Hi !!!!

Im having really REALLY bad problems with aurora pop ups and EXTREME internet connection slowdown, can someone PLZPLZPLZ take a look at my log and help me as spybot and adaware arent doing the trick at all!!! Thankyou v much!!

Here it is!!!

Logfile of HijackThis v1.99.1
Scan saved at 23:35:36, on 30/05/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\NavExcel\NavHelper\v2.0.4d\navapp.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\Program Files\Basb\Yuvvi.exe
C:\WINDOWS\System32\ctfmon.exe
c:\windows\system32\yfhynh.exe
C:\PROGRA~1\COMMON~1\umim\umimm.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\BHODemon 2\BHODemon.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\BitTornado\btdownloadgui.exe
C:\Program Files\BitTornado\btdownloadgui.exe
C:\Program Files\K-Lite Codec Pack\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.broadband.blueyonder.co.uk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by blueyonder
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O1 - Hosts: 62.75.224.159 www.bns3.net
O1 - Hosts: 62.75.224.159 www.bns4.net
O1 - Hosts: 62.75.224.159 www.bns5.net
O1 - Hosts: 62.75.224.159 www.bns6.net
O1 - Hosts: 62.75.224.159 www.bns7.net
O1 - Hosts: 62.75.224.159 www.bns8.net
O1 - Hosts: 62.75.224.159 www.cms3.net
O1 - Hosts: 62.75.224.159 www.cms4.net
O1 - Hosts: 62.75.224.159 www.cms5.net
O1 - Hosts: 62.75.224.159 www.cms6.net
O1 - Hosts: 62.75.224.159 www.cms7.net
O1 - Hosts: 62.75.224.159 www.cms8.net
O1 - Hosts: 62.75.224.159 www.rg1.com
O1 - Hosts: 62.75.224.159 www.rg2.com
O1 - Hosts: 62.75.224.159 www.rg3.com
O1 - Hosts: 62.75.224.159 www.rg4.com
O1 - Hosts: 62.75.224.159 www.rg5.com
O1 - Hosts: 62.75.224.159 www.rg6.com
O1 - Hosts: 62.75.224.159 www.rg7.com
O1 - Hosts: 62.75.224.159 www.rg8.com
O1 - Hosts: 62.75.224.159 jcontent.bns1.m7z.net
O1 - Hosts: 62.75.224.159 j.2004CMS.com
O1 - Hosts: 62.75.224.159 2004CMS.com
O1 - Hosts: 62.75.224.159 bns1.m7z.net
O1 - Hosts: 62.75.224.159 m7z.net
O1 - Hosts: 62.75.224.159 bns3.net
O1 - Hosts: 62.75.224.159 bns4.net
O1 - Hosts: 62.75.224.159 bns5.net
O1 - Hosts: 62.75.224.159 bns6.net
O1 - Hosts: 62.75.224.159 bns7.net
O1 - Hosts: 62.75.224.159 bns8.net
O1 - Hosts: 62.75.224.159 cms3.net
O1 - Hosts: 62.75.224.159 cms4.net
O1 - Hosts: 62.75.224.159 cms5.net
O1 - Hosts: 62.75.224.159 cms6.net
O1 - Hosts: 62.75.224.159 cms7.net
O1 - Hosts: 62.75.224.159 cms8.net
O1 - Hosts: 62.75.224.159 rg1.com
O1 - Hosts: 62.75.224.159 rg2.com
O1 - Hosts: 62.75.224.159 rg3.com
O1 - Hosts: 62.75.224.159 rg4.com
O1 - Hosts: 62.75.224.159 rg5.com
O1 - Hosts: 62.75.224.159 rg6.com
O1 - Hosts: 62.75.224.159 rg7.com
O1 - Hosts: 62.75.224.159 rg8.com
O1 - Hosts: 62.75.224.159 www.m7z.net
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ISTbar - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - C:\Program Files\ISTbar\istbarcm.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SupaDial] C:\Program Files\SupaDial\SupaDial.exe /A
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [navapp] C:\Program Files\NavExcel\NavHelper\v2.0.4d\navapp.exe
O4 - HKLM\..\Run: [YKpD] C:\WINDOWS\hiykly.exe
O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe
O4 - HKLM\..\Run: [grcbyfwl] C:\WINDOWS\grcbyfwl.exe
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [DbwC] C:\WINDOWS\fwhkdl.exe
O4 - HKLM\..\Run: [Kbsey] C:\Program Files\Basb\Yuvvi.exe
O4 - HKLM\..\Run: [rtivzks] c:\windows\system32\yfhynh.exe
O4 - HKLM\..\Run: [TkBellExe] "realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [umim] C:\PROGRA~1\COMMON~1\umim\umimm.exe
O4 - HKCU\..\Run: [TimeCalendar] "C:\Program Files\TimeCalendar\TC.exe" auto
O4 - Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2\BHODemon.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: FunTV Remote Control.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.broadband.blueyonder.co.uk
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1107389237406
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

