We will need to see a Hijack This log to help you. Please follow the instructions here on how to generate a log and the steps to take before posting your log.
Logfile of HijackThis v1.99.1
Scan saved at 7:07:11 PM, on 8/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
well, the internet seems very slow alls of a sudden. Just suddenly it started going very, very slow. could you help with this? Normally it will loada page in roughly 3 seconds, and now it is taking nearly 15!!!
Please download ewido security suite. Save the setup file to a convenient location such as your desktop. Run the setup file. Open ewido and when prompted to update ewido do so. Exit ewido for now.
Reboot into safe mode. To enter safe mode>reboot your system>repeatedly tap the F8 button at the start up screen until a menu appears>select safe mode from the menu.
Run a full system scan with Ad-Aware SE and Spybot S&D.
Remove all infected files.
Reboot into normal mode and run a full scan of your system with ewido security suite. Save the results from ewido.
wehen i tried doing both online scans, it said i need IE. Thopugh ewhen i downlaoded it, IE 6, it said there was a version on my computer already?, cna u please send me the internet explorer link that i should use? Other wise here is the ewido log
ewido security suite - Scan report
+ Created on: 1:13:57 AM, 8/13/2005
+ Report-Checksum: 62521617
+ Scan result:
HKLM\SOFTWARE\Classes\CLSID\{3BA763E9-3208-0CD2-31BD-37026D1B8537} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4C96C433-2EDC-3926-B873-410DB1199685} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{5B9A8BE3-69A5-661B-3BB5-FA99E29D5453} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{69C2D4B0-CE91-AAB5-0BB5-4F75B848492D} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6C69E2F6-F200-55DF-18C6-3C368029FD3E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7A8EC00B-7964-C396-E2F8-621F6C9029FA} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8BBD3FEB-8F56-FA45-F83E-0589E7E09434} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C2592E32-BC17-88BD-429F-D90632EDB3F1} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C9368290-DE0B-80FF-0E2D-8933F6CA1A46} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D6036847-0CE9-CD98-8490-CBE09650BB49} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{EF24BEB1-9592-9F8F-4B29-99399FD2C231} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FC92C3DE-F786-C2A4-4565-359ECF140E14} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\.DEFAULT\Software\toolbar -> Spyware.WebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1202660629-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000010-6F7D-442C-93E3-4A4827C2E4C8} -> Spyware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-21-299502267-1202660629-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{016235BE-59D4-4CEB-ADD5-E2378282A1D9} -> Spyware.AproposMedia : Cleaned with backup
HKU\S-1-5-21-299502267-1202660629-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10E42047-DEB9-4535-A118-B3F6EC39B807} -> Spyware.SideFind : Cleaned with backup
HKU\S-1-5-21-299502267-1202660629-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A} -> Spyware.Antispykeylog : Cleaned with backup
HKU\S-1-5-21-299502267-1202660629-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Spyware.NewDotNet : Cleaned with backup
HKU\S-1-5-21-299502267-1202660629-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{669695BC-A811-4A9D-8CDF-BA8C795F261C} -> Spyware.PowerStrip : Cleaned with backup
HKU\S-1-5-21-299502267-1202660629-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82315A18-6CFB-44A7-BDFD-90E36537C252} -> Spyware.NewDotNet : Cleaned with backup
HKU\S-1-5-21-299502267-1202660629-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3FDD654-A057-4971-9844-4ED8E67DBBB8} -> Spyware.ISTBar : Cleaned with backup
HKU\S-1-5-21-299502267-1202660629-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA2325ED-F9EB-4830-8FCE-0BC35B16969B} -> Spyware.SaveNow : Cleaned with backup
HKU\S-1-5-21-299502267-1202660629-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} -> Spyware.BargainBuddy : Cleaned with backup
HKU\S-1-5-21-299502267-1202660629-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FAA356E4-D317-42A6-AB41-A3021C6E7D52} -> Spyware.ISTBar : Cleaned with backup
HKU\S-1-5-18\Software\toolbar -> Spyware.WebSearch : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\McAfee.com\VSO\Quarantine\n_dxusrk.MCQ:aigtg -> TrojanDownloader.Agent.bc : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Lindo\Application Data\Ideal Browser Mx V2.0\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Lindo\Application Data\Ideal Browser Mx V2.0\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Lindo\Application Data\Ideal Browser Mx V2.0\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Lindo\Application Data\Ideal Browser Mx V2.0\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Lindo\Application Data\Ideal Browser Mx V2.0\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Lindo\Application Data\Ideal Browser Mx V2.0\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Lindo\Application Data\Ideal Browser Mx V2.0\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Lindo\Application Data\Ideal Browser Mx V2.0\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Lindo\Application Data\Ideal Browser Mx V2.0\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Lindo\Application Data\Ideal Browser Mx V2.0\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Lindo\Application Data\Ideal Browser Mx V2.0\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Lindo\Application Data\Ideal Browser Mx V2.0\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Lindo\Application Data\Ideal Browser Mx V2.0\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Lindo\Application Data\Ideal Browser Mx V2.0\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Lindo\Application Data\Ideal Browser Mx