Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

hjt log, pop up problem

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unread postby aasha86 » December 30th, 2005, 1:30 am

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\CyiiFAGFaUEm]
"Device"="\\\\.\\Rasdule"
"DriverPath"="C:\\WINDOWS\\System32\\drivers\\fsvpci.sys"
"DriverName"="USBisvc"
"UninstallerParams"=""
"PageFiltering"=dword:00000001
"AutoUpdater"="C:\\WINDOWS\\System32\\ied71deu.exe"
"Version"="2.0.131"
@="\\ziBLO5TUUTUUVUy3L6NE7TUUTjWU:pukv:zUzRLM7FaZU6KBO7KLU8LOI5BVLRL"
"CrMnTmt"=dword:0036ee80
"NxRestTm"="2005:11:20-07:25:25:265"
"LastAURestoreMsgTS"="2005:11:20-06:25:25:265"

[HKEY_LOCAL_MACHINE\SOFTWARE\CyiiFAGFaUEm\AU2]
"AP"="/DVNM=\"\\\\.\\Rasdule\" /INSC=\"AU\""
"SU"="http://au.contextplus.net/services/AUServer"
"NPT"="2005:12:30-11:10:56:703"
"TO"=dword:01499700
"LastCLRestoreMsgTS"="2005:12:14-13:20:50:578"
@="2005:12:30-05:10:56:703"
"LCT"="2005:12:25-22:22:43:484"
"NxRestTm"="2005:12:14-14:20:50:578"

[HKEY_LOCAL_MACHINE\SOFTWARE\CyiiFAGFaUEm\AU2\RGR]

[HKEY_LOCAL_MACHINE\SOFTWARE\CyiiFAGFaUEm\AU2\RGR\Messages]

[HKEY_LOCAL_MACHINE\SOFTWARE\CyiiFAGFaUEm\AU2\RGR\Properties]
"CP.cv"=hex:43,50,2e,63,76,00,32,2e,30,2e,31,33,31,00,31,36,30,31,3a,30,31,3a,\
30,31,2d,30,30,3a,30,30,3a,30,30,3a,30,30,30,00,00
"CP.id"=hex:43,50,2e,69,64,00,7b,48,62,35,62,31,36,38,62,2d,32,65,36,31,2d,35,\
33,65,39,2d,38,32,38,63,2d,62,61,31,66,35,34,33,66,36,62,37,39,7d,00,31,36,\
30,31,3a,30,31,3a,30,31,2d,30,30,3a,30,30,3a,30,30,3a,30,30,30,00,00
"CP.pc"=hex:43,50,2e,70,63,00,57,42,2e,4f,4c,44,00,31,36,30,31,3a,30,31,3a,30,\
31,2d,30,30,3a,30,30,3a,30,30,3a,30,30,30,00,00
"CP.st"=hex:43,50,2e,73,74,00,49,00,31,36,30,31,3a,30,31,3a,30,31,2d,30,30,3a,\
30,30,3a,30,30,3a,30,30,30,00,00
"CP.is"=hex:43,50,2e,69,73,00,41,55,00,31,36,30,31,3a,30,31,3a,30,31,2d,30,30,\
3a,30,30,3a,30,30,3a,30,30,30,00,00
"CP.it"=hex:43,50,2e,69,74,00,32,30,30,35,31,31,32,36,31,34,30,30,33,38,00,31,\
36,30,31,3a,30,31,3a,30,31,2d,30,30,3a,30,30,3a,30,30,3a,30,30,30,00,00
"CP.os"=hex:43,50,2e,6f,73,00,5b,32,5d,20,35,2e,31,2e,32,36,30,30,20,22,53,65,\
72,76,69,63,65,20,50,61,63,6b,20,31,22,00,31,36,30,31,3a,30,31,3a,30,31,2d,\
30,30,3a,30,30,3a,30,30,3a,30,30,30,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\CyiiFAGFaUEm\AU2\TDH]
aasha86
Regular Member
 
Posts: 56
Joined: September 2nd, 2005, 3:07 pm
Advertisement
Register to Remove

Unread postby aasha86 » December 30th, 2005, 1:55 am

ok so i followed the steps but it wouldnt let me delete this: C:\Windows\Temp

and i couldnt find these:
C:\Program Files\Common Files\tsl2
C:\Program Files\CasStub
C:\Program Files\Internet Optimizer
C:\Program Files\Media Gateway
C:\WINDOWS\etb
C:\WINDOWS\System32\vidctrl
aasha86
Regular Member
 
Posts: 56
Joined: September 2nd, 2005, 3:07 pm

Unread postby Kimberly » December 30th, 2005, 11:09 am

You don't have to delete C:\Windows\Temp, just the content of it. (not the folder itself)

and i couldnt find these:

Ok, no worries they are already gone then from a previous cleanup.

Let's clean up the rootkit.

Copy/paste the following text into a new Notepad document. Make sure that wordwrap is turned off.
@Echo off
cd %systemdrive%\
echo Removing service... > %systemdrive%\fixme.txt
echo REGEDIT4 >> fixme.reg
echo. >> fixme.reg
echo [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBisvc] >> fixme.reg
echo. >> fixme.reg
echo [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_USBisvc] >> fixme.reg
echo. >> fixme.reg
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\USBisvc] >> fixme.reg
echo. >> fixme.reg
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_USBisvc] >> fixme.reg
echo. >> fixme.reg
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\USBisvc] >> fixme.reg
echo. >> fixme.reg
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_USBisvc] >> fixme.reg
echo. >> fixme.reg
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\USBisvc] >> fixme.reg
echo. >> fixme.reg
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_USBisvc] >> fixme.reg
echo. >> fixme.reg
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\USBisvc] >> fixme.reg
echo. >> fixme.reg
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_USBisvc] >> fixme.reg
echo. >> fixme.reg
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\USBisvc] >> fixme.reg
echo. >> fixme.reg
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Enum\Root\LEGACY_USBisvc] >> fixme.reg
echo. >> fixme.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Option] >> fixme.reg
echo "OptionValue"=- >> fixme.reg
echo. >> fixme.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Option] >> fixme.reg
echo "OptionValue"=- >> fixme.reg
echo. >> fixme.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Option] >> fixme.reg
echo "OptionValue"=- >> fixme.reg
echo. >> fixme.reg
echo [-HKEY_LOCAL_MACHINE\Software\Aprps] >> fixme.reg
echo. >> fixme.reg
echo [-HKEY_LOCAL_MACHINE\Software\Apropos] >> fixme.reg
echo. >> fixme.reg
echo [-HKEY_LOCAL_MACHINE\SOFTWARE\CyiiFAGFaUEm] >> fixme.reg
echo. >> fixme.reg
echo [-HKEY_CURRENT_USER\Software\CyiiFAGFaUEm] >> fixme.reg
echo. >> fixme.reg
echo [HKEY_USERS\S-1-5-21-1715567821-1770027372-839522115-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\contextplus.com] >> fixme.reg
echo. >> fixme.reg
echo [-HKEY_USERS\S-1-5-21-1715567821-1770027372-839522115-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\contextplus.net] >> fixme.reg
echo. >> fixme.reg

regedit /s fixme.reg
echo Regfix imported... >> %systemdrive%\fixme.txt
del fixme.reg

echo Deleting files... >> %systemdrive%\fixme.txt
attrib -r -s -h C:\WINDOWS\system32\drivers\fsvpci.sys
if exist C:\WINDOWS\system32\drivers\fsvpci.sys del /q C:\WINDOWS\system32\drivers\fsvpci.sys
if exist C:\WINDOWS\system32\drivers\fsvpci.sys echo Deletion of file C:\WINDOWS\system32\drivers\fsvpci.sys failed! >> %systemdrive%\fixme.txt
if not exist C:\WINDOWS\system32\drivers\fsvpci.sys echo Deletion of file C:\WINDOWS\system32\drivers\fsvpci.sys succeeded! >> %systemdrive%\fixme.txt

attrib -r -s -h C:\WINDOWS\system32\ied71deu.exe
if exist C:\WINDOWS\system32\ied71deu.exe del /q C:\WINDOWS\system32\ied71deu.exe
if exist C:\WINDOWS\system32\ied71deu.exe echo Deletion of file C:\WINDOWS\system32\ied71deu.exe failed! >> %systemdrive%\fixme.txt
if not exist C:\WINDOWS\system32\ied71deu.exe echo Deletion of file C:\WINDOWS\system32\ied71deu.exe succeeded! >> %systemdrive%\fixme.txt

echo. >> %systemdrive%\fixme.txt
Searching for hidden directory... >> %systemdrive%\fixme.txt
echo. >> %systemdrive%\fixme.txt

