Sign in to follow this  
qwertyuiop

Many Problems On Older Machine[INACTIVE]

Recommended Posts

Logfile of HijackThis v1.99.1

Scan saved at 2:10:45 PM, on 5/29/2006

Platform: Windows ME (Win9x 4.90.3000)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\ACCSTAT.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\WINDOWS\SYSTEM\SSDPSRV.EXE

C:\PROGRAM FILES\ADAPTEC\GOBACK\GBPOLL.EXE

C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE

C:\PROGRAM FILES\ANI\ANIWZCS2 SERVICE\WZCSLDR2.EXE

C:\WINDOWS\SYSTEM\WININIT32.EXE

C:\WINDOWS\BCMDMMSG.EXE

C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE

C:\WINDOWS\SYSTEM\SK9910DM.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE

C:\PROGRAM FILES\BLOCK CHECKER\BLOCK-CHECKER.EXE

C:\WINDOWS\SYSTEM\WINDIR32.EXE

C:\WINDOWS\ETB\POKAPOKA79.EXE

C:\WINDOWS\SYSTEM\HIDSERV.EXE

C:\WINDOWS\SYSTEM\WINDIR32.EXE

C:\PROGRAM FILES\ADAPTEC\GOBACK\GBMENU.EXE

C:\PROGRAM FILES\SOFTWAREONLINE\SOPROC.EXE

C:\PROGRAM FILES\BLOCK CHECKER\CSRSS.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

F:\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://red.clientapps.yahoo.com/customize/...://my.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM

FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - (no file)

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)

O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)

O2 - BHO: (no name) - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - (no file)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)

O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [OEMRUNONCE] c:\windows\options\cabs\oemrun.exe

O4 - HKLM\..\Run: [POINTER] point32.exe

O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE

O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE

O4 - HKLM\..\Run: [inkWatch] C:\PROGRA~1\GATEWAY\GATEWA~2\INKWATCH.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [blockChecker] C:\PROGRAM FILES\BLOCK CHECKER\block-checker.exe

O4 - HKLM\..\Run: [Microsoft Windows DLL Services Configuration] windir32.exe

O4 - HKLM\..\Run: [Microsoft Update 64 BIT] WININIT32.EXE

O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe

SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [bCMDMMSG] BCMDMMSG.exe

O4 - HKLM\..\Run: [EPSON Stylus Photo 825] C:\WINDOWS\SYSTEM\E_S10IC2.EXE /P22 "EPSON Stylus

Photo 825" /O7 "EPUSB1:" /M "Stylus Photo 825"

O4 - HKLM\..\Run: [system service79] C:\WINDOWS\ETB\POKAPOKA79.EXE

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [sSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe

O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe

O4 - HKLM\..\RunServices: [GoBack Polling Service] C:\Program

Files\Adaptec\GoBack\GBPoll.exe

O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE

O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service

O4 - HKLM\..\RunServices: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2

Service\WZCSLDR2.exe

O4 - HKLM\..\RunServices: [Microsoft Windows DLL Services Configuration] windir32.exe

O4 - HKLM\..\RunServices: [Microsoft Update 64 BIT] WININIT32.EXE

O4 - HKLM\..\RunServices: [scriptBlocking] "C:\Program Files\Common Files\Symantec

Shared\Script Blocking\SBServ.exe" -reg

O4 - HKLM\..\RunServices: [sAgent2ExePath] C:\Program Files\Common

Files\EPSON\EBAPI\SAgent2.exe

O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search &

Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [Tray Temperature] C:\WINDOWS\TEMP\MINIBUG.EXE 1

O4 - HKCU\..\Run: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1

O4 - HKCU\..\Run: [Microsoft Windows DLL Services Configuration] windir32.exe

O4 - HKCU\..\Run: [sOProc_RegSoAlertWxLiteNnAj] rundll32 shell32.dll,ShellExec_RunDLL

C:\PROGRAM FILES\SOFTWAREONLINE\SOPROC.EXE -pack RegSoAlertWxLiteNnAj

O4 - Startup: GOBACK.LNK = C:\Program Files\Adaptec\GoBack\GBMenu.exe

O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft

Shared\Reference 2001\A\ERS_DEF.HTM

O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common

Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\PROGRA~1\MESSEN~1\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683}

- C:\PROGRA~1\MESSEN~1\MSMSGS.EXE

O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} -

C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM

O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} -

C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM

O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common

Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM

O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program

Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O12 - Plugin for .mp3: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin4.dll

O14 - IERESET.INF: START_PAGE_URL=http://gateway.yahoo.com

O16 - DPF: {43B70AAD-23F4-4FD8-ADD9-441D8592EEB8} (Snapfish Fix Photo Control) -

http://www.snapfish.com/SnapfishImageEditor.cab

O16 - DPF: {4226E9B7-D637-40E8-893A-13298AB41477} (CWDL_DownLoadControl Class) -

http://www.callwave.com/include/cab/CWDL_DownLoad.CAB

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) -

http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -

O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) -

http://wdownload.weatherbug.com/minibug/tr...Transporter.cab?

O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} -

http://adserver.sharewareonline.com/adserver/Install.cab

O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} -

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -

Edited by qwertyuiop

Share this post


Link to post
Share on other sites

qwertyuiop,

You do have a few issues in this log! We're going to start by getting rid of something called pokapoka.

Please download LQfix.exe from one of the following locations:

http://www.downloads.subratam.org/LQfix.exe
http://miekiemoes.geekstogo.com/tools/LQfix.exeSave it to your desktop.
Double-Click LQfix.exe and click Next > Next > Install.
Leave the default settings, if you change them, the fix will Fail!
You need an active Internet Connection, so make sure your you're not blocking any connection now.
Now make sure the "Launch LQfix" box is checked.
Click the Finish button, after clicking the Finish button the fix will start.
Follow the on-screen prompts.
Your system will reboot afterwards.
Please be patient after the reboot, there is a script running in the background that needs to complete.

Then do a scan with HiJackThis and post a new log by using Add Reply

Thanks,

sari

Share this post


Link to post
Share on other sites

Thanks for your reply. I installed the program and rebooted and get 5 or 6 blue screens saying "Cannot write to drive C:" or "Cannot write files to drive C:" and one other blue screen and it shut itself down (press any key to reboot but instead shut off). On the next boot, I selected safe mode and it booted into a blinking cursor and refused to do anything. After restarting, it is working. With those errors, I'm not sure if the program completed or not... New HJT log follows:

Logfile of HijackThis v1.99.1

Scan saved at 1:44:46 PM, on 5/31/2006

Platform: Windows ME (Win9x 4.90.3000)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\ACCSTAT.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\WINDOWS\SYSTEM\SSDPSRV.EXE

C:\PROGRAM FILES\ADAPTEC\GOBACK\GBPOLL.EXE

C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE

C:\PROGRAM FILES\ANI\ANIWZCS2 SERVICE\WZCSLDR2.EXE

C:\WINDOWS\SYSTEM\WININIT32.EXE

C:\WINDOWS\BCMDMMSG.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE

C:\WINDOWS\SYSTEM\SK9910DM.EXE

C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\PROGRAM FILES\BLOCK CHECKER\BLOCK-CHECKER.EXE

C:\WINDOWS\SYSTEM\WINDIR32.EXE

C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE

C:\WINDOWS\SYSTEM\WINDIR32.EXE

C:\PROGRAM FILES\BLOCK CHECKER\CSRSS.EXE

C:\WINDOWS\SYSTEM\HIDSERV.EXE

C:\PROGRAM FILES\ADAPTEC\GOBACK\GBMENU.EXE

C:\PROGRAM FILES\SOFTWAREONLINE\SOPROC.EXE

F:\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/...://my.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - (no file)

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)

O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)

O2 - BHO: (no name) - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - (no file)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)

O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [OEMRUNONCE] c:\windows\options\cabs\oemrun.exe

O4 - HKLM\..\Run: [POINTER] point32.exe

O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE

O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE

O4 - HKLM\..\Run: [inkWatch] C:\PROGRA~1\GATEWAY\GATEWA~2\INKWATCH.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [blockChecker] C:\PROGRAM FILES\BLOCK CHECKER\block-checker.exe

O4 - HKLM\..\Run: [Microsoft Windows DLL Services Configuration] windir32.exe

O4 - HKLM\..\Run: [Microsoft Update 64 BIT] WININIT32.EXE

O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [bCMDMMSG] BCMDMMSG.exe

O4 - HKLM\..\Run: [EPSON Stylus Photo 825] C:\WINDOWS\SYSTEM\E_S10IC2.EXE /P22 "EPSON Stylus Photo 825" /O7 "EPUSB1:" /M "Stylus Photo 825"

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [sSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe

O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe

O4 - HKLM\..\RunServices: [GoBack Polling Service] C:\Program Files\Adaptec\GoBack\GBPoll.exe