First:
Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

Please download Nailfix from here:
http://www.noidea.us/easyfile/file.php?...5010747824
Unzip it to the desktop but please do NOT run it yet.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:
http://www.pchell.com/support/safemode.shtml


Once in Safe Mode, please double-click on Nailfix.cmd. Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

Then please run Ewido, and run a full scan. Save the logfile from the scan.

Next please run HijackThis, click Scan, and check:

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe

Close all open windows except for HijackThis and click Fix Checked.

Restart your computer in normal mode and post the log from Ewido in this thread.


Second:
1.Download the Hoster from here: www.funkytoad.com/download/hoster.zip
2. Install the program and run it.
3. Press 'Restore Original Hosts' and press 'OK'
4. Exit Program.

Note: This program also has a Hosts file backup facility that may want to use if you have added custom entries to the Hosts file.


Last:
Run HiJackThis again, and post the new log in this thread. There will still be more to do!!

Heres the Ewido log!!

ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 18:53:45, 31/05/2005
+ Report-Checksum: F919A864

+ Date of database: 31/05/2005
+ Version of scan engine: v3.0

+ Duration: 34 min
+ Scanned Files: 257813
+ Speed: 122.84 Files/Second
+ Infected files: 236
+ Removed files: 236
+ Files put in quarantine: 236
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0