cd C:\Program Files\
dir /ad >> %systemdrive%\fixme.txt
echo. >> %systemdrive%\fixme.txt
dir /s /ad cache >> %systemdrive%\fixme.txt
echo. >> %systemdrive%\fixme.txt
dir /s ace.dll >> %systemdrive%\fixme.txt
echo. >> %systemdrive%\fixme.txt
dir /s wingenerics.dll >> %systemdrive%\fixme.txt
echo. >> %systemdrive%\fixme.txt
dir /s data.bin >> %systemdrive%\fixme.txt

pause

reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBisvc>nul
IF ERRORLEVEL 0 echo HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBisvc is present >> %systemdrive%\fixme.txt
reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_USBisvc>nul
IF ERRORLEVEL 0 echo HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_USBisvc is present >> %systemdrive%\fixme.txt
reg query HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\USBisvc>nul
IF ERRORLEVEL 0 echo HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\USBisvc is present >> %systemdrive%\fixme.txt
reg query HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_USBisvc>nul
IF ERRORLEVEL 0 echo HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_USBisvc is present >> %systemdrive%\fixme.txt
reg query HKEY_LOCAL_MACHINE\SOFTWARE\CyiiFAGFaUEm>nul
IF ERRORLEVEL 0 echo HKEY_LOCAL_MACHINE\SOFTWARE\CyiiFAGFaUEm is present >> %systemdrive%\fixme.txt

echo Finished!
echo Please restart your computer in Normal Mode.
echo and post the contents of fixme.txt in your next reply.
echo.

pause
exit


Save it to your desktop as cleanme.bat. Save it as:
File Type: All Files (not as a text document or it wont work).
Name: cleanme.bat
______________________________

Reboot your computer in Safe Mode. MUST be safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
______________________________

Double click cleanme.bat. Wait for it to finish and reboot in Normal Mode. Post the content of c:\fixme.txt

Kim
User avatar
Kimberly
MRU Teacher Emeritus
 
Posts: 3505
Joined: June 15th, 2005, 12:57 am

Unread postby aasha86 » December 30th, 2005, 2:30 pm

Hey,
Im not sure if it worked bc when the black screen popped up it said there was some error. but here is the log:

Removing service...
Regfix imported...
Deleting files...
Deletion of file C:\WINDOWS\system32\drivers\fsvpci.sys succeeded!
Deletion of file C:\WINDOWS\system32\ied71deu.exe succeeded!


Volume in drive C has no label.
Volume Serial Number is 9CB9-6920

Directory of C:\Program Files

12/30/2005 05:58 AM <DIR> .
12/30/2005 05:58 AM <DIR> ..
12/11/2004 05:12 PM <DIR> Adobe
10/21/2005 09:31 PM <DIR> AIM
12/18/2004 12:36 PM <DIR> AIM Toolbar
12/10/2004 07:24 PM <DIR> Analog Devices
07/25/2005 07:59 PM <DIR> Appliedsearch_AutoInstall
06/08/2005 01:30 PM <DIR> BearShare
11/19/2005 12:55 AM <DIR> CCleaner
12/29/2005 11:40 PM <DIR> Common Files
12/10/2004 06:41 PM <DIR> ComPlus Applications
01/31/2005 12:27 AM <DIR> Dell
12/10/2004 07:45 PM <DIR> Dell Computer
11/19/2005 10:48 AM <DIR> DivX
12/30/2005 09:52 AM <DIR> DNS
07/04/2005 10:49 PM <DIR> epicenter
09/02/2005 01:52 PM <DIR> ewido
12/02/2005 08:06 AM <DIR> Google
12/19/2004 11:20 PM <DIR> Grisoft
12/21/2004 02:22 AM <DIR> Hewlett-Packard
12/11/2004 02:05 PM <DIR> HP
01/27/2005 12:23 AM <DIR> hp deskjet 940c series
10/16/2005 07:40 AM <DIR> InstallShield Installation Information
12/10/2004 07:09 PM <DIR> Intel
11/08/2005 12:21 PM <DIR> Internet Explorer
08/07/2005 01:13 PM <DIR> iPod
06/05/2005 06:48 PM <DIR> iTunes
12/10/2004 07:44 PM <DIR> Jasc Software Inc
10/31/2005 09:40 AM <DIR> Java
09/02/2005 01:52 PM <DIR> Lavasoft
02/10/2005 05:49 PM <DIR> McAfee AntiSpyware 1.00 Install
09/07/2005 07:12 AM <DIR> McAfee.com
02/20/2005 05:15 AM <DIR> Messenger
04/29/2005 01:51 PM <DIR> Microgetics
09/03/2005 02:02 PM <DIR> Microsoft AntiSpyware
06/13/2005 09:47 PM <DIR> microsoft frontpage
06/13/2005 09:48 PM <DIR> Microsoft Office
06/01/2005 10:12 AM <DIR> Microsoft Streets and Trips
06/13/2005 09:50 PM <DIR> Microsoft Visual Studio
12/15/2004 02:12 PM <DIR> Motive
12/10/2004 06:42 PM <DIR> Movie Maker
06/04/2005 01:51 PM <DIR> MSN
12/29/2005 11:46 PM <DIR> msn gaming zone
05/08/2005 09:10 PM <DIR> MSN Messenger
09/23/2005 11:22 AM <DIR> MsUpdate
10/16/2005 07:40 AM <DIR> MUSICMATCH
02/20/2005 05:07 AM <DIR> NetMeeting
12/30/2005 11:46 AM <DIR> Network
11/19/2005 02:31 PM <DIR> Oberon Media
12/10/2004 06:40 PM <DIR> Online Services
12/10/2004 06:41 PM <DIR> Outlook Express
06/05/2005 08:04 PM <DIR> QuickTime
12/10/2004 07:46 PM <DIR> Real
07/05/2005 10:54 PM <DIR> Roxio
12/16/2004 03:01 PM <DIR> SBC Self Support Tool
12/11/2004 08:35 PM <DIR> SBC Yahoo!
09/03/2005 02:03 PM <DIR> SoftwareShield
12/26/2005 04:44 PM <DIR> Spybot - Search & Destroy
12/26/2005 11:00 AM <DIR> SpywareBlaster
05/27/2005 10:35 AM <DIR> StreamCast
07/22/2005 08:44 AM <DIR> sysutil
12/10/2004 06:46 PM <DIR> Uninstall Information
07/20/2005 11:20 PM <DIR> VCW VicMan's Photo Editor
12/10/2004 07:54 PM <DIR> Visual Networks
10/07/2005 09:12 PM <DIR> WebHost
09/17/2005 11:36 AM <DIR> Windows Media Player
12/10/2004 06:40 PM <DIR> Windows NT
12/16/2004 02:19 AM <DIR> WindowsUpdate
09/03/2005 02:03 PM <DIR> WinMX
12/10/2004 06:43 PM <DIR> xerox
07/20/2005 11:28 PM <DIR> Yahoo!
12/26/2004 11:45 PM <DIR> Yahoo! Games
10/24/2005 10:40 PM <DIR> _uninstallation_info
0 File(s) 0 bytes
73 Dir(s) 86,637,780,992 bytes free

Volume in drive C has no label.
Volume Serial Number is 9CB9-6920

Directory of C:\Program Files\Jasc Software Inc\Paint Shop Pro 7

03/25/2005 12:03 AM <DIR> Cache
0 File(s) 0 bytes

Directory of C:\Program Files\Yahoo!\Messenger

12/09/2005 10:38 PM <DIR> cache
0 File(s) 0 bytes
aasha86
Regular Member
 
Posts: 56
Joined: September 2nd, 2005, 3:07 pm

Unread postby Kimberly » December 30th, 2005, 2:56 pm

Im not sure if it worked bc when the black screen popped up it said there was some error. but here is the log:

Yes, it's ok - I look if the service is still present and when it's gone it gives an error message. It's normal. No hidden folder, strange, maybe only visible after reboot. Perform this part again please. Just run in Normal Mode.

Copy/paste the following text into a new Notepad document.

cd C:\Program Files\
Searching for hidden directory... > %systemdrive%\fixme.txt
echo. >> %systemdrive%\fixme.txt
dir /ad >> %systemdrive%\fixme.txt
echo. >> %systemdrive%\fixme.txt
dir /s /ad cache >> %systemdrive%\fixme.txt
echo. >> %systemdrive%\fixme.txt
dir /s ace.dll >> %systemdrive%\fixme.txt
echo. >> %systemdrive%\fixme.txt
dir /s wingenerics.dll >> %systemdrive%\fixme.txt
echo. >> %systemdrive%\fixme.txt
dir /s data.bin >> %systemdrive%\fixme.txt
Notepad %systemdrive%\fixme.txt


Save it to your desktop as cleanme.bat. Save it as:
File Type: All Files (not as a text document or it wont work).
Name: cleanme.bat

Double click cleanme.bat. A DOS box should open and close quickly, this is normal.
______________________________

Let's see what is left over ....

