Please help with getting rid of ceres

Okay...HELP! I have ceres and something called Isearch on my computer. Here is my most recent hijackthis log after running spybot s&d and adaware, and rebooting:
Logfile of HijackThis v1.99.1
Scan saved at 1:47:46 PM, on 3/18/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\RUNDLL32.exe
C:\WINDOWS\isrvs\desktop.exe
C:\Documents and Settings\All Users\Application Data\msw\BMan1.exe
C:\WINDOWS\System32\wintask.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\progra~1\mcafee\MCAFEE~1\MssCli.exe
C:\WINDOWS\System32\itipsp.exe
C:\WINDOWS\system\lvrsmggwv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\sysmonnt.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\System32\inlltrep.exe
C:\DOCUME~1\ALLUSE~1\APPLIC~1\msw\BMAN.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\WinZip\WZQKPICK.EXE
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\antispyware\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: IE Update Class - {5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} - C:\WINDOWS\isrvs\sysupd.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe "
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Upromise0] "C:\Program Files\Upromise_RemindU\Upromise0.exe "
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [dsnzqqo] c:\windows\system32\dsnzqqo.exe
O4 - HKLM\..\Run: [Desktop Search] C:\WINDOWS\isrvs\desktop.exe
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [rgd3ku6t] C:\Program Files\rgd3ku6t\rgd3ku6t.exe
O4 - HKLM\..\Run: [BMan] C:\Documents and Settings\All Users\Application Data\msw\BMan1.exe
O4 - HKLM\..\Run: [etbrun] C:\windows\system32\elitexlz32.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\System32\wintask.exe
O4 - HKLM\..\Run: [msmc] C:\WINDOWS\System32\msmc.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe "
O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\MssCli.exe
O4 - HKLM\..\Run: [r78V36P] itipsp.exe
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [sysmonnt] C:\WINDOWS\System32\sysmonnt
O4 - HKCU\..\Run: [awr9RWjnX] inlltrep.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: RemindU - file://C:\Program Files\Upromise_RemindU\Sy1050\Tp1050\scri1050a.htm
O9 - Extra button: PhoenixNet - {94db5f80-069b-11d5-9db7-89992312b207} - http://www.seqdl.com/servlets/Redir?BID=65457&CID=9875 (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra button: RemindU - {2863ACA1-9AA0-4432-8CFE-88C12B3B2E5E} - file://C:\Program Files\Upromise_RemindU\Sy1050\Tp1050\scri1050a.htm (HKCU)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by1fd.bay1.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} - http://cc.iwon.com/ct/pm3/iwonpm_12_1,0,2,5.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {D44C75D8-C827-473E-8F68-A77E42500782} (Uploader Class) - http://photo.walmart.com/photo/uploads/WebUploadClient.cab
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - C:\WINDOWS\isrvs\mfiltis.dll
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - McAfee, Inc. - c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

 

Hello

Go here and submit C:\WINDOWS\Explorer.EXE we need to see if it is infected before getting started
http://virusscan.jotti.org/

Post back with the results

 

THANKS!!! Okay...here are the results, what to do now?:

Service load: 0% 100%

File: Explorer.EXE
Status: MIGHT BE INFECTED/MALWARE (Sandbox emulation took a long time and/or runtime packers were found, this is suspicious. Normally programs aren't packed and don't force the sandbox into lengthy emulation. Do realize no scanner issued any warning, the file can very well be harmless. Caution is advised, however.)
Packers detected: -

AntiVir No viruses found (0.91 seconds taken)
Avast No viruses found (3.03 seconds taken)
AVG Antivirus No viruses found (1.88 seconds taken)
BitDefender No viruses found (1.08 seconds taken)
ClamAV No viruses found (1.50 seconds taken)
Dr.Web No viruses found (1.75 seconds taken)
F-Prot Antivirus No viruses found (0.16 seconds taken)
Fortinet No viruses found (0.69 seconds taken)
Kaspersky Anti-Virus No viruses found (1.01 seconds taken)
mks_vir No viruses found (0.23 seconds taken)
NOD32 No viruses found (0.60 seconds taken)
Norman Virus Control No viruses found (1.22 seconds taken)

Statistics
Last piece of malware found was Win32/TrojanDropper.Small.TO in crank.exe, detected by:

Scanner Malware name Time taken
AntiVir X 1.75 seconds
Avast X 3.37 seconds
AVG Antivirus Dropper.Small.13.O 2.49 seconds
BitDefender Trojan.Muldrop.1697 2.37 seconds
ClamAV Trojan.Dropper.Small-24 1.36 seconds
Dr.Web Trojan.MulDrop.1697 2.67 seconds
F-Prot Antivirus X 0.18 seconds
Fortinet X 1.33 seconds
Kaspersky Anti-Virus Trojan-Dropper.Win32.Small.to 2.58 seconds
mks_vir Trojan.Dropper.Small.To 0.53 seconds
NOD32 Win32/TrojanDropper.Small.TO 1.43 seconds
Norman Virus Control X 45.33 seconds

 

Print out this page and Follow the Install and Setup instructions exactly!
http://www.mvps.org/winhelp2002/kav5.htm


Once completed, post a fresh HijackThis log and a KAV 5 report.
The kav report is so large you will need to do so in several posts

 

