Date Wed, 18 Jun 2003 14:19:58 -0700]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
    C:\Program Files\EarthLink 5.0\berleybarker@earthlink.net\mailbox\003.msf/[From hillbilly_ok <hillbilly_ok@yahoo.com>][Date Wed, 18 Jun 2003 14:19:58 -0700]/UNNAMED/opens.exe Infected: Email-Worm.Win32.Klez.h skipped
    C:\Program Files\EarthLink 5.0\berleybarker@earthlink.net\mailbox\003.msf/[From hillbilly_ok <hillbilly_ok@yahoo.com>][Date Wed, 18 Jun 2003 14:19:58 -0700]/UNNAMED Infected: Email-Worm.Win32.Klez.h skipped
    C:\Program Files\EarthLink 5.0\berleybarker@earthlink.net\mailbox\003.msf/[From postmaster <postmaster@earthlink.net>][Date Sat, 21 Jun 2003 16:57:16 -0700]/UNNAMED/online.bat Infected: Email-Worm.Win32.Klez.h skipped
    C:\Program Files\EarthLink 5.0\berleybarker@earthlink.net\mailbox\003.msf/[From postmaster <postmaster@earthlink.net>][Date Sat, 21 Jun 2003 16:57:16 -0700]/UNNAMED Infected: Email-Worm.Win32.Klez.h skipped
    C:\Program Files\EarthLink 5.0\berleybarker@earthlink.net\mailbox\003.msf/[From charmerboyjt <charmerboyjt@yahoo.com>][Date Thu, 26 Jun 2003 04:07:52 -0700]/UNNAMED/setup.exe Infected: Email-Worm.Win32.Klez.h skipped
    C:\Program Files\EarthLink 5.0\berleybarker@earthlink.net\mailbox\003.msf/[From charmerboyjt <charmerboyjt@yahoo.com>][Date Thu, 26 Jun 2003 04:07:52 -0700]/UNNAMED Infected: Email-Worm.Win32.Klez.h skipped
    C:\Program Files\EarthLink 5.0\berleybarker@earthlink.net\mailbox\003.msf/[From snowangel_ok <snowangel_ok@yahoo.com>][Date Sat, 05 Jul 2003 06:43:33 -0700]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
    C:\Program Files\EarthLink 5.0\berleybarker@earthlink.net\mailbox\003.msf/[From snowangel_ok <snowangel_ok@yahoo.com>][Date Sat, 05 Jul 2003 06:43:33 -0700]/UNNAMED/2408862417[1].bat Infected: Email-Worm.Win32.Klez.h skipped
    C:\Program Files\EarthLink 5.0\berleybarker@earthlink.net\mailbox\003.msf/[From snowangel_ok <snowangel_ok@yahoo.com>][Date Sat, 05 Jul 2003 06:43:33 -0700]/UNNAMED Infected: Email-Worm.Win32.Klez.h skipped
    C:\Program Files\EarthLink 5.0\berleybarker@earthlink.net\mailbox\003.msf/[From postmaster <postmaster@earthlink.net>][Date Tue, 08 Jul 2003 08:29:58 -0700]/UNNAMED/call.exe Infected: Email-Worm.Win32.Klez.h skipped
    C:\Program Files\EarthLink 5.0\berleybarker@earthlink.net\mailbox\003.msf/[From postmaster <postmaster@earthlink.net>][Date Tue, 08 Jul 2003 08:29:58 -0700]/UNNAMED Infected: Email-Worm.Win32.Klez.h skipped
    C:\Program Files\EarthLink 5.0\berleybarker@earthlink.net\mailbox\003.msf/[From yourcandleconnection123 <yourcandleconnection123@yahoo.com>][Date Wed, 09 Jul 2003 10:58:38 -0700]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
    C:\Program Files\EarthLink 5.0\berleybarker@earthlink.net\mailbox\003.msf/[From yourcandleconnection123 <yourcandleconnection123@yahoo.com>][Date Wed, 09 Jul 2003 10:58:38 -0700]/UNNAMED/height.exe Infected: Email-Worm.Win32.Klez.h skipped
    C:\Program Files\EarthLink 5.0\berleybarker@earthlink.net\mailbox\003.msf/[From yourcandleconnection123 <yourcandleconnection123@yahoo.com>][Date Wed, 09 Jul 2003 10:58:38 -0700]/UNNAMED Infected: Email-Worm.Win32.Klez.h skipped
    C:\Program Files\EarthLink 5.0\berleybarker@earthlink.net\mailbox\003.msf/[From heavymetal <heavymetal@freewwweb.com>][Date Thu, 10 Jul 2003 10:49:30 -0700]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
