Unsolved
This post is more than 5 years old
8 Posts
0
13213
February 7th, 2005 17:00
Windupdate removal
Whenever I run MS antispyware I Windupdate appears. I remove it but next run it is back..here is my HJT log...please help is driving me nuts.
Also in my add/remove list there is this program "Golden Retriever Cashback" but if i click on remove, it pops up a message box asking my to type in the characters on the screen..should I do this or not?
Logfile of HijackThis v1.99.0
Scan saved at 11:35:13 AM, on 2/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Scan saved at 11:35:13 AM, on 2/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\winis.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-ca\msnappau.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Logitech\Profiler\lwemon.exe
C:\program files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
C:\WINDOWS\WEBSHOTS.SCR
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
D:\Zipped Files\hijackthis\HijackThis.exe
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\winis.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-ca\msnappau.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Logitech\Profiler\lwemon.exe
C:\program files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
C:\WINDOWS\WEBSHOTS.SCR
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
D:\Zipped Files\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://ca.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 6\SnagItBHO.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-ca\msntb.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 6\SnagItIEAddin.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-ca\msntb.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn\ycomp5_3_12_0.dll
O4 - HKLM\..\Run: [update] winis.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-ca\msnappau.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\RunServices: [update] winis.exe
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
O4 - HKCU\..\Run: [WeatherEye] C:\program files\TheWeatherNetwork\WeatherEye\WeatherEye
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://zone.msn.com
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/beta/vet_install_popup.pl?2&4&04.00.04.03&http://www.space.com/php/multimedia/zoomviewer/index.php?display_img=ararat
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://www.streamaudio.com/download/ccpm_0237.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {310BD666-1EA3-4453-AF49-7C65D107030A} (mw4_baseCtl Class) - https://www.myfairmont.com/exchweb/cabs/usa/mw4_base.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-9.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/294a436a210788b73904/netzip/RdxIE601.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093805313162
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.142/code/PWActiveXImgCtl.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {78960E0E-0B0C-11D4-8997-00104BD12D94} (AV Class) - http://www.pcpitstop.com/antivirus/PCPAV.CAB
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {DD3641E5-A9CF-11D1-9AA1-444553540000} (Surround Video V3.0 Control Object) - http://www.mmmhousing.com/svideo3.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4278/mcfscan.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O16 - DPF: {F8F88D0D-E455-11D6-B547-00400555C7FB} (DiskHealth2 Class) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 6\SnagItBHO.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-ca\msntb.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 6\SnagItIEAddin.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-ca\msntb.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn\ycomp5_3_12_0.dll
O4 - HKLM\..\Run: [update] winis.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-ca\msnappau.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\RunServices: [update] winis.exe
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
O4 - HKCU\..\Run: [WeatherEye] C:\program files\TheWeatherNetwork\WeatherEye\WeatherEye
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://zone.msn.com
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/beta/vet_install_popup.pl?2&4&04.00.04.03&http://www.space.com/php/multimedia/zoomviewer/index.php?display_img=ararat
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://www.streamaudio.com/download/ccpm_0237.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {310BD666-1EA3-4453-AF49-7C65D107030A} (mw4_baseCtl Class) - https://www.myfairmont.com/exchweb/cabs/usa/mw4_base.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-9.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/294a436a210788b73904/netzip/RdxIE601.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093805313162
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.142/code/PWActiveXImgCtl.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {78960E0E-0B0C-11D4-8997-00104BD12D94} (AV Class) - http://www.pcpitstop.com/antivirus/PCPAV.CAB
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {DD3641E5-A9CF-11D1-9AA1-444553540000} (Surround Video V3.0 Control Object) - http://www.mmmhousing.com/svideo3.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4278/mcfscan.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O16 - DPF: {F8F88D0D-E455-11D6-B547-00400555C7FB} (DiskHealth2 Class) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
No Events found!
Midnight Star
4.8K Posts
0
February 7th, 2005 20:00
Let's start with this...
Go to www.trendmicro.com, and then:
1. Click " Free Online Scan".
2. Click " Scan now, it's free".
It'll take a few minutes to download (especially with a dialup connection), so be patient. When it's down:
1. Select all available drives.
2. Check(tick) " Auto Clean".
3. Click " Scan".
When it completes, post back the full filename of any files that cannot be cleaned or deleted.
Next, Open a command prompt by:
1. Clicking " Start", then " Run...".
2. Enter " cmd" ( without the quotes).
3. Enter " services.msc" ( without the quotes).
-
Now, locate and ' stop' the following services, if present:
winis.exe
Look carefully, since the name of the service (above) can be anywhere in the entry; also be careful not to 'stop' any required system services.
Run HiJackThis then:
1. Click " Config..."
2. Click " Misc Tools"
3. Click " Open Process manager"
-
Next, while holding down the CTRL key, locate ( if present) and click on ( highlight) each of the following:
C:\WINDOWS\system32\winis.exe
Now double-check and make sure that only those item(s) above are highlighted, then click " Kill process". Now, click " Refresh", check again, and repeat this step if any remain.
Run HiJackThis and click " Scan", then check(tick) the following, if present:
O4 - HKLM\..\Run: [update] winis.exe
O4 - HKLM\..\RunServices: [update] winis.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/294a436a210788b73904/netzip/RdxIE601.cab
Now, with all windows closed except HiJackThis, click " Fix checked".
Locate and delete the following item(s), if present. Make sure your able to view system and hidden files/ folders:
files...
C:\WINDOWS\system32\winis.exe
Search for...
winis.exe
...using " Start | Search...".
-
Note that some of these file(s) may or may not be present. If present, and cannot be deleted because they're ' in use', try deleting them from " Safe Mode".
Post back a new log.
-
Mike.
Scott Conway
8 Posts
0
February 7th, 2005 21:00
Thanks for your help..below is latest HJT file. When I ran the search at the end it found no file winis.exe, however, when I went to win/system32 it was there only faded out..I deleted it manually with no problem. Do not understand why search didn't find it.
Another item: In my ad/remove list is a program called "Golden Retriever Cash Back" when I try to remove it it asks me to type in an identifying number. I am afraid to do this because I do not know what the result will be if I type in the number and click ok..anyone else have this?
Logfile of HijackThis v1.99.0
Scan saved at 3:47:17 PM, on 2/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-ca\msnappau.exe
C:\program files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Zipped Files\hijackthis\HijackThis.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\pcclient.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\temp\aubin\patch.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 6\SnagItBHO.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-ca\msntb.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 6\SnagItIEAddin.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-ca\msntb.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn\ycomp5_3_12_0.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-ca\msnappau.exe"
O4 - HKCU\..\Run: [WeatherEye] C:\program files\TheWeatherNetwork\WeatherEye\WeatherEye
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://zone.msn.com
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/beta/vet_install_popup.pl?2&4&04.00.04.03&http://www.space.com/php/multimedia/zoomviewer/index.php?display_img=ararat
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://www.streamaudio.com/download/ccpm_0237.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {310BD666-1EA3-4453-AF49-7C65D107030A} (mw4_baseCtl Class) - https://www.myfairmont.com/exchweb/cabs/usa/mw4_base.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-9.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093805313162
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.142/code/PWActiveXImgCtl.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {78960E0E-0B0C-11D4-8997-00104BD12D94} (AV Class) - http://www.pcpitstop.com/antivirus/PCPAV.CAB
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {DD3641E5-A9CF-11D1-9AA1-444553540000} (Surround Video V3.0 Control Object) - http://www.mmmhousing.com/svideo3.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4278/mcfscan.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O16 - DPF: {F8F88D0D-E455-11D6-B547-00400555C7FB} (DiskHealth2 Class) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
Midnight Star
4.8K Posts
0
February 7th, 2005 22:00
Midnight Star
4.8K Posts
0
February 7th, 2005 22:00
Download mwav.exe from MicroWorld, then:
2. Click " Scan".
3. When it completes, post back the results from the 'Virus log information' pane.
Scott Conway
8 Posts
0
February 8th, 2005 00:00
Here are the results of my mwav scan
[msvLclnt.dll] [0x00000f44] 07/02/2005 16:47:33:510 :ModuleName = C:\DOCUME~1\Scotty\LOCALS~1\Temp\mwavscan.com
[msvLclnt.dll] [0x00000f44] 07/02/2005 16:47:33:510 :WARNING!!! "Autokey" Not Found
[msvLclnt.dll] [0x00000f44] 07/02/2005 16:47:34:812 :Options Set by External applications mwavscan.com are 9896960 (0x970400):
[msvLclnt.dll] [0x00000f44] 07/02/2005 16:47:34:812 :Mode :PACKED,ARCHIVED,CA,WARNINGS,MAILPLAIN
[msvLclnt.dll] [0x00000f44] 07/02/2005 16:47:34:812 :TimeOut : ffffffff
[msvLclnt.dll] [0x00000f44] 07/02/2005 16:47:34:812 :Priority : NORMAL
[msvLclnt.dll] [0x00000f44] 07/02/2005 16:47:35:273 :VirusCount = 117359 Latest Date = 2005/02/07
[msvLclnt.dll] [0x0000070c] 07/02/2005 17:02:37:791 :[00000001] File C:\WINDOWS\system32\exul1.exe infected by not-a-virus:AdWare.BargainBuddy.q
[msvLclnt.dll] [0x0000070c] 07/02/2005 17:17:47:098 :[00000001] File C:\Program Files\ScanSpyware v3.8.0.4\SSBackup\ssTemp.zip infected by not-a-virus:AdWare.ToolBar.Exact
[msvLclnt.dll] [0x0000070c] 07/02/2005 17:19:48:212 :[00000001] File C:\Program Files\NewTech Infosystems\NTI CD-Maker\Unlock\FAL\FL2002_STD_SETUP.EXE infected by not-a-virus:Tool.Win32.Reboot
[msvLclnt.dll] [0x0000070c] 07/02/2005 17:19:48:903 :[00000001] File C:\Program Files\NewTech Infosystems\NTI CD-Maker\Unlock\SSD\SS4DlxDl.EXE infected by not-a-virus:Tool.Win32.Reboot
[msvLclnt.dll] [0x0000070c] 07/02/2005 17:27:09:447 :[00000001] File C:\WINDOWS\system32\exul1.exe infected by not-a-virus:AdWare.BargainBuddy.q
[msvLclnt.dll] [0x0000070c] 07/02/2005 17:42:50:240 :[00000001] File C:\undo\backup.cab infected by not-a-virus:Tool.Win32.Reboot
[msvLclnt.dll] [0x0000070c] 07/02/2005 17:43:37:397 :[00000001] File C:\Documents and Settings\default\My Documents\WBSAMP.EXE infected by not-a-virus:Tool.Win32.Reboot
[msvLclnt.dll] [0x0000070c] 07/02/2005 17:44:54:388 :[00000001] File C:\Documents and Settings\Scotty\rebates.exe infected by Trojan-Dropper.Win32.WinAD.c
[msvLclnt.dll] [0x0000070c] 07/02/2005 17:48:21:726 :[00000001] File C:\Documents and Settings\Scotty\messenger.exe infected by not-a-virus:AdWare.WinAD.q
[msvLclnt.dll] [0x0000070c] 07/02/2005 17:48:21:916 :[00000001] File C:\Documents and Settings\Scotty\rebats.exe infected by Trojan-Dropper.Win32.WinAD.c
[msvLclnt.dll] [0x0000070c] 07/02/2005 17:52:12:618 :[00000001] File C:\System Volume Information\_restore{7D69CCBD-127F-44DD-B334-688C793D2FC1}\RP976\A0144314.exe infected by not-a-virus:AdWare.BargainBuddy.n
[msvLclnt.dll] [0x0000070c] 07/02/2005 17:52:17:796 :[00000001] File C:\System Volume Information\_restore{7D69CCBD-127F-44DD-B334-688C793D2FC1}\RP976\A0144401.exe infected by Trojan-Dropper.Win32.WinAD.c
[msvLclnt.dll] [0x0000070c] 07/02/2005 17:52:21:481 :[00000001] File C:\System Volume Information\_restore{7D69CCBD-127F-44DD-B334-688C793D2FC1}\RP977\A0144483.exe infected by not-a-virus:AdWare.ToolBar.Exact
[msvLclnt.dll] [0x0000070c] 07/02/2005 17:52:21:511 :[00000001] File C:\System Volume Information\_restore{7D69CCBD-127F-44DD-B334-688C793D2FC1}\RP977\A0144484.exe infected by not-a-virus:AdWare.ToolBar.Exact
[msvLclnt.dll] [0x0000070c] 07/02/2005 17:52:21:541 :[00000001] File C:\System Volume Information\_restore{7D69CCBD-127F-44DD-B334-688C793D2FC1}\RP977\A0144485.srg infected by not-a-virus:AdWare.ToolBar.Exact
[msvLclnt.dll] [0x0000070c] 07/02/2005 17:52:21:571 :[00000001] File C:\System Volume Information\_restore{7D69CCBD-127F-44DD-B334-688C793D2FC1}\RP977\A0144486.exe infected by not-a-virus:AdWare.BargainBuddy.q
[msvLclnt.dll] [0x0000070c] 07/02/2005 17:52:21:591 :[00000001] File C:\System Volume Information\_restore{7D69CCBD-127F-44DD-B334-688C793D2FC1}\RP977\A0144487.vxd infected by not-a-virus:AdWare.BargainBuddy.q
[msvLclnt.dll] [0x0000070c] 07/02/2005 17:52:21:621 :[00000001] File C:\System Volume Information\_restore{7D69CCBD-127F-44DD-B334-688C793D2FC1}\RP977\A0144488.exe infected by Trojan-Clicker.Win32.VB.ex
[msvLclnt.dll] [0x0000070c] 07/02/2005 17:52:21:691 :[00000001] File C:\System Volume Information\_restore{7D69CCBD-127F-44DD-B334-688C793D2FC1}\RP977\A0144490.exe infected by not-a-virus:RiskWare.Tool.ServiceRunner.f
[msvLclnt.dll] [0x0000070c] 07/02/2005 17:52:21:791 :[00000001] File C:\System Volume Information\_restore{7D69CCBD-127F-44DD-B334-688C793D2FC1}\RP977\A0144492.vxd infected by not-a-virus:AdWare.ToolBar.Exact
[msvLclnt.dll] [0x0000070c] 07/02/2005 17:52:22:793 :[00000001] File C:\System Volume Information\_restore{7D69CCBD-127F-44DD-B334-688C793D2FC1}\RP977\A0144513.exe infected by not-a-virus:AdWare.BargainBuddy.n
[msvLclnt.dll] [0x0000070c] 07/02/2005 17:52:25:557 :[00000001] File C:\System Volume Information\_restore{7D69CCBD-127F-44DD-B334-688C793D2FC1}\RP978\A0144535.exe infected by not-a-virus:AdWare.WinAD.q
[msvLclnt.dll] [0x0000070c] 07/02/2005 17:52:42:221 :[00000001] File C:\System Volume Information\_restore{7D69CCBD-127F-44DD-B334-688C793D2FC1}\RP979\A0144749.exe infected by not-a-virus:AdWare.WinAD.s
[msvLclnt.dll] [0x0000070c] 07/02/2005 17:52:42:331 :[00000001] File C:\System Volume Information\_restore{7D69CCBD-127F-44DD-B334-688C793D2FC1}\RP979\A0144750.dll infected by not-a-virus:AdWare.WinAD.u
[msvLclnt.dll] [0x0000070c] 07/02/2005 17:52:42:601 :[00000001] File C:\System Volume Information\_restore{7D69CCBD-127F-44DD-B334-688C793D2FC1}\RP979\A0144758.exe infected by not-a-virus:AdWare.WinAD.k
[msvLclnt.dll] [0x0000070c] 07/02/2005 17:52:42:912 :[00000001] File C:\System Volume Information\_restore{7D69CCBD-127F-44DD-B334-688C793D2FC1}\RP979\A0144766.exe infected by Trojan-Dropper.Win32.WinAD.c
[msvLclnt.dll] [0x0000070c] 07/02/2005 17:52:43:953 :[00000001] File C:\System Volume Information\_restore{7D69CCBD-127F-44DD-B334-688C793D2FC1}\RP979\A0144788.exe infected by Trojan-Dropper.Win32.WinAD.c
[msvLclnt.dll] [0x0000070c] 07/02/2005 17:52:44:965 :[00000001] File C:\System Volume Information\_restore{7D69CCBD-127F-44DD-B334-688C793D2FC1}\RP979\A0144810.exe infected by Trojan-Dropper.Win32.WinAD.c
[msvLclnt.dll] [0x0000070c] 07/02/2005 17:52:45:986 :[00000001] File C:\System Volume Information\_restore{7D69CCBD-127F-44DD-B334-688C793D2FC1}\RP979\A0144831.exe infected by Trojan-Dropper.Win32.WinAD.c
[msvLclnt.dll] [0x0000070c] 07/02/2005 17:52:47:799 :[00000001] File C:\System Volume Information\_restore{7D69CCBD-127F-44DD-B334-688C793D2FC1}\RP979\A0144871.exe infected by Trojan-Dropper.Win32.WinAD.c
[msvLclnt.dll] [0x0000070c] 07/02/2005 17:52:52:095 :[00000001] File C:\System Volume Information\_restore{7D69CCBD-127F-44DD-B334-688C793D2FC1}\RP980\A0144940.exe infected by not-a-virus:AdWare.WinAD.k
[msvLclnt.dll] [0x0000070c] 07/02/2005 17:52:52:205 :[00000001] File C:\System Volume Information\_restore{7D69CCBD-127F-44DD-B334-688C793D2FC1}\RP980\A0144941.dll infected by not-a-virus:AdWare.WinAD.u
[msvLclnt.dll] [0x0000070c] 07/02/2005 17:52:52:315 :[00000001] File C:\System Volume Information\_restore{7D69CCBD-127F-44DD-B334-688C793D2FC1}\RP980\A0144942.exe infected by not-a-virus:AdWare.WinAD.s
[msvLclnt.dll] [0x0000070c] 07/02/2005 17:52:54:849 :[00000001] File C:\System Volume Information\_restore{7D69CCBD-127F-44DD-B334-688C793D2FC1}\RP980\A0144982.exe infected by not-a-virus:AdWare.ToolBar.Exact
[msvLclnt.dll] [0x0000070c] 07/02/2005 17:52:54:869 :[00000001] File C:\System Volume Information\_restore{7D69CCBD-127F-44DD-B334-688C793D2FC1}\RP980\A0144983.exe infected by not-a-virus:AdWare.BargainBuddy.q
[msvLclnt.dll] [0x0000070c] 07/02/2005 17:52:55:189 :[00000001] File C:\System Volume Information\_restore{7D69CCBD-127F-44DD-B334-688C793D2FC1}\RP980\A0144995.dll infected by not-a-virus:AdWare.WildTangent.b