Delete the c:\program files\DNS folder !

You will need to update Ewido to the latest definition files.
  • On the left-hand side of the main screen click the Update Button.
  • Click on Start.
The update will start and a progress bar will show the updates being installed.
Once finished updating, start a scan.

If you are having problems with the updater, you can use this link to manually update ewido.
Ewido manual updates. Make sure to close Ewido before installing the update.

Close ALL open Windows / Programs / Folders. Please start Ewido Security Suite, and run a full scan.
  • Click on Scanner
  • Click on Settings
    • Under How to scan all boxes should be checked
    • Under Unwanted Software all boxes should be checked
    • Under What to scan select Scan every file
    • Click on Ok
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
If Ewido finds anything, it will pop up a notification. When it asks if you want to clean the first file, put a checkmark in the lower left corner of the box that says Perform action on all infections, then choose clean and click Ok.

Once the scan has completed, there will be a button located on the bottom of the screen named Save Report.
  • Click Save Report button
  • Save the report to your Desktop
Close Ewido
______________________________

Please do an online scan with Kaspersky Online Scanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
      • Extended (If available otherwise Standard)
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
______________________________

Please post Ewido log and Kaspersky log

Kim
User avatar
Kimberly
MRU Teacher Emeritus
 
Posts: 3505
Joined: June 15th, 2005, 12:57 am

Unread postby aasha86 » December 30th, 2005, 6:55 pm

Volume in drive C has no label.
Volume Serial Number is 9CB9-6920

Directory of C:\Program Files

12/30/2005 05:58 AM <DIR> .
12/30/2005 05:58 AM <DIR> ..
12/11/2004 05:12 PM <DIR> Adobe
10/21/2005 09:31 PM <DIR> AIM
12/18/2004 12:36 PM <DIR> AIM Toolbar
12/10/2004 07:24 PM <DIR> Analog Devices
07/25/2005 07:59 PM <DIR> Appliedsearch_AutoInstall
06/08/2005 01:30 PM <DIR> BearShare
11/19/2005 12:55 AM <DIR> CCleaner
12/29/2005 11:40 PM <DIR> Common Files
12/10/2004 06:41 PM <DIR> ComPlus Applications
01/31/2005 12:27 AM <DIR> Dell
12/10/2004 07:45 PM <DIR> Dell Computer
11/19/2005 10:48 AM <DIR> DivX
12/30/2005 09:52 AM <DIR> DNS
07/04/2005 10:49 PM <DIR> epicenter
09/02/2005 01:52 PM <DIR> ewido
12/02/2005 08:06 AM <DIR> Google
12/19/2004 11:20 PM <DIR> Grisoft
12/21/2004 02:22 AM <DIR> Hewlett-Packard
12/11/2004 02:05 PM <DIR> HP
01/27/2005 12:23 AM <DIR> hp deskjet 940c series
10/16/2005 07:40 AM <DIR> InstallShield Installation Information
12/10/2004 07:09 PM <DIR> Intel
11/08/2005 12:21 PM <DIR> Internet Explorer
08/07/2005 01:13 PM <DIR> iPod
06/05/2005 06:48 PM <DIR> iTunes
12/10/2004 07:44 PM <DIR> Jasc Software Inc
10/31/2005 09:40 AM <DIR> Java
09/02/2005 01:52 PM <DIR> Lavasoft
02/10/2005 05:49 PM <DIR> McAfee AntiSpyware 1.00 Install
09/07/2005 07:12 AM <DIR> McAfee.com
02/20/2005 05:15 AM <DIR> Messenger
04/29/2005 01:51 PM <DIR> Microgetics
09/03/2005 02:02 PM <DIR> Microsoft AntiSpyware
06/13/2005 09:47 PM <DIR> microsoft frontpage
06/13/2005 09:48 PM <DIR> Microsoft Office
06/01/2005 10:12 AM <DIR> Microsoft Streets and Trips
06/13/2005 09:50 PM <DIR> Microsoft Visual Studio
12/15/2004 02:12 PM <DIR> Motive
12/10/2004 06:42 PM <DIR> Movie Maker
06/04/2005 01:51 PM <DIR> MSN
12/29/2005 11:46 PM <DIR> msn gaming zone
05/08/2005 09:10 PM <DIR> MSN Messenger
09/23/2005 11:22 AM <DIR> MsUpdate
10/16/2005 07:40 AM <DIR> MUSICMATCH
02/20/2005 05:07 AM <DIR> NetMeeting
12/30/2005 11:46 AM <DIR> Network
11/19/2005 02:31 PM <DIR> Oberon Media
12/10/2004 06:40 PM <DIR> Online Services
12/10/2004 06:41 PM <DIR> Outlook Express
06/05/2005 08:04 PM <DIR> QuickTime
12/10/2004 07:46 PM <DIR> Real
07/05/2005 10:54 PM <DIR> Roxio
12/16/2004 03:01 PM <DIR> SBC Self Support Tool
12/11/2004 08:35 PM <DIR> SBC Yahoo!
09/03/2005 02:03 PM <DIR> SoftwareShield
12/26/2005 04:44 PM <DIR> Spybot - Search & Destroy
12/26/2005 11:00 AM <DIR> SpywareBlaster
05/27/2005 10:35 AM <DIR> StreamCast
07/22/2005 08:44 AM <DIR> sysutil
12/10/2004 06:46 PM <DIR> Uninstall Information
07/20/2005 11:20 PM <DIR> VCW VicMan's Photo Editor
12/10/2004 07:54 PM <DIR> Visual Networks
10/07/2005 09:12 PM <DIR> WebHost
09/17/2005 11:36 AM <DIR> Windows Media Player
12/10/2004 06:40 PM <DIR> Windows NT
12/16/2004 02:19 AM <DIR> WindowsUpdate
09/03/2005 02:03 PM <DIR> WinMX
12/10/2004 06:43 PM <DIR> xerox
07/20/2005 11:28 PM <DIR> Yahoo!
12/26/2004 11:45 PM <DIR> Yahoo! Games
10/24/2005 10:40 PM <DIR> _uninstallation_info
0 File(s) 0 bytes
73 Dir(s) 86,647,926,784 bytes free

Volume in drive C has no label.
Volume Serial Number is 9CB9-6920

Directory of C:\Program Files\Jasc Software Inc\Paint Shop Pro 7

03/25/2005 12:03 AM <DIR> Cache
0 File(s) 0 bytes

Directory of C:\Program Files\Yahoo!\Messenger

12/09/2005 10:38 PM <DIR> cache
0 File(s) 0 bytes

Total Files Listed:
0 File(s) 0 bytes
2 Dir(s) 86,647,922,688 bytes free

Volume in drive C has no label.
Volume Serial Number is 9CB9-6920

Directory of C:\Program Files\HP\Digital Imaging\bin

11/05/2002 07:18 PM 446,464 ACE.dll
1 File(s) 446,464 bytes

Total Files Listed:
1 File(s) 446,464 bytes
0 Dir(s) 86,647,922,688 bytes free

Volume in drive C has no label.
Volume Serial Number is 9CB9-6920

Volume in drive C has no label.
Volume Serial Number is 9CB9-6920
aasha86
Regular Member
 
Posts: 56
Joined: September 2nd, 2005, 3:07 pm

Unread postby aasha86 » December 30th, 2005, 10:12 pm

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 5:46:28 PM, 12/30/2005
+ Report-Checksum: C4210E2C

+ Scan result:

HKLM\SOFTWARE\YourSiteBar -> Spyware.ISTBar : Error during cleaning
HKLM\SOFTWARE\YourSiteBar\Historyfiles -> Spyware.ISTBar : Error during cleaning
HKLM\SOFTWARE\YourSiteBar\Historystring -> Spyware.ISTBar : Error during cleaning
HKU\S-1-5-21-1715567821-1770027372-839522115-1003\Software\DNS -> Adware.Shorty : Cleaned with backup
HKU\S-1-5-21-1715567821-1770027372-839522115-1003\Software\saap -> Spyware.180Solutions : Cleaned with backup
C:\Documents and Settings\bobbie\Cookies\bobbie@vegasred[2].txt -> Spyware.Cookie.Vegasred : Cleaned with backup
C:\Documents and Settings\bobbie\Cookies\bobbie@www.vegasred[2].txt -> Spyware.Cookie.Vegasred : Cleaned with backup
C:\Documents and Settings\Owner\a.exe/mc-58-12-0000140.exe -> Adware.Maxifiles : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ads.pointroll[2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@casalemedia[2].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@centrport[1].txt -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@citi.bridgetrack[1].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfloahcpoao.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjk4egc5kaq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjk4wkd5eep.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@edge.ru4[2].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@media.fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@overture[2].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@pro-market[1].txt -> Spyware.Cookie.Pro-market : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@vegasred[1].txt -> Spyware.Cookie.Vegasred : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@weborama[2].txt -> Spyware.Cookie.Weborama : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@www.vegasred[2].txt -> Spyware.Cookie.Vegasred : Cleaned with backup
C:\Program Files\Common Files\mc-58-12-0000140.exe -> Downloader.Small.bqq : Cleaned with backup
C:\Program Files\Common Files\services.exe -> Spyware.Maxifiles : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\B11D03C5-81D8-43F9-A357-B6E433\0B45589D-6C13-463C-8857-41A21B -> Spyware.WebSearch : Error during cleaning
C:\Program Files\Microsoft AntiSpyware\Quarantine\B11D03C5-81D8-43F9-A357-B6E433\5DED30C8-373D-46D5-8C43-B128BA -> Spyware.WebSearch : Error during cleaning


::Report End


-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Friday, December 30, 2005 20:08:59
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 31/12/2005
Kaspersky Anti-Virus database records: 168387
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 49304
Number of viruses found: 37
Number of infected objects: 259
Number of suspicious objects: 7
Duration of the scan process: 2646 sec

Infected Object Name - Virus Name
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\RegistryCleaner.zip/soproc.exe Suspicious: Password-protected-EXE
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\RegistryCleaner.zip Suspicious: Password-protected-EXE
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QL8HGRO3\package_adp_SIAC[1].exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QL8HGRO3\package_adp_SIAC[1].exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QL8HGRO3\package_adp_SIAC[1].exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QL8HGRO3\package_adp_SIAC[1].exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QL8HGRO3\package_adp_SIAC[1].exe/stream/data0007/stream/data0002 Infected: not-a-virus:AdWare.Win32.BargainBuddy.y
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QL8HGRO3\package_adp_SIAC[1].exe/stream/data0007/stream/data0005 Infected: not-a-virus:AdWare.Win32.BargainBuddy.w
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QL8HGRO3\package_adp_SIAC[1].exe/stream/data0007/stream/data0006 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QL8HGRO3\package_adp_SIAC[1].exe/stream/data0007/stream/data0007 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QL8HGRO3\package_adp_SIAC[1].exe/stream/data0007/stream/data0008 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QL8HGRO3\package_adp_SIAC[1].exe/stream/data0007/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.n
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QL8HGRO3\package_adp_SIAC[1].exe/stream/data0007 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QL8HGRO3\package_adp_SIAC[1].exe/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.n
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QL8HGRO3\package_adp_SIAC[1].exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.n
C:\Documents and Settings\Owner\My Documents\backups\backup-20050902-120545-790 Infected: Exploit.HTML.Mht
C:\Documents and Settings\Owner\My Documents\backups\backup-20050902-120545-970 Suspicious: Exploit.HTML.Mht
C:\Program Files\BearShare\Installer\BSInstall5.1.0.26.exe/WISE0024.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.bo
C:\Program Files\BearShare\Installer\BSInstall5.1.0.26.exe Infected: not-a-virus:AdWare.Win32.SaveNow.bo
C:\Program Files\Common Files\mc-58-12-0000140.exe Infected: Trojan-Downloader.Win32.Small.bqq
C:\Program Files\Common Files\__delete_on_reboot__services.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\Program Files\Microsoft AntiSpyware\Quarantine\B11D03C5-81D8-43F9-A357-B6E433\0B45589D-6C13-463C-8857-41A21B Infected: not-a-virus:AdWare.Win32.WebSearch.an
C:\Program Files\Microsoft AntiSpyware\Quarantine\B11D03C5-81D8-43F9-A357-B6E433\5DED30C8-373D-46D5-8C43-B128BA Infected: not-a-virus:AdWare.Win32.WebSearch.an
C:\sjkqjq.exe Infected: Backdoor.Win32.Wisdoor.au
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP336\A0196294.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP337\A0196314.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP338\A0196325.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP338\A0196330.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP341\A0196355.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP342\A0197496.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP342\A0197497.dll/Catcher.dll Infected: not-a-virus:AdWare.Win32.Maxifiles.s
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP342\A0197497.dll/gui.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.a
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP342\A0197497.dll Infected: not-a-virus:AdWare.Win32.Maxifiles.a
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP343\A0198364.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP343\A0198385.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP344\A0198388.exe Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP344\A0198389.dll Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP344\A0198391.exe Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP344\A0198392.exe Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP344\A0198393.dll Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP344\A0198394.exe Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP345\A0198420.dll Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP345\A0198424.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP345\A0198429.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP347\A0198443.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP349\A0199452.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP349\A0199453.dll/Catcher.dll Infected: not-a-virus:AdWare.Win32.Maxifiles.s
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP349\A0199453.dll/gui.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.a
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP349\A0199453.dll Infected: not-a-virus:AdWare.Win32.Maxifiles.a
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP350\A0199459.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP352\A0199476.exe Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP352\A0199477.dll Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP352\A0199478.dll Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP352\A0199480.exe Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP352\A0199481.exe Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP352\A0199482.dll Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP352\A0199483.exe Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP352\A0199484.sys Suspicious: Rootkit.Win32.Agent.ao
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP353\A0199523.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP355\A0200438.dll Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP355\A0200442.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP356\A0200564.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP359\A0200614.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP359\A0200615.dll/Catcher.dll Infected: not-a-virus:AdWare.Win32.Maxifiles.s
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP359\A0200615.dll/gui.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.a
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP359\A0200615.dll Infected: not-a-virus:AdWare.Win32.Maxifiles.a
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP359\A0201597.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP363\A0201686.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP363\A0201692.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP365\A0202692.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP367\A0202717.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP367\A0202727.dll Infected: not-a-virus:AdWare.Win32.SurfSide.t
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP367\A0202728.dll Infected: not-a-virus:AdWare.Win32.SurfSide.aa
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP367\A0202729.exe Infected: not-a-virus:AdWare.Win32.SurfSide.aa
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP369\A0203689.dll Infected: not-a-virus:AdWare.Win32.SurfSide.t
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP369\A0203696.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP369\A0204702.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP369\A0205697.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP371\A0206692.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP377\A0207720.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP379\A0208692.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP382\A0209751.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP382\A0209755.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP382\A0209763.exe Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP382\A0209764.exe Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP382\A0209765.sys Suspicious: Rootkit.Win32.Agent.ao
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP382\A0209861.exe/InpB/SskBho.dll Infected: not-a-virus:AdWare.Win32.SurfSide.t
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP382\A0209861.exe/InpB/SskCore.dll Infected: not-a-virus:AdWare.Win32.SurfSide.aa
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP382\A0209861.exe/InpB/Ssk.exe Infected: not-a-virus:AdWare.Win32.SurfSide.aa
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP382\A0209861.exe/InpB/Ssk3RepairInstall.exe Infected: not-a-virus:AdWare.Win32.SurfSide.t
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP382\A0209861.exe/InpB Infected: not-a-virus:AdWare.Win32.SurfSide.t
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP382\A0209861.exe Infected: not-a-virus:AdWare.Win32.SurfSide.t
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP383\A0210024.dll Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP383\A0210025.dll Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP383\A0210026.exe Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP383\A0210027.dll Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP383\A0210044.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP383\A0210054.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ad
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP383\A0210058.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP385\A0210081.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP385\A0210084.dll Infected: not-a-virus:AdWare.Win32.Maxifiles.s
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP386\A0210106.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP387\A0210132.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP388\A0211139.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP389\A0212144.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP389\A0212148.exe Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP389\A0212149.dll Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP389\A0212150.exe Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP389\A0212151.exe Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP389\A0212152.dll Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP389\A0212153.sys Suspicious: Rootkit.Win32.Agent.ao
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP390\A0212180.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP390\A0212186.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP390\A0212187.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP390\A0212188.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP390\snapshot\MFEX-1.DAT Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP391\A0212205.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP391\A0212206.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP391\A0212207.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP391\snapshot\MFEX-1.DAT Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP392\A0213136.dll Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP392\A0213137.srg Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP392\A0213141.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP392\A0213157.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP392\A0213163.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP392\A0213164.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP392\A0213165.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP392\snapshot\MFEX-1.DAT Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP393\A0213187.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP393\A0213188.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP393\A0213189.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP393\A0213206.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP393\A0213209.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP394\A0213219.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP394\A0213221.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP394\A0213222.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP394\A0213223.srg Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP394\A0213224.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP394\A0213225.vxd Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP394\A0213228.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.n
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP394\A0213229.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.n
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP394\A0213230.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.BargainBuddy.y
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP394\A0213230.exe/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.y
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP394\A0213230.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.y
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP394\A0213242.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP394\A0213253.exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP394\A0213253.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP394\A0213253.exe/stream/data0005/stream/data0002 Infected: not-a-virus:AdWare.Win32.BargainBuddy.y
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP394\A0213253.exe/stream/data0005/stream/data0004 Infected: not-a-virus:AdWare.Win32.BargainBuddy.ae
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP394\A0213253.exe/stream/data0005/stream/data0005 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP394\A0213253.exe/stream/data0005/stream/data0006 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP394\A0213253.exe/stream/data0005/stream/data0007 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP394\A0213253.exe/stream/data0005/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.n
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP394\A0213253.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP394\A0213253.exe/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.n
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP394\A0213253.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.n
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP394\A0213257.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP395\A0213262.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP395\A0213263.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP395\A0213274.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP395\A0213277.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP396\A0213299.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP396\A0213300.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP396\A0213309.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP396\A0213311.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP397\A0213321.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP397\A0213322.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP397\A0213328.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP397\A0213336.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP397\A0213351.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP397\A0213352.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP398\A0213364.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP398\A0213365.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP399\A0213374.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP399\A0213375.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP399\A0213378.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP400\A0213385.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP400\A0213387.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP400\A0213388.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP401\A0213390.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP401\A0213400.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP401\A0213401.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP402\A0213403.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP402\A0213407.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP402\A0213409.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP402\A0213451.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP402\A0213452.srg Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP402\A0213453.vxd Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP402\A0213454.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP402\A0213457.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.n
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP402\A0213458.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.n
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP402\A0213459.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.BargainBuddy.y
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP402\A0213459.exe/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.y
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP402\A0213459.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.y
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP402\A0213488.dll Infected: not-a-virus:AdWare.Win32.BargainBuddy.n
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP402\A0213489.dll Infected: not-a-virus:AdWare.Win32.BargainBuddy.n
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP402\A0213490.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP403\A0213519.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP404\A0216486.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP405\A0217484.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP405\A0217498.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP407\A0218503.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP408\A0219506.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP408\A0220498.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP410\A0221501.dll Infected: not-a-virus:AdWare.Win32.SurfSide.aa
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP410\A0221502.dll Infected: not-a-virus:AdWare.Win32.SurfSide.aa
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP410\A0221503.exe Infected: not-a-virus:AdWare.Win32.SurfSide.aa
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP410\A0221511.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP412\A0222525.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP413\A0224522.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP414\A0225516.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP415\A0225551.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP416\A0226539.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP417\A0226553.dll Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP417\A0226554.exe Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP417\A0226555.exe Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP417\A0226556.dll Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP417\A0226557.exe Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP417\A0227531.dll Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP418\A0227597.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP418\A0227640.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.n
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP418\A0227641.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.ae
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP418\A0227644.exe Infected: not-a-virus:AdWare.Win32.MyWebSearch.ae
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP418\A0227646.exe Infected: not-a-virus:AdWare.Win32.SurfAccuracy.d
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP418\A0227649.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP419\A0227670.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP419\A0227672.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP419\A0227674.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.d
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP419\A0227687.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP420\A0227697.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP420\A0227721.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP421\A0227764.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP421\A0227803.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP421\A0227805.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP421\A0227866.exe Infected: Trojan-Downloader.Win32.Small.bqq
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP421\A0227867.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP422\A0227883.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP422\A0227894.sys Suspicious: Rootkit.Win32.Agent.ao
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP422\A0227895.exe Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP422\A0227905.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP422\A0227920.exe/data.rar/mc-58-12-0000140.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.f
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP422\A0227920.exe/data.rar/al.exe Infected: Trojan-Dropper.Win32.VB.is
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP422\A0227920.exe/data.rar Infected: Trojan-Dropper.Win32.VB.is
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP422\A0227920.exe Infected: Trojan-Dropper.Win32.VB.is
C:\WINDOWS\system32\97_Ventura4_4_0_3_7.exe/WISE0007.BIN Infected: Trojan-Downloader.Win32.TSUpdate.p
C:\WINDOWS\system32\97_Ventura4_4_0_3_7.exe Infected: Trojan-Downloader.Win32.TSUpdate.p
C:\WINDOWS\system32\bsva-egihsg52.exe/data0003 Infected: not-a-virus:AdWare.Win32.BookedSpace.e
C:\WINDOWS\system32\bsva-egihsg52.exe Infected: not-a-virus:AdWare.Win32.BookedSpace.e
C:\WINDOWS\system32\btnetw3_venturahot_246765.exe/data0003 Infected: not-a-virus:AdWare.Win32.HotSearchBar.i
C:\WINDOWS\system32\btnetw3_venturahot_246765.exe Infected: not-a-virus:AdWare.Win32.HotSearchBar.i
C:\WINDOWS\system32\Cache\ssee.exe/data0011 Infected: Trojan.Win32.VB.tx
C:\WINDOWS\system32\Cache\ssee.exe/data0012 Infected: Trojan.Win32.VB.tg
C:\WINDOWS\system32\Cache\ssee.exe Infected: Trojan.Win32.VB.tg
C:\WINDOWS\system32\dmohgina.exe Infected: Trojan.Win32.Crypt.t
C:\WINDOWS\system32\ep02bmec.ini Infected: not-a-virus:AdWare.Win32.Sahat.ao
C:\WINDOWS\system32\GSM3-0511.exe/data0002 Infected: Trojan.Win32.Registrator.b
C:\WINDOWS\system32\GSM3-0511.exe/data0003 Infected: Trojan-Downloader.Win32.Small.ayh
C:\WINDOWS\system32\GSM3-0511.exe Infected: Trojan-Downloader.Win32.Small.ayh
C:\WINDOWS\system32\InstallerV4.exe/data0001 Infected: not-a-virus:AdWare.Win32.SafeSurfing.o
C:\WINDOWS\system32\InstallerV4.exe Infected: not-a-virus:AdWare.Win32.SafeSurfing.o
C:\WINDOWS\system32\lanbruns.exe/data0001 Infected: Trojan-Downloader.NSIS.Agent.i
C:\WINDOWS\system32\lanbruns.exe Infected: Trojan-Downloader.NSIS.Agent.i
C:\WINDOWS\system32\odbshrui.exe Infected: Trojan.Win32.Crypt.t
C:\WINDOWS\system32\richedtr.dll Infected: not-a-virus:AdWare.Win32.SafeSurfing.m
C:\WINDOWS\system32\rktpd728.ini Infected: not-a-virus:AdWare.Win32.Sahat.ao
C:\WINDOWS\unist2.exe Infected: not-a-virus:AdWare.Win32.ShopNav.l