O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE

O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service

O4 - HKLM\..\RunServices: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

O4 - HKLM\..\RunServices: [Microsoft Windows DLL Services Configuration] windir32.exe

O4 - HKLM\..\RunServices: [Microsoft Update 64 BIT] WININIT32.EXE

O4 - HKLM\..\RunServices: [scriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg

O4 - HKLM\..\RunServices: [sAgent2ExePath] C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [Tray Temperature] C:\WINDOWS\TEMP\MINIBUG.EXE 1

O4 - HKCU\..\Run: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1

O4 - HKCU\..\Run: [Microsoft Windows DLL Services Configuration] windir32.exe

O4 - HKCU\..\Run: [sOProc_RegSoAlertWxLiteNnAj] rundll32 shell32.dll,ShellExec_RunDLL C:\PROGRAM FILES\SOFTWAREONLINE\SOPROC.EXE -pack RegSoAlertWxLiteNnAj

O4 - Startup: GOBACK.LNK = C:\Program Files\Adaptec\GoBack\GBMenu.exe

O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM

O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE

O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM

O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM

O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM

O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O12 - Plugin for .mp3: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin4.dll

O14 - IERESET.INF: START_PAGE_URL=http://gateway.yahoo.com

O16 - DPF: {43B70AAD-23F4-4FD8-ADD9-441D8592EEB8} (Snapfish Fix Photo Control) - http://www.snapfish.com/SnapfishImageEditor.cab

O16 - DPF: {4226E9B7-D637-40E8-893A-13298AB41477} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -

O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug/tr...Transporter.cab?

O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} - http://adserver.sharewareonline.com/adserver/Install.cab

O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} -

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -

Share this post


Link to post
Share on other sites

qwertyuiop,

I'm sorry you had trouble with that, but the good news is that it worked. Let's move on to the next step, as you still have quite a few things that you don't want on there. I'd like you to do an online virus scan next.

Please go HERE to run Panda's ActiveScan

  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • If it wants to install an ActiveX component allow it
  • Select either Home User or Company
  • Click the big Scan Now button
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

Post the contents of the Activescan report and a new hijackthis log. We'll still have some entries to remove after that, and I may have files you'll need to delete as well.

Thanks,

sari

Share this post


Link to post
Share on other sites

sari,

My apologies for the delay. I cannot seem to run the online virus scan. The popup to allow/deny the activex control never shows up and instead I get brought to a page that says:

"Error on downloading ActiveScan

An error has occurred downloading Panda ActiveScan. Please repeat the process. If the error occurs again, restart your system and try again

Possible causes of this error are:

Not allowing the application's ActiveX control to be downloaded.

Problems with the Internet connection.

The error could be due to a download error or an installation error due to lack of hard disk space, privileges etc.,... "

I moved the site into the trusted list and lots of HDD space...

As an aside, when I run Spybot S&D immunization, 6 "bad products" cannot be immunized...

Is there some other antivir I can try?

Share this post


Link to post
Share on other sites

OK, here are the results of the scans (the scan that automatically ran only did C:\Windows\System). HJT log is at the end.

//-----------------------------------------------------------------

//

// Product: BitDefender 8 Free Edition

// Version: 8.0

//

// Created on: 03/06/2006 10:56:37

//

//-----------------------------------------------------------------

Statistics

Scan path : C:\WINDOWS\SYSTEM\

Folders : 72

Files : 4098

Archives : 23

Packed files : 595

Identified viruses : 6

Infected files : 6

Warnings : 0

Suspect files : 0

Disinfected files : 0

Deleted files : 0

Copied files : 0

Moved files : 6

Renamed files : 0

I/O errors : 0

Scan time : 00:01:38

Scan speed (files/sec) : 41

Virus definitions : 386399

Scan plugins : 13

Archive plugins : 39

Unpack plugins : 4

Mail plugins : 6

System plugins : 1

Scan options

Detection

[X] Scan boot sectors

[X] Scan archives

[X] Scan packed files

[X] Scan email

File mask

[ ] Programs

[X] All files

[ ] User defined extensions:

[ ] Exclude extensions: ;

Action

Infected objects

[ ] Ignore

[X] Disinfect

[ ] Delete

[ ] Copy to quarantine

[ ] Move to quarantine

[ ] Rename

[ ] Prompt user

Second action

[ ] Ignore

[ ] Delete

[ ] Copy to quarantine

[X] Move to quarantine

[ ] Rename

[ ] Prompt user

Scan options

[X] Enable warnings

[X] Enable heuristics

[X] Show all files in log

[X] Report file: vscan.log

[ ] Append to existing report

Summary:

C:\WINDOWS\SYSTEM\ccapp.exe Infected Trojan.Click.715

C:\WINDOWS\SYSTEM\ccapp.exe Disinfection failed

C:\WINDOWS\SYSTEM\ccapp.exe Moved

C:\WINDOWS\SYSTEM\AStart.exe Infected Trojan.Downloader.Vb.AH

C:\WINDOWS\SYSTEM\AStart.exe Disinfection failed

C:\WINDOWS\SYSTEM\AStart.exe Moved

C:\WINDOWS\SYSTEM\navshext.dll Infected Trojan.Click.666

C:\WINDOWS\SYSTEM\navshext.dll Disinfection failed

C:\WINDOWS\SYSTEM\navshext.dll Moved

C:\WINDOWS\SYSTEM\windir32.exe Infected Backdoor.Oscarbot.ABR

C:\WINDOWS\SYSTEM\windir32.exe Disinfection failed

C:\WINDOWS\SYSTEM\windir32.exe Moved

C:\WINDOWS\SYSTEM\wininit32.exe Infected Backdoor.Rbot.FBE

C:\WINDOWS\SYSTEM\wininit32.exe Disinfection failed

C:\WINDOWS\SYSTEM\wininit32.exe Moved

C:\WINDOWS\SYSTEM\plugme.exe Infected Trojan.Downloader.Istbar.NT

C:\WINDOWS\SYSTEM\plugme.exe Disinfection failed

C:\WINDOWS\SYSTEM\plugme.exe Moved

-------------------------------------------------------------------------------------------

//-----------------------------------------------------------------

//

// Product: BitDefender 8 Free Edition

// Version: 8.0

//

// Created on: 03/06/2006 11:00:30

//

//-----------------------------------------------------------------

Statistics

Scan path : C:\

D:\

Folders : 2286

Files : 145940

Archives : 6947

Packed files : 9235

Identified viruses : 13

Infected files : 182

Warnings : 0

Suspect files : 0

Disinfected files : 0

Deleted files : 0

Copied files : 0

Moved files : 178

Renamed files : 0

I/O errors : 5

Scan time : 00:40:10

Scan speed (files/sec) : 60

Virus definitions : 386399

Scan plugins : 13

Archive plugins : 39

Unpack plugins : 4

Mail plugins : 6

System plugins : 1

Scan options

Detection

[X] Scan boot sectors

[X] Scan archives

[X] Scan packed files

[X] Scan email

File mask

[ ] Programs

[X] All files

[ ] User defined extensions:

[ ] Exclude extensions: ;

Action

Infected objects

[ ] Ignore

[X] Disinfect

[ ] Delete

[ ] Copy to quarantine

[ ] Move to quarantine

[ ] Rename

[ ] Prompt user

Second action

[ ] Ignore

[ ] Delete

[ ] Copy to quarantine

[X] Move to quarantine

[ ] Rename

[ ] Prompt user

Scan options

[X] Enable warnings

[X] Enable heuristics

[ ] Show all files in log

[X] Report file: vscan.log

[ ] Append to existing report

Summary:

C:\WINDOWS\TEMP\1848_4292969337_4293125897_4293199321_76.41.tmp Infected Trojan.EliteBar.F

C:\WINDOWS\TEMP\1848_4292969337_4293125897_4293199321_76.41.tmp Disinfection failed

C:\WINDOWS\TEMP\1848_4292969337_4293125897_4293199321_76.41.tmp Moved

C:\WINDOWS\TEMP\804_4292969337_4293125897_4004651377_76.41.tmp Infected Trojan.EliteBar.F

C:\WINDOWS\TEMP\804_4292969337_4293125897_4004651377_76.41.tmp Disinfection failed

C:\WINDOWS\TEMP\804_4292969337_4293125897_4004651377_76.41.tmp Moved

C:\WINDOWS\TEMP\2112_4292969337_4293125897_4293690961_76.41.tmp Infected Trojan.EliteBar.F

C:\WINDOWS\TEMP\2112_4292969337_4293125897_4293690961_76.41.tmp Disinfection failed

C:\WINDOWS\TEMP\2112_4292969337_4293125897_4293690961_76.41.tmp Moved

C:\WINDOWS\TEMP\2484_4292969337_4293125897_4004811997_76.41.tmp Infected Trojan.EliteBar.F

