Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Large Amount Of Popups Making Computer Unusable


  • Please log in to reply
12 replies to this topic

#1 FFJim

FFJim

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:29 PM

Posted 05 February 2006 - 09:22 PM

I am attempting to clean up a terrible problem with popups making a computer unusable. I hae attempted to follow all instructions completely. Unfortunately, Spybot is unable to remove many of the offenders (Command Service, LSA, Windows Security Center, etc.). Also, due to the problems with the popups, the computer is inundated and locks up before any of the online services (Housecall) complete their scan. Cleanmgr locks up when attempting to run. I appreciate any help and I'm willing to devote time and energy to get my daughters computer working again.

Thanks in advance,

Jim P.

HIJack This log

Logfile of HijackThis v1.99.1
Scan saved at 9:11:54 PM, on 2/5/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\Smlt\command.exe
C:\WINDOWS\iisvers.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\lsass.exe
C:\WINDOWS\System32\explorer.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\ssmss.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\winsysban5.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\System32\wgse.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\VCClient\VCClient.exe
C:\Program Files\Common Files\VCClient\VCMain.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\hpsw.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Trecker Class - {39C78B50-7E98-4aa0-B007-D83114EA6E0F} - C:\PROGRA~1\Jalmp\jalmp.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Program Files\TheSearchAccelerator\UCMTSAIE.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Antivirus] C:\WINDOWS\b.exe
O4 - HKLM\..\Run: [y] C:\WINDOWS\System32\fxwriw.exe
O4 - HKLM\..\Run: [d] C:\WINDOWS\System32\lksktp.exe
O4 - HKLM\..\Run: [] c:\WINDOWS\System32\
O4 - HKLM\..\Run: [zzb] c:\WINDOWS\System32\zzb.exe
O4 - HKLM\..\Run: [6lP2Xn] C:\docume~1\robyn\locals~1\temp\6lP2Xn.exe
O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\PvwP.exe
O4 - HKLM\..\Run: [X4Pd] C:\windows\X4Pd.exe
O4 - HKLM\..\Run: [swkhHJME] C:\windows\swkhHJME.exe
O4 - HKLM\..\Run: [b8ihPiuQ] C:\documents and settings\heather\local settings\temp\b8ihPiuQ.exe
O4 - HKLM\..\Run: [GzN] C:\documents and settings\heather\local settings\temp\GzN.exe
O4 - HKLM\..\Run: [jWGSC5V0z] C:\documents and settings\heather\local settings\temp\jWGSC5V0z.exe
O4 - HKLM\..\Run: [VQm] C:\documents and settings\heather\local settings\temp\VQm.exe
O4 - HKLM\..\Run: [qhRfsb2v] C:\documents and settings\heather\local settings\temp\qhRfsb2v.exe
O4 - HKLM\..\Run: [vvlcci] c:\windows\system32\vvlcci.exe
O4 - HKLM\..\Run: [iisvers] C:\WINDOWS\iisvers.exe
O4 - HKLM\..\Run: [rgC.exe] c:\windows\system32\rgC.exe
O4 - HKLM\..\Run: [cnmmtix] c:\windows\system32\trynjnp.exe
O4 - HKLM\..\Run: [oFmg32g] memio800.exe
O4 - HKLM\..\Run: [khhdtmq] c:\windows\system32\lzpbcq.exe r
O4 - HKLM\..\Run: [Windows System32] explorer.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\System32\kwcyyi.exe reg_run
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IE6] ssmss.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd5.exe
O4 - HKLM\..\Run: [winsysban] C:\\winsysban5.exe
O4 - HKLM\..\Run: [gimmygames] C:\\gimmygames.exe
O4 - HKLM\..\Run: [Winsock2 driver] ngldtsuw.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [susse] "C:\WINDOWS\System32\hpsw.exe"
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\RunServices: [Windows System32] explorer.exe
O4 - HKLM\..\RunServices: [IE6] ssmss.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Windows System32] explorer.exe
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\RunServices: [Windows System32] explorer.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: ixjp.exe
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1120920594093
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundl...ArcadeRdxIE.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O18 - Filter: text/html - {2F6E85DC-8D2D-4896-8A4F-7DF8A7B1749D} - C:\PROGRA~1\Jalmp\jalmp.dll
O20 - Winlogon Notify: Dynamic Directory - C:\WINDOWS\system32\ktlul7391.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Smlt\command.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\lsass.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