    C:\Program Files\EarthLink 5.0\berleybarker@earthlink.net\mailbox\003.msf/[From heavymetal <heavymetal@freewwweb.com>][Date Thu, 10 Jul 2003 10:49:30 -0700]/UNNAMED/index_03[1].pif Infected: Email-Worm.Win32.Klez.h skipped
    C:\Program Files\EarthLink 5.0\berleybarker@earthlink.net\mailbox\003.msf/[From heavymetal <heavymetal@freewwweb.com>][Date Thu, 10 Jul 2003 10:49:30 -0700]/UNNAMED Infected: Email-Worm.Win32.Klez.h skipped
    C:\Program Files\EarthLink 5.0\berleybarker@earthlink.net\mailbox\003.msf/[From roadrage_ok <roadrage_ok@yahoo.com>][Date Fri, 11 Jul 2003 03:42:24 -0700]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
    C:\Program Files\EarthLink 5.0\berleybarker@earthlink.net\mailbox\003.msf/[From roadrage_ok <roadrage_ok@yahoo.com>][Date Fri, 11 Jul 2003 03:42:24 -0700]/UNNAMED/size.scr Infected: Email-Worm.Win32.Klez.h skipped
    C:\Program Files\EarthLink 5.0\berleybarker@earthlink.net\mailbox\003.msf/[From roadrage_ok <roadrage_ok@yahoo.com>][Date Fri, 11 Jul 2003 03:42:24 -0700]/UNNAMED Infected: Email-Worm.Win32.Klez.h skipped
    C:\Program Files\EarthLink 5.0\berleybarker@earthlink.net\mailbox\003.msf/[From Donald E. Wildmon <wepledge@alibris.com>][Date Thu, 14 Aug 2003 03:08:16 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
    C:\Program Files\EarthLink 5.0\berleybarker@earthlink.net\mailbox\003.msf/[From Donald E. Wildmon <wepledge@alibris.com>][Date Thu, 14 Aug 2003 03:08:16 -0400]/UNNAMED/051.30.03followupshowerlistforjanie.xls.scr Infected: Email-Worm.Win32.Tanatos.b.dam skipped
    C:\Program Files\EarthLink 5.0\berleybarker@earthlink.net\mailbox\003.msf/[From Donald E. Wildmon <wepledge@alibris.com>][Date Thu, 14 Aug 2003 03:08:16 -0400]/UNNAMED Infected: Email-Worm.Win32.Tanatos.b.dam skipped
    C:\Program Files\EarthLink 5.0\berleybarker@earthlink.net\mailbox\003.msf/[From triciaree@ix.netcom.com][Date Thu, 04 Sep 2003 19:02:23 -0400]/UNNAMED/051.30.03FollowupshowerlistforJanie.xls.scr Infected: Email-Worm.Win32.Tanatos.b.dam skipped
    C:\Program Files\EarthLink 5.0\berleybarker@earthlink.net\mailbox\003.msf/[From triciaree@ix.netcom.com][Date Thu, 04 Sep 2003 19:02:23 -0400]/UNNAMED Infected: Email-Worm.Win32.Tanatos.b.dam skipped
    C:\Program Files\EarthLink 5.0\berleybarker@earthlink.net\mailbox\003.msf/[From "Amazon.com Payments" <payments-messages@microsoft.com>][Date Tue, 02 Sep 2003 00:59:41 -0400]/UNNAMED/051.30.03FollowupshowerlistforJanie.xls.scr Infected: Email-Worm.Win32.Tanatos.b skipped
    C:\Program Files\EarthLink 5.0\berleybarker@earthlink.net\mailbox\003.msf/[From "Amazon.com Payments" <payments-messages@microsoft.com>][Date Tue, 02 Sep 2003 00:59:41 -0400]/UNNAMED Infected: Email-Worm.Win32.Tanatos.b skipped
    C:\Program Files\EarthLink 5.0\berleybarker@earthlink.net\mailbox\003.msf Mail: infected - 32, suspicious - 11 skipped
    C:\Program Files\EarthLink 5.0\berleybarker@earthlink.net\mailbox\006.msf/[From "Amazon.com Payments" <payments-messages@microsoft.com>][Date Tue, 02 Sep 2003 00:59:41 -0400]/UNNAMED/051.30.03FollowupshowerlistforJanie.xls.scr Infected: Email-Worm.Win32.Tanatos.b skipped
    C:\Program Files\EarthLink 5.0\berleybarker@earthlink.net\mailbox\006.msf/[From "Amazon.com Payments" <payments-messages@microsoft.com>][Date Tue, 02 Sep 2003 00:59:41 -0400]/UNNAMED Infected: Email-Worm.Win32.Tanatos.b skipped
  10. 14-02-2006  #10