Scan process completed.
aasha86
Regular Member
 
Posts: 56
Joined: September 2nd, 2005, 3:07 pm

Unread postby Kimberly » December 31st, 2005, 2:06 pm

Looks like we are getting nowhere with the cleanup, it keeps coming back.

Instead of using the Windows firewall, download Zone Alarm Free:
http://www.zonelabs.com/store/content/c ... wnload.jsp
Or another firewall and install it.

Copy/paste the following quote box into a new notepad (not wordpad) document.

(Echo %DATE% %TIME%
If exist empty.hiv del empty.hiv
If not Exist "original key.txt" Echo Backing up original KEY & regedit /a "original key.txt" "HKEY_LOCAL_MACHINE\SOFTWARE\YourSiteBar"
IF exist "original key.txt" Echo Backup Created Successfully
Echo.....
Echo Creating HKEY_LOCAL_MACHINE\SOFTWARE\empty

reg add HKEY_LOCAL_MACHINE\SOFTWARE\empty
echo.....
Echo Saving HKEY_LOCAL_MACHINE\SOFTWARE\empty
Reg Save HKEY_LOCAL_MACHINE\SOFTWARE\empty Empty.hiv
echo.....
Echo Deleting HKEY_LOCAL_MACHINE\SOFTWARE\empty
reg delete HKEY_LOCAL_MACHINE\SOFTWARE\empty /f
echo.....
Echo Replacing HKEY_LOCAL_MACHINE\SOFTWARE\YourSiteBar with empty hive
reg restore "HKEY_LOCAL_MACHINE\SOFTWARE\YourSiteBar" empty.hiv
echo.....
Echo Deleting HKEY_LOCAL_MACHINE\SOFTWARE\YourSiteBar
reg delete HKEY_LOCAL_MACHINE\SOFTWARE\YourSiteBar /f