Logfile of HijackThis v1.99.1
Scan saved at 10:43:10 AM, on 3/20/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\progra~1\mcafee\MCAFEE~1\MssCli.exe
C:\Program Files\Winamp\winampa.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\System32\scrsvc.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\WINDOWS\System32\bootpd.exe
C:\WINDOWS\System32\RUNDLL32.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\bootpd.exe
C:\Program Files\WinZip\WZQKPICK.EXE
c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\antispyware\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O1 - Hosts: 66.180.173.39 www.google.ae
O1 - Hosts: 66.180.173.39 www.google.am
O1 - Hosts: 66.180.173.39 www.google.as
O1 - Hosts: 66.180.173.39 www.google.at
O1 - Hosts: 66.180.173.39 www.google.az
O1 - Hosts: 66.180.173.39 www.google.be
O1 - Hosts: 66.180.173.39 www.google.bi
O1 - Hosts: 66.180.173.39 www.google.ca
O1 - Hosts: 66.180.173.39 www.google.cd
O1 - Hosts: 66.180.173.39 www.google.cg
O1 - Hosts: 66.180.173.39 www.google.ch
O1 - Hosts: 66.180.173.39 www.google.ci
O1 - Hosts: 66.180.173.39 www.google.cl
O1 - Hosts: 66.180.173.39 www.google.co.cr
O1 - Hosts: 66.180.173.39 www.google.co.hu
O1 - Hosts: 66.180.173.39 www.google.co.il
O1 - Hosts: 66.180.173.39 www.google.co.in
O1 - Hosts: 66.180.173.39 www.google.co.je
O1 - Hosts: 66.180.173.39 www.google.co.jp
O1 - Hosts: 66.180.173.39 www.google.co.ke
O1 - Hosts: 66.180.173.39 www.google.co.kr
O1 - Hosts: 66.180.173.39 www.google.co.ls
O1 - Hosts: 66.180.173.39 www.google.co.nz
O1 - Hosts: 66.180.173.39 www.google.co.th
O1 - Hosts: 66.180.173.39 www.google.co.ug
O1 - Hosts: 66.180.173.39 www.google.co.uk
O1 - Hosts: 66.180.173.39 www.google.co.ve
O1 - Hosts: 66.180.173.39 www.google.com
O1 - Hosts: 66.180.173.39 www.google.com.ag
O1 - Hosts: 66.180.173.39 www.google.com.ar
O1 - Hosts: 66.180.173.39 www.google.com.au
O1 - Hosts: 66.180.173.39 www.google.com.br
O1 - Hosts: 66.180.173.39 www.google.com.co
O1 - Hosts: 66.180.173.39 www.google.com.cu
O1 - Hosts: 66.180.173.39 www.google.com.do
O1 - Hosts: 66.180.173.39 www.google.com.ec
O1 - Hosts: 66.180.173.39 www.google.com.fj
O1 - Hosts: 66.180.173.39 www.google.com.gi
O1 - Hosts: 66.180.173.39 www.google.com.gr
O1 - Hosts: 66.180.173.39 www.google.com.gt
O1 - Hosts: 66.180.173.39 www.google.com.hk
O1 - Hosts: 66.180.173.39 www.google.com.ly
O1 - Hosts: 66.180.173.39 www.google.com.mt
O1 - Hosts: 66.180.173.39 www.google.com.mx
O1 - Hosts: 66.180.173.39 www.google.com.my
O1 - Hosts: 66.180.173.39 www.google.com.na
O1 - Hosts: 66.180.173.39 www.google.com.nf
O1 - Hosts: 66.180.173.39 www.google.com.ni
O1 - Hosts: 66.180.173.39 www.google.com.np
O1 - Hosts: 66.180.173.39 www.google.com.pa
O1 - Hosts: 66.180.173.39 www.google.com.pe
O1 - Hosts: 66.180.173.39 www.google.com.ph
O1 - Hosts: 66.180.173.39 www.google.com.pk
O1 - Hosts: 66.180.173.39 www.google.com.pr
O1 - Hosts: 66.180.173.39 www.google.com.py
O1 - Hosts: 66.180.173.39 www.google.com.sa
O1 - Hosts: 66.180.173.39 www.google.com.sg
O1 - Hosts: 66.180.173.39 www.google.com.sv
O1 - Hosts: 66.180.173.39 www.google.com.tr
O1 - Hosts: 66.180.173.39 www.google.com.tw
O1 - Hosts: 66.180.173.39 www.google.com.ua
O1 - Hosts: 66.180.173.39 www.google.com.uy
O1 - Hosts: 66.180.173.39 www.google.com.vc
O1 - Hosts: 66.180.173.39 www.google.com.vn
O1 - Hosts: 66.180.173.39 www.google.de
O1 - Hosts: 66.180.173.39 www.google.dj
O1 - Hosts: 66.180.173.39 www.google.dk
O1 - Hosts: 66.180.173.39 www.google.es
O1 - Hosts: 66.180.173.39 www.google.fi
O1 - Hosts: 66.180.173.39 www.google.fm
O1 - Hosts: 66.180.173.39 www.google.fr
O1 - Hosts: 66.180.173.39 www.google.gg
O1 - Hosts: 66.180.173.39 www.google.gl
O1 - Hosts: 66.180.173.39 www.google.gm
O1 - Hosts: 66.180.173.39 www.google.hn
O1 - Hosts: 66.180.173.39 www.google.ie
O1 - Hosts: 66.180.173.39 www.google.it
O1 - Hosts: 66.180.173.39 www.google.kz
O1 - Hosts: 66.180.173.39 www.google.li
O1 - Hosts: 66.180.173.39 www.google.lt
O1 - Hosts: 66.180.173.39 www.google.lu
O1 - Hosts: 66.180.173.39 www.google.lv
O1 - Hosts: 66.180.173.39 www.google.mn
O1 - Hosts: 66.180.173.39 www.google.ms
O1 - Hosts: 66.180.173.39 www.google.mu
O1 - Hosts: 66.180.173.39 www.google.mw
O1 - Hosts: 66.180.173.39 www.google.nl
O1 - Hosts: 66.180.173.39 www.google.no
O1 - Hosts: 66.180.173.39 www.google.off.ai
O1 - Hosts: 66.180.173.39 www.google.pl
O1 - Hosts: 66.180.173.39 www.google.pn
O1 - Hosts: 66.180.173.39 www.google.pt
O1 - Hosts: 66.180.173.39 www.google.ro
O1 - Hosts: 66.180.173.39 www.google.ru
O1 - Hosts: 66.180.173.39 www.google.rw
O1 - Hosts: 66.180.173.39 www.google.se
O1 - Hosts: 66.180.173.39 www.google.sh
O1 - Hosts: 66.180.173.39 www.google.sk
O1 - Hosts: 66.180.173.39 www.google.sm
O1 - Hosts: 66.180.173.39 www.google.td
O1 - Hosts: 66.180.173.39 www.google.tm
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5483427F-93B8-1470-5A89-E6B56484CDB2} - C:\DOCUME~1\Shirley\LOCALS~1\Temp\witxkhupemv.dll (file missing)
O2 - BHO: IE Update Class - {5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} - C:\WINDOWS\isrvs\sysupd.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\MssCli.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\System32\wintask.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe "
O4 - HKLM\..\Run: [Upromise0] "C:\Program Files\Upromise_RemindU\Upromise0.exe "
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [scrsvc] C:\WINDOWS\System32\scrsvc.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [msmc] C:\WINDOWS\System32\msmc.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe "
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe "
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [dsnzqqo] c:\windows\system32\dsnzqqo.exe
O4 - HKLM\..\Run: [bootpd.exe] C:\WINDOWS\System32\bootpd.exe
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [awr9RWjnX] nwsv2clt.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: RemindU - file://C:\Program Files\Upromise_RemindU\Sy1050\Tp1050\scri1050a.htm
O9 - Extra button: PhoenixNet - {94db5f80-069b-11d5-9db7-89992312b207} - http://www.seqdl.com/servlets/Redir?BID=65457&CID=9875 (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra button: RemindU - {2863ACA1-9AA0-4432-8CFE-88C12B3B2E5E} - file://C:\Program Files\Upromise_RemindU\Sy1050\Tp1050\scri1050a.htm (HKCU)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by1fd.bay1.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} - http://cc.iwon.com/ct/pm3/iwonpm_12_1,0,2,5.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {D44C75D8-C827-473E-8F68-A77E42500782} (Uploader Class) - http://photo.walmart.com/photo/uploads/WebUploadClient.cab
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - C:\WINDOWS\isrvs\mfiltis.dll
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - McAfee, Inc. - c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

 