    shorty1_wt
    shorty1_wt is offline Newbie
    Save 20% on AVG Internet Security 2012 Suite!
    C:\Program Files\EarthLink 5.0\berleybarker@earthlink.net\mailbox\006.msf/[From triciaree@ix.netcom.com][Date Thu, 04 Sep 2003 19:02:23 -0400]/UNNAMED/051.30.03FollowupshowerlistforJanie.xls.scr Infected: Email-Worm.Win32.Tanatos.b.dam skipped
    C:\Program Files\EarthLink 5.0\berleybarker@earthlink.net\mailbox\006.msf/[From triciaree@ix.netcom.com][Date Thu, 04 Sep 2003 19:02:23 -0400]/UNNAMED Infected: Email-Worm.Win32.Tanatos.b.dam skipped
    C:\Program Files\EarthLink 5.0\berleybarker@earthlink.net\mailbox\006.msf Mail: infected - 4 skipped
    C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll Infected: not-a-virus:AdWare.Win32.MyWebSearch.i skipped
    C:\RECYCLER\S-1-5-21-842925246-1177238915-725345543-1004\Dc7.exe Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
    C:\RECYCLER\S-1-5-21-842925246-1177238915-725345543-500\Dc1\bar\4.bin\MWSOEMON.EXE_tobedeleted Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
    C:\RECYCLER\S-1-5-21-842925246-1177238915-725345543-500\Dc1\bar\4.bin\MWSOESTB.DLL_tobedeleted Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
    C:\System Volume Information\_restore{8A67BDEA-BD1B-49A3-921E-2B8A035D62F0}\RP208\A0014776.dll Infected: not-a-virus:AdWare.Win32.Hotbar.z skipped
    C:\System Volume Information\_restore{8A67BDEA-BD1B-49A3-921E-2B8A035D62F0}\RP208\A0014781.dll Infected: not-a-virus:AdWare.Win32.Hotbar.z skipped
    C:\System Volume Information\_restore{8A67BDEA-BD1B-49A3-921E-2B8A035D62F0}\RP208\A0014783.dll Infected: not-a-virus:AdWare.Win32.Hotbar.z skipped
    C:\System Volume Information\_restore{8A67BDEA-BD1B-49A3-921E-2B8A035D62F0}\RP258\A0018569.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.r skipped
    C:\System Volume Information\_restore{8A67BDEA-BD1B-49A3-921E-2B8A035D62F0}\RP280\A0021111.scr Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
    C:\System Volume Information\_restore{8A67BDEA-BD1B-49A3-921E-2B8A035D62F0}\RP280\A0021112.dll Infected: not-a-virus:AdWare.Win32.MyWebSearch.i skipped
    C:\System Volume Information\_restore{8A67BDEA-BD1B-49A3-921E-2B8A035D62F0}\RP280\A0021113.DLL Infected: not-a-virus:AdWare.Win32.FunWeb.d skipped
    C:\System Volume Information\_restore{8A67BDEA-BD1B-49A3-921E-2B8A035D62F0}\RP280\A0021114.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.z skipped
    C:\System Volume Information\_restore{8A67BDEA-BD1B-49A3-921E-2B8A035D62F0}\RP280\A0021115.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
    C:\System Volume Information\_restore{8A67BDEA-BD1B-49A3-921E-2B8A035D62F0}\RP280\A0021116.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
    C:\System Volume Information\_restore{8A67BDEA-BD1B-49A3-921E-2B8A035D62F0}\RP280\A0021117.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.af skipped
    C:\System Volume Information\_restore{8A67BDEA-BD1B-49A3-921E-2B8A035D62F0}\RP280\A0021118.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.af skipped
    C:\System Volume Information\_restore{8A67BDEA-BD1B-49A3-921E-2B8A035D62F0}\RP280\A0021119.SCR Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
    C:\System Volume Information\_restore{8A67BDEA-BD1B-49A3-921E-2B8A035D62F0}\RP280\A0021120.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.v skipped