V2.0\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Lindo\Application Data\Ideal Browser Mx V2.0\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Lindo\Application Data\Ideal Browser Mx V2.0\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Lindo\Application Data\Ideal Browser Mx V2.0\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Lindo\Application Data\Ideal Browser Mx V2.0\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Lindo\Application Data\Ideal Browser Mx V2.0\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Lindo\Application Data\Ideal Browser Mx V2.0\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Lindo\Application Data\Ideal Browser Mx V2.0\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Lindo\Application Data\Ideal Browser Mx V2.0\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Lindo\Application Data\Ideal Browser Mx V2.0\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Lindo\Application Data\Ideal Browser Mx V2.0\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Lindo\Application Data\Ideal Browser Mx V2.0\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Lindo\Application Data\Ideal Browser Mx V2.0\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Lindo\Application Data\Ideal Browser Mx V2.0\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Lindo\Application Data\Mozilla\Firefox\Profiles\gkehuowy.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Lindo\Application Data\Mozilla\Firefox\Profiles\gkehuowy.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Lindo\Application Data\Mozilla\Firefox\Profiles\gkehuowy.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Lindo\Application Data\Mozilla\Firefox\Profiles\gkehuowy.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Lindo\Application Data\Mozilla\Firefox\Profiles\gkehuowy.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Lindo\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0D.dat/files\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
C:\Program Files\WinAce\winace.exe -> Heuristic.Win32.AVKiller : Cleaned with backup
C:\WINDOWS\agxxr.log:bmsxc -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\atid.ini:mzkrf -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\atid.ini:sbtks -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\Blue Lace 16.bmp:cfdak -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\Blue Lace 16.bmp:puhqu -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\bootstat.dat:mfnyj -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\Coffee Bean.bmp:eodiy -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\Coffee Bean.bmp:evsap -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\Coffee Bean.bmp:lrbqn -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\comsetup.log:rlhiu -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\CS_SETUP.ini:dgynu -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\DATA.TCD:avkiq -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\DATA.TCD:nhgkh -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\DirectX.log:sxowh -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\DirectX.log:wtnbk -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\DJBDRV.LOG:cnsaq -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\DJBDRV.LOG:opvkl -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\DtcInstall.log:icycy -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\DtcInstall.log:tgjoig -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\DtcInstall.log:tqcti -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\DtcInstall.log:uutgh -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\explorer.scf:cscgg -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\explorer.scf:jywdui -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\explorer.scf:ymgak -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\Gone Fishing.bmp:kbsqk -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\KB813744.log:crhov -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\KB813744.log:mbusb -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\KB813744.log:miejn -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\laabog.exe -> Trojan.MulDrop.2057 : Cleaned with backup
C:\WINDOWS\NDNuninstall5_64.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\NDNuninstall6_38.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\ntdtcsetup.log:tqpga -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\n_bkdgka.dat:oymzk -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\n_ibmugz.dat:muduz -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\n_icsxjg.log:taiqx -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\n_yvakut.txt:eclbu -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\n_zgwdun.log:qzenc -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\OEWABLog.txt:zepue -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\Prairie Wind.bmp:dlfmm -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\Prairie Wind.bmp:jlxel -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\Prairie Wind.bmp:lhyfn -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\Q321178.log:blijf -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\Q321178.log:delvs -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\River Sumida.bmp:vydfz -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\rzbti.log:undic -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\Santa Fe Stucco.bmp:qheqcm -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\Santa Fe Stucco.bmp:xoujr -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\SchedLgU.Txt:ofxfp -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\SchedLgU.Txt:vwhmj -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\setupact.log:yqzyc -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\Sti_Trace.log:tnftqy -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\switchagreement.txt:crkim -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\switchagreement.txt:gcmif -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\switchagreement.txt:maxtv -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\switchagreement.txt:mbxdi -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\vgyjzndw30101lib.dll -> TrojanDownloader.Lastad.h : Cleaned with backup