C:\WINDOWS\TEMP\2484_4292969337_4293125897_4004811997_76.41.tmp Disinfection failed

C:\WINDOWS\TEMP\2484_4292969337_4293125897_4004811997_76.41.tmp Moved

C:\WINDOWS\TEMP\1172_4292969337_4293125897_4004876753_76.41.tmp Infected Trojan.EliteBar.F

C:\WINDOWS\TEMP\1172_4292969337_4293125897_4004876753_76.41.tmp Disinfection failed

C:\WINDOWS\TEMP\1172_4292969337_4293125897_4004876753_76.41.tmp Moved

C:\WINDOWS\TEMP\1464_4292969337_4293125897_4004929217_76.41.tmp Infected Trojan.EliteBar.F

C:\WINDOWS\TEMP\1464_4292969337_4293125897_4004929217_76.41.tmp Disinfection failed

C:\WINDOWS\TEMP\1464_4292969337_4293125897_4004929217_76.41.tmp Moved

C:\WINDOWS\TEMP\1684_4292969337_4293125897_4004875705_76.41.tmp Infected Trojan.EliteBar.F

C:\WINDOWS\TEMP\1684_4292969337_4293125897_4004875705_76.41.tmp Disinfection failed

C:\WINDOWS\TEMP\1684_4292969337_4293125897_4004875705_76.41.tmp Moved

C:\WINDOWS\TEMP\1784_4292969337_4293125897_4004886289_76.41.tmp Infected Trojan.EliteBar.F

C:\WINDOWS\TEMP\1784_4292969337_4293125897_4004886289_76.41.tmp Disinfection failed

C:\WINDOWS\TEMP\1784_4292969337_4293125897_4004886289_76.41.tmp Moved

C:\WINDOWS\TEMP\3172_4292969337_4293125897_4005009409_76.41.tmp Infected Trojan.EliteBar.F

C:\WINDOWS\TEMP\3172_4292969337_4293125897_4005009409_76.41.tmp Disinfection failed

C:\WINDOWS\TEMP\3172_4292969337_4293125897_4005009409_76.41.tmp Moved

C:\WINDOWS\TEMP\2608_4292969337_4293125897_4004912273_76.41.tmp Infected Trojan.EliteBar.F

C:\WINDOWS\TEMP\2608_4292969337_4293125897_4004912273_76.41.tmp Disinfection failed

C:\WINDOWS\TEMP\2608_4292969337_4293125897_4004912273_76.41.tmp Moved

C:\WINDOWS\TEMP\2228_4293812301_4293095857_4293601077_76.41.tmp Infected Trojan.EliteBar.F

C:\WINDOWS\TEMP\2228_4293812301_4293095857_4293601077_76.41.tmp Disinfection failed

C:\WINDOWS\TEMP\2228_4293812301_4293095857_4293601077_76.41.tmp Moved

C:\WINDOWS\TEMP\2012_4293558165_4293095857_4293833069_76.41.tmp Infected Trojan.EliteBar.F

C:\WINDOWS\TEMP\2012_4293558165_4293095857_4293833069_76.41.tmp Disinfection failed

C:\WINDOWS\TEMP\2012_4293558165_4293095857_4293833069_76.41.tmp Moved

C:\WINDOWS\TEMP\896_4293757769_4293095857_4176478977_76.41.tmp Infected Trojan.EliteBar.F

C:\WINDOWS\TEMP\896_4293757769_4293095857_4176478977_76.41.tmp Disinfection failed

C:\WINDOWS\TEMP\896_4293757769_4293095857_4176478977_76.41.tmp Moved

C:\WINDOWS\TEMP\156_4293672525_4293095857_4293596133_76.41.tmp Infected Trojan.EliteBar.F

C:\WINDOWS\TEMP\156_4293672525_4293095857_4293596133_76.41.tmp Disinfection failed

C:\WINDOWS\TEMP\156_4293672525_4293095857_4293596133_76.41.tmp Moved

C:\WINDOWS\TEMP\1788_4293012433_4293095857_4293863765_76.41.tmp Infected Trojan.EliteBar.F

C:\WINDOWS\TEMP\1788_4293012433_4293095857_4293863765_76.41.tmp Disinfection failed

C:\WINDOWS\TEMP\1788_4293012433_4293095857_4293863765_76.41.tmp Moved

C:\WINDOWS\TEMP\3180_4293012433_4293095857_4293753849_76.41.tmp Infected Trojan.EliteBar.F

C:\WINDOWS\TEMP\3180_4293012433_4293095857_4293753849_76.41.tmp Disinfection failed

C:\WINDOWS\TEMP\3180_4293012433_4293095857_4293753849_76.41.tmp Moved

C:\WINDOWS\TEMP\1332_4293419829_4293095857_4293633905_76.41.tmp Infected Trojan.EliteBar.F

C:\WINDOWS\TEMP\1332_4293419829_4293095857_4293633905_76.41.tmp Disinfection failed

C:\WINDOWS\TEMP\1332_4293419829_4293095857_4293633905_76.41.tmp Moved

C:\WINDOWS\TEMP\2208_4293419829_4293095857_4293758473_76.41.tmp Infected Trojan.EliteBar.F

C:\WINDOWS\TEMP\2208_4293419829_4293095857_4293758473_76.41.tmp Disinfection failed

C:\WINDOWS\TEMP\2208_4293419829_4293095857_4293758473_76.41.tmp Moved

C:\WINDOWS\TEMP\2720_4293419829_4293095857_4293796253_76.41.tmp Infected Trojan.EliteBar.F

C:\WINDOWS\TEMP\2720_4293419829_4293095857_4293796253_76.41.tmp Disinfection failed

C:\WINDOWS\TEMP\2720_4293419829_4293095857_4293796253_76.41.tmp Moved

C:\WINDOWS\TEMP\1768_4293419829_4293095857_4174369049_76.41.tmp Infected Trojan.EliteBar.F

C:\WINDOWS\TEMP\1768_4293419829_4293095857_4174369049_76.41.tmp Disinfection failed

C:\WINDOWS\TEMP\1768_4293419829_4293095857_4174369049_76.41.tmp Moved

C:\WINDOWS\TEMP\1876_4293757769_4293095857_4174367125_76.41.tmp Infected Trojan.EliteBar.F

C:\WINDOWS\TEMP\1876_4293757769_4293095857_4174367125_76.41.tmp Disinfection failed

C:\WINDOWS\TEMP\1876_4293757769_4293095857_4174367125_76.41.tmp Moved

C:\WINDOWS\TEMP\3356_4293757769_4293095857_4293788785_76.41.tmp Infected Trojan.EliteBar.F

C:\WINDOWS\TEMP\3356_4293757769_4293095857_4293788785_76.41.tmp Disinfection failed

C:\WINDOWS\TEMP\3356_4293757769_4293095857_4293788785_76.41.tmp Moved

C:\WINDOWS\TEMP\k_4814.TMP Infected Trojan.EliteBar.F

C:\WINDOWS\TEMP\k_4814.TMP Disinfection failed

C:\WINDOWS\TEMP\k_4814.TMP Moved

C:\WINDOWS\TEMP\3924_4294729483_4294458335_4279201247_76.41.tmp Infected Trojan.EliteBar.F

C:\WINDOWS\TEMP\3924_4294729483_4294458335_4279201247_76.41.tmp Disinfection failed

C:\WINDOWS\TEMP\3924_4294729483_4294458335_4279201247_76.41.tmp Moved

C:\WINDOWS\TEMP\2200_4294079519_4294458335_4293947411_76.41.tmp Infected Trojan.EliteBar.F

C:\WINDOWS\TEMP\2200_4294079519_4294458335_4293947411_76.41.tmp Disinfection failed

C:\WINDOWS\TEMP\2200_4294079519_4294458335_4293947411_76.41.tmp Moved

C:\WINDOWS\TEMP\3844_4294729483_4294458335_4293976067_76.41.tmp Infected Trojan.EliteBar.F

C:\WINDOWS\TEMP\3844_4294729483_4294458335_4293976067_76.41.tmp Disinfection failed

C:\WINDOWS\TEMP\3844_4294729483_4294458335_4293976067_76.41.tmp Moved

C:\WINDOWS\TEMP\3104_4294729483_4294458335_4294167283_76.41.tmp Infected Trojan.EliteBar.F

C:\WINDOWS\TEMP\3104_4294729483_4294458335_4294167283_76.41.tmp Disinfection failed

C:\WINDOWS\TEMP\3104_4294729483_4294458335_4294167283_76.41.tmp Moved

C:\WINDOWS\TEMP\1072_4293928399_4198745319_4198667743_78.41.tmp Infected Trojan.EliteBar.G

C:\WINDOWS\TEMP\1072_4293928399_4198745319_4198667743_78.41.tmp Disinfection failed