Part One of KAV file

Statistics:
Task start time: 3/20/2005 8:37:36 AM
Task completion time: 3/20/2005 10:13:44 AM
Objects scanned: 158722
Viruses detected: 267
Viruses disinfected: 0
Objects deleted: 267
Objects quarantined: 0

Settings:
Objects to be scanned:
My Computer
If an infected object is found:
Perform recommended action
Scan level:
Maximum Protection
Objects to be excluded from the scan scope:
Option not used

Report:
C:\WINDOWS\systb.exe\systb.dll is infected with a virus not-a-virus:AdWare.ToolBar.ImiBar.d 3/20/2005 8:38:40 AM
C:\WINDOWS\systb.exe moved to the backup storage 3/20/2005 8:38:41 AM
C:\WINDOWS\systb.exe\systb.dll deleted 3/20/2005 8:38:41 AM
C:\WINDOWS\Helper101.dll is infected with a virus Trojan-Clicker.Win32.Delf.r 3/20/2005 8:38:55 AM
C:\WINDOWS\Helper101.dll moved to the backup storage 3/20/2005 8:38:56 AM
C:\WINDOWS\Helper101.dll deleted 3/20/2005 8:38:56 AM
C:\WINDOWS\70tovmto.exe is infected with a virus not-a-virus:AdWare.Sahat.o 3/20/2005 8:38:56 AM
C:\WINDOWS\70tovmto.exe moved to the backup storage 3/20/2005 8:38:56 AM
C:\WINDOWS\70tovmto.exe deleted 3/20/2005 8:38:56 AM
C:\WINDOWS\SYSTEM\lvrsmggwv.exe is infected with a virus Trojan-Downloader.Win32.Small.aly 3/20/2005 8:39:01 AM
C:\WINDOWS\SYSTEM\lvrsmggwv.exe moved to the backup storage 3/20/2005 8:39:01 AM
C:\WINDOWS\SYSTEM\lvrsmggwv.exe deleted 3/20/2005 8:39:01 AM
C:\WINDOWS\SYSTEM32\elitexlz32.exe is a Trojan Trojan.Win32.StartPage.nk 3/20/2005 8:46:46 AM
C:\WINDOWS\SYSTEM32\elitexlz32.exe moved to the backup storage 3/20/2005 8:46:46 AM
C:\WINDOWS\SYSTEM32\elitexlz32.exe deleted 3/20/2005 8:46:46 AM
C:\WINDOWS\SYSTEM32\elitepmi32.exe is a Trojan Trojan.Win32.StartPage.nk 3/20/2005 8:46:47 AM
C:\WINDOWS\SYSTEM32\elitepmi32.exe moved to the backup storage 3/20/2005 8:46:47 AM
C:\WINDOWS\SYSTEM32\elitepmi32.exe deleted 3/20/2005 8:46:47 AM
C:\WINDOWS\SYSTEM32\eliteukk32.exe is a Trojan Trojan.Win32.StartPage.nk 3/20/2005 8:46:48 AM
C:\WINDOWS\SYSTEM32\eliteukk32.exe moved to the backup storage 3/20/2005 8:46:48 AM
C:\WINDOWS\SYSTEM32\eliteukk32.exe deleted 3/20/2005 8:46:48 AM
C:\WINDOWS\SYSTEM32\DRIVERS\etc\hosts is a Trojan Trojan.Win32.Qhost.ac 3/20/2005 8:47:00 AM
C:\WINDOWS\SYSTEM32\DRIVERS\etc\hosts moved to the backup storage 3/20/2005 8:47:00 AM
C:\WINDOWS\SYSTEM32\DRIVERS\etc\hosts deleted 3/20/2005 8:47:00 AM
C:\WINDOWS\SYSTEM32\DRIVERS\etc\hosts.20050318-185311.backup is a Trojan Trojan.Win32.Qhost.ac 3/20/2005 8:47:00 AM
C:\WINDOWS\SYSTEM32\DRIVERS\etc\hosts.20050318-185311.backup moved to the backup storage 3/20/2005 8:47:00 AM
C:\WINDOWS\SYSTEM32\DRIVERS\etc\hosts.20050318-185311.backup deleted 3/20/2005 8:47:00 AM

C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\DVD4VVD9\protector_update[1].exe is a Trojan Trojan.Win32.StartPage.nk 3/20/2005 8:47:06 AM

C:\WINDOWS\SYSTEM32\Cache\setup.exe/data0001/EXE-file is a Trojan Trojan.Win32.VB.tq 3/20/2005 8:48:39 AM
C:\WINDOWS\SYSTEM32\Cache\setup.exe moved to the backup storage 3/20/2005 8:48:39 AM
C:\WINDOWS\SYSTEM32\Cache\setup.exe/data0001/EXE-file cannot be deleted, object cannot be disinfected 3/20/2005 8:48:40 AM
C:\WINDOWS\SYSTEM32\Cache\setup.exe is a Trojan Trojan.Win32.VB.tq 3/20/2005 8:48:40 AM
C:\WINDOWS\SYSTEM32\Cache\setup.exe deleted 3/20/2005 8:48:40 AM
C:\WINDOWS\SYSTEM32\Cache\AUNIcons.exe is infected with a virus Trojan-Downloader.Win32.Agent.jq 3/20/2005 8:48:41 AM
C:\WINDOWS\SYSTEM32\Cache\AUNIcons.exe moved to the backup storage 3/20/2005 8:48:41 AM
C:\WINDOWS\SYSTEM32\Cache\AUNIcons.exe deleted 3/20/2005 8:48:41 AM
C:\WINDOWS\SYSTEM32\Cache\MTE1NjE6ODoxMg.exe is infected with a virus not-a-virus:AdWare.ToolBar.ISearch.d 3/20/2005 8:48:41 AM
C:\WINDOWS\SYSTEM32\Cache\MTE1NjE6ODoxMg.exe moved to the backup storage 3/20/2005 8:48:41 AM
C:\WINDOWS\SYSTEM32\Cache\MTE1NjE6ODoxMg.exe deleted 3/20/2005 8:48:41 AM
C:\WINDOWS\SYSTEM32\Cache\CSv13P108.exe is a backdoor Backdoor.Win32.Ruledor.f 3/20/2005 8:48:41 AM
C:\WINDOWS\SYSTEM32\Cache\CSv13P108.exe moved to the backup storage 3/20/2005 8:48:41 AM
C:\WINDOWS\SYSTEM32\Cache\CSv13P108.exe deleted 3/20/2005 8:48:42 AM
C:\WINDOWS\SYSTEM32\Cache\wrapperouter.exe/WISE0006.BIN is infected with a virus not-a-virus:AdWare.VirtualBouncer.c 3/20/2005 8:48:43 AM
C:\WINDOWS\SYSTEM32\Cache\wrapperouter.exe moved to the backup storage 3/20/2005 8:48:43 AM
C:\WINDOWS\SYSTEM32\Cache\wrapperouter.exe is infected with a virus not-a-virus:AdWare.VirtualBouncer.c 3/20/2005 8:48:43 AM
C:\WINDOWS\SYSTEM32\Cache\wrapperouter.exe deleted 3/20/2005 8:48:43 AM
C:\WINDOWS\SYSTEM32\Cache\VCMnet7 updated 030905.exe/data0003 is infected with a virus Trojan-Downloader.Win32.Small.aly 3/20/2005 8:48:44 AM
C:\WINDOWS\SYSTEM32\Cache\VCMnet7 updated 030905.exe moved to the backup storage 3/20/2005 8:48:44 AM
C:\WINDOWS\SYSTEM32\Cache\VCMnet7 updated 030905.exe deleted 3/20/2005 8:48:44 AM
C:\WINDOWS\SYSTEM32\Cache\HelperInstall.exe is infected with a virus Trojan-Dropper.Win32.Delf.z 3/20/2005 8:48:44 AM
C:\WINDOWS\SYSTEM32\Cache\HelperInstall.exe moved to the backup storage 3/20/2005 8:48:44 AM
C:\WINDOWS\SYSTEM32\Cache\HelperInstall.exe deleted 3/20/2005 8:48:45 AM
C:\WINDOWS\SYSTEM32\Cache\installer_MARKETING17.exe is infected with a virus Trojan-Downloader.Win32.Adload.a 3/20/2005 8:48:45 AM
C:\WINDOWS\SYSTEM32\Cache\installer_MARKETING17.exe moved to the backup storage 3/20/2005 8:48:45 AM
C:\WINDOWS\SYSTEM32\Cache\installer_MARKETING17.exe deleted 3/20/2005 8:48:45 AM
C:\WINDOWS\SYSTEM32\Cache\pop.exe is infected with a virus not-a-virus:AdWare.WinAD.ab 3/20/2005 8:48:46 AM
C:\WINDOWS\SYSTEM32\Cache\pop.exe moved to the backup storage 3/20/2005 8:48:46 AM
C:\WINDOWS\SYSTEM32\Cache\pop.exe deleted 3/20/2005 8:48:46 AM
C:\WINDOWS\SYSTEM32\Cache\WebRebates_Auto_InstallSilent.exe/data0003/data0001 is infected with a virus not-a-virus:AdWare.WebRebates.g 3/20/2005 8:48:46 AM
C:\WINDOWS\SYSTEM32\Cache\WebRebates_Auto_InstallSilent.exe moved to the backup storage 3/20/2005 8:48:46 AM
C:\WINDOWS\SYSTEM32\Cache\WebRebates_Auto_InstallSilent.exe is infected with a virus not-a-virus:AdWare.WebRebates.g 3/20/2005 8:48:47 AM
C:\WINDOWS\SYSTEM32\Cache\WebRebates_Auto_InstallSilent.exe deleted 3/20/2005 8:48:47 AM