)>logit.txt 2>&1

Start logit.txt

If exist empty.hiv del empty.hiv

Save it to your Desktop as fixkey.bat. Save it as:
File Type: All Files (not as a text document or it wont work).
Name:fixkey.bat

Locate fixkey.bat on your Desktop and double-click it. Please post logit.txt

Double-click Killbox.exe to run it.
Next, you will be entering items into Pocket KillBox. Please select the “Delete on Rebootâ€
User avatar
Kimberly
MRU Teacher Emeritus
 
Posts: 3505
Joined: June 15th, 2005, 12:57 am

Unread postby aasha86 » January 1st, 2006, 10:02 pm

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 7:58:20 PM, 1/1/2006
+ Report-Checksum: 8EBF1052

+ Scan result:

C:\Documents and Settings\bobbie\Cookies\bobbie@server.iad.liveperson[2].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ads.pointroll[2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@atdmt[1].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@media.fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\B11D03C5-81D8-43F9-A357-B6E433\0B45589D-6C13-463C-8857-41A21B -> Spyware.WebSearch : Error during cleaning
C:\Program Files\Microsoft AntiSpyware\Quarantine\B11D03C5-81D8-43F9-A357-B6E433\5DED30C8-373D-46D5-8C43-B128BA -> Spyware.WebSearch : Error during cleaning


::Report End

Sun 01/01/2006 19:59:28.82
Backup Created Successfully
....
Creating HKEY_LOCAL_MACHINE\SOFTWARE\empty

The operation completed successfully
....
Saving HKEY_LOCAL_MACHINE\SOFTWARE\empty

The operation completed successfully
....
Deleting HKEY_LOCAL_MACHINE\SOFTWARE\empty

The operation completed successfully
....
Replacing HKEY_LOCAL_MACHINE\SOFTWARE\YourSiteBar with empty hive

Error: The system was unable to find the specified registry key or value
....
Deleting HKEY_LOCAL_MACHINE\SOFTWARE\YourSiteBar

Error: The system was unable to find the specified registry key or value
aasha86
Regular Member
 
Posts: 56
Joined: September 2nd, 2005, 3:07 pm

Unread postby aasha86 » January 1st, 2006, 11:33 pm

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Sunday, January 01, 2006 21:30:32
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 2/01/2006
Kaspersky Anti-Virus database records: 168580
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 52692
Number of viruses found: 37
Number of infected objects: 276
Number of suspicious objects: 7
Duration of the scan process: 2038 sec

