Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Winanivirus Computer Popups And Slow


  • Please log in to reply
5 replies to this topic

#1 golfer10383

golfer10383

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:37 PM

Posted 21 September 2007 - 04:46 PM

Good afternoon,
I am getting a lot of pop up ads and my computer has been slowed down greatly, mostly the WinAnti virus ad pops up. Here is my Hijack this log. Any help would be greatly appreciated. Thanks.

Attached Files



BC AdBot (Login to Remove)

 


m

#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 23 September 2007 - 12:59 PM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum golfer10383 :thumbsup:
My name is Richie and i'll be helping you to fix your problems.

Download SDFix.exe and save it to your desktop:
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

* Double click on SDFix on your desktop,and install the fix to C:\

Please then reboot your computer into Safe Mode by doing the following:

* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
* Instead of Windows loading as normal, a menu with options should appear;
* Select the first option, to run Windows in Safe Mode, then press "Enter".
* Choose your usual account.

* In Safe Mode,go to and open the C:\SDFix folder,then double click on RunThis.bat to start the script.
* Type Y to begin the script.
* It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
* Press any Key and it will restart the PC.
* Your system will take longer that normal to restart as the fixtool will be running and removing files.
* When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
* Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt into your next reply.


*NOTE*
If you have previously downloaded ComboFix,please delete that version and download it again from below.

Download Combofix and save to your desktop:
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on Combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.

Now go to:
C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe
Right click on Hijackthis.exe and select 'Rename', rename it to abc.bat
Double click on abc.bat(which is still Hijackthis.exe),post that log into your next reply please.
Posted Image
Posted Image

#3 golfer10383

golfer10383
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:37 PM

Posted 23 September 2007 - 07:58 PM

Attached are the requested files. Thanks for your help.

Attached Files



#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 24 September 2007 - 02:53 AM

I need you to do the following please:
Go here:http://virusscan.jotti.org/
Using the 'Browse' button,browse to:
C:\WINDOWS\winshow.exe
Then press the 'Submit' button.
Wait while the file is scanned.
Post the results into your next reply.

If Jotti's too busy,try here:
http://www.virustotal.com/en/virustotalf.html
Click on the 'Analysis' tab.
Using the 'Browse' button,browse to:
C:\WINDOWS\winshow.exe
Then click on 'Send File'.
Post the results into your next reply.

Enable the viewing of hidden files and folders:
http://www.xtra.co.nz/help/0,,4155-1916458,00.html

Download\install 'SuperAntiSpyware Home Edition Free Version' from here:
http://www.superantispyware.com/downloadfi...ANTISPYWAREFREE

Launch SuperAntiSpyware and click on 'Check for updates'.
Once the updates have been installed,exit SuperAntiSpyware.

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O2 - BHO: (no name) - {0DF41255-EC75-43AD-9120-ECB718C1C4D6} - \
O2 - BHO: (no name) - {82741991-8285-435A-BBDD-4F439E17ADC6} - \
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\tydfbgiq.dll",sitypnow

Exit Hijackthis.

Find and delete:
C:\WINDOWS\system32\tydfbgiq.dll
C:\Program Files\DriveCleaner Freeware
C:\Program Files\Common Files\DriveCleaner Freeware

Start SuperAntiSpyware.
On the main screen click on 'Scan your computer'.
Check: 'Perform Complete Scan'.
Click 'Next' to start the scan.

Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
Make sure everything found has a checkmark next to it,then press 'Next'.
Click on 'Finish' when you've done.

It's possible that the program will ask you to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:
Click on 'Preferences'.
Click on the 'Statistics/Logs' tab.
Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
It will then open in your default text editor,such as Notepad.
Copy and paste the contents of that report into your next reply.
Also post a new Hijackthis log,let me know how your pc is running now.