C:\WINDOWS\TEMP\1072_4293928399_4198745319_4198667743_78.41.tmp Moved

C:\WINDOWS\TEMP\3492_4294803855_4294491347_4294007951_78.41.tmp Infected Trojan.EliteBar.G

C:\WINDOWS\TEMP\3492_4294803855_4294491347_4294007951_78.41.tmp Disinfection failed

C:\WINDOWS\TEMP\3492_4294803855_4294491347_4294007951_78.41.tmp Moved

C:\WINDOWS\TEMP\300_4294803855_4294491347_4293993551_78.41.tmp Infected Trojan.EliteBar.G

C:\WINDOWS\TEMP\300_4294803855_4294491347_4293993551_78.41.tmp Disinfection failed

C:\WINDOWS\TEMP\300_4294803855_4294491347_4293993551_78.41.tmp Moved

C:\WINDOWS\TEMP\1096_4294803855_4294491347_4226478459_78.41.tmp Infected Trojan.EliteBar.G

C:\WINDOWS\TEMP\1096_4294803855_4294491347_4226478459_78.41.tmp Disinfection failed

C:\WINDOWS\TEMP\1096_4294803855_4294491347_4226478459_78.41.tmp Moved

C:\WINDOWS\TEMP\1104_4294771713_4294515953_4294032405_78.41.tmp Infected Trojan.EliteBar.G

C:\WINDOWS\TEMP\1104_4294771713_4294515953_4294032405_78.41.tmp Disinfection failed

C:\WINDOWS\TEMP\1104_4294771713_4294515953_4294032405_78.41.tmp Moved

C:\WINDOWS\TEMP\RegcleanBundle.EXE=>wise0013 Detected: Adware.MyWebSearch.AE

C:\WINDOWS\TEMP\RegcleanBundle.EXE=>wise0013 Disinfection failed

C:\WINDOWS\TEMP\RegcleanBundle.EXE=>wise0013 Move failed

C:\WINDOWS\TEMP\1856_4294771713_4294515953_4293968541_78.41.tmp Infected Trojan.EliteBar.G

C:\WINDOWS\TEMP\1856_4294771713_4294515953_4293968541_78.41.tmp Disinfection failed

C:\WINDOWS\TEMP\1856_4294771713_4294515953_4293968541_78.41.tmp Moved

C:\WINDOWS\TEMP\260_4294771713_4294515953_4005827053_78.41.tmp Infected Trojan.EliteBar.G

C:\WINDOWS\TEMP\260_4294771713_4294515953_4005827053_78.41.tmp Disinfection failed

C:\WINDOWS\TEMP\260_4294771713_4294515953_4005827053_78.41.tmp Moved

C:\WINDOWS\TEMP\2924_4294771713_4294515953_4279189009_78.41.tmp Infected Trojan.EliteBar.G

C:\WINDOWS\TEMP\2924_4294771713_4294515953_4279189009_78.41.tmp Disinfection failed

C:\WINDOWS\TEMP\2924_4294771713_4294515953_4279189009_78.41.tmp Moved

C:\WINDOWS\TEMP\956_4294432779_4294565311_4294147219_78.41.tmp Infected Trojan.EliteBar.G

C:\WINDOWS\TEMP\956_4294432779_4294565311_4294147219_78.41.tmp Disinfection failed

C:\WINDOWS\TEMP\956_4294432779_4294565311_4294147219_78.41.tmp Moved

C:\WINDOWS\TEMP\2408_4294432779_4293984847_4293980319_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\2408_4294432779_4293984847_4293980319_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\2408_4294432779_4293984847_4293980319_79.41.tst Moved

C:\WINDOWS\TEMP\3944_4294432779_4293984847_4279181327_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\3944_4294432779_4293984847_4279181327_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\3944_4294432779_4293984847_4279181327_79.41.tst Moved

C:\WINDOWS\TEMP\956_4294432779_4293984847_4279199967_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\956_4294432779_4293984847_4279199967_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\956_4294432779_4293984847_4279199967_79.41.tst Moved

C:\WINDOWS\TEMP\2904_4294692455_4293984847_4200999651_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\2904_4294692455_4293984847_4200999651_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\2904_4294692455_4293984847_4200999651_79.41.tst Moved

C:\WINDOWS\TEMP\1316_4294432779_4293984847_4279176439_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\1316_4294432779_4293984847_4279176439_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\1316_4294432779_4293984847_4279176439_79.41.tst Moved

C:\WINDOWS\TEMP\1880_4294432779_4293984847_4200898099_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\1880_4294432779_4293984847_4200898099_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\1880_4294432779_4293984847_4200898099_79.41.tst Moved

C:\WINDOWS\TEMP\956_4294648611_4293984847_4200879475_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\956_4294648611_4293984847_4200879475_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\956_4294648611_4293984847_4200879475_79.41.tst Moved

C:\WINDOWS\TEMP\3440_4294432779_4293984847_4219479255_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\3440_4294432779_4293984847_4219479255_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\3440_4294432779_4293984847_4219479255_79.41.tst Moved

C:\WINDOWS\TEMP\692_4294432779_4293984847_4200880635_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\692_4294432779_4293984847_4200880635_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\692_4294432779_4293984847_4200880635_79.41.tst Moved

C:\WINDOWS\TEMP\1540_4294432779_4293984847_4212664651_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\1540_4294432779_4293984847_4212664651_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\1540_4294432779_4293984847_4212664651_79.41.tst Moved

C:\WINDOWS\TEMP\440_4294432779_4293984847_4212751615_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\440_4294432779_4293984847_4212751615_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\440_4294432779_4293984847_4212751615_79.41.tst Moved

C:\WINDOWS\TEMP\1736_4294432779_4293984847_4212746235_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\1736_4294432779_4293984847_4212746235_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\1736_4294432779_4293984847_4212746235_79.41.tst Moved

C:\WINDOWS\TEMP\796_4294432779_4293984847_4212706827_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\796_4294432779_4293984847_4212706827_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\796_4294432779_4293984847_4212706827_79.41.tst Moved

C:\WINDOWS\TEMP\2948_4294432779_4293984847_4212714427_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\2948_4294432779_4293984847_4212714427_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\2948_4294432779_4293984847_4212714427_79.41.tst Moved

C:\WINDOWS\TEMP\1780_4294432779_4293984847_4214664027_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\1780_4294432779_4293984847_4214664027_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\1780_4294432779_4293984847_4214664027_79.41.tst Moved

C:\WINDOWS\TEMP\2696_4214677379_4293984847_4214589119_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\2696_4214677379_4293984847_4214589119_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\2696_4214677379_4293984847_4214589119_79.41.tst Moved

C:\WINDOWS\TEMP\2748_4214677379_4293984847_4214440643_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\2748_4214677379_4293984847_4214440643_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\2748_4214677379_4293984847_4214440643_79.41.tst Moved

C:\WINDOWS\TEMP\1252_4294597847_4294453807_4222591715_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\1252_4294597847_4294453807_4222591715_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\1252_4294597847_4294453807_4222591715_79.41.tst Moved

C:\WINDOWS\TEMP\1880_4294597847_4294453807_4222454851_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\1880_4294597847_4294453807_4222454851_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\1880_4294597847_4294453807_4222454851_79.41.tst Moved

C:\WINDOWS\TEMP\372_4294597847_4294453807_4022630331_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\372_4294597847_4294453807_4022630331_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\372_4294597847_4294453807_4022630331_79.41.tst Moved

C:\WINDOWS\TEMP\288_4279220763_4294453807_4024753259_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\288_4279220763_4294453807_4024753259_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\288_4279220763_4294453807_4024753259_79.41.tst Moved

C:\WINDOWS\TEMP\2720_3971272575_4294453807_3971174139_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\2720_3971272575_4294453807_3971174139_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\2720_3971272575_4294453807_3971174139_79.41.tst Moved

C:\WINDOWS\TEMP\2900_4022956995_4294453807_4026372859_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\2900_4022956995_4294453807_4026372859_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\2900_4022956995_4294453807_4026372859_79.41.tst Moved

C:\WINDOWS\TEMP\2432_4022956995_4294453807_3969172527_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\2432_4022956995_4294453807_3969172527_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\2432_4022956995_4294453807_3969172527_79.41.tst Moved

C:\WINDOWS\TEMP\1468_3971272575_4294453807_3971188967_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\1468_3971272575_4294453807_3971188967_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\1468_3971272575_4294453807_3971188967_79.41.tst Moved

C:\WINDOWS\TEMP\3388_3971272575_4294453807_3971051771_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\3388_3971272575_4294453807_3971051771_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\3388_3971272575_4294453807_3971051771_79.41.tst Moved