Infected Object Name - Virus Name
C:\!KillBox\97_Ventura4_4_0_3_7.exe/WISE0007.BIN Infected: Trojan-Downloader.Win32.TSUpdate.p
C:\!KillBox\97_Ventura4_4_0_3_7.exe Infected: Trojan-Downloader.Win32.TSUpdate.p
C:\!KillBox\dmohgina.exe Infected: Trojan.Win32.Crypt.t
C:\!KillBox\ep02bmec.ini Infected: not-a-virus:AdWare.Win32.Sahat.ao
C:\!KillBox\GSM3-0511.exe/data0002 Infected: Trojan.Win32.Registrator.b
C:\!KillBox\GSM3-0511.exe/data0003 Infected: Trojan-Downloader.Win32.Small.ayh
C:\!KillBox\GSM3-0511.exe Infected: Trojan-Downloader.Win32.Small.ayh
C:\!KillBox\InstallerV4.exe/data0001 Infected: not-a-virus:AdWare.Win32.SafeSurfing.o
C:\!KillBox\InstallerV4.exe Infected: not-a-virus:AdWare.Win32.SafeSurfing.o
C:\!KillBox\lanbruns.exe/data0001 Infected: Trojan-Downloader.NSIS.Agent.i
C:\!KillBox\lanbruns.exe Infected: Trojan-Downloader.NSIS.Agent.i
C:\!KillBox\odbshrui.exe Infected: Trojan.Win32.Crypt.t
C:\!KillBox\richedtr.dll Infected: not-a-virus:AdWare.Win32.SafeSurfing.m
C:\!KillBox\rktpd728.ini Infected: not-a-virus:AdWare.Win32.Sahat.ao
C:\!KillBox\sjkqjq.exe Infected: Backdoor.Win32.Wisdoor.au
C:\!KillBox\ssee.exe/data0011 Infected: Trojan.Win32.VB.tx
C:\!KillBox\ssee.exe/data0012 Infected: Trojan.Win32.VB.tg
C:\!KillBox\ssee.exe Infected: Trojan.Win32.VB.tg
C:\!KillBox\unist2.exe Infected: not-a-virus:AdWare.Win32.ShopNav.l
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\RegistryCleaner.zip/soproc.exe Suspicious: Password-protected-EXE
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\RegistryCleaner.zip Suspicious: Password-protected-EXE
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QL8HGRO3\package_adp_SIAC[1].exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QL8HGRO3\package_adp_SIAC[1].exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QL8HGRO3\package_adp_SIAC[1].exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QL8HGRO3\package_adp_SIAC[1].exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QL8HGRO3\package_adp_SIAC[1].exe/stream/data0007/stream/data0002 Infected: not-a-virus:AdWare.Win32.BargainBuddy.y
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QL8HGRO3\package_adp_SIAC[1].exe/stream/data0007/stream/data0005 Infected: not-a-virus:AdWare.Win32.BargainBuddy.w
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QL8HGRO3\package_adp_SIAC[1].exe/stream/data0007/stream/data0006 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QL8HGRO3\package_adp_SIAC[1].exe/stream/data0007/stream/data0007 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QL8HGRO3\package_adp_SIAC[1].exe/stream/data0007/stream/data0008 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QL8HGRO3\package_adp_SIAC[1].exe/stream/data0007/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.n
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QL8HGRO3\package_adp_SIAC[1].exe/stream/data0007 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QL8HGRO3\package_adp_SIAC[1].exe/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.n
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QL8HGRO3\package_adp_SIAC[1].exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.n
C:\Documents and Settings\Owner\My Documents\backups\backup-20050902-120545-790 Infected: Exploit.HTML.Mht
C:\Documents and Settings\Owner\My Documents\backups\backup-20050902-120545-970 Suspicious: Exploit.HTML.Mht
C:\Program Files\BearShare\Installer\BSInstall5.1.0.26.exe/WISE0024.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.bo
C:\Program Files\BearShare\Installer\BSInstall5.1.0.26.exe Infected: not-a-virus:AdWare.Win32.SaveNow.bo
C:\Program Files\Microsoft AntiSpyware\Quarantine\B11D03C5-81D8-43F9-A357-B6E433\0B45589D-6C13-463C-8857-41A21B Infected: not-a-virus:AdWare.Win32.WebSearch.an
C:\Program Files\Microsoft AntiSpyware\Quarantine\B11D03C5-81D8-43F9-A357-B6E433\5DED30C8-373D-46D5-8C43-B128BA Infected: not-a-virus:AdWare.Win32.WebSearch.an
C:\sjkqjq.exe Infected: Backdoor.Win32.Wisdoor.au
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP338\A0196325.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP338\A0196330.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP341\A0196355.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP342\A0197496.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP342\A0197497.dll/Catcher.dll Infected: not-a-virus:AdWare.Win32.Maxifiles.s
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP342\A0197497.dll/gui.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.a
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP342\A0197497.dll Infected: not-a-virus:AdWare.Win32.Maxifiles.a
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP343\A0198364.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP343\A0198385.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP344\A0198388.exe Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP344\A0198389.dll Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP344\A0198391.exe Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP344\A0198392.exe Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP344\A0198393.dll Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP344\A0198394.exe Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP345\A0198420.dll Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP345\A0198424.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP345\A0198429.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP347\A0198443.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP349\A0199452.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP349\A0199453.dll/Catcher.dll Infected: not-a-virus:AdWare.Win32.Maxifiles.s
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP349\A0199453.dll/gui.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.a
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP349\A0199453.dll Infected: not-a-virus:AdWare.Win32.Maxifiles.a
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP350\A0199459.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP352\A0199476.exe Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP352\A0199477.dll Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP352\A0199478.dll Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP352\A0199480.exe Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP352\A0199481.exe Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP352\A0199482.dll Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP352\A0199483.exe Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP352\A0199484.sys Suspicious: Rootkit.Win32.Agent.ao
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP353\A0199523.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP355\A0200438.dll Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP355\A0200442.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP356\A0200564.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP359\A0200614.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP359\A0200615.dll/Catcher.dll Infected: not-a-virus:AdWare.Win32.Maxifiles.s
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP359\A0200615.dll/gui.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.a
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP359\A0200615.dll Infected: not-a-virus:AdWare.Win32.Maxifiles.a
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP359\A0201597.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP363\A0201686.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP363\A0201692.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP365\A0202692.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP367\A0202717.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP367\A0202727.dll Infected: not-a-virus:AdWare.Win32.SurfSide.t
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP367\A0202728.dll Infected: not-a-virus:AdWare.Win32.SurfSide.aa
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP367\A0202729.exe Infected: not-a-virus:AdWare.Win32.SurfSide.aa
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP369\A0203689.dll Infected: not-a-virus:AdWare.Win32.SurfSide.t
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP369\A0203696.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP369\A0204702.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP369\A0205697.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP371\A0206692.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP377\A0207720.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP379\A0208692.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP382\A0209751.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP382\A0209755.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP382\A0209763.exe Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP382\A0209764.exe Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP382\A0209765.sys Suspicious: Rootkit.Win32.Agent.ao
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP382\A0209861.exe/InpB/SskBho.dll Infected: not-a-virus:AdWare.Win32.SurfSide.t
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP382\A0209861.exe/InpB/SskCore.dll Infected: not-a-virus:AdWare.Win32.SurfSide.aa
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP382\A0209861.exe/InpB/Ssk.exe Infected: not-a-virus:AdWare.Win32.SurfSide.aa
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP382\A0209861.exe/InpB/Ssk3RepairInstall.exe Infected: not-a-virus:AdWare.Win32.SurfSide.t
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP382\A0209861.exe/InpB Infected: not-a-virus:AdWare.Win32.SurfSide.t
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP382\A0209861.exe Infected: not-a-virus:AdWare.Win32.SurfSide.t
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP383\A0210024.dll Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP383\A0210025.dll Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP383\A0210026.exe Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP383\A0210027.dll Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP383\A0210044.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP383\A0210054.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ad
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP383\A0210058.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP385\A0210081.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP385\A0210084.dll Infected: not-a-virus:AdWare.Win32.Maxifiles.s
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP386\A0210106.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP387\A0210132.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP388\A0211139.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP389\A0212144.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP389\A0212148.exe Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP389\A0212149.dll Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP389\A0212150.exe Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP389\A0212151.exe Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP389\A0212152.dll Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP389\A0212153.sys Suspicious: Rootkit.Win32.Agent.ao
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP390\A0212180.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP390\A0212186.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP390\A0212187.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP390\A0212188.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP390\snapshot\MFEX-1.DAT Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP391\A0212205.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP391\A0212206.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP391\A0212207.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP391\snapshot\MFEX-1.DAT Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP392\A0213136.dll Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP392\A0213137.srg Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP392\A0213141.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP392\A0213157.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP392\A0213163.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP392\A0213164.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP392\A0213165.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP392\snapshot\MFEX-1.DAT Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP393\A0213187.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP393\A0213188.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP393\A0213189.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP393\A0213206.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP393\A0213209.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP394\A0213219.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP394\A0213221.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP394\A0213222.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP394\A0213223.srg Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP394\A0213224.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP394\A0213225.vxd Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP394\A0213228.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.n
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP394\A0213229.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.n
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP394\A0213230.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.BargainBuddy.y
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP394\A0213230.exe/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.y
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP394\A0213230.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.y
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP394\A0213242.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP394\A0213253.exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP394\A0213253.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP394\A0213253.exe/stream/data0005/stream/data0002 Infected: not-a-virus:AdWare.Win32.BargainBuddy.y
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP394\A0213253.exe/stream/data0005/stream/data0004 Infected: not-a-virus:AdWare.Win32.BargainBuddy.ae
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP394\A0213253.exe/stream/data0005/stream/data0005 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP394\A0213253.exe/stream/data0005/stream/data0006 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP394\A0213253.exe/stream/data0005/stream/data0007 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP394\A0213253.exe/stream/data0005/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.n
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP394\A0213253.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP394\A0213253.exe/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.n
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP394\A0213253.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.n
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP394\A0213257.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP395\A0213262.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP395\A0213263.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP395\A0213274.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP395\A0213277.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP396\A0213299.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP396\A0213300.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP396\A0213309.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP396\A0213311.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP397\A0213321.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP397\A0213322.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP397\A0213328.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP397\A0213336.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP397\A0213351.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP397\A0213352.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP398\A0213364.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP398\A0213365.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP399\A0213374.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP399\A0213375.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP399\A0213378.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP400\A0213385.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP400\A0213387.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP400\A0213388.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP401\A0213390.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP401\A0213400.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP401\A0213401.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP402\A0213403.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP402\A0213407.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP402\A0213409.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP402\A0213451.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP402\A0213452.srg Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP402\A0213453.vxd Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP402\A0213454.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP402\A0213457.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.n
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP402\A0213458.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.n
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP402\A0213459.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.BargainBuddy.y
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP402\A0213459.exe/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.y
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP402\A0213459.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.y
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP402\A0213488.dll Infected: not-a-virus:AdWare.Win32.BargainBuddy.n
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP402\A0213489.dll Infected: not-a-virus:AdWare.Win32.BargainBuddy.n
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP402\A0213490.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP403\A0213519.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP404\A0216486.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP405\A0217484.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP405\A0217498.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP407\A0218503.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP408\A0219506.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP408\A0220498.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP410\A0221501.dll Infected: not-a-virus:AdWare.Win32.SurfSide.aa
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP410\A0221502.dll Infected: not-a-virus:AdWare.Win32.SurfSide.aa
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP410\A0221503.exe Infected: not-a-virus:AdWare.Win32.SurfSide.aa
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP410\A0221511.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP412\A0222525.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP413\A0224522.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP414\A0225516.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP415\A0225551.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP416\A0226539.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP417\A0226553.dll Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP417\A0226554.exe Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP417\A0226555.exe Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP417\A0226556.dll Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP417\A0226557.exe Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP417\A0227531.dll Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP418\A0227597.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP418\A0227640.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.n
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP418\A0227641.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.ae
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP418\A0227644.exe Infected: not-a-virus:AdWare.Win32.MyWebSearch.ae
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP418\A0227646.exe Infected: not-a-virus:AdWare.Win32.SurfAccuracy.d
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP418\A0227649.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP419\A0227670.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP419\A0227672.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP419\A0227674.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.d
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP419\A0227687.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP420\A0227697.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP420\A0227721.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP421\A0227764.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP421\A0227803.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP421\A0227805.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP421\A0227866.exe Infected: Trojan-Downloader.Win32.Small.bqq
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP421\A0227867.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.h
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP422\A0227883.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP422\A0227894.sys Suspicious: Rootkit.Win32.Agent.ao
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP422\A0227895.exe Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP422\A0227905.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP422\A0227920.exe/data.rar/mc-58-12-0000140.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.f
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP422\A0227920.exe/data.rar/al.exe Infected: Trojan-Dropper.Win32.VB.is
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP422\A0227920.exe/data.rar Infected: Trojan-Dropper.Win32.VB.is
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP422\A0227920.exe Infected: Trojan-Dropper.Win32.VB.is
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP423\A0227931.exe Infected: Trojan-Downloader.Win32.Small.bqq
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP423\A0227932.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP423\A0227963.exe Infected: not-a-virus:AdWare.Win32.ShopNav.l
C:\System Volume Information\_restore{EFCE6CF9-7C45-4923-9E49-39317F889793}\RP423\A0227964.ini Infected: not-a-virus:AdWare.Win32.Sahat.ao
C:\WINDOWS\system32\97_Ventura4_4_0_3_7.exe/WISE0007.BIN Infected: Trojan-Downloader.Win32.TSUpdate.p
C:\WINDOWS\system32\97_Ventura4_4_0_3_7.exe Infected: Trojan-Downloader.Win32.TSUpdate.p
C:\WINDOWS\system32\bsva-egihsg52.exe/data0003 Infected: not-a-virus:AdWare.Win32.BookedSpace.e
C:\WINDOWS\system32\bsva-egihsg52.exe Infected: not-a-virus:AdWare.Win32.BookedSpace.e
C:\WINDOWS\system32\btnetw3_venturahot_246765.exe/data0003 Infected: not-a-virus:AdWare.Win32.HotSearchBar.i
C:\WINDOWS\system32\btnetw3_venturahot_246765.exe Infected: not-a-virus:AdWare.Win32.HotSearchBar.i
C:\WINDOWS\system32\Cache\ssee.exe/data0011 Infected: Trojan.Win32.VB.tx
C:\WINDOWS\system32\Cache\ssee.exe/data0012 Infected: Trojan.Win32.VB.tg
C:\WINDOWS\system32\Cache\ssee.exe Infected: Trojan.Win32.VB.tg
C:\WINDOWS\system32\dmohgina.exe Infected: Trojan.Win32.Crypt.t
C:\WINDOWS\system32\ep02bmec.ini Infected: not-a-virus:AdWare.Win32.Sahat.ao
C:\WINDOWS\system32\GSM3-0511.exe/data0002 Infected: Trojan.Win32.Registrator.b
C:\WINDOWS\system32\GSM3-0511.exe/data0003 Infected: Trojan-Downloader.Win32.Small.ayh
C:\WINDOWS\system32\GSM3-0511.exe Infected: Trojan-Downloader.Win32.Small.ayh
C:\WINDOWS\system32\InstallerV4.exe/data0001 Infected: not-a-virus:AdWare.Win32.SafeSurfing.o
C:\WINDOWS\system32\InstallerV4.exe Infected: not-a-virus:AdWare.Win32.SafeSurfing.o
C:\WINDOWS\system32\lanbruns.exe/data0001 Infected: Trojan-Downloader.NSIS.Agent.i
C:\WINDOWS\system32\lanbruns.exe Infected: Trojan-Downloader.NSIS.Agent.i
C:\WINDOWS\system32\odbshrui.exe Infected: Trojan.Win32.Crypt.t
C:\WINDOWS\system32\richedtr.dll Infected: not-a-virus:AdWare.Win32.SafeSurfing.m