BC AdBot (Login to Remove)

 


#2 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:04:29 AM

Posted 06 February 2006 - 02:02 PM

Hello FFJim,

You've got quite a collection there. :thumbsup:

Let's see if we can help you to get rid of them.
Allow me some time to look over your log.

BMThor
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#3 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:04:29 AM

Posted 07 February 2006 - 11:02 AM

Hello Jim,

Please follow these instructions very carefully.
It might be a good idea to print them or save them in a .txt file, because working in safe mode may leave you without internet connection.

1. First, let's remove as much malware as possible in the Software list:
Go to Start > Settings > Control Panel > Software, and by using Add/Remove programs remove if found:SearchBar
SurfSideKick
Communicator Toolbar
Search Accelerator
New.net or NewDotNet

Now, this last one is a tricky one: it may not be present in the Software list.
If it isn't, see if, using Windows Explorer, you can find an uninstaller in the folder C:\Program Files\NewDotNet. The uninstaller will be called uninstallX_XX.exe, where the X's stands for numbers.
If not, look in the C:\Windows or C:\Winnt, there it will be called NDNuninstallX_XX.exe

If you still haven't found it, you can use this uninstaller: uninstall6_38.exe.
After removal, you may be prompted to reboot. Please reboot even if not prompted.
However, before using this last means, please download WinsockXPFix and LSP-Fix.
If you can not connect to the Internet after removing New.net, please run the WinsockXPFix program I had you download earlier.
If you still can not connect to the Internet, please run the LSP-Fix program, and click on the finish button. Reboot and you should be able to get back on..

2. Reconfigure Windows XP to show hidden files:Click Start. Open My Computer.
Select the Tools menu and click Folder Options. Select the View Tab.Under the Hidden files and folders heading select "Show hidden files and folders".
Uncheck the Hide protected operating system files (recommended) option.
Uncheck the Hide file extensions for known file types option.
Click Yes to confirm. Click OK.
[/list]3. Boot into safe mode:
Restart your computer and as soon as it starts booting up again continuously tap F8.
A menu should come up where you will be given the option to enter Safe Mode.

4. Run Ewido anti-malware:
  • Click on the Scanner button in the left menu, then click on Complete System Scan. This scan can take quite a while to run.
  • You will be prompted to clean the first infection.
  • DO NOT Select Perform action on all infections, it's better to remove manually to avoid false positives.
    If you're not sure, select none for now.
  • When the scan finishes, click on Save Report. This will create a text file. Save it on your Desktop.
5. Run CCleaner, click the Windows tab and select the following:Internet Explorer:Temp Internet
History
Recently Typed URLs
Delete Index.dat files
System:Empty Recycle Bin
Temporary Files
Memory Dumps
Chkdsk File Fragments
Old Prefetch Data
Next: click Options, click the Settings tab
Uncheck: "Only delete files older than 48 hrs.", click OK
Then click Run Cleaner (bottom right), then Exit
[/list]6. Restart your computer in normal mode

7. This will take care of the first stage of the removal.
After reviewing you new HijackThias log, we can work on the removal of the remaining VX2 infection.

8. Please post a new HijackThis log, as well as the ewido log.

Good luck,
BMThor
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#4 FFJim

FFJim
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:29 PM

Posted 08 February 2006 - 09:51 PM

Thanks for your help so far!

Here goes.....

1.) Task done. Unable to locate SearchBar or Communicator Toolbar in Add/Remove Programs.