+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes

+ Scanned items:
C:\
F:\

+ Scan result:
C:\WINDOWS\system32\xdnznp.exe -> Trojan.Agent.cp -> Cleaned with backup
C:\WINDOWS\system32\exclean.exe -> Spyware.BargainBuddy -> Cleaned with backup
C:\WINDOWS\system32\netut80ex.vxd/C:/WINDOWS/System32/exdl.exe -> Spyware.BargainBuddy.q -> Cleaned with backup
C:\WINDOWS\system32\netut80ex.vxd/C:/WINDOWS/System32/mqexdlm.srg -> Spyware.BargainBuddy.q -> Cleaned with backup
C:\WINDOWS\system32\netut80ex.vxd/C:/WINDOWS/System32/exul.exe -> Spyware.BargainBuddy -> Cleaned with backup
C:\WINDOWS\system32\netut80ex.vxd/C:/WINDOWS/System32/javexulm.vxd -> Spyware.BargainBuddy -> Cleaned with backup
C:\WINDOWS\system32\netut80ex.vxd/C:/WINDOWS/System32/bbchk.exe -> Spyware.Bargainbuddy -> Cleaned with backup
C:\WINDOWS\system32\netut80ex.vxd/C:/WINDOWS/System32/m-- The nicest hobby on Earth ;) --reg.exe -> Spyware.Bargainbuddy -> Cleaned with backup
C:\WINDOWS\system32\netut80ex.vxd/C:/WINDOWS/System32/instsrv.exe -> Spyware.BargainBuddy -> Cleaned with backup
C:\WINDOWS\system32\netut80ex.vxd/C:/WINDOWS/System32/exclean.exe -> Spyware.BargainBuddy -> Cleaned with backup
C:\WINDOWS\ggwaiiwlra.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\WINDOWS\LastGood\webhdll.dll -> Spyware.WebHancer -> Cleaned with backup
C:\WINDOWS\LastGood\whInstaller.exe -> Spyware.WebHancer -> Cleaned with backup
C:\WINDOWS\NDNuninstall6_38.exe -> Spyware.NewDotNet -> Cleaned with backup
C:\WINDOWS\webhdll.dll_tobedeleted -> Spyware.WebHancer -> Cleaned with backup
C:\Documents and Settings\Sunny\Local Settings\Temp\afWqKC.exe -> TrojanDownloader.IstBar -> Cleaned with backup
C:\Documents and Settings\Sunny\Local Settings\Temp\djebmm350.exe -> Spyware.TopMoxie -> Cleaned with backup
C:\Documents and Settings\Sunny\Local Settings\Temp\RKE\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Sunny\Local Settings\Temporary Internet Files\Content.IE5\RJBUR1O7\svcproc[1].exe -> Trojan.Stervis.c -> Cleaned with backup
C:\Documents and Settings\Sunny\Local Settings\Temporary Internet Files\Content.IE5\1GKVT9SE\powerscan[1].exe -> Spyware.PowerScan.d -> Cleaned with backup
C:\Documents and Settings\Sunny\Local Settings\Temporary Internet Files\Content.IE5\PWWDW92V\power_remove[1].exe -> TrojanDownloader.IstBar.gi -> Cleaned with backup
C:\Documents and Settings\Sunny\Cookies\sunny@xiti[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Sunny\Cookies\sunny@search.msn[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Sunny\Cookies\sunny@www.ebates[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Sunny\Cookies\sunny@com[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Sunny\Cookies\sunny@www.new[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Sunny\Cookies\sunny@burstnet[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Sunny\Cookies\sunny@com[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Program Files\Common Files\umim\umimm.exe -> TrojanDownloader.TSUpdate.k -> Cleaned with backup
C:\Program Files\Kazaa Lite\TopSearch.dll -> Spyware.Altnet.e -> Cleaned with backup
C:\Program Files\NavExcel\NavHelper\v2.0.4d\navapp.exe -> Spyware.NavExcel -> Cleaned with backup
C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Sy350\350_1.dat -> Spyware.TopMoxie -> Cleaned with backup
C:\Program Files\Basb\Yuvvi.exe -> Trojan.Small.cy -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP110\A0026220.exe -> Spyware.NewDotNet -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP127\A0027189.dll -> Spyware.NewDotNet -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP135\A0027377.exe -> Spyware.PurityScan.u -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP135\A0027378.dll -> Spyware.Altnet.e -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP140\A0029222.dll -> Spyware.NavExcel -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP143\A0029434.exe -> TrojanDropper.Delf.fd -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP144\A0029871.exe -> TrojanDownloader.Dyfuca.dp -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP144\A0029872.exe -> TrojanDownloader.Dyfuca -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP144\A0029873.exe -> TrojanDownloader.Dyfuca.dp -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP144\A0029874.dll -> TrojanDownloader.Dyfuca -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP144\A0029876.exe -> Spyware.PowerScan.d -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP144\A0029877.exe -> Spyware.SideFind -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP144\A0029878.dll -> Spyware.SideFind -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP144\A0029879.dll -> Spyware.SideFind -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP144\A0029880.DLL -> TrojanDownloader.IstBar.hj -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP144\A0029881.exe -> Spyware.180Solutions -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP144\A0029882.dll -> Spyware.180solutions -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP144\A0029883.exe -> Spyware.180solutions -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP145\A0029893.exe -> TrojanDownloader.IstBar -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP147\A0029940.exe -> Spyware.PowerScan.d -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP147\A0029941.exe -> Spyware.SideFind -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP147\A0029942.dll -> Spyware.SideFind -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP147\A0029943.dll -> Spyware.SideFind -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP147\A0029944.dll -> Spyware.AdMir.a -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP147\A0029945.dll -> TrojanDownloader.IstBar.ik -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP148\A0029955.exe -> TrojanDownloader.IstBar -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP148\A0029957.exe -> Spyware.WebRebates.c -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP148\A0029958.exe -> Spyware.WebRebates.c -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP148\A0029960.exe -> Spyware.NavExcel -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP148\A0029963.