C:\WINDOWS\tsoc.log:thihl -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\vb.ini:epcii -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\vbaddin.ini:bsvwa -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\vbaddin.ini:gupoa -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\wiaservc.log:qoyou -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\Winchat.ini:gtpyo -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\Winchat.ini:hkygz -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\winnt.bmp:ghsfu -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\winnt.bmp:rbnsj -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\winnt.bmp:ypbsb -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\wmsetup.log:zufar -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\wstemp.bin:agxxrb -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\Zapotec.bmp:klbmx -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\Zapotec.bmp:nxqvf -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\Zapotec.bmp:qjepq -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\Zapotec.bmp:rfxyv -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\_default.pif:akevf -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:awmfv -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:bohlkr -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:btimz -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\_default.pif:bxmqh -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default.pif:cgijr -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:ckuis -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:coitn -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:dffxu -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\_default.pif:dhrgz -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default.pif:dkdhh -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\_default.pif:dnwda -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\_default.pif:eoist -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:ezdpgw -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:fixpm -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\_default.pif:frtnw -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\_default.pif:fsork -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\_default.pif:ggiir -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:gnptr -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\_default.pif:iehxw -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:ieith -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:ijpkl -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default.pif:itplv -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:jasrv -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\_default.pif:jblhy -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:kjcxw -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:kvpxs -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:lcsdh -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:lihdg -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\_default.pif:lqnvu -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\_default.pif:lsgoa -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default.pif:oflnh -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\_default.pif:olgsd -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:opzow -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:oxzni -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\_default.pif:phisw -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\_default.pif:pjbdj -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\_default.pif:ptzbg -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:qtupa -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\_default.pif:rfygu -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\_default.pif:rgamn -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:rgoye -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:rirpe -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\_default.pif:rugkz -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:rxjlv -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:rzlqh -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:ueekp -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default.pif:vijmb -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default.pif:vkqnq -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:wuals -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default.pif:xcxbl -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default.pif:xfhvl -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:xlvma -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\_default.pif:ybmwy -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:yqxgo -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:yyuoc -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:yzapc -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\_default.pif:yzcgf -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:zizea -> TrojanDownloader.Agent.jb : Cleaned with backup
::Report End
also i downlaoded the bug doctor, and that seemed to make it a noticible amountlky faster
Dialer:dialer.xd No disinfected C:\WINDOWS\switchagreement.txt
Adware:adware/cws No disinfected C:\DOCUMENTS AND SETTINGS\LINDO\FAVORITES\Going Places
Adware:adware/wintools No disinfected Windows Registry
Spyware:Spyware/ISTbar No disinfected C:\Documents and Settings\Lindo\Application Data\Mozilla\Firefox\Profiles\00b1q37w.Default User\Cache\7B25DE5Dd01
Dialer:Dialer.Gen No disinfected C:\WINDOWS\switchagreement.txt
Adware:Adware/WUpd No disinfected C:\WINDOWS\system32\rebates.exe