 

Part 2

C:\WINDOWS\isrvs\mfiltis.dll is infected with a virus not-a-virus:AdWare.ToolBar.ISearch.d 3/20/2005 8:58:29 AM
C:\WINDOWS\isrvs\mfiltis.dll moved to the backup storage 3/20/2005 8:58:29 AM
C:\WINDOWS\isrvs\mfiltis.dll deleted 3/20/2005 8:58:30 AM
C:\WINDOWS\isrvs\sysupd.dll is infected with a virus Trojan-Downloader.Win32.Ieser.a 3/20/2005 8:58:30 AM
C:\WINDOWS\isrvs\sysupd.dll moved to the backup storage 3/20/2005 8:58:31 AM
C:\WINDOWS\isrvs\sysupd.dll deleted 3/20/2005 8:58:31 AM
C:\WINDOWS\isrvs\edmond.exe is a Trojan Trojan.Win32.Delprot.a 3/20/2005 8:58:31 AM
C:\WINDOWS\isrvs\edmond.exe moved to the backup storage 3/20/2005 8:58:31 AM
C:\WINDOWS\isrvs\edmond.exe deleted 3/20/2005 8:58:31 AM
C:\WINDOWS\EliteSideBar\EliteSideBar version 8.dll is infected with a virus not-a-virus:AdWare.ToolBar.EliteBar.z 3/20/2005 8:58:31 AM
C:\WINDOWS\EliteSideBar\EliteSideBar version 8.dll moved to the backup storage 3/20/2005 8:58:31 AM
C:\WINDOWS\EliteSideBar\EliteSideBar version 8.dll deleted 3/20/2005 8:58:31 AM
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq43.tmp is infected with a virus not-a-virus:AdWare.Toolbar.MyWay.b 3/20/2005 9:28:55 AM
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq43.tmp moved to the backup storage 3/20/2005 9:28:55 AM
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq43.tmp deleted 3/20/2005 9:28:55 AM
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4D.tmp is infected with a virus not-a-virus:AdWare.VirtualBouncer.g 3/20/2005 9:28:56 AM
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4D.tmp moved to the backup storage 3/20/2005 9:28:56 AM
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4D.tmp deleted 3/20/2005 9:28:56 AM
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4E.tmp is infected with a virus not-a-virus:AdWare.VirtualBouncer.g 3/20/2005 9:28:56 AM
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4E.tmp moved to the backup storage 3/20/2005 9:28:56 AM
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4E.tmp deleted 3/20/2005 9:28:56 AM
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq51.tmp is infected with a virus not-a-virus:AdWare.VirtualBouncer.g 3/20/2005 9:28:56 AM
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq51.tmp moved to the backup storage 3/20/2005 9:28:56 AM
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq51.tmp deleted 3/20/2005 9:28:57 AM
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq55.tmp is infected with a virus not-a-virus:AdWare.VirtualBouncer.g 3/20/2005 9:28:57 AM
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq55.tmp moved to the backup storage 3/20/2005 9:28:57 AM
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq55.tmp deleted 3/20/2005 9:28:57 AM
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq56.tmp is infected with a virus not-a-virus:AdWare.VirtualBouncer.g 3/20/2005 9:28:57 AM
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq56.tmp moved to the backup storage 3/20/2005 9:28:57 AM
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq56.tmp deleted 3/20/2005 9:28:57 AM
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqCA.tmp is infected with a virus Trojan-Downloader.Win32.Apropo.s 3/20/2005 9:28:58 AM
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqCA.tmp moved to the backup storage 3/20/2005 9:28:59 AM
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqCA.tmp deleted 3/20/2005 9:28:59 AM
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4C.tmp\v2.0.4c.c.cab\NHelper.dll is infected with a virus not-a-virus:AdWare.NavExcel.f 3/20/2005 9:28:59 AM
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4C.tmp\v2.0.4c.c.cab moved to the backup storage 3/20/2005 9:29:00 AM
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4C.tmp\v2.0.4c.c.cab\NHelper.dll deleted 3/20/2005 9:29:00 AM
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4C.tmp\v2.0.4c.c.cab\NHUninstaller.exe is infected with a virus not-a-virus:AdWare.NavExcel 3/20/2005 9:29:00 AM
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4C.tmp\v2.0.4c.c.cab\NHUninstaller.exe deleted 3/20/2005 9:29:00 AM
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4C.tmp\v2.0.4c.c.cab\NHUpdater.exe is infected with a virus not-a-virus:AdWare.NavExcel.b 3/20/2005 9:29:00 AM
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4C.tmp\v2.0.4c.c.cab\NHUpdater.exe deleted 3/20/2005 9:29:00 AM
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA5.tmp\optimize.exe is infected with a virus Trojan-Downloader.Win32.Dyfuca.dx 3/20/2005 9:29:00 AM
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA5.tmp\optimize.exe moved to the backup storage 3/20/2005 9:29:00 AM
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA5.tmp\optimize.exe deleted 3/20/2005 9:29:00 AM
C:\Program Files\AIM\Sysfiles\WxBug.EXE/WISE0007.BIN is infected with a virus not-a-virus:AdWare.MiniBug 3/20/2005 9:30:12 AM
C:\Program Files\AIM\Sysfiles\WxBug.EXE moved to the backup storage 3/20/2005 9:30:12 AM
C:\Program Files\AIM\Sysfiles\WxBug.EXE is infected with a virus not-a-virus:AdWare.MiniBug 3/20/2005 9:30:12 AM
C:\Program Files\AIM\Sysfiles\WxBug.EXE deleted 3/20/2005 9:30:12 AM
C:\Program Files\Upromise_RemindU\disp1050.exe is infected with a virus not-a-virus:AdWare.WebRebates.c 3/20/2005 9:35:04 AM
C:\Program Files\Upromise_RemindU\disp1050.exe moved to the backup storage 3/20/2005 9:35:04 AM
C:\Program Files\Upromise_RemindU\disp1050.exe deleted 3/20/2005 9:35:04 AM
C:\Program Files\iWon\iWonSlot\5.bin\IWONSLOT.DLL is infected with a virus not-a-virus:AdWare.IWon 3/20/2005 9:36:48 AM
C:\Program Files\iWon\iWonSlot\5.bin\IWONSLOT.DLL moved to the backup storage 3/20/2005 9:36:49 AM
C:\Program Files\iWon\iWonSlot\5.bin\IWONSLOT.DLL deleted 3/20/2005 9:36:49 AM
C:\Program Files\rgd3ku6t\udr6ujf9.DLL is infected with a virus not-a-virus:AdWare.ClearSearch.t 3/20/2005 9:37:02 AM
C:\Program Files\rgd3ku6t\udr6ujf9.DLL moved to the backup storage 3/20/2005 9:37:03 AM
C:\Program Files\rgd3ku6t\udr6ujf9.DLL deleted 3/20/2005 9:37:03 AM
C:\Program Files\rgd3ku6t\aj57b1kz.DLL is infected with a virus not-a-virus:AdWare.ClearSearch.t 3/20/2005 9:37:04 AM
C:\Program Files\rgd3ku6t\aj57b1kz.DLL moved to the backup storage 3/20/2005 9:37:04 AM
C:\Program Files\rgd3ku6t\aj57b1kz.DLL deleted 3/20/2005 9:37:04 AM