C:\WINDOWS\TEMP\1344_3971272575_4294453807_3971074947_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\1344_3971272575_4294453807_3971074947_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\1344_3971272575_4294453807_3971074947_79.41.tst Moved

C:\WINDOWS\TEMP\1636_3971272575_4294453807_3970974219_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\1636_3971272575_4294453807_3970974219_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\1636_3971272575_4294453807_3970974219_79.41.tst Moved

C:\WINDOWS\TEMP\2280_4292912013_4293291765_4056247897_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\2280_4292912013_4293291765_4056247897_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\2280_4292912013_4293291765_4056247897_79.41.tst Moved

C:\WINDOWS\TEMP\1564_4294952439_4294462651_4293938231_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\1564_4294952439_4294462651_4293938231_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\1564_4294952439_4294462651_4293938231_79.41.tst Moved

C:\WINDOWS\TEMP\3420_4294952439_4294462651_4218080599_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\3420_4294952439_4294462651_4218080599_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\3420_4294952439_4294462651_4218080599_79.41.tst Moved

C:\WINDOWS\TEMP\3452_4294952439_4294462651_4218081271_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\3452_4294952439_4294462651_4218081271_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\3452_4294952439_4294462651_4218081271_79.41.tst Moved

C:\WINDOWS\TEMP\2552_4294672031_4294494995_4294187787_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\2552_4294672031_4294494995_4294187787_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\2552_4294672031_4294494995_4294187787_79.41.tst Moved

C:\WINDOWS\TEMP\1800_4293092439_4293311783_4293874855_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\1800_4293092439_4293311783_4293874855_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\1800_4293092439_4293311783_4293874855_79.41.tst Moved

C:\WINDOWS\TEMP\3136_4216934543_4293311783_4215417423_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\3136_4216934543_4293311783_4215417423_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\3136_4216934543_4293311783_4215417423_79.41.tst Moved

C:\WINDOWS\TEMP\904_4216934543_4293311783_4215463203_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\904_4216934543_4293311783_4215463203_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\904_4216934543_4293311783_4215463203_79.41.tst Moved

C:\WINDOWS\TEMP\1540_6816196_4293311783_4215298811_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\1540_6816196_4293311783_4215298811_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\1540_6816196_4293311783_4215298811_79.41.tst Moved

C:\WINDOWS\TEMP\1364_6816196_4293311783_4215376143_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\1364_6816196_4293311783_4215376143_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\1364_6816196_4293311783_4215376143_79.41.tst Moved

C:\WINDOWS\TEMP\3296_4213380453_4293315013_4293561373_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\3296_4213380453_4293315013_4293561373_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\3296_4213380453_4293315013_4293561373_79.41.tst Moved

C:\WINDOWS\TEMP\1608_4293021095_4293327531_4293564063_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\1608_4293021095_4293327531_4293564063_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\1608_4293021095_4293327531_4293564063_79.41.tst Moved

C:\WINDOWS\TEMP\3636_4213380453_4293315013_4213374845_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\3636_4213380453_4293315013_4213374845_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\3636_4213380453_4293315013_4213374845_79.41.tst Moved

C:\WINDOWS\TEMP\632_4293021095_4293327531_4293107667_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\632_4293021095_4293327531_4293107667_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\632_4293021095_4293327531_4293107667_79.41.tst Moved

C:\WINDOWS\TEMP\2216_4293021095_4293327531_4293821783_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\2216_4293021095_4293327531_4293821783_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\2216_4293021095_4293327531_4293821783_79.41.tst Moved

C:\WINDOWS\TEMP\3244_4293021095_4293327531_4293838959_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\3244_4293021095_4293327531_4293838959_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\3244_4293021095_4293327531_4293838959_79.41.tst Moved

C:\WINDOWS\TEMP\3404_4293021095_4293327531_4197412667_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\3404_4293021095_4293327531_4197412667_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\3404_4293021095_4293327531_4197412667_79.41.tst Moved

C:\WINDOWS\TEMP\3600_4293021095_4293327531_4293829487_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\3600_4293021095_4293327531_4293829487_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\3600_4293021095_4293327531_4293829487_79.41.tst Moved

C:\WINDOWS\TEMP\2824_4293021095_4293327531_4293756743_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\2824_4293021095_4293327531_4293756743_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\2824_4293021095_4293327531_4293756743_79.41.tst Moved

C:\WINDOWS\TEMP\1888_4293021095_4293327531_4197386443_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\1888_4293021095_4293327531_4197386443_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\1888_4293021095_4293327531_4197386443_79.41.tst Moved

C:\WINDOWS\TEMP\3964_4293021095_4293327531_4197397611_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\3964_4293021095_4293327531_4197397611_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\3964_4293021095_4293327531_4197397611_79.41.tst Moved

C:\WINDOWS\TEMP\3104_4293021095_4293327531_4293550779_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\3104_4293021095_4293327531_4293550779_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\3104_4293021095_4293327531_4293550779_79.41.tst Moved

C:\WINDOWS\TEMP\376_4293021095_4293327531_4293581783_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\376_4293021095_4293327531_4293581783_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\376_4293021095_4293327531_4293581783_79.41.tst Moved

C:\WINDOWS\TEMP\484_4293021095_4293327531_4293321299_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\484_4293021095_4293327531_4293321299_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\484_4293021095_4293327531_4293321299_79.41.tst Moved

C:\WINDOWS\TEMP\4024_4293318679_4293327531_4293571823_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\4024_4293318679_4293327531_4293571823_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\4024_4293318679_4293327531_4293571823_79.41.tst Moved

C:\WINDOWS\TEMP\3988_4293042367_4293261491_4293168287_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\3988_4293042367_4293261491_4293168287_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\3988_4293042367_4293261491_4293168287_79.41.tst Moved

C:\WINDOWS\TEMP\2832_4293021095_4293327531_4293381587_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\2832_4293021095_4293327531_4293381587_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\2832_4293021095_4293327531_4293381587_79.41.tst Moved

C:\WINDOWS\TEMP\1848_4293042367_4293261491_4293276127_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\1848_4293042367_4293261491_4293276127_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\1848_4293042367_4293261491_4293276127_79.41.tst Moved

C:\WINDOWS\TEMP\1760_4293021095_4293327531_4293353183_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\1760_4293021095_4293327531_4293353183_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\1760_4293021095_4293327531_4293353183_79.41.tst Moved

C:\WINDOWS\TEMP\2036_4293042367_4293261491_4293500643_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\2036_4293042367_4293261491_4293500643_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\2036_4293042367_4293261491_4293500643_79.41.tst Moved

C:\WINDOWS\TEMP\1780_4293042367_4293261491_4293652151_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\1780_4293042367_4293261491_4293652151_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\1780_4293042367_4293261491_4293652151_79.41.tst Moved

C:\WINDOWS\TEMP\2620_4293042367_4293261491_4293488631_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\2620_4293042367_4293261491_4293488631_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\2620_4293042367_4293261491_4293488631_79.41.tst Moved

C:\WINDOWS\TEMP\1724_4293042367_4293261491_4293527147_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\1724_4293042367_4293261491_4293527147_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\1724_4293042367_4293261491_4293527147_79.41.tst Moved

C:\WINDOWS\TEMP\3496_4293042367_4293261491_4293654079_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\3496_4293042367_4293261491_4293654079_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\3496_4293042367_4293261491_4293654079_79.41.tst Moved

C:\WINDOWS\TEMP\3272_4293042367_4293261491_4293655075_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\3272_4293042367_4293261491_4293655075_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\3272_4293042367_4293261491_4293655075_79.41.tst Moved

C:\WINDOWS\TEMP\2116_4293701283_4293261491_4293299063_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\2116_4293701283_4293261491_4293299063_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\2116_4293701283_4293261491_4293299063_79.41.tst Moved

C:\WINDOWS\TEMP\1680_4293042367_4293261491_4293097583_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\1680_4293042367_4293261491_4293097583_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\1680_4293042367_4293261491_4293097583_79.41.tst Moved

C:\WINDOWS\TEMP\3636_4293042367_4293261491_4293628027_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\3636_4293042367_4293261491_4293628027_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\3636_4293042367_4293261491_4293628027_79.41.tst Moved

C:\WINDOWS\TEMP\1240_4293042367_4293261491_4293725219_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\1240_4293042367_4293261491_4293725219_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\1240_4293042367_4293261491_4293725219_79.41.tst Moved

C:\WINDOWS\TEMP\2500_4293042367_4293261491_4293707871_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\2500_4293042367_4293261491_4293707871_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\2500_4293042367_4293261491_4293707871_79.41.tst Moved

C:\WINDOWS\TEMP\3988_4293042367_4293261491_4293813839_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\3988_4293042367_4293261491_4293813839_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\3988_4293042367_4293261491_4293813839_79.41.tst Moved