Comments
http://www.short-media.com/forum/showthread.php?t=14915
Scan saved at 7:07:11 PM, on 8/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\PROGRA~1\mcafee.com\agent\McAgent.exe
C:\Program Files\Common Files\AOL\1105394123\ee\AOLHostManager.exe
C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1105394123\ee\AOLServiceHost.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Program Files\Verizon Online\Support Center\bin\mpbtn.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\Program Files\XoftSpy\XoftSpy.exe
C:\HJT\hijackthis_199\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer powered by Verizon Broadband
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1105394123\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Broadband Support Center.lnk = C:\Program Files\Verizon Online\Support Center\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: strings.exe
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Network DDE Connections (NETDDEC) - Unknown owner - C:\WINDOWS\system32\service.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Reboot into safe mode. To enter safe mode>reboot your system>repeatedly tap the F8 button at the start up screen until a menu appears>select safe mode from the menu.
Run a full system scan with Ad-Aware SE and Spybot S&D.
Remove all infected files.
Reboot into normal mode and run a full scan of your system with ewido security suite. Save the results from ewido.
Run these online scans:
activescan
Bitdefender
Save the results from activescan.
Post the results from activescan and ewido security suite.
ewido security suite - Scan report
+ Created on: 1:13:57 AM, 8/13/2005
+ Report-Checksum: 62521617
+ Scan result:
HKLM\SOFTWARE\Classes\CLSID\{3BA763E9-3208-0CD2-31BD-37026D1B8537} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4C96C433-2EDC-3926-B873-410DB1199685} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{5B9A8BE3-69A5-661B-3BB5-FA99E29D5453} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{69C2D4B0-CE91-AAB5-0BB5-4F75B848492D} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6C69E2F6-F200-55DF-18C6-3C368029FD3E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7A8EC00B-7964-C396-E2F8-621F6C9029FA} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8BBD3FEB-8F56-FA45-F83E-0589E7E09434} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C2592E32-BC17-88BD-429F-D90632EDB3F1} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C9368290-DE0B-80FF-0E2D-8933F6CA1A46} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D6036847-0CE9-CD98-8490-CBE09650BB49} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{EF24BEB1-9592-9F8F-4B29-99399FD2C231} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FC92C3DE-F786-C2A4-4565-359ECF140E14} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\.DEFAULT\Software\toolbar -> Spyware.WebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1202660629-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000010-6F7D-442C-93E3-4A4827C2E4C8} -> Spyware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-21-299502267-1202660629-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{016235BE-59D4-4CEB-ADD5-E2378282A1D9} -> Spyware.AproposMedia : Cleaned with backup
HKU\S-1-5-21-299502267-1202660629-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10E42047-DEB9-4535-A118-B3F6EC39B807} -> Spyware.SideFind : Cleaned with backup
HKU\S-1-5-21-299502267-1202660629-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A} -> Spyware.Antispykeylog : Cleaned with backup
HKU\S-1-5-21-299502267-1202660629-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Spyware.NewDotNet : Cleaned with backup
HKU\S-1-5-21-299502267-1202660629-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{669695BC-A811-4A9D-8CDF-BA8C795F261C} -> Spyware.PowerStrip : Cleaned with backup
HKU\S-1-5-21-299502267-1202660629-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82315A18-6CFB-44A7-BDFD-90E36537C252} -> Spyware.NewDotNet : Cleaned with backup
HKU\S-1-5-21-299502267-1202660629-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3FDD654-A057-4971-9844-4ED8E67DBBB8} -> Spyware.ISTBar : Cleaned with backup
HKU\S-1-5-21-299502267-1202660629-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA2325ED-F9EB-4830-8FCE-0BC35B16969B} -> Spyware.SaveNow : Cleaned with backup
HKU\S-1-5-21-299502267-1202660629-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} -> Spyware.BargainBuddy : Cleaned with backup
HKU\S-1-5-21-299502267-1202660629-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FAA356E4-D317-42A6-AB41-A3021C6E7D52} -> Spyware.ISTBar : Cleaned with backup
HKU\S-1-5-18\Software\toolbar -> Spyware.WebSearch : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\McAfee.com\VSO\Quarantine\n_dxusrk.MCQ:aigtg -> TrojanDownloader.Agent.bc : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Lindo\Application Data\Ideal Browser Mx V2.0\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Lindo\Application Data\Ideal Browser Mx V2.0\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Lindo\Application Data\Ideal Browser Mx V2.0\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Lindo\Application Data\Ideal Browser Mx V2.0\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Lindo\Application Data\Ideal Browser Mx V2.0\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Lindo\Application Data\Ideal Browser Mx V2.0\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Lindo\Application Data\Ideal Browser Mx V2.0\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Lindo\Application Data\Ideal Browser Mx V2.0\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Lindo\Application Data\Ideal Browser Mx V2.0\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Lindo\Application Data\Ideal Browser Mx V2.0\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Lindo\Application Data\Ideal Browser Mx V2.0\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Lindo\Application