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP148\A0029964.dll -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP148\A0029965.exe -> Spyware.WebRebates.c -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP148\A0029966.exe -> TrojanDownloader.IstBar.ij -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP148\A0029967.exe -> TrojanDownloader.IstBar -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP148\A0029968.dll -> Spyware.Altnet.e -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP148\A0029969.exe -> TrojanDownloader.TSUpdate.j -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP148\A0029970.exe -> Spyware.Xupiter.m -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP148\A0029971.dll -> TrojanDownloader.Dyfuca.dt -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP152\A0030221.exe -> TrojanDownloader.TSUpdate.l -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP164\A0030677.dll -> Spyware.Altnet.e -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP167\A0031948.exe -> TrojanDownloader.IstBar -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP167\A0031953.srg -> Spyware.BargainBuddy.q -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP167\A0031954.exe -> Spyware.BargainBuddy.n -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP168\A0031970.exe -> Spyware.BargainBuddy.q -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP168\A0031971.exe -> Spyware.BargainBuddy -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP168\A0031972.vxd/C:/WINDOWS/System32/exdl.exe -> Spyware.BargainBuddy.q -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP168\A0031972.vxd/C:/WINDOWS/System32/mqexdlm.srg -> Spyware.BargainBuddy.q -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP168\A0031972.vxd/C:/WINDOWS/System32/exul.exe -> Spyware.BargainBuddy -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP168\A0031972.vxd/C:/WINDOWS/System32/javexulm.vxd -> Spyware.BargainBuddy -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP168\A0031972.vxd/C:/WINDOWS/System32/bbchk.exe -> Spyware.Bargainbuddy -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP168\A0031972.vxd/C:/WINDOWS/System32/m-- The nicest hobby on Earth ;) --reg.exe -> Spyware.Bargainbuddy -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP168\A0031972.vxd/C:/WINDOWS/System32/instsrv.exe -> Spyware.BargainBuddy -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP168\A0031972.vxd/C:/WINDOWS/System32/exclean.exe -> Spyware.BargainBuddy -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP169\A0032015.exe -> Spyware.BargainBuddy.q -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP169\A0032016.exe -> Spyware.BargainBuddy -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP169\A0032017.vxd/C:/WINDOWS/System32/exdl.exe -> Spyware.BargainBuddy.q -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP169\A0032017.vxd/C:/WINDOWS/System32/mqexdlm.srg -> Spyware.BargainBuddy.q -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP169\A0032017.vxd/C:/WINDOWS/System32/exul.exe -> Spyware.BargainBuddy -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP169\A0032017.vxd/C:/WINDOWS/System32/javexulm.vxd -> Spyware.BargainBuddy -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP169\A0032017.vxd/C:/WINDOWS/System32/bbchk.exe -> Spyware.Bargainbuddy -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP169\A0032017.vxd/C:/WINDOWS/System32/m-- The nicest hobby on Earth ;) --reg.exe -> Spyware.Bargainbuddy -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP169\A0032017.vxd/C:/WINDOWS/System32/instsrv.exe -> Spyware.BargainBuddy -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP169\A0032017.vxd/C:/WINDOWS/System32/exclean.exe -> Spyware.BargainBuddy -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP170\A0032019.exe -> Spyware.BargainBuddy.q -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP170\A0032020.exe -> Spyware.BargainBuddy -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP170\A0032021.vxd/C:/WINDOWS/System32/exdl.exe -> Spyware.BargainBuddy.q -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP170\A0032021.vxd/C:/WINDOWS/System32/mqexdlm.srg -> Spyware.BargainBuddy.q -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP170\A0032021.vxd/C:/WINDOWS/System32/exul.exe -> Spyware.BargainBuddy -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP170\A0032021.vxd/C:/WINDOWS/System32/javexulm.vxd -> Spyware.BargainBuddy -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP170\A0032021.vxd/C:/WINDOWS/System32/bbchk.exe -> Spyware.Bargainbuddy -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP170\A0032021.vxd/C:/WINDOWS/System32/m-- The nicest hobby on Earth ;) --reg.exe -> Spyware.Bargainbuddy -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP170\A0032021.vxd/C:/WINDOWS/System32/instsrv.exe -> Spyware.BargainBuddy -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP170\A0032021.vxd/C:/WINDOWS/System32/exclean.exe -> Spyware.BargainBuddy -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP172\A0032025.vxd -> Spyware.BargainBuddy -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP172\A0032026.exe -> Spyware.Bargainbuddy -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP172\A0032027.exe -> Spyware.BargainBuddy -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP172\A0032028.exe -> Spyware.Bargainbuddy -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP172\A0032029.exe -> Spyware.BargainBuddy -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP172\A0032030.exe -> Spyware.BargainBuddy -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP172\A0032031.exe -> Spyware.BargainBuddy.n -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP172\A0032032.exe -> Spyware.BargainBuddy.n -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP172\A0032034.exe -> Spyware.BargainBuddy.n -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP172\A0032035.exe -> Spyware.BargainBuddy.n -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP172\A0032037.exe -> TrojanDownloader.Dyfuca.dp -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP172\A0032038.exe -> TrojanDownloader.Dyfuca -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP172\A0032039.exe -> TrojanDownloader.Dyfuca.dp -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP172\A0032040.exe -> Trojan.Small.cy -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP172\A0032041.dll -> TrojanDownloader.Dyfuca -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP172\A0032042.exe -> TrojanDownloader.IstBar -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP172\A0032044.exe -> Spyware.PowerScan.d -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP172\A0032045.exe -> TrojanDownloader.IstBar.jd -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP172\A0032046.dll -> Spyware.SideFind -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP172\A0032047.dll -> Spyware.SideFind -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP172\A0032048.DLL -> Spyware.AdMir.a -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP172\A0032049.DLL -> TrojanDownloader.IstBar.ik -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP173\A0032079.exe -> Spyware.BargainBuddy.q -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP173\A0032080.exe -> Spyware.BargainBuddy.q -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP173\A0032081.exe -> Spyware.BargainBuddy.q -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP173\A0032082.exe -> TrojanDownloader.IstBar.ij -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP173\A0032083.srg -> Spyware.BargainBuddy.q -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP173\A0032084.dll -> Spyware.BargainBuddy.n -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP173\A0032085.dll -> Spyware.Altnet.e -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP173\A0032086.dll -> TrojanDownloader.Dyfuca.dt -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP176\A0033117.exe -> Trojan.Agent.ay -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP176\A0033118.exe -> Spyware.BargainBuddy -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP176\A0033119.vxd/C:/WINDOWS/System32/exdl.exe -> Spyware.BargainBuddy.q -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP176\A0033119.vxd/C:/WINDOWS/System32/mqexdlm.srg -> Spyware.BargainBuddy.q -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP176\A0033119.vxd/C:/WINDOWS/System32/exul.exe -> Spyware.BargainBuddy -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP176\A0033119.vxd/C:/WINDOWS/System32/javexulm.vxd -> Spyware.BargainBuddy -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP176\A0033119.vxd/C:/WINDOWS/System32/bbchk.exe -> Spyware.Bargainbuddy -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP176\A0033119.vxd/C:/WINDOWS/System32/m-- The nicest hobby on Earth ;) --reg.exe -> Spyware.Bargainbuddy -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP176\A0033119.vxd/C:/WINDOWS/System32/instsrv.exe -> Spyware.BargainBuddy -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP176\A0033119.vxd/C:/WINDOWS/System32/exclean.exe -> Spyware.BargainBuddy -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP177\snapshot\MFEX-1.DAT -> Spyware.BargainBuddy.q -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP177\A0033129.exe -> Spyware.BargainBuddy.q -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP177\A0033130.exe -> Spyware.BargainBuddy -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP177\A0033131.vxd/C:/WINDOWS/System32/exdl.exe -> Spyware.BargainBuddy.q -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP177\A0033131.vxd/C:/WINDOWS/System32/mqexdlm.srg -> Spyware.BargainBuddy.q -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP177\A0033131.vxd/C:/WINDOWS/System32/exul.exe -> Spyware.BargainBuddy -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP177\A0033131.vxd/C:/WINDOWS/System32/javexulm.vxd -> Spyware.BargainBuddy -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP177\A0033131.vxd/C:/WINDOWS/System32/bbchk.exe -> Spyware.Bargainbuddy -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP177\A0033131.vxd/C:/WINDOWS/System32/m-- The nicest hobby on Earth ;) --reg.exe -> Spyware.Bargainbuddy -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP177\A0033131.vxd/C:/WINDOWS/System32/instsrv.exe -> Spyware.BargainBuddy -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP177\A0033131.vxd/C:/WINDOWS/System32/exclean.exe -> Spyware.BargainBuddy -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP177\A0033137.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP178\snapshot\MFEX-1.DAT -> Spyware.BargainBuddy.q -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP178\A0033185.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP178\A0033192.exe -> Spyware.BargainBuddy.q -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP178\A0033193.exe -> Spyware.BargainBuddy -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP178\A0033194.vxd/C:/WINDOWS/System32/exdl.exe -> Spyware.BargainBuddy.q -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP178\A0033194.vxd/C:/WINDOWS/System32/mqexdlm.srg -> Spyware.BargainBuddy.q -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP178\A0033194.vxd/C:/WINDOWS/System32/exul.exe -> Spyware.BargainBuddy -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP178\A0033194.vxd/C:/WINDOWS/System32/javexulm.vxd -> Spyware.BargainBuddy -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP178\A0033194.vxd/C:/WINDOWS/System32/bbchk.exe -> Spyware.Bargainbuddy -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP178\A0033194.vxd/C:/WINDOWS/System32/m-- The nicest hobby on Earth ;) --reg.exe -> Spyware.Bargainbuddy -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP178\A0033194.vxd/C:/WINDOWS/System32/instsrv.exe -> Spyware.BargainBuddy -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP178\A0033194.vxd/C:/WINDOWS/System32/exclean.exe -> Spyware.BargainBuddy -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP179\snapshot\MFEX-1.DAT -> Spyware.BargainBuddy.q -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP179\A0033197.