C:\Program Files\rgd3ku6t\rgd3ku6t1\rgd3ku6t1.dll is infected with a virus not-a-virus:AdWare.ClearSearch.t 3/20/2005 9:37:04 AM
C:\Program Files\rgd3ku6t\rgd3ku6t1\rgd3ku6t1.dll moved to the backup storage 3/20/2005 9:37:05 AM
C:\Program Files\rgd3ku6t\rgd3ku6t1\rgd3ku6t1.dll deleted 3/20/2005 9:37:05 AM
C:\Program Files\rgd3ku6t\rgd3ku6t1\rgd3ku6t1.exe is infected with a virus not-a-virus:AdWare.ClearSearch.t 3/20/2005 9:37:05 AM
C:\Program Files\rgd3ku6t\rgd3ku6t1\rgd3ku6t1.exe moved to the backup storage 3/20/2005 9:37:05 AM
C:\Program Files\rgd3ku6t\rgd3ku6t1\rgd3ku6t1.exe deleted 3/20/2005 9:37:05 AM
C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL is infected with a virus not-a-virus:AdWare.ToolBar.MyWay.j 3/20/2005 9:37:05 AM
C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL moved to the backup storage 3/20/2005 9:37:05 AM
C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL deleted 3/20/2005 9:37:05 AM
C:\Program Files\Media Pass\MediaPassC.dll is infected with a virus not-a-virus:AdWare.WinAD.af 3/20/2005 9:37:06 AM
C:\Program Files\Media Pass\MediaPassC.dll moved to the backup storage 3/20/2005 9:37:06 AM
C:\Program Files\Media Pass\MediaPassC.dll deleted 3/20/2005 9:37:06 AM
C:\Program Files\McAfee AntiSpyware 1.00 Install\MSC\agentins.ui\agentins.ini password protected, has not been processed 3/20/2005 9:37:11 AM
C:\Program Files\McAfee AntiSpyware 1.00 Install\MSC\agentins.ui\agntcons.vbs password protected, has not been processed 3/20/2005 9:37:11 AM
C:\Program Files\McAfee AntiSpyware 1.00 Install\MSC\agentins.ui\agntinst.htm password protected, has not been processed 3/20/2005 9:37:11 AM
C:\Program Files\McAfee AntiSpyware 1.00 Install\MSC\agentins.ui\agntinst.vbs password protected, has not been processed 3/20/2005 9:37:11 AM
C:\Program Files\McAfee AntiSpyware 1.00 Install\MSC\agentins.ui\agntlang.vbs password protected, has not been processed 3/20/2005 9:37:11 AM
C:\Program Files\McAfee AntiSpyware 1.00 Install\MSC\agentins.ui\default.htm password protected, has not been processed 3/20/2005 9:37:11 AM
C:\Program Files\McAfee AntiSpyware 1.00 Install\MSC\agentins.ui\header.vbs password protected, has not been processed 3/20/2005 9:37:11 AM
C:\Program Files\McAfee AntiSpyware 1.00 Install\MSC\agentins.ui\HtmlUtil.vbs password protected, has not been processed 3/20/2005 9:37:11 AM
C:\Program Files\McAfee AntiSpyware 1.00 Install\MSC\agentins.ui\images/bg_left_1x314.gif password protected, has not been processed 3/20/2005 9:37:11 AM
C:\Program Files\McAfee AntiSpyware 1.00 Install\MSC\agentins.ui\images/bg_left_MSC_165x314.gif password protected, has not been processed 3/20/2005 9:37:11 AM
C:\Program Files\McAfee AntiSpyware 1.00 Install\MSC\agentins.ui\images/icon_info_16x16.gif password protected, has not been processed 3/20/2005 9:37:11 AM
C:\Program Files\McAfee AntiSpyware 1.00 Install\MSC\agentins.ui\images/icon_mcafee_61x61.gif password protected, has not been processed 3/20/2005 9:37:11 AM
C:\Program Files\McAfee AntiSpyware 1.00 Install\MSC\agentins.ui\images/icon_progress_checked_13x13.gif password protected, has not been processed 3/20/2005 9:37:11 AM
C:\Program Files\McAfee AntiSpyware 1.00 Install\MSC\agentins.ui\images/icon_progress_hot_13x13.gif password protected, has not been processed 3/20/2005 9:37:11 AM
C:\Program Files\McAfee AntiSpyware 1.00 Install\MSC\agentins.ui\images/icon_progress_unchecked_13x13.gif password protected, has not been processed 3/20/2005 9:37:11 AM
C:\Program Files\McAfee AntiSpyware 1.00 Install\MSC\agentins.ui\InstUtil.vbs password protected, has not been processed 3/20/2005 9:37:11 AM
C:\Program Files\McAfee AntiSpyware 1.00 Install\MSC\agentins.ui\instwiz.css password protected, has not been processed 3/20/2005 9:37:11 AM
C:\Program Files\McAfee AntiSpyware 1.00 Install\MSC\agentins.ui\instxp.css password protected, has not been processed 3/20/2005 9:37:11 AM
C:\Program Files\McAfee AntiSpyware 1.00 Install\MSC\agentins.ui\mcccom.lpk password protected, has not been processed 3/20/2005 9:37:11 AM
C:\Program Files\McAfee AntiSpyware 1.00 Install\MSC\agentins.ui\pbar.vbs password protected, has not been processed 3/20/2005 9:37:11 AM
C:\Program Files\McAfee AntiSpyware 1.00 Install\MSC\agentins.ui\setcss.vbs password protected, has not been processed 3/20/2005 9:37:11 AM
C:\Program Files\McAfee AntiSpyware 1.00 Install\MSC\agentins.ui\SubInfoData.vbs password protected, has not been processed 3/20/2005 9:37:11 AM
C:\Program Files\McAfee AntiSpyware 1.00 Install\MSC\shared\agentcfg.cab\screm.ui\agntcons.vbs password protected, has not been processed 3/20/2005 9:37:13 AM
C:\Program Files\McAfee AntiSpyware 1.00 Install\MSC\shared\agentcfg.cab\screm.ui\agntlang.vbs password protected, has not been processed 3/20/2005 9:37:13 AM
C:\Program Files\McAfee AntiSpyware 1.00 Install\MSC\shared\agentcfg.cab\screm.ui\comctl.lpk password protected, has not been processed 3/20/2005 9:37:13 AM
C:\Program Files\McAfee AntiSpyware 1.00 Install\MSC\shared\agentcfg.cab\screm.ui\config.ini password protected, has not been processed 3/20/2005 9:37:13 AM
C:\Program Files\McAfee AntiSpyware 1.00 Install\MSC\shared\agentcfg.cab\screm.ui\pbar.vbs password protected, has not been processed 3/20/2005 9:37:13 AM
C:\Program Files\McAfee AntiSpyware 1.00 Install\MSC\shared\agentcfg.cab\screm.ui\UnInsStr.vbs password protected, has not been processed 3/20/2005 9:37:13 AM
C:\Program Files\McAfee AntiSpyware 1.00 Install\MSC\shared\agentcfg.cab\screm.ui\uninst.vbs password protected, has not been processed 3/20/2005 9:37:13 AM
C:\Program Files\McAfee AntiSpyware 1.00 Install\MSC\shared\agentcfg.cab\screm.ui\uninstall.htm password protected, has not been processed 3/20/2005 9:37:13 AM
C:\Program Files\McAfee.com\Agent\Uninst\screm.ui\agntcons.vbs password protected, has not been processed 3/20/2005 9:37:18 AM
C:\Program Files\McAfee.com\Agent\Uninst\screm.ui\agntlang.vbs password protected, has not been processed 3/20/2005 9:37:18 AM
C:\Program Files\McAfee.com\Agent\Uninst\screm.ui\comctl.lpk password protected, has not been processed 3/20/2005 9:37:18 AM
C:\Program Files\McAfee.com\Agent\Uninst\screm.ui\config.ini password protected, has not been processed 3/20/2005 9:37:18 AM