2.) Task Complete

3.) Task Complete

4.) Task Complete

5.) Task Complete

6.) Task Complete

7.) OK

8.) Information Requested - HijackThis log and Ewido log

Logfile of HijackThis v1.99.1
Scan saved at 9:50:26 PM, on 2/8/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\winsysban6.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\VCClient\VCClient.exe
C:\Program Files\Common Files\VCClient\VCMain.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Antivirus] C:\WINDOWS\b.exe
O4 - HKLM\..\Run: [y] C:\WINDOWS\System32\fxwriw.exe
O4 - HKLM\..\Run: [d] C:\WINDOWS\System32\lksktp.exe
O4 - HKLM\..\Run: [] c:\WINDOWS\System32\
O4 - HKLM\..\Run: [zzb] c:\WINDOWS\System32\zzb.exe
O4 - HKLM\..\Run: [6lP2Xn] C:\docume~1\robyn\locals~1\temp\6lP2Xn.exe
O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\PvwP.exe
O4 - HKLM\..\Run: [X4Pd] C:\windows\X4Pd.exe
O4 - HKLM\..\Run: [swkhHJME] C:\windows\swkhHJME.exe
O4 - HKLM\..\Run: [b8ihPiuQ] C:\documents and settings\heather\local settings\temp\b8ihPiuQ.exe
O4 - HKLM\..\Run: [GzN] C:\documents and settings\heather\local settings\temp\GzN.exe
O4 - HKLM\..\Run: [jWGSC5V0z] C:\documents and settings\heather\local settings\temp\jWGSC5V0z.exe
O4 - HKLM\..\Run: [VQm] C:\documents and settings\heather\local settings\temp\VQm.exe
O4 - HKLM\..\Run: [qhRfsb2v] C:\documents and settings\heather\local settings\temp\qhRfsb2v.exe
O4 - HKLM\..\Run: [vvlcci] c:\windows\system32\vvlcci.exe
O4 - HKLM\..\Run: [iisvers] C:\WINDOWS\iisvers.exe
O4 - HKLM\..\Run: [rgC.exe] c:\windows\system32\rgC.exe
O4 - HKLM\..\Run: [cnmmtix] c:\windows\system32\trynjnp.exe
O4 - HKLM\..\Run: [oFmg32g] memio800.exe
O4 - HKLM\..\Run: [khhdtmq] c:\windows\system32\lzpbcq.exe r
O4 - HKLM\..\Run: [Windows System32] explorer.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\System32\kwcyyi.exe reg_run
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IE6] ssmss.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd6.exe
O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban6.exe
O4 - HKLM\..\Run: [gimmygames] C:\\gimmygames.exe
O4 - HKLM\..\Run: [Winsock2 driver] ngldtsuw.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [susse] "C:\WINDOWS\System32\hpsw.exe"
O4 - HKLM\..\RunServices: [Windows System32] explorer.exe
O4 - HKLM\..\RunServices: [IE6] ssmss.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Windows System32] explorer.exe
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - HKCU\..\RunServices: [Windows System32] explorer.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1120920594093
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundl...ArcadeRdxIE.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O18 - Filter: text/html - {2F6E85DC-8D2D-4896-8A4F-7DF8A7B1749D} - C:\PROGRA~1\Jalmp\jalmp.dll
O20 - Winlogon Notify: Reliability - C:\WINDOWS\system32\k662lgjo16oc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Smlt\command.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\lsass.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe



EWIDO

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 8:48:41 PM, 2/8/2006
+ Report-Checksum: 1A1C4973