*Note*
Post all reports/logs directly into this topic,not as attachments,thanks.
Posted Image
Posted Image

#5 golfer10383

golfer10383
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:37 PM

Posted 27 September 2007 - 07:06 PM

Last file scanned at least one scanner reported something about: bndload.exe (MD5: 13f43ac6138e7e63e8e638cb941a7f77, size: 415744 bytes), detected by:

Scanner Malware name
A-Squared X
AntiVir X
ArcaVir X
Avast X
AVG Antivirus X
BitDefender X
ClamAV X
CPsecure X
Dr.Web Trojan.DownLoader.31051
F-Prot Antivirus X
F-Secure Anti-Virus X
Fortinet X
Kaspersky Anti-Virus X
NOD32 X
Norman Virus Control X
Panda Antivirus X
Rising Antivirus X
Sophos Antivirus Mal/Banload-B
VirusBuster X
VBA32 X


















SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/25/2007 at 06:12 PM

Application Version : 3.9.1008

Core Rules Database Version : 3312
Trace Rules Database Version: 1315

Scan type : Complete Scan
Total Scan Time : 00:30:03

Memory items scanned : 486
Memory threats detected : 0
Registry items scanned : 5389
Registry threats detected : 55
File items scanned : 36251
File threats detected : 409

Trojan.WinFixer
HKLM\Software\Classes\CLSID\{E75A035C-053A-4A6A-9BE8-2AC6EDFD174E}
HKCR\CLSID\{E75A035C-053A-4A6A-9BE8-2AC6EDFD174E}
HKCR\CLSID\{E75A035C-053A-4A6A-9BE8-2AC6EDFD174E}\InprocServer32
HKCR\CLSID\{E75A035C-053A-4A6A-9BE8-2AC6EDFD174E}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\DDCCB.DLL

Adware.Tracking Cookie
C:\Documents and Settings\Owner\Cookies\owner@edge.ru4[1].txt
C:\Documents and Settings\Owner\Cookies\owner@advertising[1].txt
C:\Documents and Settings\Owner\Cookies\owner@roiservice[1].txt
C:\Documents and Settings\Owner\Cookies\owner@imrworldwide[2].txt
C:\Documents and Settings\Owner\Cookies\owner@winantivirus[2].txt
C:\Documents and Settings\Owner\Cookies\owner@sitestat.mayoclinic[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.espn.adsonar[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ad.zanox[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ehg-yahoo.hitbox[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ehg-dig.hitbox[2].txt
C:\Documents and Settings\Owner\Cookies\owner@247realmedia[2].txt
C:\Documents and Settings\Owner\Cookies\owner@bs.serving-sys[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.adbrite[2].txt
C:\Documents and Settings\Owner\Cookies\owner@server.iad.liveperson[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ehg-wachovia.hitbox[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ehg-youtube.hitbox[2].txt
C:\Documents and Settings\Owner\Cookies\owner@divx.adbureau[1].txt
C:\Documents and Settings\Owner\Cookies\owner@questionmarket[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ehg-thehuddle.hitbox[1].txt
C:\Documents and Settings\Owner\Cookies\owner@tremor.adbureau[2].txt
C:\Documents and Settings\Owner\Cookies\owner@keywordmax[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.usercash[2].txt
C:\Documents and Settings\Owner\Cookies\owner@h.starware[1].txt
C:\Documents and Settings\Owner\Cookies\owner@server.iad.liveperson[5].txt
C:\Documents and Settings\Owner\Cookies\owner@realmedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@tacoda[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.revsci[1].txt
C:\Documents and Settings\Owner\Cookies\owner@track.sendtraffic[2].txt
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[1].txt
C:\Documents and Settings\Owner\Cookies\owner@bluestreak[2].txt
C:\Documents and Settings\Owner\Cookies\owner@mediatraffic[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.monster[1].txt
C:\Documents and Settings\Owner\Cookies\owner@view.atdmt[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ehg-bestbuy.hitbox[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ad.xplusone[2].txt
C:\Documents and Settings\Owner\Cookies\owner@statcounter[2].txt
C:\Documents and Settings\Owner\Cookies\owner@2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@clickbank[1].txt
C:\Documents and Settings\Owner\Cookies\owner@specificclick[1].txt
C:\Documents and Settings\Owner\Cookies\owner@zedo[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.statsync[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.googleadservices[2].txt
C:\Documents and Settings\Owner\Cookies\owner@screensavers[4].txt
C:\Documents and Settings\Owner\Cookies\owner@apmebf[2].txt
C:\Documents and Settings\Owner\Cookies\owner@mediafire[1].txt
C:\Documents and Settings\Owner\Cookies\owner@usatoday1.112.2o7[2].txt
C:\Documents and Settings\Owner\Cookies\owner@fastclick[2].txt
C:\Documents and Settings\Owner\Cookies\owner@linkto.mediafire[2].txt
C:\Documents and Settings\Owner\Cookies\owner@adserver.adreactor[1].txt
C:\Documents and Settings\Owner\Cookies\owner@try.starware[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.as4x.tmcs[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ad2.adnetinteractive[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.addynamix[2].txt
C:\Documents and Settings\Owner\Cookies\owner@go.winantivirus[3].txt
C:\Documents and Settings\Owner\Cookies\owner@revsci[1].txt
C:\Documents and Settings\Owner\Cookies\owner@buycom.122.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt
C:\Documents and Settings\Owner\Cookies\owner@go.drivecleaner[1].txt
C:\Documents and Settings\Owner\Cookies\owner@anat.tacoda[2].txt
C:\Documents and Settings\Owner\Cookies\owner@linksynergy[1].txt
C:\Documents and Settings\Owner\Cookies\owner@kaboose.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ar.atwola[2].txt
C:\Documents and Settings\Owner\Cookies\owner@adbrite[1].txt
C:\Documents and Settings\Owner\Cookies\owner@msnportal.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adinterax[2].txt
C:\Documents and Settings\Owner\Cookies\owner@statse.webtrendslive[1].txt
C:\Documents and Settings\Owner\Cookies\owner@server.iad.liveperson[4].txt
C:\Documents and Settings\Owner\Cookies\owner@hypertracker[1].txt
C:\Documents and Settings\Owner\Cookies\owner@hitbox[2].txt
C:\Documents and Settings\Owner\Cookies\owner@adopt.specificclick[1].txt
C:\Documents and Settings\Owner\Cookies\owner@3.adbrite[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adopt.euroclick[2].txt
C:\Documents and Settings\Owner\Cookies\owner@burstnet[1].txt
C:\Documents and Settings\Owner\Cookies\owner@4.adbrite[2].txt
C:\Documents and Settings\Owner\Cookies\owner@media.adrevolver[3].txt
C:\Documents and Settings\Owner\Cookies\owner@adrevolver[1].txt
C:\Documents and Settings\Owner\Cookies\owner@trafficmp[1].txt
C:\Documents and Settings\Owner\Cookies\owner@precisionclick[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.pointroll[2].txt
C:\Documents and Settings\Owner\Cookies\owner@mediaplex[1].txt
C:\Documents and Settings\Owner\Cookies\owner@casalemedia[2].txt
C:\Documents and Settings\Owner\Cookies\owner@1us.cqcounter[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.burstnet[2].txt
C:\Documents and Settings\Owner\Cookies\owner@server.iad.liveperson[3].txt
C:\Documents and Settings\Owner\Cookies\owner@atwola[1].txt
C:\Documents and Settings\Owner\Cookies\owner@counter.hitslink[1].txt
C:\Documents and Settings\Owner\Cookies\owner@heavycom.122.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@partner2profit[1].txt
C:\Documents and Settings\Owner\Cookies\owner@overture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ad.urbanmetrix[1].txt
C:\Documents and Settings\Owner\Cookies\owner@longandfoster.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@entrepreneur.122.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@smartadserver[1].txt
C:\Documents and Settings\Owner\Cookies\owner@statsync[1].txt
C:\Documents and Settings\Owner\Cookies\owner@citi.bridgetrack[2].txt
C:\Documents and Settings\Owner\Cookies\owner@track.bestbuy[1].txt
C:\Documents and Settings\Owner\Cookies\owner@try.starware[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[2].txt
C:\Documents and Settings\Owner\Cookies\owner@perf.overture[1].txt
C:\Documents and Settings\Owner\Cookies\owner@serving-sys[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ecnext.advertserve[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ehg-aha.hitbox[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.levelclick[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ehg-tollbrothers.hitbox[1].txt
C:\Documents and Settings\Owner\Cookies\owner@pro-market[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www.googleadservices[4].txt
C:\Documents and Settings\Owner\Cookies\owner@a.websponsors[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ehg-linksys.hitbox[1].txt
C:\Documents and Settings\Owner\Cookies\owner@videoegg.adbureau[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.cnn[1].txt
C:\Documents and Settings\Owner\Cookies\owner@drnatura.directtrack[2].txt
C:\Documents and Settings\Owner\Cookies\owner@enhance[1].txt
C:\Documents and Settings\Owner\Cookies\owner@azjmp[3].txt
C:\Documents and Settings\Owner\Cookies\owner@view.atdmt[3].txt
C:\Documents and Settings\Owner\Cookies\owner@media.adrevolver[1].txt
C:\Documents and Settings\Owner\Cookies\owner@service.tremormedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@67.15.239[1].txt
C:\Documents and Settings\Owner\Cookies\owner@sales.liveperson[3].txt
C:\Documents and Settings\Owner\Cookies\owner@www.googleadservices[6].txt
C:\Documents and Settings\Owner\Cookies\owner@n479ad.doubleclick[1].txt
C:\Documents and Settings\Owner\Cookies\owner@stats.drivecleaner[1].txt
C:\Documents and Settings\Owner\Cookies\owner@CADJUJ77.txt
C:\Documents and Settings\Owner\Cookies\owner@CA9LQC9V.txt
C:\Documents and Settings\Owner\Cookies\owner@ehg-starbucks.hitbox[2].txt
C:\Documents and Settings\Owner\Cookies\owner@entrepreneur[1].txt
C:\Documents and Settings\Owner\Cookies\owner@revenue[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ar.atwola[1].txt
C:\Documents and Settings\Owner\Cookies\owner@marthastewart.122.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@drnatura.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@login.tracking101[1].txt
C:\Documents and Settings\Owner\Cookies\owner@sales.liveperson[2].txt
C:\Documents and Settings\Owner\Cookies\owner@soundclick[2].txt
C:\Documents and Settings\Owner\Cookies\owner@CA08LQAW.txt
C:\Documents and Settings\Owner\Cookies\owner@da-tracking[2].txt
C:\Documents and Settings\Owner\Cookies\owner@emarketmakers[2].txt
C:\Documents and Settings\Owner\Cookies\owner@goclick[1].txt
C:\Documents and Settings\Owner\Cookies\owner@avalonbaycommunitiesinc.122.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@heavyhammerinc.122.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@CAND6YG0.txt
C:\Documents and Settings\Owner\Cookies\owner@ehg-hollywood.hitbox[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ehg-traderpublishing.hitbox[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www.xctrk[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adlegend[1].txt
C:\Documents and Settings\Owner\Cookies\owner@drivecleaner[2].txt
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfliamdjkfo.stats.esomniture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@adtech[2].txt
C:\Documents and Settings\Owner\Cookies\owner@cpvfeed[2].txt
C:\Documents and Settings\Owner\Cookies\owner@CA378YHC.txt
C:\Documents and Settings\Owner\Cookies\owner@richmedia.yahoo[2].txt
C:\Documents and Settings\Owner\Cookies\owner@xiti[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.burstbeacon[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ad.uk.tangozebra[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.screensavers[1].txt
C:\Documents and Settings\Owner\Cookies\owner@counter2.hitslink[1].txt
C:\Documents and Settings\Owner\Cookies\owner@lynxtrack[1].txt
C:\Documents and Settings\Owner\Cookies\owner@cbs.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@nextag[1].txt
C:\Documents and Settings\Owner\Cookies\owner@server.iad.liveperson[6].txt
C:\Documents and Settings\Owner\Cookies\owner@CAMZ4TU4.txt
C:\Documents and Settings\Owner\Cookies\owner@winantispyware[1].txt
C:\Documents and Settings\Owner\Cookies\owner@nike.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@bizrate[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ehg-ccbn.hitbox[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.googleadservices[1].txt
C:\Documents and Settings\Owner\Cookies\owner@anad.tacoda[2].txt
C:\Documents and Settings\Owner\Cookies\owner@data4.perf.overture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@server.iad.liveperson[7].txt
C:\Documents and Settings\Owner\Cookies\owner@redorbit[2].txt
C:\Documents and Settings\Owner\Cookies\owner@CA1AYGJ8.txt
C:\Documents and Settings\Owner\Cookies\owner@cratebarrel.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.googleadservices[9].txt
C:\Documents and Settings\Owner\Cookies\owner@CA2S66GP.txt
C:\Documents and Settings\Owner\Cookies\owner@67.15.239[3].txt
C:\Documents and Settings\Owner\Cookies\owner@CAFF33BJ.txt
C:\Documents and Settings\Owner\Cookies\owner@sexbuddies[2].txt
C:\Documents and Settings\Owner\Cookies\owner@stats1.reliablestats[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adultfriendfinder[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www6.addfreestats[1].txt
C:\Documents and Settings\Owner\Cookies\owner@publishers.clickbooth[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.googleadservices[3].txt
C:\Documents and Settings\Owner\Cookies\owner@clicksor[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ehg-netquote.hitbox[1].txt
C:\Documents and Settings\Owner\Cookies\owner@paypal.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@classifiedventures1.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@interclick[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.googleadservices[5].txt
C:\Documents and Settings\Owner\Cookies\owner@stats.sphere[1].txt
C:\Documents and Settings\Owner\Cookies\owner@CADTNPPQ.txt
C:\Documents and Settings\Owner\Cookies\owner@CAAVQAK3.txt
C:\Documents and Settings\Owner\Cookies\owner@i.screensavers[3].txt
C:\Documents and Settings\Owner\Cookies\owner@klik.klikadvertising[2].txt
C:\Documents and Settings\Owner\Cookies\owner@tagiq.clickforensics[1].txt
C:\Documents and Settings\Owner\Cookies\owner@CAQZGN3U.txt
C:\Documents and Settings\Owner\Cookies\owner@go.drivecleaner[4].txt
C:\Documents and Settings\Owner\Cookies\owner@view.atdmt[2].txt
C:\Documents and Settings\Owner\Cookies\owner@www.googleadservices[7].txt
C:\Documents and Settings\Owner\Cookies\owner@wassermanmedia.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.winantiviruspro[1].txt
C:\Documents and Settings\Owner\Cookies\owner@smartcpc.advertserve[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.ppctracking[1].txt
C:\Documents and Settings\Owner\Cookies\owner@homestore.122.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@easy-hit-counters[1].txt
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.googleadservices[8].txt
C:\Documents and Settings\Owner\Cookies\owner@aff.primaryads[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.winantispyware[1].txt
C:\Documents and Settings\Owner\Cookies\owner@newmotioninc.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.popundersupply[1].txt
C:\Documents and Settings\Owner\Cookies\owner@pch.122.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adsrevenue[1].txt
C:\Documents and Settings\Owner\Cookies\owner@clickntrack[2].txt
C:\Documents and Settings\Owner\Cookies\owner@reduxads.valuead[1].txt
C:\Documents and Settings\Owner\Cookies\owner@clickondetroit[1].txt
C:\Documents and Settings\Owner\Cookies\owner@exitexchange[1].txt
C:\Documents and Settings\LocalService\Cookies\system@ad.yieldmanager[1].txt
C:\Documents and Settings\LocalService\Cookies\system@ads.addynamix[1].txt
C:\Documents and Settings\LocalService\Cookies\system@atdmt[2].txt
C:\Documents and Settings\LocalService\Cookies\system@cpvfeed[2].txt
C:\Documents and Settings\LocalService\Cookies\system@enhance[2].txt
C:\Documents and Settings\LocalService\Cookies\system@findwhat[1].txt
C:\Documents and Settings\LocalService\Cookies\system@i.screensavers[1].txt
C:\Documents and Settings\LocalService\Cookies\system@publishers.clickbooth[2].txt
C:\Documents and Settings\LocalService\Cookies\system@screensavers[2].txt
C:\Documents and Settings\LocalService\Cookies\system@spamblockerutility[2].txt
C:\Documents and Settings\LocalService\Cookies\system@trafficmp[1].txt
C:\Documents and Settings\LocalService\Cookies\system@winantivirus[1].txt
C:\Documents and Settings\LocalService\Cookies\system@www.screensavers[1].txt
C:\Documents and Settings\LocalService\Cookies\system@zedo[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[3].txt
C:\Documents and Settings\Owner\Cookies\owner@advertising[2].txt
C:\Documents and Settings\Owner\Cookies\owner@azjmp[2].txt
C:\Documents and Settings\Owner\Cookies\owner@i.screensavers[2].txt
C:\Documents and Settings\Owner\Cookies\owner@screensavers[1].txt
C:\Documents and Settings\Owner\Cookies\owner@screensavers[2].txt

Malware.DriveCleaner
HKCR\UDCChk.UDCChk
HKCR\UDCChk.UDCChk\CLSID
HKCR\UDCChk.UDCChk\CurVer
HKCR\UDCChk.UDCChk.1
HKCR\UDCChk.UDCChk.1\CLSID
HKCR\CLSID\{1AC15A0C-4E70-419f-8BFA-266624B490ED}
HKCR\CLSID\{1AC15A0C-4E70-419f-8BFA-266624B490ED}\Implemented Categories
HKCR\CLSID\{1AC15A0C-4E70-419f-8BFA-266624B490ED}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
HKCR\CLSID\{1AC15A0C-4E70-419f-8BFA-266624B490ED}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}
HKCR\CLSID\{1AC15A0C-4E70-419f-8BFA-266624B490ED}\InprocServer32
HKCR\CLSID\{1AC15A0C-4E70-419f-8BFA-266624B490ED}\InprocServer32#ThreadingModel
HKCR\CLSID\{1AC15A0C-4E70-419f-8BFA-266624B490ED}\ProgID
HKCR\CLSID\{1AC15A0C-4E70-419f-8BFA-266624B490ED}\Programmable
HKCR\CLSID\{1AC15A0C-4E70-419f-8BFA-266624B490ED}\TypeLib
HKCR\CLSID\{1AC15A0C-4E70-419f-8BFA-266624B490ED}\VersionIndependentProgID
HKCR\TypeLib\{932F0047-2E1C-48B0-882C-0989AFBC0B76}
HKCR\TypeLib\{932F0047-2E1C-48B0-882C-0989AFBC0B76}\1.0
HKCR\TypeLib\{932F0047-2E1C-48B0-882C-0989AFBC0B76}\1.0\0
HKCR\TypeLib\{932F0047-2E1C-48B0-882C-0989AFBC0B76}\1.0\0\win32
HKCR\TypeLib\{932F0047-2E1C-48B0-882C-0989AFBC0B76}\1.0\FLAGS
HKCR\TypeLib\{932F0047-2E1C-48B0-882C-0989AFBC0B76}\1.0\HELPDIR
HKCR\Interface\{2B9584C5-F3EC-4256-AA96-6202BA27FE99}
HKCR\Interface\{2B9584C5-F3EC-4256-AA96-6202BA27FE99}\ProxyStubClsid
HKCR\Interface\{2B9584C5-F3EC-4256-AA96-6202BA27FE99}\ProxyStubClsid32
HKCR\Interface\{2B9584C5-F3EC-4256-AA96-6202BA27FE99}\TypeLib
HKCR\Interface\{2B9584C5-F3EC-4256-AA96-6202BA27FE99}\TypeLib#Version
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UDC_install_is1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UDC_install_is1#Inno Setup: Setup Version
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UDC_install_is1#Inno Setup: App Path
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UDC_install_is1#InstallLocation
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UDC_install_is1#Inno Setup: Icon Group
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UDC_install_is1#Inno Setup: User
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UDC_install_is1#Inno Setup: Selected Tasks
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UDC_install_is1#Inno Setup: Deselected Tasks
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UDC_install_is1#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UDC_install_is1#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UDC_install_is1#QuietUninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UDC_install_is1#Publisher
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UDC_install_is1#URLInfoAbout
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UDC_install_is1#HelpLink
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UDC_install_is1#URLUpdateInfo
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UDC_install_is1#NoModify
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UDC_install_is1#NoRepair
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UDC_install_is1#InstallDate
C:\RECYCLER\S-1-5-21-3202567870-2536383380-3108768504-1003\DC1\INSTHELP.EXE
C:\RECYCLER\S-1-5-21-3202567870-2536383380-3108768504-1003\DC1\UDC.EXE
C:\RECYCLER\S-1-5-21-3202567870-2536383380-3108768504-1003\DC1\UDC6_CW.EXE
C:\RECYCLER\S-1-5-21-3202567870-2536383380-3108768504-1003\DC2\DCSM.EXE

Adware.AdSponsor
HKCR\AppId\AdBand.DLL
HKCR\AppId\AdBand.DLL#AppID

Adware.Web Buying
HKU\.DEFAULT\Software\WebBuying
HKU\S-1-5-18\Software\WebBuying

Adware.AdSponsor/ISM
HKU\.DEFAULT\Software\BndDrive
HKU\S-1-5-21-3202567870-2536383380-3108768504-1003\Software\BndDrive
HKU\S-1-5-18\Software\BndDrive
C:\Documents and Settings\Owner\Start Menu\Programs\Internet Speed Monitor\Check Now.lnk
C:\Documents and Settings\Owner\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk
C:\Documents and Settings\Owner\Start Menu\Programs\Internet Speed Monitor
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\ISM\BNDLOADER.EXE.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\ISM\ISM.EXE.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\ISM\ISMMODULE4.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP284\A0022047.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP284\A0022048.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP284\A0022049.EXE

Trojan.ZenoSearch
C:\WINDOWS\SYSTEM32\NWINRNDT.EXE
C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\HIJACKTHIS\BACKUPS\BACKUP-20070702-174434-566-THINK-ADZ.LNK
C:\QOOBOX\QUARANTINE\C\WINDOWS\ITPB_11.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP198\A0010278.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP198\A0010299.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP198\A0010350.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP198\A0010395.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP198\A0010413.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP198\A0010432.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP200\A0010505.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP200\A0010506.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP201\A0010518.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP201\A0010666.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP201\A0011665.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP201\A0011690.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP284\A0022087.EXE

Trojan.WinAntiSpyware 2007
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\WINANTISPYWARE 2007\WAS7MON.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP198\A0010336.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP280\A0020885.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP284\A0022061.EXE

Unclassified.Unknown Origin
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\TTC.DLL.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP282\A0021954.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP282\A0021972.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP284\A0022042.DLL

Adware.WebBuying Assistant-Installer
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\WEB BUYING\V1.8.4\WBUNINST.EXE.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\WEB BUYING\V1.8.4\WEBBUYING.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\H2\MCCWB2.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP198\A0010380.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP198\A0010381.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP198\A0010400.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP284\A0022062.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP284\A0022063.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP284\A0022067.EXE

Adware.SearchClickAds
C:\QOOBOX\QUARANTINE\C\WINDOWS\CFG32A.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\CFG32O.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\CFG32R.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\CFG32S.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\STUB_MMA2.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP200\A0010496.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP200\A0010497.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP200\A0010498.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP208\A0018039.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP208\A0018041.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP284\A0022081.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP284\A0022082.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP284\A0022083.DLL
C:\_OTMOVEIT\MOVEDFILES\WINDOWS\CFG32.EXE

Spyware.RelevantKnowledge
C:\QOOBOX\QUARANTINE\C\WINDOWS\ITPB_3.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP198\A0010276.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP201\A0010517.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP284\A0022085.EXE

Adware.Adservs
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\A1\MID2DLL.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP282\A0021953.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP282\A0021970.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP284\A0022066.EXE

Adware.eZula
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\BBQIQLOH.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\BJPQLVEP.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\CSDIPQTC.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\DRLXRKBI.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\FDJFOYBF.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\JAQSCNIE.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\JXDTGDRH.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\KOGFVMHS.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\RAMSYVSG.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\TWWCEQMI.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\VHUOEYGE.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\VVKRSRUX.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\YSBOJDQA.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP208\A0018043.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP208\A0018044.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP208\A0018045.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP208\A0018046.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP208\A0018047.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP208\A0018048.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP208\A0018049.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP208\A0018050.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP284\A0022032.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP284\A0022033.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP284\A0022034.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP284\A0022036.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP284\A0022037.EXE

Adware.Vundo Variant
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\BOQRVYAJ.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\DUIBXRSN.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\HYDVQGYP.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\NUUTRYRC.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\PCSLRDMI.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\RWXSVLFF.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\SXMDUSUC.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\TOFTBLNO.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\VGTBCCMB.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\YILKEPKH.DLL.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP201\A0010633.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP205\A0013972.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP205\A0014972.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP208\A0015007.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP208\A0015008.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP208\A0018051.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP208\A0018052.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP208\A0018054.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP208\A0018055.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP208\A0018056.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP208\A0018057.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP208\A0018058.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP208\A0018059.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP208\A0018061.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP284\A0022096.DLL

Trojan.Downloader-Gen/HitItQuitIt
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\FCCBCBC.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\XXYWURQ.DLL.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP208\A0018064.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP208\A0018072.DLL

Trojan.Downloader-Gen/Blah
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\GEBYABB.DLL.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP208\A0018053.DLL

Adware.WebBuying Assistant/Resident
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\HSPFKEQ.DLL.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP284\A0022043.DLL

Trojan.Downloader-Gen/TStamp
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\JHNRWMMO.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\NHXLUVID.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\NIIIEVUS.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\XMGORVOM.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP208\A0018063.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP284\A0022045.EXE

Adware.ZenoSearch
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\MQDSREGQ.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP200\A0010503.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP200\A0010504.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP282\A0021962.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP282\A0021975.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP284\A0022035.EXE

Trojan.Downloader-Gen/BundleBase
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\O02PREZ\O02PREZ1065.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP284\A0022073.EXE

Trojan.Downloader-Gen/AllowCookie
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\WAWNCXKK.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP208\A0018062.EXE

Adware.Mirar/NetNucleus
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\WINNB58.DLL.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP284\A0022080.DLL

Trojan.Downloader-SpyTool
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\WXPWFPNG.DLL.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP200\A0010499.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP200\A0010500.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP208\A0018060.DLL

Adware.SysMon
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\X1\BK53.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP284\A0022069.EXE

Adware.WebBuying-Installer
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP198\A0010258.EXE

RelevantKnowledge Spyware Component
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP198\A0010308.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP198\A0010329.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP198\A0010330.EXE

Trojan.Downloader-Stera/WinSoftware
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP198\A0010318.EXE

Trojan.Downloader-ClickSpring/NDrv
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP198\A0010328.DLL

Trojan.Downloader-WebBuying/PopEngine
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP198\A0010355.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP198\A0010379.DLL

Trojan.Downloader-VisFX
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP200\A0010495.EXE

Trojan.Downloader-Gen/BasicMath
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP201\A0011708.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP201\A0011709.EXE

Trojan.ZQuest
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP208\A0018042.DLL

Trojan.Unknown Origin
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP282\A0021955.VBS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP282\A0021965.VBS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP282\A0021976.VBS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP282\A0021981.VBS

Trojan.NetMon/DNSChange
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP282\A0021956.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP282\A0021978.EXE

Trojan.Rootkit-TnCore
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP282\A0021961.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP282\A0021974.SYS

Trojan.WinAntiSpyware/WinAntiVirus 2006
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP282\A0021982.EXE

Trojan.Rootkit-TnCore/Installer
C:\SYSTEM VOLUME INFORMATION\_RESTORE{96439F1C-62BE-4598-89D2-C57363B204EC}\RP284\A0022072.EXE

#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 27 September 2007 - 07:14 PM

Could you post the new Hijackthis log please.
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users