C:\Program Files\McAfee.com\Agent\Uninst\screm.ui\pbar.vbs password protected, has not been processed 3/20/2005 9:37:18 AM
C:\Program Files\McAfee.com\Agent\Uninst\screm.ui\UnInsStr.vbs password protected, has not been processed 3/20/2005 9:37:18 AM
C:\Program Files\McAfee.com\Agent\Uninst\screm.ui\uninst.vbs password protected, has not been processed 3/20/2005 9:37:18 AM
C:\Program Files\McAfee.com\Agent\Uninst\screm.ui\uninstall.htm password protected, has not been processed 3/20/2005 9:37:18 AM
C:\Program Files\McAfee.com\Agent\Uninst\masrem.ui\appconst.vbs password protected, has not been processed 3/20/2005 9:37:18 AM
C:\Program Files\McAfee.com\Agent\Uninst\masrem.ui\comctl.lpk password protected, has not been processed 3/20/2005 9:37:18 AM
C:\Program Files\McAfee.com\Agent\Uninst\masrem.ui\config.ini password protected, has not been processed 3/20/2005 9:37:18 AM
C:\Program Files\McAfee.com\Agent\Uninst\masrem.ui\lang_mas.vbs password protected, has not been processed 3/20/2005 9:37:18 AM
C:\Program Files\McAfee.com\Agent\Uninst\masrem.ui\pbar.vbs password protected, has not been processed 3/20/2005 9:37:18 AM
C:\Program Files\McAfee.com\Agent\Uninst\masrem.ui\uninst.vbs password protected, has not been processed 3/20/2005 9:37:18 AM
C:\Program Files\McAfee.com\Agent\Uninst\masrem.ui\uninstall.htm password protected, has not been processed 3/20/2005 9:37:18 AM
C:\Program Files\McAfee.com\Agent\Uninst\masrem.ui\uninstall.vbs password protected, has not been processed 3/20/2005 9:37:18 AM
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\arrow1.bmp password protected, has not been processed 3/20/2005 9:37:37 AM
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\arrow2.bmp password protected, has not been processed 3/20/2005 9:37:37 AM
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bck1.bmp password protected, has not been processed 3/20/2005 9:37:37 AM
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bck2.bmp password protected, has not been processed 3/20/2005 9:37:37 AM
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt11.bmp password protected, has not been processed 3/20/2005 9:37:37 AM
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt12.bmp password protected, has not been processed 3/20/2005 9:37:37 AM
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt13.bmp password protected, has not been processed 3/20/2005 9:37:37 AM
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt21.bmp password protected, has not been processed 3/20/2005 9:37:37 AM
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt22.bmp password protected, has not been processed 3/20/2005 9:37:37 AM
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt23.bmp password protected, has not been processed 3/20/2005 9:37:37 AM
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt31.bmp password protected, has not been processed 3/20/2005 9:37:37 AM
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt32.bmp password protected, has not been processed 3/20/2005 9:37:37 AM
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt33.bmp password protected, has not been processed 3/20/2005 9:37:37 AM
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt41.bmp password protected, has not been processed 3/20/2005 9:37:37 AM
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt42.bmp password protected, has not been processed 3/20/2005 9:37:37 AM
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt43.bmp password protected, has not been processed 3/20/2005 9:37:37 AM
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt51.bmp password protected, has not been processed 3/20/2005 9:37:37 AM
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt52.bmp password protected, has not been processed 3/20/2005 9:37:37 AM
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt53.bmp password protected, has not been processed 3/20/2005 9:37:37 AM
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt61.bmp password protected, has not been processed 3/20/2005 9:37:37 AM
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt62.bmp password protected, has not been processed 3/20/2005 9:37:37 AM
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\checkbox1.bmp password protected, has not been processed 3/20/2005 9:37:37 AM
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\checkbox2.bmp password protected, has not been processed 3/20/2005 9:37:37 AM
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\checkbox3.bmp password protected, has not been processed 3/20/2005 9:37:37 AM
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\checkbox4.bmp password protected, has not been processed 3/20/2005 9:37:37 AM
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\default.skn password protected, has not been processed 3/20/2005 9:37:37 AM
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\defbtn1.bmp password protected, has not been processed 3/20/2005 9:37:37 AM
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\defbtn2.bmp password protected, has not been processed 3/20/2005 9:37:37 AM
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\defbtn3.bmp password protected, has not been processed 3/20/2005 9:37:37 AM
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph1.bmp password protected, has not been processed 3/20/2005 9:37:37 AM
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph2.bmp password protected, has not been processed 3/20/2005 9:37:37 AM
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph3.bmp password protected, has not been processed 3/20/2005 9:37:37 AM
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph4.bmp password protected, has not been processed 3/20/2005 9:37:37 AM
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph5.bmp password protected, has not been processed 3/20/2005 9:37:37 AM
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph6.bmp password protected, has not been processed 3/20/2005 9:37:37 AM
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph7.bmp password protected, has not been processed 3/20/2005 9:37:37 AM
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\main.bmp password protected, has not been processed 3/20/2005 9:37:37 AM
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\preview.bmp password protected, has not been processed 3/20/2005 9:37:37 AM