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{00000000-15D9-4736-AB29-131578A45F2B} -> Adware.Wordsonweb : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{39C78B50-7E98-4aa0-B007-D83114EA6E0F} -> Adware.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{39C78B50-7E98-4AA0-B007-D83114EA6E0F} -> Adware.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\WinAffiliateBHO.WinAffiliateIEExtensi.1 -> Adware.MidAddle : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39C78B50-7E98-4aa0-B007-D83114EA6E0F} -> Adware.Generic : Cleaned with backup
HKLM\SOFTWARE\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup
HKLM\SOFTWARE\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup
HKU\S-1-5-21-4188247230-949902501-2404778162-1007\Software\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup
HKU\S-1-5-21-4188247230-949902501-2404778162-1007\Software\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup
HKU\S-1-5-21-4188247230-949902501-2404778162-1007\Software\ToolBar -> Adware.WebSearch : Cleaned with backup
[672] C:\WINDOWS\system32\WS2TIME.DLL -> Adware.Look2Me : Error during cleaning
[800] C:\WINDOWS\system32\WS2TIME.DLL -> Adware.Look2Me : Error during cleaning
C:\111.pif -> Trojan.Small.gf : Cleaned with backup
C:\12.exe -> Worm.SpyBot.eu : Cleaned with backup
C:\3908237.exe -> Backdoor.SdBot : Cleaned with backup
C:\ati.exe -> Worm.SpyBot.eu : Cleaned with backup
C:\cygwid.exe -> Downloader.Small.bmx : Cleaned with backup
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ixjp.exe -> Downloader.Qoologic.at : Cleaned with backup
C:\Documents and Settings\Debbie\Cookies\debbie@abetterinternet[2].txt -> TrackingCookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\Debbie\Cookies\debbie@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Debbie\Cookies\debbie@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Debbie\Cookies\debbie@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup
C:\Documents and Settings\Debbie\Cookies\debbie@cliks[2].txt -> TrackingCookie.Cliks : Cleaned with backup
C:\Documents and Settings\Debbie\Cookies\debbie@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\Debbie\Cookies\debbie@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Debbie\Cookies\debbie@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Debbie\Cookies\debbie@master.mx-targeting[1].txt -> TrackingCookie.Mx-targeting : Cleaned with backup
C:\Documents and Settings\Debbie\Cookies\debbie@revenue[2].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\Debbie\Cookies\debbie@server3.web-stat[1].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\Debbie\Cookies\debbie@starware[2].txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\Debbie\Cookies\debbie@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\Debbie\Cookies\debbie@twci.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\Debbie\Cookies\debbie@webstat[2].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\Debbie\Cookies\debbie@z1.adserver[2].txt -> TrackingCookie.Adserver : Cleaned with backup
C:\Documents and Settings\Debbie\Local Settings\Temporary Internet Files\Content.IE5\OTARO1EN\WinFixer2006FreeInstall[1].exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@247realmedia[2].txt -> TrackingCookie.247realmedia : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@abcsearch[1].txt -> TrackingCookie.Abcsearch : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@abetterinternet[2].txt -> TrackingCookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@ad.doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@ads.realcastmedia[2].txt -> TrackingCookie.Realcastmedia : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@ads.searchingbooth[1].txt -> TrackingCookie.Searchingbooth : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@anat.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@as1.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@banners.searchingbooth[1].txt -> TrackingCookie.Searchingbooth : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@bfast[2].txt -> TrackingCookie.Bfast : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@c.enhance[2].txt -> TrackingCookie.Enhance : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@centrport[2].txt -> TrackingCookie.Centrport : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@citi.bridgetrack[1].txt -> TrackingCookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@clickbank[2].txt -> TrackingCookie.Clickbank : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@cliks[1].txt -> TrackingCookie.Cliks : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@counter2.hitslink[2].txt -> TrackingCookie.Hitslink : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@ehg-communityconnect.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@ehg-console.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@ehg-dig.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@ehg-kohls.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@ehg-melbourneit.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@ehg-nestleusainc.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@ehg-rr.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@ehg-viacom.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@ehg-warnerbrothers.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@ehg.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@entrepreneur.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@free.realtracker[1].txt -> TrackingCookie.Realtracker : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@free.realtracker[2].txt -> TrackingCookie.Realtracker : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@ilclick.epilot[1].txt -> TrackingCookie.Epilot : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@linksynergy[1].txt -> TrackingCookie.Linksynergy : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@login.tracking101[1].txt -> TrackingCookie.Tracking101 : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@media.fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@media.top-banners[1].txt -> TrackingCookie.Top-banners : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@overture[2].