Data\Ideal Browser Mx V2.0\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Lindo\Application Data\Ideal Browser Mx V2.0\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Lindo\Application Data\Ideal Browser Mx V2.0\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Lindo\Application Data\Ideal Browser Mx V2.0\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Lindo\Application Data\Ideal Browser Mx V2.0\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Lindo\Application Data\Ideal Browser Mx V2.0\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Lindo\Application Data\Ideal Browser Mx V2.0\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Lindo\Application Data\Ideal Browser Mx V2.0\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Lindo\Application Data\Ideal Browser Mx V2.0\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Lindo\Application Data\Ideal Browser Mx V2.0\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Lindo\Application Data\Ideal Browser Mx V2.0\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Lindo\Application Data\Ideal Browser Mx V2.0\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Lindo\Application Data\Ideal Browser Mx V2.0\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Lindo\Application Data\Ideal Browser Mx V2.0\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Lindo\Application Data\Ideal Browser Mx V2.0\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Lindo\Application Data\Ideal Browser Mx V2.0\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Lindo\Application Data\Ideal Browser Mx V2.0\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Lindo\Application Data\Mozilla\Firefox\Profiles\gkehuowy.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Lindo\Application Data\Mozilla\Firefox\Profiles\gkehuowy.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Lindo\Application Data\Mozilla\Firefox\Profiles\gkehuowy.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Lindo\Application Data\Mozilla\Firefox\Profiles\gkehuowy.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Lindo\Application Data\Mozilla\Firefox\Profiles\gkehuowy.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Lindo\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0D.dat/files\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
C:\Program Files\WinAce\winace.exe -> Heuristic.Win32.AVKiller : Cleaned with backup
C:\WINDOWS\agxxr.log:bmsxc -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\atid.ini:mzkrf -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\atid.ini:sbtks -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\Blue Lace 16.bmp:cfdak -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\Blue Lace 16.bmp:puhqu -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\bootstat.dat:mfnyj -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\Coffee Bean.bmp:eodiy -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\Coffee Bean.bmp:evsap -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\Coffee Bean.bmp:lrbqn -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\comsetup.log:rlhiu -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\CS_SETUP.ini:dgynu -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\DATA.TCD:avkiq -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\DATA.TCD:nhgkh -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\DirectX.log:sxowh -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\DirectX.log:wtnbk -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\DJBDRV.LOG:cnsaq -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\DJBDRV.LOG:opvkl -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\DtcInstall.log:icycy -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\DtcInstall.log:tgjoig -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\DtcInstall.log:tqcti -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\DtcInstall.log:uutgh -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\explorer.scf:cscgg -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\explorer.scf:jywdui -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\explorer.scf:ymgak -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\Gone Fishing.bmp:kbsqk -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\KB813744.log:crhov -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\KB813744.log:mbusb -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\KB813744.log:miejn -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\laabog.exe -> Trojan.MulDrop.2057 : Cleaned with backup
C:\WINDOWS\NDNuninstall5_64.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\NDNuninstall6_38.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\ntdtcsetup.log:tqpga -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\n_bkdgka.dat:oymzk -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\n_ibmugz.dat:muduz -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\n_icsxjg.log:taiqx -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\n_yvakut.txt:eclbu -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\n_zgwdun.log:qzenc -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\OEWABLog.txt:zepue -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\Prairie Wind.bmp:dlfmm -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\Prairie Wind.bmp:jlxel -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\Prairie Wind.bmp:lhyfn -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\Q321178.log:blijf -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\Q321178.log:delvs -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\River Sumida.bmp:vydfz -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\rzbti.log:undic -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\Santa Fe Stucco.bmp:qheqcm -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\Santa Fe Stucco.bmp:xoujr -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\SchedLgU.Txt:ofxfp -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\SchedLgU.Txt:vwhmj -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\setupact.log:yqzyc -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\Sti_Trace.log:tnftqy -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\switchagreement.txt:crkim -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\switchagreement.txt:gcmif -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\switchagreement.txt:maxtv -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\switchagreement.txt:mbxdi -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\vgyjzndw30101lib.dll -> TrojanDownloader.Lastad.h : Cleaned with backup