 

Part 3

C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\sprite1.bmp password protected, has not been processed 3/20/2005 9:37:37 AM
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\tab1.bmp password protected, has not been processed 3/20/2005 9:37:37 AM
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\tab2.bmp password protected, has not been processed 3/20/2005 9:37:37 AM
C:\Program Files\CxtPls\CxtPls.dll is infected with a virus not-a-virus:AdWare.Apropos.e 3/20/2005 9:37:40 AM
C:\Program Files\CxtPls\CxtPls.dll moved to the backup storage 3/20/2005 9:37:40 AM
C:\Program Files\CxtPls\CxtPls.dll deleted 3/20/2005 9:37:40 AM
C:\Program Files\CxtPls\CxtPls.exe is infected with a virus not-a-virus:AdWare.Apropos.f 3/20/2005 9:37:40 AM
C:\Program Files\CxtPls\CxtPls.exe moved to the backup storage 3/20/2005 9:37:40 AM
C:\Program Files\CxtPls\CxtPls.exe deleted 3/20/2005 9:37:41 AM
C:\Program Files\CxtPls\WinGenerics.dll is infected with a virus not-a-virus:AdWare.Apropos.f 3/20/2005 9:37:41 AM
C:\Program Files\CxtPls\WinGenerics.dll moved to the backup storage 3/20/2005 9:37:41 AM
C:\Program Files\CxtPls\WinGenerics.dll deleted 3/20/2005 9:37:42 AM
C:\Program Files\CxtPls\uninstaller.exe is infected with a virus not-a-virus:AdWare.Apropos.f 3/20/2005 9:37:42 AM
C:\Program Files\CxtPls\uninstaller.exe moved to the backup storage 3/20/2005 9:37:42 AM
C:\Program Files\CxtPls\uninstaller.exe deleted 3/20/2005 9:37:42 AM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VBouncer.zip\sbRecovery.ini password protected, has not been processed 3/20/2005 9:49:45 AM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdDestroyer.zip\ADXML43.dll password protected, has not been processed 3/20/2005 9:49:45 AM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdDestroyer.zip\sbRecovery.ini password protected, has not been processed 3/20/2005 9:49:45 AM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdDestroyer1.zip\sbRecovery.ini password protected, has not been processed 3/20/2005 9:49:45 AM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CallingHomebiz.zip\sbRecovery.ini password protected, has not been processed 3/20/2005 9:49:45 AM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CallingHomebiz1.zip\ceres.dll password protected, has not been processed 3/20/2005 9:49:46 AM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CallingHomebiz1.zip\sbRecovery.ini password protected, has not been processed 3/20/2005 9:49:46 AM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CallingHomebiz2.zip\sbRecovery.ini password protected, has not been processed 3/20/2005 9:49:46 AM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CallingHomebiz3.zip\sbRecovery.ini password protected, has not been processed 3/20/2005 9:49:46 AM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CallingHomebiz4.zip\sbRecovery.ini password protected, has not been processed 3/20/2005 9:49:46 AM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CallingHomebiz5.zip\sbRecovery.ini password protected, has not been processed 3/20/2005 9:49:46 AM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CallingHomebiz6.zip\sbRecovery.ini password protected, has not been processed 3/20/2005 9:49:46 AM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CallingHomebiz7.zip\sbRecovery.ini password protected, has not been processed 3/20/2005 9:49:46 AM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CallingHomebiz8.zip\sbRecovery.ini password protected, has not been processed 3/20/2005 9:49:46 AM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CallingHomebiz9.zip\sbRecovery.ini password protected, has not been processed 3/20/2005 9:49:46 AM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank.zip\sbRecovery.reg password protected, has not been processed 3/20/2005 9:49:46 AM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank.zip\sbRecovery.ini password protected, has not been processed 3/20/2005 9:49:46 AM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank1.zip\sbRecovery.reg password protected, has not been processed 3/20/2005 9:49:46 AM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank1.zip\sbRecovery.ini password protected, has not been processed 3/20/2005 9:49:46 AM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank2.zip\sbRecovery.reg password protected, has not been processed 3/20/2005 9:49:46 AM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank2.zip\sbRecovery.ini password protected, has not been processed 3/20/2005 9:49:46 AM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank3.zip\sbRecovery.reg password protected, has not been processed 3/20/2005 9:49:46 AM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank3.zip\sbRecovery.ini password protected, has not been processed 3/20/2005 9:49:46 AM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank4.zip\sbRecovery.reg password protected, has not been processed 3/20/2005 9:49:46 AM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank4.zip\sbRecovery.ini password protected, has not been processed 3/20/2005 9:49:46 AM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank5.zip\sbRecovery.reg password protected, has not been processed 3/20/2005 9:49:46 AM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank5.zip\sbRecovery.ini password protected, has not been processed 3/20/2005 9:49:46 AM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank6.zip\sbRecovery.reg password protected, has not been processed 3/20/2005 9:49:46 AM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank6.zip\sbRecovery.ini password protected, has not been processed 3/20/2005 9:49:46 AM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank7.zip\sbRecovery.reg password protected, has not been processed 3/20/2005 9:49:46 AM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank7.zip\sbRecovery.ini password protected, has not been processed 3/20/2005 9:49:46 AM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank8.zip\sbRecovery.reg password protected, has not been processed 3/20/2005 9:49:46 AM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank8.zip\sbRecovery.ini password protected, has not been processed 3/20/2005 9:49:46 AM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank9.zip\sbRecovery.reg password protected, has not been processed 3/20/2005 9:49:46 AM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank9.zip\sbRecovery.ini password protected, has not been processed 3/20/2005 9:49:46 AM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank10.zip\sbRecovery.reg password protected, has not been processed 3/20/2005 9:49:46 AM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank10.zip\sbRecovery.ini password protected, has not been processed 3/20/2005 9:49:46 AM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank11.zip\sbRecovery.reg password protected, has not been processed 3/20/2005 9:49:46 AM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank11.zip\sbRecovery.ini password protected, has not been processed 3/20/2005 9:49:46 AM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank12.zip\sbRecovery.reg password protected, has not been processed 3/20/2005 9:49:46 AM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank12.zip\sbRecovery.ini password protected, has not been processed 3/20/2005 9:49:46 AM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank13.zip\sbRecovery.reg password protected, has not been processed 3/20/2005 9:49:46 AM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank13.zip\sbRecovery.ini password protected, has not been processed 3/20/2005 9:49:46 AM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText.zip\sbRecovery.reg password protected, has not been processed 3/20/2005 9:49:47 AM