C:\WINDOWS\TEMP\292_4293042367_4293261491_4293813307_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\292_4293042367_4293261491_4293813307_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\292_4293042367_4293261491_4293813307_79.41.tst Moved

C:\WINDOWS\TEMP\2396_4293042367_4293261491_4293625667_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\2396_4293042367_4293261491_4293625667_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\2396_4293042367_4293261491_4293625667_79.41.tst Moved

C:\WINDOWS\TEMP\2896_4293042367_4293261491_4293633335_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\2896_4293042367_4293261491_4293633335_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\2896_4293042367_4293261491_4293633335_79.41.tst Moved

C:\WINDOWS\TEMP\2108_4293042367_4293261491_4293770791_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\2108_4293042367_4293261491_4293770791_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\2108_4293042367_4293261491_4293770791_79.41.tst Moved

C:\WINDOWS\TEMP\868_4293042367_4293261491_4293512335_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\868_4293042367_4293261491_4293512335_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\868_4293042367_4293261491_4293512335_79.41.tst Moved

C:\WINDOWS\TEMP\2624_4293042367_4293261491_4293723179_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\2624_4293042367_4293261491_4293723179_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\2624_4293042367_4293261491_4293723179_79.41.tst Moved

C:\WINDOWS\TEMP\1376_4293701283_4293261491_4293301027_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\1376_4293701283_4293261491_4293301027_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\1376_4293701283_4293261491_4293301027_79.41.tst Moved

C:\WINDOWS\TEMP\2040_4293701283_4293261491_4293665623_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\2040_4293701283_4293261491_4293665623_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\2040_4293701283_4293261491_4293665623_79.41.tst Moved

C:\WINDOWS\TEMP\1092_4293701283_4293261491_4293134151_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\1092_4293701283_4293261491_4293134151_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\1092_4293701283_4293261491_4293134151_79.41.tst Moved

C:\WINDOWS\TEMP\620_4293701283_4293261491_4293179387_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\620_4293701283_4293261491_4293179387_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\620_4293701283_4293261491_4293179387_79.41.tst Moved

C:\WINDOWS\TEMP\3604_4293701283_4293261491_4293227751_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\3604_4293701283_4293261491_4293227751_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\3604_4293701283_4293261491_4293227751_79.41.tst Moved

C:\WINDOWS\TEMP\2344_4293701283_4293261491_4293657651_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\2344_4293701283_4293261491_4293657651_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\2344_4293701283_4293261491_4293657651_79.41.tst Moved

C:\WINDOWS\TEMP\1328_4293701283_4293261491_4293013019_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\1328_4293701283_4293261491_4293013019_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\1328_4293701283_4293261491_4293013019_79.41.tst Moved

C:\WINDOWS\TEMP\1656_4293701283_4293261491_4293192071_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\1656_4293701283_4293261491_4293192071_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\1656_4293701283_4293261491_4293192071_79.41.tst Moved

C:\WINDOWS\TEMP\3068_4293701283_4293261491_4293148791_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\3068_4293701283_4293261491_4293148791_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\3068_4293701283_4293261491_4293148791_79.41.tst Moved

C:\WINDOWS\TEMP\3776_4293701283_4293261491_4293136451_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\3776_4293701283_4293261491_4293136451_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\3776_4293701283_4293261491_4293136451_79.41.tst Moved

C:\WINDOWS\TEMP\368_4293023987_4293261491_4293137263_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\368_4293023987_4293261491_4293137263_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\368_4293023987_4293261491_4293137263_79.41.tst Moved

C:\WINDOWS\TEMP\2072_4292905661_4293128865_4293140977_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\2072_4292905661_4293128865_4293140977_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\2072_4292905661_4293128865_4293140977_79.41.tst Moved

C:\WINDOWS\TEMP\3900_4293701283_4293261491_4293485259_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\3900_4293701283_4293261491_4293485259_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\3900_4293701283_4293261491_4293485259_79.41.tst Moved

C:\WINDOWS\TEMP\1776_4293142479_4293261491_4293702507_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\1776_4293142479_4293261491_4293702507_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\1776_4293142479_4293261491_4293702507_79.41.tst Moved

C:\WINDOWS\TEMP\2980_4293701283_4293261491_4293199147_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\2980_4293701283_4293261491_4293199147_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\2980_4293701283_4293261491_4293199147_79.41.tst Moved

C:\WINDOWS\TEMP\3076_4293701283_4293261491_4293469283_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\3076_4293701283_4293261491_4293469283_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\3076_4293701283_4293261491_4293469283_79.41.tst Moved

C:\WINDOWS\TEMP\2144_4293045061_4293130729_4293253681_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\2144_4293045061_4293130729_4293253681_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\2144_4293045061_4293130729_4293253681_79.41.tst Moved

C:\WINDOWS\TEMP\368_4293045061_4293130729_4293346937_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\368_4293045061_4293130729_4293346937_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\368_4293045061_4293130729_4293346937_79.41.tst Moved

C:\WINDOWS\TEMP\2848_4292905661_4293128865_4293231113_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\2848_4292905661_4293128865_4293231113_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\2848_4292905661_4293128865_4293231113_79.41.tst Moved

C:\WINDOWS\TEMP\732_4293045061_4293130729_4293373609_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\732_4293045061_4293130729_4293373609_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\732_4293045061_4293130729_4293373609_79.41.tst Moved

C:\WINDOWS\TEMP\260_4293045061_4293130729_4293280613_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\260_4293045061_4293130729_4293280613_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\260_4293045061_4293130729_4293280613_79.41.tst Moved

C:\WINDOWS\TEMP\2908_4293045061_4293130729_4293524017_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\2908_4293045061_4293130729_4293524017_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\2908_4293045061_4293130729_4293524017_79.41.tst Moved

C:\WINDOWS\TEMP\2284_4293045061_4293130729_4293475841_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\2284_4293045061_4293130729_4293475841_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\2284_4293045061_4293130729_4293475841_79.41.tst Moved

C:\WINDOWS\TEMP\864_4293045061_4293130729_4293493453_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\864_4293045061_4293130729_4293493453_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\864_4293045061_4293130729_4293493453_79.41.tst Moved

C:\WINDOWS\TEMP\1648_4293045061_4293130729_4293341585_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\1648_4293045061_4293130729_4293341585_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\1648_4293045061_4293130729_4293341585_79.41.tst Moved

C:\WINDOWS\TEMP\668_4293045061_4293130729_4293587229_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\668_4293045061_4293130729_4293587229_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\668_4293045061_4293130729_4293587229_79.41.tst Moved

C:\WINDOWS\TEMP\1712_4293549745_4293130729_4293337969_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\1712_4293549745_4293130729_4293337969_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\1712_4293549745_4293130729_4293337969_79.41.tst Moved

C:\WINDOWS\TEMP\2072_4293045061_4293130729_4293462561_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\2072_4293045061_4293130729_4293462561_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\2072_4293045061_4293130729_4293462561_79.41.tst Moved

C:\WINDOWS\TEMP\820_4293045061_4293130729_4293398873_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\820_4293045061_4293130729_4293398873_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\820_4293045061_4293130729_4293398873_79.41.tst Moved

C:\WINDOWS\TEMP\1452_4293045061_4293130729_4293422881_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\1452_4293045061_4293130729_4293422881_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\1452_4293045061_4293130729_4293422881_79.41.tst Moved

C:\WINDOWS\TEMP\2324_4293045061_4293130729_4293447417_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\2324_4293045061_4293130729_4293447417_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\2324_4293045061_4293130729_4293447417_79.41.tst Moved

C:\WINDOWS\TEMP\444_4293045061_4293130729_4293462169_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\444_4293045061_4293130729_4293462169_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\444_4293045061_4293130729_4293462169_79.41.tst Moved

C:\WINDOWS\TEMP\1052_4292976037_4293179649_4293155833_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\1052_4292976037_4293179649_4293155833_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\1052_4292976037_4293179649_4293155833_79.41.tst Moved

C:\WINDOWS\TEMP\4004_4292976037_4293179649_4293284513_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\4004_4292976037_4293179649_4293284513_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\4004_4292976037_4293179649_4293284513_79.41.tst Moved

C:\WINDOWS\TEMP\2320_4292976037_4293179649_4293223609_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\2320_4292976037_4293179649_4293223609_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\2320_4292976037_4293179649_4293223609_79.41.tst Moved

C:\WINDOWS\TEMP\3820_4292976037_4293179649_4293410181_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\3820_4292976037_4293179649_4293410181_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\3820_4292976037_4293179649_4293410181_79.41.tst Moved

C:\WINDOWS\TEMP\2520_4292958247_4293118171_4293172835_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\2520_4292958247_4293118171_4293172835_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\2520_4292958247_4293118171_4293172835_79.41.tst Moved