C:\WINDOWS\tsoc.log:thihl -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\vb.ini:epcii -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\vbaddin.ini:bsvwa -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\vbaddin.ini:gupoa -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\wiaservc.log:qoyou -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\Winchat.ini:gtpyo -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\Winchat.ini:hkygz -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\winnt.bmp:ghsfu -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\winnt.bmp:rbnsj -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\winnt.bmp:ypbsb -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\wmsetup.log:zufar -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\wstemp.bin:agxxrb -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\Zapotec.bmp:klbmx -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\Zapotec.bmp:nxqvf -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\Zapotec.bmp:qjepq -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\Zapotec.bmp:rfxyv -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\_default.pif:akevf -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:awmfv -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:bohlkr -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:btimz -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\_default.pif:bxmqh -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default.pif:cgijr -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:ckuis -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:coitn -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:dffxu -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\_default.pif:dhrgz -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default.pif:dkdhh -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\_default.pif:dnwda -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\_default.pif:eoist -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:ezdpgw -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:fixpm -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\_default.pif:frtnw -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\_default.pif:fsork -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\_default.pif:ggiir -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:gnptr -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\_default.pif:iehxw -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:ieith -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:ijpkl -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default.pif:itplv -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:jasrv -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\_default.pif:jblhy -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:kjcxw -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:kvpxs -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:lcsdh -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:lihdg -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\_default.pif:lqnvu -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\_default.pif:lsgoa -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default.pif:oflnh -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\_default.pif:olgsd -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:opzow -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:oxzni -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\_default.pif:phisw -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\_default.pif:pjbdj -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\_default.pif:ptzbg -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:qtupa -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\_default.pif:rfygu -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\_default.pif:rgamn -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:rgoye -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:rirpe -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\_default.pif:rugkz -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:rxjlv -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:rzlqh -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:ueekp -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default.pif:vijmb -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default.pif:vkqnq -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:wuals -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default.pif:xcxbl -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default.pif:xfhvl -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:xlvma -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\_default.pif:ybmwy -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:yqxgo -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:yyuoc -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:yzapc -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\_default.pif:yzcgf -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:zizea -> TrojanDownloader.Agent.jb : Cleaned with backup
::Report End
also i downlaoded the bug doctor, and that seemed to make it a noticible amountlky faster
If you can not get the online version to run the go to
http://www.pandasoftware.com
and get the trial version of Titanium anti-virus.