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP179\A0033237.exe -> Spyware.BargainBuddy.q -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP179\A0033238.exe -> Spyware.BargainBuddy -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP179\A0033239.vxd/C:/WINDOWS/System32/exdl.exe -> Spyware.BargainBuddy.q -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP179\A0033239.vxd/C:/WINDOWS/System32/mqexdlm.srg -> Spyware.BargainBuddy.q -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP179\A0033239.vxd/C:/WINDOWS/System32/exul.exe -> Spyware.BargainBuddy -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP179\A0033239.vxd/C:/WINDOWS/System32/javexulm.vxd -> Spyware.BargainBuddy -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP179\A0033239.vxd/C:/WINDOWS/System32/bbchk.exe -> Spyware.Bargainbuddy -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP179\A0033239.vxd/C:/WINDOWS/System32/m-- The nicest hobby on Earth ;) --reg.exe -> Spyware.Bargainbuddy -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP179\A0033239.vxd/C:/WINDOWS/System32/instsrv.exe -> Spyware.BargainBuddy -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP179\A0033239.vxd/C:/WINDOWS/System32/exclean.exe -> Spyware.BargainBuddy -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP180\snapshot\MFEX-1.DAT -> Spyware.BargainBuddy.q -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP180\A0033241.exe -> TrojanDownloader.Dyfuca.dp -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP180\A0033242.exe -> Spyware.BargainBuddy.n -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP180\A0033243.exe -> Spyware.BargainBuddy.n -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP180\A0033244.exe -> Spyware.BargainBuddy.n -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP180\A0033245.exe -> Spyware.BargainBuddy.n -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP180\A0033246.DLL -> Spyware.AdMir.a -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP180\A0033247.exe -> Spyware.BargainBuddy.q -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP180\A0033248.exe -> Spyware.BargainBuddy.q -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP180\A0033249.exe -> Spyware.BargainBuddy.q -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP180\A0033250.EXE -> Spyware.BargainBuddy.q -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP180\A0033251.exe -> Spyware.BargainBuddy -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP180\A0033252.EXE -> Spyware.BargainBuddy -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP180\A0033253.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP180\A0033254.DLL -> TrojanDownloader.IstBar.ik -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP180\A0033255.vxd -> Spyware.BargainBuddy -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP180\A0033256.srg -> Spyware.BargainBuddy.q -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP180\A0033257.DLL -> Spyware.BargainBuddy.n -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP180\A0033258.EXE -> Spyware.Bargainbuddy -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP180\A0033259.exe -> Trojan.Nail -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP180\A0033260.DLL -> TrojanDownloader.Dyfuca -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP180\A0033261.dll -> Spyware.SideFind -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP180\A0033262.exe -> TrojanDownloader.IstBar.jd -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP180\A0033263.dll -> Spyware.Altnet.e -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP180\A0033264.EXE -> Spyware.BargainBuddy.n -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP181\A0034057.exe -> Trojan.Agent.cp -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP181\A0034060.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP184\A0034580.exe -> TrojanDownloader.Dyfuca.dp -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP185\A0034633.exe -> Spyware.BargainBuddy -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP185\A0034634.exe -> Spyware.Bargainbuddy -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP185\A0034635.exe -> TrojanDownloader.Dyfuca -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP185\A0034636.exe -> TrojanDownloader.IstBar -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP185\A0034638.exe -> Spyware.PowerScan.d -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP185\A0034639.exe -> TrojanDownloader.IstBar.gi -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP185\A0034640.dll -> Spyware.SideFind -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP186\A0034678.exe -> Trojan.Agent.cp -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP186\A0034680.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP187\A0034720.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP189\A0034731.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP189\A0034732.exe -> Trojan.Nail -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP189\A0034734.dll -> TrojanDownloader.Dyfuca.dt -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP189\A0035671.exe -> Trojan.Agent.cp -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP189\A0035693.exe -> Trojan.Nail -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP190\A0036672.exe -> Trojan.Agent.cp -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP190\A0037672.exe -> Trojan.Agent.cp -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP190\A0037757.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP191\A0037764.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP192\A0037966.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP193\A0037968.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP193\A0038672.exe -> Trojan.Agent.cp -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP193\A0038676.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP193\A0038683.exe -> Trojan.Nail -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP193\A0038684.exe -> Trojan.Stervis.c -> Cleaned with backup
C:\System Volume Information\_restore{D212D784-6BE1-4677-82A9-0CD0A5735BC5}\RP193\A0038685.dll -> Trojan.Agent.db -> Cleaned with backup