 

Part 4

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\


C:\Documents and Settings\Shirley\Local Settings\Temp\i71.tmp
Edited, Lonny

 

Part 5

C:\Documents and Settings\Shirley\Local Settings\Temporary Internet Files\Content.IE5\5WRVEOLE\AutoUpdaterInstaller[1].exe/data0000.bin is infected with a virus Trojan-Downloader.Win32.Apropo.g

C:\Documents and Settings\Shirley\My Documents\My Pictures\setup_ares.exe/data0032 is infected with a virus not-a-virus:AdWare.NavExcel.i 3/20/2005 9:53:51 AM
C:\Documents and Settings\Shirley\My Documents\My Pictures\setup_ares.exe moved to the backup storage 3/20/2005 9:53:51 AM
C:\Documents and Settings\Shirley\My Documents\My Pictures\setup_ares.exe deleted 3/20/2005 9:53:51 AM

C:\System Volume Information\_restore{

Edited, Lonny

 

6

C:\System Volume Information\_restore

Edited, Lonny

 

7

C:\System Volume Information\_restore

Edited, Lonny

 

C:\System Volume Information\_restore{

Edited, Lonny

 

C:\System Volume Information\_restore
Edited, Lonny

 

C:\System Volume Information\_restore

Edited, Lonny

 

C:\System Volume Information\_restore

Edited, Lonny

 

Last One

C:\System Volume Information\_restore{95CCDD60-8980-47F7-8835-C:\FOUND.003\FILE0002.CHK\sbRecovery.ini password protected, has not been processed 3/20/2005 10:13:07 AM

Edited, Lonny

 

Hello

Start Hijackthis and place a check next to these items,
Close all browser windows and shut down all other programs that show in the taskbar. (even Folders) [WE do not mean stop the programs in the tray area near the clock]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)

All the >> O1 - Hosts:'s

O2 - BHO: (no name) - {5483427F-93B8-1470-5A89-E6B56484CDB2} - C:\DOCUME~1\Shirley\LOCALS~1\Temp\witxkhupemv.dll (file missing)
O2 - BHO: IE Update Class - {5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} - C:\WINDOWS\isrvs\sysupd.dll (file missing)
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\System32\wintask.exe
O4 - HKLM\..\Run: [Upromise0] "C:\Program Files\Upromise_RemindU\Upromise0.exe "
O4 - HKLM\..\Run: [scrsvc] C:\WINDOWS\System32\scrsvc.exe
O4 - HKLM\..\Run: [msmc] C:\WINDOWS\System32\msmc.exe
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [dsnzqqo] c:\windows\system32\dsnzqqo.exe
O4 - HKLM\..\Run: [bootpd.exe] C:\WINDOWS\System32\bootpd.exe
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [awr9RWjnX] nwsv2clt.exe
O8 - Extra context menu item: RemindU - file://C:\Program Files\Upromise_RemindU\Sy1050\Tp1050\scri1050a.htm
O16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} - http://cc.iwon.com/ct/pm3/iwonpm_12_1,0,2,5.cab
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - C:\WINDOWS\isrvs\mfiltis.dll
====================================
Hit fix checked and close Hijackthis.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Restart your PC
Set windows to show hidden extensions file's and folder's.
click for> instructions<.

Find and delete (ONLY THESE EXACT) files and folder's (If present)

These folders >
C:\WINDOWS\SYSTEM32\Cache\
C:\WINDOWS\isrvs
C:\WINDOWS\EliteSideBar
C:\Program Files\iWon
C:\Program Files\rgd3ku6t
C:\Program Files\Upromise_RemindU
C:\Program Files\MySearch
C:\Program Files\Media Pass
C:\Program Files\CxtPls\
C:\Documents and Settings\All Users\Application Data\msw
And these files >
C:\WINDOWS\System32\sysmonnt.exe
C:\WINDOWS\System32\itipsp.exe
C:\WINDOWS\system\lvrsmggwv.exe
c:\windows\system32\dsnzqqo.exe
C:\WINDOWS\System32\bootpd.exe
C:\WINDOWS\System32\scrsvc.exe
C:\WINDOWS\SYSTEM32\DRIVERS\etc\hosts


Empty the recycle bin
Tell us if there were any problems ?


Important
Delete the contents of all your temp folders, as in. Open C:\ then >
C:\documents and settings\(all your pc users)\local settings\temp
Note: Some systems have temporary internet files, Application Data and History in that temp, if so leave them and delete all other folders and files inside that temp..
Delete the contents of the C:\windows\temp folder
C:\WINDOWS\Prefetch < delete the contents
C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temp <delete the contents
Clear Internet Explorers's cache
1. In Control Panel, open Internet Options.
2. Click the General tab, and then under Temporary Internet files, click Delete Files.
3. In the Delete Files dialog box, click to select the Delete all offline content check box.
4. wait for the hourglass to disapear
5. Click OK.

If you have sunjava installed it's cache should be cleared to
> control panel java-plugin > cache tab > hit clear!
Go install the latest version of Suns java plug-in, http://java.com/en/index.jsp
Turn off its auto-updater, (Its buggy) in control panel Sunjava plug-in > update tab uncheck its option to update automatically.


Post a fresh hijackthis log, be sure to mention any current problems

download then run new2bat.bat and Post the rusults please.
http://forums.net-integration.net/index.php?act=Attach&type=post&id=137141