Scan process completed.
aasha86
Regular Member
 
Posts: 56
Joined: September 2nd, 2005, 3:07 pm

Unread postby aasha86 » January 1st, 2006, 11:35 pm

Logfile of HijackThis v1.99.1
Scan saved at 9:32:21 PM, on 1/1/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\My Documents\hjt\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmail.uchicago.edu/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Internet Explorer Web Content Catcher - {FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} - C:\Program Files\DNS\Catcher.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Network] C:\Program Files\Network\network.exe
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [AOL Instant Messanger] aim.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://tdserver.bitstream.com/tdserver.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/ ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid= ... lcid=0x409
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - http://echat.us.dell.com/Media/VisitorC ... EFlash.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
aasha86
Regular Member
 
Posts: 56
Joined: September 2nd, 2005, 3:07 pm

Unread postby Kimberly » January 2nd, 2006, 10:36 am

I would like a regexport from the following keys :

Copy/paste the following quote box into a new notepad (not wordpad) document.

regedit /e %systemdrive%\regkey.txt "HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce"
notepad %systemdrive%\regkey.txt
del /q %systemdrive%\regkey.txt
regedit /e %systemdrive%\regkey1.txt "HKEY_LOCAL_MACHINE\software\system\sysold"
notepad %systemdrive%\regkey1.txt
del /q %systemdrive%\regkey1.txt

Save it to your Desktop as regkey.bat. Save it as:
File Type: All Files (not as a text document or it wont work).
Name:regkey.bat

Locate regkey.bat on your Desktop and double-click it. When notepad opens, copy/paste the content in your reply. When you close Notepad the CMD window will close automatically and the text file will be deleted.

Post the content of the 2 notepad files.

Kim
User avatar
Kimberly
MRU Teacher Emeritus
 
Posts: 3505
Joined: June 15th, 2005, 12:57 am

Unread postby aasha86 » January 2nd, 2006, 6:32 pm

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\software\system\sysold]
"mbop1-0-3b.exe"="C:\\WINDOWS\\mbop1-0-3b.exe"
aasha86
Regular Member
 
Posts: 56
Joined: September 2nd, 2005, 3:07 pm

Unread postby Kimberly » January 3rd, 2006, 10:58 am

I see that you still run Bearshare. This is my last attempt to clean up these files. As long as Bearshare is installed, we will probably be unable to clean up your system further than this stage. They keep coming back and Bearshare is the culprit. Keeping cleaning them up while the source of the problem is still used, is a waste of time for both of us. If you want to use Bearshare, you will have to live with this spyware on your computer, there's no way to separate them.

At least you have a firewall running now, very pleased to see that. :)

Copy/paste the following text into a new Notepad document. Make sure that you have one blank line at the end of the document as shown in the quoted text.

REGEDIT4

[-HKEY_LOCAL_MACHINE\software\system\sysold]

[-HKEY_CLASSES_ROOT\CLSID\{16B238D5-80DE-47CE-8F17-B3ECE2C2248D}]

[-HKEY_CLASSES_ROOT\CLSID\{197B8CA4-E215-46DD-8F33-E0544A80E5C4}]

[-HKEY_CLASSES_ROOT\CLSID\{71D1708F-973D-4600-AF01-AD86688403AE}]

[-HKEY_CLASSES_ROOT\CLSID\{F79A2C4B-8776-4ED7-8B2F-4786A4A3500A}]

[-HKEY_CLASSES_ROOT\Interface\{0A0CB91F-304B-44AD-9460-9C55465163A4}]

[-HKEY_CLASSES_ROOT\Interface\{2AB7A3C6-9D09-428C-AA65-07BD49FB7065}]

[-HKEY_CLASSES_ROOT\Interface\{32A9D21F-F510-44DC-9EA6-0456EDA04668}]

[-HKEY_CLASSES_ROOT\Interface\{4562B6F3-DAF8-464E-87B7-5464575F0D6A}]

[-HKEY_CLASSES_ROOT\Interface\{57CB9B97-9FF9-4C87-88A4-56A867FFC95E}]

[-HKEY_CLASSES_ROOT\Interface\{DA4B919F-B757-4E32-8D79-DEC5C2704C4B}]

[-HKEY_CLASSES_ROOT\Interface\{F1AD96E6-E575-44D9-9BBF-F3FDCF06C454}]

[-HKEY_CLASSES_ROOT\TypeLib\{00DC9FF2-EA77-49C7-8DEF-722FD81CAB59}]

[-HKEY_CLASSES_ROOT\TypeLib\{227D1E33-EAD4-4ACE-BE32-4ACFAAD072DD}]

[-HKEY_CLASSES_ROOT\TypeLib\{33ADD70F-53AB-4F97-B4B6-997881820F6D}]

[-HKEY_CLASSES_ROOT\TypeLib\{34A35BBB-8C19-4482-864C-290BD8DD6A5D}]

[-HKEY_CLASSES_ROOT\Var3.RsyncHlpr.1]

[-HKEY_CLASSES_ROOT\VBRun.VBRunDLL]

[-HKEY_CLASSES_ROOT\VBRun.VBRunDLL.1]

[-HKEY_CLASSES_ROOT\LowSol.RichEditor]

[-HKEY_CLASSES_ROOT\LowSol.RichEditor.1]

[-HKEY_CLASSES_ROOT\Pool.LANBridge]

[-HKEY_CLASSES_ROOT\Pool.LANBridge.1]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Netsync]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\RsyncMon]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\regsync]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\vbrundll]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\richedtr]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\richup]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\lanbrd]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\lanbrup]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{16B238D5-80DE-47CE-8F17-B3ECE2C2248D}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{197B8CA4-E215-46DD-8F33-E0544A80E5C4}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{71D1708F-973D-4600-AF01-AD86688403AE}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F79A2C4B-8776-4ED7-8B2F-4786A4A3500A}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\RSyncMon]

[-HKEY_LOCAL_MACHINE\SOFTWARE\VBRun]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Lanbridge]

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\RSyncMon]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VBRunDLL]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RichEditor]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LANBridge]

[-HKEY_LOCAL_MACHINE\SOFTWARE\SafeSurfing]

[-HKEY_LOCAL_MACHINE\SOFTWARE\RichEd]


Save it to your desktop as Fixme.reg. Save it as :
File Type: All Files (not as a text document or it wont work).
Name: Fixme.reg

Locate Fixme.reg on your desktop and double-click it. When asked if you want to merge with the registry, click YES. Wait for the merged successfully prompt.
______________________________

Close all browsers and programs.

Run HijackThis, click on Open the Misc Tools Section and finally click on the ADS Spy button. Press the Scan button and the program will start to scan your Windows folder for any files that are Alternate Data Streams. If it finds any, it will display them. Place a checkmark next to its entry and click on the Remove selected button. This will remove the ADS file from your computer. When you are done, press the Back button next to the Remove selected until you are at the main HijackThis screen.
______________________________

Double-click Killbox.exe to run it.
Next, you will be entering items into Pocket KillBox. Please select the “Delete on Rebootâ€
User avatar
Kimberly
MRU Teacher Emeritus
 
Posts: 3505
Joined: June 15th, 2005, 12:57 am

Unread postby NonSuch » January 12th, 2006, 5:17 am

Whilst we appreciate that you may be busy, it has been 10 days or more since we heard from you.

Infections can change and fresh instructions will now need to be given. This topic is now closed, if you still require assistance then please start a new topic in the Malware Removal Forum.

If you wish this topic reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid,
working link to the closed topic is required along with the user name used.
If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27216
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 47 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware