PDA

View Full Version : Slow boot and downloader.VBS.Agent.n



Gregxpe
2008-09-07, 23:19
Hi, a friend asked me to look at her machine. I takes about 15 minutes to boot. I noticed the Symantec liveupdates weren't updated since May. Live Update wouldn't work. I attempted to install Symantec End Point protection and that didn't seem to work well. I get about 5 Window's installer messages on startup and eventually some Microsoft Visual C++ runtime library errors. R6025 pure virtual function call. I installed the Java 6 updata 7 and ran Kaspersky. I also ran Malwarebytes and removed alot of Spyware. I also ran ATFCleaner which I think got rid of a couple of the Kasperspy files it listed. Below are the log files. Thought to ask for advise before doing anything else.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:58:37 PM, on 9/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDGREG\System32\smss.exe
C:\WINDGREG\system32\winlogon.exe
C:\WINDGREG\system32\services.exe
C:\WINDGREG\system32\lsass.exe
C:\WINDGREG\system32\svchost.exe
C:\WINDGREG\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDGREG\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\CfgWzSvc.exe
C:\WINDGREG\eHome\ehRecvr.exe
C:\WINDGREG\eHome\ehSched.exe
C:\WINDGREG\system32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDGREG\system32\dllhost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDGREG\system32\wscntfy.exe
C:\WINDGREG\Explorer.EXE
C:\WINDGREG\system32\wuauclt.exe
C:\WINDGREG\ehome\ehtray.exe
C:\WINDGREG\ALCXMNTR.EXE
C:\WINDGREG\system32\igfxtray.exe
C:\WINDGREG\eHome\ehmsas.exe
C:\WINDGREG\System32\svchost.exe
C:\WINDGREG\system32\hkcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Symantec\LiveUpdate\luall.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Smc.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\SmcGui.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program

Files\AOL\AIM Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program

Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program

Files\Yahoo!\Common\ycomp5_1_6_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program

Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search

Settings\kb127\SearchSettings.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program

Files\Yahoo!\Common\ycomp5_1_6_0.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM

Toolbar 5.0\aoltb.dll
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} -

C:\WINDGREG\system32\TwcToolbarIe7.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDGREG\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDGREG\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDGREG\system32\hkcmd.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP

Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDGREG\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader

8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - .DEFAULT User Startup: Connection Manager.lnk = C:\Program Files\SBC\Connection

Manager\CManager.exe (User 'Default user')
O4 - .DEFAULT User Startup: WKCALREM.LNK = C:\Program Files\Common Files\Microsoft Shared\Works

Shared\WkCalRem.exe (User 'Default user')
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital

Imaging\bin\hpobnz08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare

software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software

Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: officejet 6100.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar

5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program

Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program

Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra 'Tools' menuitem: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM

Toolbar 5.0\aoltb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program

Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} -

C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) -

http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program

Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) -

http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common

Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common

Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common

Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Client Firewall Configuration (CfgWzSvc) - Symantec Corporation - C:\Program

Files\Symantec Client Security\Symantec Client Firewall\CfgWzSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client

Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program

Files\Symantec Client Security\Symantec AntiVirus\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program

Files\Symantec Client Security\Symantec AntiVirus\SNAC.EXE
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program

Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec

Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program

Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDGREG\system32\YPCSER~1.EXE

--
End of file - 10321 bytes


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, September 7, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, September 07, 2008 16:13:46
Records in database: 1200548
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 136247
Threat name: 3
Infected objects: 3
Suspicious objects: 0
Duration of the scan: 03:28:02


File name / Threat name / Threats count
C:\Documents and Settings\Default User\Local Settings\Temp\AIMWxBugSetup60b6.04.0.9.EXE Infected: not-a-virus:AdWare.Win32.MyWay.j 1
C:\Documents and Settings\Edwards\Local Settings\Temp\Temporary Internet Files\Content.IE5\AIIT5DCY\stats[1].htm Infected: Trojan-Downloader.VBS.Agent.n 1
C:\hp\region\EN_US-ie.reg Infected: Trojan.WinREG.StartPage 1

The selected area was scanned.


Malwarebytes' Anti-Malware 1.26
Database version: 1103
Windows 5.1.2600 Service Pack 2

9/4/2008 6:22:24 AM
mbam-log-2008-09-04 (06-22-17).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 217703
Time elapsed: 3 hour(s), 17 minute(s), 31 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 16
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 6
Files Infected: 53

Memory Processes Infected:
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> No action taken.

Memory Modules Infected:
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> No action taken.

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Weather Services (Adware.Hotbar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\mywebsearch bar uninstall (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls\wxfw.dll (Adware.Hotbar) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\SrchAstt (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\SrchAstt\1.bin (Adware.MyWebSearch) -> No action taken.
C:\Documents and Settings\Default User\Start Menu\Programs\WhenU (Adware.WhenUSave) -> No action taken.

Files Infected:
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> No action taken.
C:\Program Files\Uninstall Fun Web Products.dll (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{85485FDB-16BF-42A4-9E11-FFE2B78F8562}\RP358\A0055782.exe (Adware.Hotbar) -> No action taken.
C:\System Volume Information\_restore{85485FDB-16BF-42A4-9E11-FFE2B78F8562}\RP358\A0055771.exe (Adware.Hotbar) -> No action taken.
C:\System Volume Information\_restore{85485FDB-16BF-42A4-9E11-FFE2B78F8562}\RP358\A0055777.exe (Adware.Hotbar) -> No action taken.
C:\System Volume Information\_restore{85485FDB-16BF-42A4-9E11-FFE2B78F8562}\RP358\A0055778.exe (Adware.Hotbar) -> No action taken.
C:\System Volume Information\_restore{85485FDB-16BF-42A4-9E11-FFE2B78F8562}\RP358\A0055779.exe (Adware.Hotbar) -> No action taken.
C:\System Volume Information\_restore{85485FDB-16BF-42A4-9E11-FFE2B78F8562}\RP358\A0055781.exe (Adware.Hotbar) -> No action taken.
C:\System Volume Information\_restore{85485FDB-16BF-42A4-9E11-FFE2B78F8562}\RP358\A0055786.dll (Adware.Hotbar) -> No action taken.
C:\System Volume Information\_restore{85485FDB-16BF-42A4-9E11-FFE2B78F8562}\RP358\A0055788.dll (Adware.Hotbar) -> No action taken.
C:\System Volume Information\_restore{85485FDB-16BF-42A4-9E11-FFE2B78F8562}\RP428\A0062137.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{85485FDB-16BF-42A4-9E11-FFE2B78F8562}\RP428\A0062155.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{85485FDB-16BF-42A4-9E11-FFE2B78F8562}\RP428\A0062126.dll (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{85485FDB-16BF-42A4-9E11-FFE2B78F8562}\RP428\A0062127.scr (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{85485FDB-16BF-42A4-9E11-FFE2B78F8562}\RP428\A0062136.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{85485FDB-16BF-42A4-9E11-FFE2B78F8562}\RP428\A0062138.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{85485FDB-16BF-42A4-9E11-FFE2B78F8562}\RP428\A0062139.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{85485FDB-16BF-42A4-9E11-FFE2B78F8562}\RP428\A0062140.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{85485FDB-16BF-42A4-9E11-FFE2B78F8562}\RP428\A0062141.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{85485FDB-16BF-42A4-9E11-FFE2B78F8562}\RP428\A0062142.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{85485FDB-16BF-42A4-9E11-FFE2B78F8562}\RP428\A0062143.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{85485FDB-16BF-42A4-9E11-FFE2B78F8562}\RP428\A0062144.SCR (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{85485FDB-16BF-42A4-9E11-FFE2B78F8562}\RP428\A0062145.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{85485FDB-16BF-42A4-9E11-FFE2B78F8562}\RP428\A0062146.DLL (Adware.MyWeb.FunWeb) -> No action taken.
C:\System Volume Information\_restore{85485FDB-16BF-42A4-9E11-FFE2B78F8562}\RP428\A0062147.EXE (Adware.MyWeb.FunWeb) -> No action taken.
C:\System Volume Information\_restore{85485FDB-16BF-42A4-9E11-FFE2B78F8562}\RP428\A0062148.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{85485FDB-16BF-42A4-9E11-FFE2B78F8562}\RP428\A0062149.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{85485FDB-16BF-42A4-9E11-FFE2B78F8562}\RP428\A0062150.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{85485FDB-16BF-42A4-9E11-FFE2B78F8562}\RP428\A0062152.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{85485FDB-16BF-42A4-9E11-FFE2B78F8562}\RP428\A0062153.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{85485FDB-16BF-42A4-9E11-FFE2B78F8562}\RP428\A0062154.EXE (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{85485FDB-16BF-42A4-9E11-FFE2B78F8562}\RP428\A0062157.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{85485FDB-16BF-42A4-9E11-FFE2B78F8562}\RP428\A0062158.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{85485FDB-16BF-42A4-9E11-FFE2B78F8562}\RP428\A0062159.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{85485FDB-16BF-42A4-9E11-FFE2B78F8562}\RP428\A0062160.EXE (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{85485FDB-16BF-42A4-9E11-FFE2B78F8562}\RP428\A0062161.EXE (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{85485FDB-16BF-42A4-9E11-FFE2B78F8562}\RP428\A0062162.EXE (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{85485FDB-16BF-42A4-9E11-FFE2B78F8562}\RP428\A0062163.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{85485FDB-16BF-42A4-9E11-FFE2B78F8562}\RP428\A0062164.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{E27C916A-87FB-4712-B472-51D2BCFC1FE3}\RP2\A0000292.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{E27C916A-87FB-4712-B472-51D2BCFC1FE3}\RP2\A0000295.SCR (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{E27C916A-87FB-4712-B472-51D2BCFC1FE3}\RP2\A0000297.DLL (Adware.MyWeb.FunWeb) -> No action taken.
C:\System Volume Information\_restore{E27C916A-87FB-4712-B472-51D2BCFC1FE3}\RP2\A0000300.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{E27C916A-87FB-4712-B472-51D2BCFC1FE3}\RP2\A0000301.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{E27C916A-87FB-4712-B472-51D2BCFC1FE3}\RP2\A0000298.EXE (Adware.MyWeb.FunWeb) -> No action taken.
C:\Documents and Settings\Default User\Start Menu\Programs\WhenU\Learn More About Save!.url (Adware.WhenUSave) -> No action taken.
C:\Documents and Settings\Default User\Start Menu\Programs\WhenU\Learn More About SaveNow.url (Adware.WhenUSave) -> No action taken.
C:\Documents and Settings\Default User\Start Menu\Programs\WhenU\WhenU.com Website.url (Adware.WhenUSave) -> No action taken.
C:\Documents and Settings\Default User\Application Data\Sskknwrd.dll (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Default User\Application Data\tvmknwrd.dll (Trojan.Agent) -> No action taken.


Greg

Shaba
2008-09-16, 16:36
Hi Gregxpe

The formatting of your post is messed up. This is caused by having Word Wrap checked.
1. Click Start > All Programs > Accessories > Notepad
2. On the menu bar in Notepad select Format and click on WordWrap so it appears unchecked.

After that, please post back a fresh HijackThis log :)

Shaba
2008-09-21, 12:41
Due to the lack of feedback this Topic is closed.

If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required.

Everyone else please begin a New Topic.