If you download the trial version you will need to shutdown McAfee.
Try to get the online version to run if possible.
Let me know the results from panda. This is necessary at this time. Your ewido log was full of infection so you probably have more infection in there.
BitDefender Online Scanner
Scan report generated at: Tue, Aug 16, 2005 - 17:45:10
Scan path: A:\;C:\;D:\;E:\;F:\;
Statistics
Time
00:56:28
Files
119174
Folders
3764
Boot Sectors
4
Archives
1186
Packed Files
8997
Results
Identified Viruses
3
Infected Files
4
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
4
Engines Info
Virus Definitions
200360
Engine build
AVCORE v1.0 (build 2292) (i386) (Mar 3 2005 11:57:29)
Scan plugins
13
Archive plugins
39
Unpack plugins
4
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;ppt;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\Documents and Settings\Lindo\Desktop\Software\Install_AIM_5.5.3595.exe=>wise0038=>wise0008
Detected with: Adware.Wheaterbug.A
C:\Documents and Settings\Lindo\Desktop\Software\Install_AIM_5.5.3595.exe=>wise0038=>wise0008
Disinfection failed
C:\Documents and Settings\Lindo\Desktop\Software\Install_AIM_5.5.3595.exe=>wise0038=>wise0008
Deleted
C:\Documents and Settings\Lindo\Desktop\Software\Install_AIM_5.5.3595.exe=>wise0038
Update failed
C:\Documents and Settings\Lindo\My Documents\Install_AIM.exe=>wise0041=>wise0008
Detected with: Adware.Wheaterbug.A
C:\Documents and Settings\Lindo\My Documents\Install_AIM.exe=>wise0041=>wise0008
Disinfection failed
C:\Documents and Settings\Lindo\My Documents\Install_AIM.exe=>wise0041=>wise0008
Deleted
C:\Documents and Settings\Lindo\My Documents\Install_AIM.exe=>wise0041
Update failed
C:\WINDOWS\system32\rebates.exe=>(CAB Sfx r)=>rebates.exe
Infected with: Trojan.Winad.R
C:\WINDOWS\system32\rebates.exe=>(CAB Sfx r)=>rebates.exe
Disinfection failed
C:\WINDOWS\system32\rebates.exe=>(CAB Sfx r)=>rebates.exe
Deleted
C:\WINDOWS\system32\rebates.exe=>(CAB Sfx r)
Update failed
C:\WINDOWS\system32\rebates.exe=>(CAB Sfx r)=>toolbar.exe
Infected with: Trojan.Crypt.E
C:\WINDOWS\system32\rebates.exe=>(CAB Sfx r)=>toolbar.exe
Disinfection failed
C:\WINDOWS\system32\rebates.exe=>(CAB Sfx r)=>toolbar.exe
Deleted
C:\WINDOWS\system32\rebates.exe=>(CAB Sfx r)
Update failed
THE ACTIVE SCAN
Incident Status Location
Dialer:dialer.xd No disinfected C:\WINDOWS\switchagreement.txt
Adware:adware/cws No disinfected C:\DOCUMENTS AND SETTINGS\LINDO\FAVORITES\Going Places
Adware:adware/wintools No disinfected Windows Registry
Spyware:Spyware/ISTbar No disinfected C:\Documents and Settings\Lindo\Application Data\Mozilla\Firefox\Profiles\00b1q37w.Default User\Cache\7B25DE5Dd01
Dialer:Dialer.Gen No disinfected C:\WINDOWS\switchagreement.txt
Adware:Adware/WUpd No disinfected C:\WINDOWS\system32\rebates.exe