[msvLclnt.dll] [0x0000070c] 07/02/2005 17:52:55:570 :[00000001] File C:\System Volume Information\_restore{7D69CCBD-127F-44DD-B334-688C793D2FC1}\RP980\A0144997.vxd infected by not-a-virus:AdWare.ToolBar.Exact
[msvLclnt.dll] [0x0000070c] 07/02/2005 17:52:55:640 :[00000001] File C:\System Volume Information\_restore{7D69CCBD-127F-44DD-B334-688C793D2FC1}\RP980\A0144999.exe infected by Trojan-Clicker.Win32.VB.ex
[msvLclnt.dll] [0x0000070c] 07/02/2005 17:52:55:670 :[00000001] File C:\System Volume Information\_restore{7D69CCBD-127F-44DD-B334-688C793D2FC1}\RP980\A0145000.vxd infected by not-a-virus:AdWare.BargainBuddy.q
[msvLclnt.dll] [0x0000070c] 07/02/2005 17:52:55:760 :[00000001] File C:\System Volume Information\_restore{7D69CCBD-127F-44DD-B334-688C793D2FC1}\RP980\A0145002.srg infected by not-a-virus:AdWare.ToolBar.Exact
[msvLclnt.dll] [0x0000070c] 07/02/2005 17:52:55:790 :[00000001] File C:\System Volume Information\_restore{7D69CCBD-127F-44DD-B334-688C793D2FC1}\RP980\A0145003.exe infected by not-a-virus:RiskWare.Tool.ServiceRunner.f
[msvLclnt.dll] [0x0000070c] 07/02/2005 17:52:55:830 :[00000001] File C:\System Volume Information\_restore{7D69CCBD-127F-44DD-B334-688C793D2FC1}\RP980\A0145004.exe infected by not-a-virus:AdWare.ToolBar.Exact
[msvLclnt.dll] [0x0000070c] 07/02/2005 17:52:55:870 :[00000001] File C:\System Volume Information\_restore{7D69CCBD-127F-44DD-B334-688C793D2FC1}\RP980\A0145005.exe infected by not-a-virus:AdWare.ToolBar.Exact
[msvLclnt.dll] [0x0000070c] 07/02/2005 17:54:06:392 :VirusCount = 117359 Latest Date = 2005/02/07
[msvLclnt.dll] [0x00000f44] 07/02/2005 18:04:47:033 :VirusCount = 117359 Latest Date = 2005/02/07
[msvLclnt.dll] [0x0000095c] 07/02/2005 18:32:12:830 :ModuleName = C:\DOCUME~1\Scotty\LOCALS~1\Temp\mwavscan.com
[msvLclnt.dll] [0x0000095c] 07/02/2005 18:32:12:830 :Registry Key Deleted Properly!!!
[msvLclnt.dll] [0x0000095c] 07/02/2005 18:32:14:452 :Options Set by External applications mwavscan.com are 9896960 (0x970400):
[msvLclnt.dll] [0x0000095c] 07/02/2005 18:32:14:452 :Mode :PACKED,ARCHIVED,CA,WARNINGS,MAILPLAIN
[msvLclnt.dll] [0x0000095c] 07/02/2005 18:32:14:452 :TimeOut : ffffffff
[msvLclnt.dll] [0x0000095c] 07/02/2005 18:32:14:492 :Priority : NORMAL
[msvLclnt.dll] [0x0000095c] 07/02/2005 18:32:16:174 :VirusCount = 117359 Latest Date = 2005/02/07
Scott Conway
8 Posts
0
February 8th, 2005 02:00
Midnight Star
4.8K Posts
0
February 8th, 2005 18:00
Reboot your system; If everything is running ok, let's do the final cleanup...
If your having any more problems, post back.
Scott Conway
8 Posts
0
February 8th, 2005 18:00
RoHe
10 Elder
•
45.2K Posts
0
May 1st, 2020 12:00
@dinshakes123 = SPAMMER!!!
EDIT: Spam post removed...