    C:\System Volume Information\_restore{8A67BDEA-BD1B-49A3-921E-2B8A035D62F0}\RP280\A0021121.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
    C:\System Volume Information\_restore{8A67BDEA-BD1B-49A3-921E-2B8A035D62F0}\RP280\A0021122.EXE Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
    C:\System Volume Information\_restore{8A67BDEA-BD1B-49A3-921E-2B8A035D62F0}\RP280\A0021123.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.l skipped
    C:\System Volume Information\_restore{8A67BDEA-BD1B-49A3-921E-2B8A035D62F0}\RP280\A0021124.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
    C:\System Volume Information\_restore{8A67BDEA-BD1B-49A3-921E-2B8A035D62F0}\RP280\A0021125.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.f skipped
    C:\System Volume Information\_restore{8A67BDEA-BD1B-49A3-921E-2B8A035D62F0}\RP280\A0021126.DLL Infected: not-a-virus:AdWare.Win32.IWon.a skipped
    C:\System Volume Information\_restore{8A67BDEA-BD1B-49A3-921E-2B8A035D62F0}\RP280\A0021127.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
    C:\System Volume Information\_restore{8A67BDEA-BD1B-49A3-921E-2B8A035D62F0}\RP280\A0021128.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.l skipped
    C:\System Volume Information\_restore{8A67BDEA-BD1B-49A3-921E-2B8A035D62F0}\RP280\A0021129.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.ad skipped
    C:\System Volume Information\_restore{8A67BDEA-BD1B-49A3-921E-2B8A035D62F0}\RP280\A0021131.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.p skipped
    C:\System Volume Information\_restore{8A67BDEA-BD1B-49A3-921E-2B8A035D62F0}\RP280\A0021132.EXE Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
    C:\System Volume Information\_restore{8A67BDEA-BD1B-49A3-921E-2B8A035D62F0}\RP280\A0021133.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.ab skipped
    C:\System Volume Information\_restore{8A67BDEA-BD1B-49A3-921E-2B8A035D62F0}\RP280\A0021134.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
    C:\System Volume Information\_restore{8A67BDEA-BD1B-49A3-921E-2B8A035D62F0}\RP280\A0021135.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.i skipped
    C:\System Volume Information\_restore{8A67BDEA-BD1B-49A3-921E-2B8A035D62F0}\RP280\A0021136.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.l skipped
    C:\System Volume Information\_restore{8A67BDEA-BD1B-49A3-921E-2B8A035D62F0}\RP288\A0026350.EXE Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
    C:\System Volume Information\_restore{8A67BDEA-BD1B-49A3-921E-2B8A035D62F0}\RP288\A0026351.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
    C:\System Volume Information\_restore{8A67BDEA-BD1B-49A3-921E-2B8A035D62F0}\RP288\A0026352.DLL Infected: not-a-virus:AdWare.Win32.FunWeb.d skipped
    C:\System Volume Information\_restore{8A67BDEA-BD1B-49A3-921E-2B8A035D62F0}\RP288\A0026353.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.z skipped
    C:\System Volume Information\_restore{8A67BDEA-BD1B-49A3-921E-2B8A035D62F0}\RP288\A0026354.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
    C:\System Volume Information\_restore{8A67BDEA-BD1B-49A3-921E-2B8A035D62F0}\RP288\A0026355.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
    C:\System Volume Information\_restore{8A67BDEA-BD1B-49A3-921E-2B8A035D62F0}\RP288\A0026356.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.af skipped