::Report End

AAAAAAAAAAND heres the Hijackthis LOG:


Logfile of HijackThis v1.99.1
Scan saved at 19:02:09, on 31/05/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\BHODemon 2\BHODemon.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.broadband.blueyonder.co.uk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by blueyonder
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ISTbar - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - C:\Program Files\ISTbar\istbarcm.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SupaDial] C:\Program Files\SupaDial\SupaDial.exe /A
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [YKpD] C:\WINDOWS\hiykly.exe
O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe
O4 - HKLM\..\Run: [grcbyfwl] C:\WINDOWS\grcbyfwl.exe
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [DbwC] C:\WINDOWS\fwhkdl.exe
O4 - HKLM\..\Run: [TkBellExe] "realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [TimeCalendar] "C:\Program Files\TimeCalendar\TC.exe" auto
O4 - Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2\BHODemon.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: FunTV Remote Control.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.broadband.blueyonder.co.uk
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1107389237406
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

That took care of a lot of the "junk", now to finish!


Before we begin, please be sure that HiJackThis is in its own folder. This will allow us to use backups to restore entries if necessary. Please do not put HiJackThis in a temporary folder, or on the Desktop. I suggest using 'C:\Program Files\Hijackthis\' or C:\HiJackThis\, but any name you choose is fine.

Reboot in Safe Mode* and run HiJackThis. <-- IMPORTANT

Check the following items in HijackThis.
(note: If any R* items do not appear in Safe Mode, re-run HiJackThis in Normal Mode and remove them after you finish removing these items.)
O3 - Toolbar: ISTbar - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - C:\Program Files\ISTbar\istbarcm.dll (file missing)

O4 - HKLM\..\Run: [YKpD] C:\WINDOWS\hiykly.exe
O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe
O4 - HKLM\..\Run: [grcbyfwl] C:\WINDOWS\grcbyfwl.exe
O4 - HKLM\..\Run: [DbwC] C:\WINDOWS\fwhkdl.exe

O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (HKCU)


Close all windows except HijackThis and click Fix checked.

While still in Safe Mode*, delete the following: (you may need to show hidden files**)
(Files specified without a full path will be located in C:\Windows\ or C:\Windows\System32\)
C:\WINDOWS\hiykly.exe
c:\program files\180solutions\ <-- delete entire folder
C:\WINDOWS\grcbyfwl.exe
C:\WINDOWS\fwhkdl.exe

*How to Boot into Safe mode: http://service1.symantec.com/SUPPORT/tsgen...001052409420406
**Show Hidden and System files and folders: http://www.xtra.co.nz/help/0,,4155-1916458,00.html

Also, uncheck the boxes for hiding known file extensions and hiding protected operating system files. We want to see it all. When we finish here, it would be a good idea to rehide the protected operating system files but leave the rest to be shown.

Reboot in normal mode

Run HiJackThis again and post a new log in this thread.

OK here it is!!


Logfile of HijackThis v1.99.1
Scan saved at 00:40:12, on 01/06/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\BHODemon 2\BHODemon.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.broadband.blueyonder.co.uk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by blueyonder
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SupaDial] C:\Program Files\SupaDial\SupaDial.exe /A
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [TkBellExe] "realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2\BHODemon.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.broadband.blueyonder.co.uk
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1107389237406
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

All finished; nice and clean!