C:\WINDOWS\TEMP\2124_4292958247_4293118171_4293314707_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\2124_4292958247_4293118171_4293314707_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\2124_4292958247_4293118171_4293314707_79.41.tst Moved

C:\WINDOWS\TEMP\2276_4292958247_4293118171_4293344623_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\2276_4292958247_4293118171_4293344623_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\2276_4292958247_4293118171_4293344623_79.41.tst Moved

C:\WINDOWS\TEMP\676_4294263573_4294058473_4294123105_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\676_4294263573_4294058473_4294123105_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\676_4294263573_4294058473_4294123105_79.41.tst Moved

C:\WINDOWS\TEMP\1368_4294018029_4294188037_4294375581_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\1368_4294018029_4294188037_4294375581_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\1368_4294018029_4294188037_4294375581_79.41.tst Moved

C:\WINDOWS\TEMP\1504_4294018029_4294188037_4294345665_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\1504_4294018029_4294188037_4294345665_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\1504_4294018029_4294188037_4294345665_79.41.tst Moved

C:\WINDOWS\TEMP\3012_4293026119_4293138727_4293232771_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\3012_4293026119_4293138727_4293232771_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\3012_4293026119_4293138727_4293232771_79.41.tst Moved

C:\WINDOWS\TEMP\2300_4293026119_4293138727_4293283307_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\2300_4293026119_4293138727_4293283307_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\2300_4293026119_4293138727_4293283307_79.41.tst Moved

C:\WINDOWS\TEMP\2124_4292989403_4293115947_4293387811_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\2124_4292989403_4293115947_4293387811_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\2124_4292989403_4293115947_4293387811_79.41.tst Moved

C:\WINDOWS\TEMP\892_4292989403_4293115947_4293026891_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\892_4292989403_4293115947_4293026891_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\892_4292989403_4293115947_4293026891_79.41.tst Moved

C:\WINDOWS\TEMP\1440_4292989403_4293115947_4293353615_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\1440_4292989403_4293115947_4293353615_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\1440_4292989403_4293115947_4293353615_79.41.tst Moved

C:\WINDOWS\TEMP\2408_4292989403_4293115947_4293392547_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\2408_4292989403_4293115947_4293392547_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\2408_4292989403_4293115947_4293392547_79.41.tst Moved

C:\WINDOWS\TEMP\3152_4292989403_4293115947_4293388831_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\3152_4292989403_4293115947_4293388831_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\3152_4292989403_4293115947_4293388831_79.41.tst Moved

C:\WINDOWS\TEMP\732_4292989403_4293115947_4293349371_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\732_4292989403_4293115947_4293349371_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\732_4292989403_4293115947_4293349371_79.41.tst Moved

C:\WINDOWS\TEMP\704_4292989403_4293115947_4293294931_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\704_4292989403_4293115947_4293294931_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\704_4292989403_4293115947_4293294931_79.41.tst Moved

C:\WINDOWS\TEMP\2636_4292989403_4293115947_4293384411_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\2636_4292989403_4293115947_4293384411_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\2636_4292989403_4293115947_4293384411_79.41.tst Moved

C:\WINDOWS\TEMP\2572_4292989403_4293115947_4293113147_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\2572_4292989403_4293115947_4293113147_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\2572_4292989403_4293115947_4293113147_79.41.tst Moved

C:\WINDOWS\TEMP\2104_4293312223_4293115335_4293296947_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\2104_4293312223_4293115335_4293296947_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\2104_4293312223_4293115335_4293296947_79.41.tst Moved

C:\WINDOWS\TEMP\1800_4293013039_4293115335_4293273535_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\1800_4293013039_4293115335_4293273535_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\1800_4293013039_4293115335_4293273535_79.41.tst Moved

C:\WINDOWS\TEMP\796_4293013039_4293115335_4293268327_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\796_4293013039_4293115335_4293268327_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\796_4293013039_4293115335_4293268327_79.41.tst Moved

C:\WINDOWS\TEMP\1084_4293013039_4293115335_4293266239_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\1084_4293013039_4293115335_4293266239_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\1084_4293013039_4293115335_4293266239_79.41.tst Moved

C:\WINDOWS\TEMP\2988_4292992459_4293143151_4293440727_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\2988_4292992459_4293143151_4293440727_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\2988_4292992459_4293143151_4293440727_79.41.tst Moved

C:\WINDOWS\TEMP\3672_4292992459_4293143151_4293146815_79.41.tst Infected Trojan.Elitebar.H

C:\WINDOWS\TEMP\3672_4292992459_4293143151_4293146815_79.41.tst Disinfection failed

C:\WINDOWS\TEMP\3672_4292992459_4293143151_4293146815_79.41.tst Moved

C:\WINDOWS\SYSTEM\windir32.exe Infected Backdoor.Oscarbot.ABR

C:\WINDOWS\SYSTEM\windir32.exe Disinfection failed

C:\WINDOWS\SYSTEM\windir32.exe Moved

C:\WINDOWS\SYSTEM\wininit32.exe Infected Backdoor.Rbot.FBE

C:\WINDOWS\SYSTEM\wininit32.exe Disinfection failed

C:\WINDOWS\SYSTEM\wininit32.exe Moved

C:\WINDOWS\ast_4_main.exe=>wise0008 Infected Trojan.Downloader.Vb.AH

C:\WINDOWS\ast_4_main.exe=>wise0008 Disinfection failed

C:\WINDOWS\ast_4_main.exe=>wise0008 Move failed

C:\WINDOWS\ab1.exe=>wise0006 Infected Trojan.Downloader.Agent.CT

C:\WINDOWS\ab1.exe=>wise0006 Disinfection failed

C:\WINDOWS\ab1.exe=>wise0006 Move failed

C:\Program Files\Common Files\Windows\mc-110-12-0000080.exe Infected Trojan.Downloader.Unclassified.Downloader.77

C:\Program Files\Common Files\Windows\mc-110-12-0000080.exe Disinfection failed

C:\Program Files\Common Files\Windows\mc-110-12-0000080.exe Moved

C:\Program Files\Registry Cleaner Trial\RgBndl_dlb1.exe=>(Embedded EXE o)=>wise0013 Detected: Adware.MyWebSearch.AE

C:\Program Files\Registry Cleaner Trial\RgBndl_dlb1.exe=>(Embedded EXE o)=>wise0013 Disinfection failed

C:\Program Files\Registry Cleaner Trial\RgBndl_dlb1.exe=>(Embedded EXE o)=>wise0013 Move failed

C:\Program Files\SoftwareOnline\soproc.exe Detected: Adware.MyWebSearch.AE

C:\Program Files\SoftwareOnline\soproc.exe Disinfection failed

C:\Program Files\SoftwareOnline\soproc.exe Moved

C:\updaterInstall_108.exe Infected Trojan.Downloader.Keenval.V

C:\updaterInstall_108.exe Disinfection failed

C:\updaterInstall_108.exe Moved

C:\mc-110-12-0000080.exe Infected Trojan.Downloader.CZR

C:\mc-110-12-0000080.exe Disinfection failed

C:\mc-110-12-0000080.exe Moved

C:\pff.exe Infected Trojan.Dropper.Small.YN

C:\pff.exe Disinfection failed

C:\pff.exe Moved

C:\plugg.exe Infected Trojan.Downloader.Istbar.NT

C:\plugg.exe Disinfection failed

C:\plugg.exe Moved

------------------------------------------------------------------------

Logfile of HijackThis v1.99.1

Scan saved at 12:50:59 PM, on 6/3/2006

Platform: Windows ME (Win9x 4.90.3000)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\ACCSTAT.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\WINDOWS\SYSTEM\SSDPSRV.EXE

C:\PROGRAM FILES\ADAPTEC\GOBACK\GBPOLL.EXE

C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE

C:\PROGRAM FILES\ANI\ANIWZCS2 SERVICE\WZCSLDR2.EXE

C:\WINDOWS\SYSTEM\WININIT32.EXE

C:\PROGRAM FILES\COMMON FILES\SOFTWIN\BITDEFENDER COMMUNICATOR\XCOMMSVR.EXE

C:\PROGRAM FILES\COMMON FILES\SOFTWIN\BITDEFENDER SCAN SERVER\BDSS.EXE

C:\WINDOWS\BCMDMMSG.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE

C:\WINDOWS\SYSTEM\SK9910DM.EXE

C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE

C:\PROGRAM FILES\BLOCK CHECKER\BLOCK-CHECKER.EXE

C:\WINDOWS\SYSTEM\WINDIR32.EXE

C:\WINDOWS\SYSTEM\HIDSERV.EXE

C:\PROGRAM FILES\SOFTWIN\BITDEFENDER8\BDMCON.EXE

C:\PROGRAM FILES\SOFTWIN\BITDEFENDER8\BDNAGENT.EXE

C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE

C:\WINDOWS\SYSTEM\WINDIR32.EXE

C:\PROGRAM FILES\BLOCK CHECKER\CSRSS.EXE

C:\PROGRAM FILES\ADAPTEC\GOBACK\GBMENU.EXE

F:\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/...://my.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - (no file)