    C:\System Volume Information\_restore{8A67BDEA-BD1B-49A3-921E-2B8A035D62F0}\RP288\A0026357.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.af skipped
    C:\System Volume Information\_restore{8A67BDEA-BD1B-49A3-921E-2B8A035D62F0}\RP288\A0026358.SCR Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
    C:\System Volume Information\_restore{8A67BDEA-BD1B-49A3-921E-2B8A035D62F0}\RP288\A0026359.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.v skipped
    C:\System Volume Information\_restore{8A67BDEA-BD1B-49A3-921E-2B8A035D62F0}\RP288\A0026360.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
    C:\System Volume Information\_restore{8A67BDEA-BD1B-49A3-921E-2B8A035D62F0}\RP288\A0026361.EXE Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
    C:\System Volume Information\_restore{8A67BDEA-BD1B-49A3-921E-2B8A035D62F0}\RP288\A0026362.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.l skipped
    C:\System Volume Information\_restore{8A67BDEA-BD1B-49A3-921E-2B8A035D62F0}\RP288\A0026363.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
    C:\System Volume Information\_restore{8A67BDEA-BD1B-49A3-921E-2B8A035D62F0}\RP288\A0026364.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.f skipped
    C:\System Volume Information\_restore{8A67BDEA-BD1B-49A3-921E-2B8A035D62F0}\RP288\A0026365.DLL Infected: not-a-virus:AdWare.Win32.IWon.a skipped
    C:\System Volume Information\_restore{8A67BDEA-BD1B-49A3-921E-2B8A035D62F0}\RP288\A0026366.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
    C:\System Volume Information\_restore{8A67BDEA-BD1B-49A3-921E-2B8A035D62F0}\RP288\A0026367.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.l skipped
    C:\System Volume Information\_restore{8A67BDEA-BD1B-49A3-921E-2B8A035D62F0}\RP288\A0026368.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.ad skipped
    C:\System Volume Information\_restore{8A67BDEA-BD1B-49A3-921E-2B8A035D62F0}\RP288\A0026370.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.p skipped
    C:\System Volume Information\_restore{8A67BDEA-BD1B-49A3-921E-2B8A035D62F0}\RP288\A0026371.EXE Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
    C:\System Volume Information\_restore{8A67BDEA-BD1B-49A3-921E-2B8A035D62F0}\RP288\A0026372.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.ab skipped
    C:\System Volume Information\_restore{8A67BDEA-BD1B-49A3-921E-2B8A035D62F0}\RP288\A0026373.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
    C:\System Volume Information\_restore{8A67BDEA-BD1B-49A3-921E-2B8A035D62F0}\RP288\A0026374.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.i skipped
    C:\System Volume Information\_restore{8A67BDEA-BD1B-49A3-921E-2B8A035D62F0}\RP288\A0026377.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.l skipped
    C:\William's Stuff\WILLIAMDISK (E)\zip and install\DragRacer-v3-Setup.exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.Webdir.b skipped
    C:\William's Stuff\WILLIAMDISK (E)\zip and install\DragRacer-v3-Setup.exe/stream Infected: not-a-virus:AdWare.Win32.Webdir.b skipped
    C:\William's Stuff\WILLIAMDISK (E)\zip and install\DragRacer-v3-Setup.exe NSIS: infected - 2 skipped
    C:\WINDOWS\SYSTEM32\f3PSSavr.scr Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

    Scan process completed.
+ Reply to Thread
Page 1 of 2 1 2 LastLast
« HELP Me Please!!!!!!!!!!!!! Trojan.OpaKill.C | HJThis Log... need help »