At last, your system is clean and free of spyware! Want to keep it that way?

Here are some simple steps you can take to reduce the chance of infection in the future.

1. Visit Windows Update:
Make sure that you have all the Critical Updates recommended for your operating system and Internet Explorer. This includes SP1 and SP2 if you use Windows XP. The first defense against infection is a properly patched Operating System.
a. Windows Update: http://v5.windowsupdate.microsoft.com/en/default.asp

2. Adjust your security settings for ActiveX:
Select Internet Options from the Control Panels, or from Internet Explorer (Tools -> Internet Options)
Press 'default level', then OK
Now press "Custom Level."

In the ActiveX controls and plug-ins section set these options:
'Download singed ActiveX controls' - Prompt
'Download unsigned ActiveX controls' - Disable
'Initialize and script ActiveX controls not maked as safe'- Disable
All other options accept the default

3. Download and install the following free programs
a. SpywareBlaster: http://www.javacoolsoftware.com/spywareblaster.html
b. IE/Spyad: https://netfiles.uiuc.edu/ehowes/www/resource.htm
c. BHODemon: http://www.definitivesolutions.com/bhodemon.htm

4. Install Spyware Detection and Removal Programs:
You may also want to consider installing one of the following:
a. Microsoft AntiSpyware: http://www.microsoft.com/athome/security/s...re/default.mspx
NOTE: MS AntiSpyware only runs on Windows 2000, XP, and 2003.
b. Spybot S&D: http://security.kolla.de/index.php?lang=en&page=download
c. AdAware: http://www.lavasoft.de/

Use these programs to regularly scan your system for and remove many forms of spyware/malware. I recommend and use Micosoft AntiSpyware.

If you use, or plan on using, additional spyware/malware detection and/or removal programs, please check Items 8 and 9.

5. Install 'Spoofstick"
Spoofstick is a simple browser extension that helps users detect spoofed (fake) websites. This extension is free and installs in Internet Explorer and Mozilla Firefox.
a. http://www.corestreet.com/spoofstick

6. Reset System Restore
If you are using Windows ME or Windows XP, please reset your System Restore. See Windows help for information.

7. Clean Temporary Files and Folders
Download and install the disk cleanup utility called Cleanup! from here:
http://cleanup.stevengould.org/
http://www.hijackthislogs.com/dl/CleanUp312.exe

Cleanup! will get rid of any malware which may be hiding in your temp folders (a common hiding place). You may also regain a massive amount of disk space.
Here is a tutorial which describes its usage:
http://www.bleepingcomputer.com/forums/tutorial93.html

Run the disk cleanup utility called Cleanup! that you have already downloaded and installed
Check the custom settings to your liking under options, but be sure to delete temporary files and temporary internet files for all user profiles. Also, cleanout the prefetch folder and the recycle bin.
Then reboot into normal mode to let it clean out the remaining files.


8. Rogue/Suspect Anti-Spyware
Before using or purchasing any Spyware/Malware protection/removal program, always check the Rogue/Suspect Spyware List. It will save you a lot of grief, as well as money if you are thinking of purchasing. Here is the link: http://www.spywarewarrior.com/rogue_anti-spyware.htm

9. Anti-Spyware Programs Compared
Want to know just how effective your anti-spyware program is? Wonder how well any of the "rogue" programs listed above work? Check this link for an independent comparison of several anti-spyware programs: http://www.spywarewarrior.com/asw-test-guide.htm

10. Alternate Browser
Consider using an alternate browser as your default. I recommend and use Firefox as my primary browser. It is still necessary to keep Internet Explorer current and protected in order to use Windows Update.


For more information about Spyware, the tools available, and other informative material, including information on how you may have been infected in the first place, please check out this link: http://forum.gladiator-antivirus.com/index...?showtopic=9857

"It is your responsibility to read and adhere to the End User Licensing Agreement (EULA) of all software and services mentioned."

Good luck, and thanks for coming to our forums for help with your security and malware issues.

Thanks alot!!

I was just wondering, can you tell from my Hijackthis log if there are any programs that i dont need hogging down memory? and how i can get rid of them?

Thanks!!!

THe only program I saw that does not need to be running is mdm.exe (MS debugger).

Do not remove the program but do stop it from running at startup.