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)

O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)

O2 - BHO: (no name) - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - (no file)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)

O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [OEMRUNONCE] c:\windows\options\cabs\oemrun.exe

O4 - HKLM\..\Run: [POINTER] point32.exe

O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE

O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE

O4 - HKLM\..\Run: [inkWatch] C:\PROGRA~1\GATEWAY\GATEWA~2\INKWATCH.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [blockChecker] C:\PROGRAM FILES\BLOCK CHECKER\block-checker.exe

O4 - HKLM\..\Run: [Microsoft Windows DLL Services Configuration] windir32.exe

O4 - HKLM\..\Run: [Microsoft Update 64 BIT] WININIT32.EXE

O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [bCMDMMSG] BCMDMMSG.exe

O4 - HKLM\..\Run: [EPSON Stylus Photo 825] C:\WINDOWS\SYSTEM\E_S10IC2.EXE /P22 "EPSON Stylus Photo 825" /O7 "EPUSB1:" /M "Stylus Photo 825"

O4 - HKLM\..\Run: [bDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"

O4 - HKLM\..\Run: [bDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"

O4 - HKLM\..\RunServices: [Load

Share this post


Link to post
Share on other sites

qwertyuiop,

Due to the length of your bitdefender log, your hijackthis log got cut off. Could you please post a full log for me?

Thanks!

sari

Share this post


Link to post
Share on other sites

:poster_oops: I didn't notice that it had been cut off. I guess "Check Post Length" doesn't really work...

Here's the full HJT log:

Logfile of HijackThis v1.99.1

Scan saved at 12:50:59 PM, on 6/3/2006

Platform: Windows ME (Win9x 4.90.3000)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\ACCSTAT.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\WINDOWS\SYSTEM\SSDPSRV.EXE

C:\PROGRAM FILES\ADAPTEC\GOBACK\GBPOLL.EXE

C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE

C:\PROGRAM FILES\ANI\ANIWZCS2 SERVICE\WZCSLDR2.EXE

C:\WINDOWS\SYSTEM\WININIT32.EXE

C:\PROGRAM FILES\COMMON FILES\SOFTWIN\BITDEFENDER COMMUNICATOR\XCOMMSVR.EXE

C:\PROGRAM FILES\COMMON FILES\SOFTWIN\BITDEFENDER SCAN SERVER\BDSS.EXE

C:\WINDOWS\BCMDMMSG.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE

C:\WINDOWS\SYSTEM\SK9910DM.EXE

C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE

C:\PROGRAM FILES\BLOCK CHECKER\BLOCK-CHECKER.EXE

C:\WINDOWS\SYSTEM\WINDIR32.EXE

C:\WINDOWS\SYSTEM\HIDSERV.EXE

C:\PROGRAM FILES\SOFTWIN\BITDEFENDER8\BDMCON.EXE

C:\PROGRAM FILES\SOFTWIN\BITDEFENDER8\BDNAGENT.EXE

C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE

C:\WINDOWS\SYSTEM\WINDIR32.EXE

C:\PROGRAM FILES\BLOCK CHECKER\CSRSS.EXE

C:\PROGRAM FILES\ADAPTEC\GOBACK\GBMENU.EXE

F:\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/...://my.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - (no file)

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)

O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)

O2 - BHO: (no name) - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - (no file)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)

O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [OEMRUNONCE] c:\windows\options\cabs\oemrun.exe

O4 - HKLM\..\Run: [POINTER] point32.exe

O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE

O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE

O4 - HKLM\..\Run: [inkWatch] C:\PROGRA~1\GATEWAY\GATEWA~2\INKWATCH.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [blockChecker] C:\PROGRAM FILES\BLOCK CHECKER\block-checker.exe

O4 - HKLM\..\Run: [Microsoft Windows DLL Services Configuration] windir32.exe

O4 - HKLM\..\Run: [Microsoft Update 64 BIT] WININIT32.EXE

O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [bCMDMMSG] BCMDMMSG.exe

O4 - HKLM\..\Run: [EPSON Stylus Photo 825] C:\WINDOWS\SYSTEM\E_S10IC2.EXE /P22 "EPSON Stylus Photo 825" /O7 "EPUSB1:" /M "Stylus Photo 825"

O4 - HKLM\..\Run: [bDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"

O4 - HKLM\..\Run: [bDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [sSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe

O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe

O4 - HKLM\..\RunServices: [GoBack Polling Service] C:\Program Files\Adaptec\GoBack\GBPoll.exe

O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE

O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service

O4 - HKLM\..\RunServices: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

O4 - HKLM\..\RunServices: [Microsoft Windows DLL Services Configuration] windir32.exe

O4 - HKLM\..\RunServices: [Microsoft Update 64 BIT] WININIT32.EXE

O4 - HKLM\..\RunServices: [scriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg

O4 - HKLM\..\RunServices: [sAgent2ExePath] C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe

O4 - HKLM\..\RunServices: [bitDefender Communicator] "C:\Program Files\Common Files\Softwin\BitDefender Communicator\\xcommsvr.exe"

O4 - HKLM\..\RunServices: [bitDefender Scan Server] "C:\Program Files\Common Files\Softwin\BitDefender Scan Server\\bdss.exe"

O4 - HKLM\..\RunServices: [bitDefender Live! Init] "C:\Program Files\Softwin\BitDefender8\bdinit.exe"

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [Tray Temperature] C:\WINDOWS\TEMP\MINIBUG.EXE 1

O4 - HKCU\..\Run: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1

O4 - HKCU\..\Run: [Microsoft Windows DLL Services Configuration] windir32.exe

O4 - HKCU\..\Run: [sOProc_RegSoAlertWxLiteNnAj] rundll32 shell32.dll,ShellExec_RunDLL C:\PROGRAM FILES\SOFTWAREONLINE\SOPROC.EXE -pack RegSoAlertWxLiteNnAj

O4 - Startup: GOBACK.LNK = C:\Program Files\Adaptec\GoBack\GBMenu.exe

O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM

O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE

O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM

O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM

O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM

O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O12 - Plugin for .mp3: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin4.dll

O14 - IERESET.INF: START_PAGE_URL=http://gateway.yahoo.com

O15 - Trusted Zone: http://www.pandasoftware.com

O16 - DPF: {43B70AAD-23F4-4FD8-ADD9-441D8592EEB8} (Snapfish Fix Photo Control) - http://www.snapfish.com/SnapfishImageEditor.cab

O16 - DPF: {4226E9B7-D637-40E8-893A-13298AB41477} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -

O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug/tr...Transporter.cab?

O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} - http://adserver.sharewareonline.com/adserver/Install.cab

O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} -

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -

Edited by qwertyuiop

Share this post


Link to post
Share on other sites

qwertyuiop,

While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things.

Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.

[*]Open Spybot Search & Destroy.

[*]In the Mode menu click "Advanced mode" if not already selected.

[*]Choose "Yes" at the Warning prompt.

[*]Expand the "Tools" menu.

[*]Click "Resident".

[*]Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.

[*]In the File menu click "Exit" to exit Spybot Search & Destroy.

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/...://my.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - (no file)

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)

O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)

O2 - BHO: (no name) - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - (no file)

O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)

O4 - HKLM\..\Run: [Microsoft Windows DLL Services Configuration] windir32.exe

O4 - HKLM\..\Run: [Microsoft Update 64 BIT] WININIT32.EXE

O4 - HKLM\..\RunServices: [Microsoft Windows DLL Services Configuration] windir32.exe

O4 - HKLM\..\RunServices: [Microsoft Update 64 BIT] WININIT32.EXE

O4 - HKCU\..\Run: [Microsoft Windows DLL Services Configuration] windir32.exe

O4 - HKCU\..\Run: [sOProc_RegSoAlertWxLiteNnAj] rundll32 shell32.dll,ShellExec_RunDLL C:\PROGRAM FILES\SOFTWAREONLINE\SOPROC.EXE -pack RegSoAlertWxLiteNnAj

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -

O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} - http://adserver.sharewareonline.com/adserver/Install.cab

O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} -

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -

Now close all windows other than HiJackThis, then click Fix Checked. Reboot into safe mode.

Please delete these folders using Windows Explorer(if present):

C:\PROGRAM FILES\SOFTWAREONLINE

Please delete these files using Windows Explorer(if present). You'll have to search for these files:

windir32.exe

WININIT32.EXE

After that, Reboot.

Please post a new hijackthis log.

Thanks,

sari

Share this post


Link to post
Share on other sites

Inactive topic...

If you still need help on this problem, contact me or one of the Moderators to re-open this up.

Topic closed.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this