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@qksrv[1].txt -> TrackingCookie.Qksrv : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@searchingbooth[2].txt -> TrackingCookie.Searchingbooth : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@sel.as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@server3.web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@starware[2].txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@targetnet[2].txt -> TrackingCookie.Targetnet : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@valuead[2].txt -> TrackingCookie.Valuead : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@web4.realtracker[2].txt -> TrackingCookie.Realtracker : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@www.adtrak[1].txt -> TrackingCookie.Adtrak : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@www.popuptraffic[2].txt -> TrackingCookie.Popuptraffic : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\Heather\Local Settings\Temp\Del25.tmp -> Adware.180Solutions : Cleaned with backup
C:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\BO3BGJ58\eins002[1].exe -> Downloader.Adload.k : Cleaned with backup
C:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\BO3BGJ58\enewsletterpro[1].exe -> Hijacker.StartPage.aha : Cleaned with backup
C:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\S9I3S1QJ\drsmartloadb[1].exe -> Downloader.Adload.l : Cleaned with backup
C:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\S9I3S1QJ\newfrn[1].exe -> Hijacker.VB.is : Cleaned with backup
C:\Documents and Settings\Heather\Local Settings\Temporary Internet Files\Content.IE5\S9I3S1QJ\rcverlib[1].exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\Documents and Settings\Jim\Cookies\jim@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Jim\Cookies\jim@abetterinternet[2].txt -> TrackingCookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\Jim\Cookies\jim@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Jim\Cookies\jim@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Jim\Cookies\jim@adrevolver[3].txt -> TrackingCookie.Adrevolver : Cleaned with backup
C:\Documents and Settings\Jim\Cookies\jim@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Jim\Cookies\jim@ads.realcastmedia[2].txt -> TrackingCookie.Realcastmedia : Cleaned with backup
C:\Documents and Settings\Jim\Cookies\jim@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\Jim\Cookies\jim@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Jim\Cookies\jim@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Jim\Cookies\jim@as1.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Jim\Cookies\jim@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Jim\Cookies\jim@banners.searchingbooth[1].txt -> TrackingCookie.Searchingbooth : Cleaned with backup
C:\Documents and Settings\Jim\Cookies\jim@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Jim\Cookies\jim@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Jim\Cookies\jim@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup
C:\Documents and Settings\Jim\Cookies\jim@c5.zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\Jim\Cookies\jim@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Jim\Cookies\jim@com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Jim\Cookies\jim@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\Jim\Cookies\jim@data1.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Jim\Cookies\jim@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Jim\Cookies\jim@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Jim\Cookies\jim@h.starware[1].txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\Jim\Cookies\jim@hypertracker[1].txt -> TrackingCookie.Hypertracker : Cleaned with backup
C:\Documents and Settings\Jim\Cookies\jim@kmpads[2].txt -> TrackingCookie.Kmpads : Cleaned with backup
C:\Documents and Settings\Jim\Cookies\jim@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Jim\Cookies\jim@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Jim\Cookies\jim@paypopup[1].txt -> TrackingCookie.Paypopup : Cleaned with backup
C:\Documents and Settings\Jim\Cookies\jim@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Jim\Cookies\jim@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Jim\Cookies\jim@revenue[2].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\Jim\Cookies\jim@sel.as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Jim\Cookies\jim@starware[2].txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\Jim\Cookies\jim@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Jim\Cookies\jim@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\Jim\Cookies\jim@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Jim\Cookies\jim@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Jim\Cookies\jim@targetnet[1].txt -> TrackingCookie.Targetnet : Cleaned with backup
C:\Documents and Settings\Jim\Cookies\jim@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Jim\Cookies\jim@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Jim\Cookies\jim@www.adtrak[1].txt -> TrackingCookie.Adtrak : Cleaned with backup
C:\Documents and Settings\Jim\Cookies\jim@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Jim\Cookies\jim@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Jim\Cookies\jim@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup
C:\Documents and Settings\Jim\Cookies\jim@zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\Jim\Local Settings\Temp\B9E2.tmp/titno.exe -> Adware.MDH : Cleaned with backup
C:\Documents and Settings\Jim\Local Settings\Temp\f70984.exe -> Downloader.Qoologic.at : Cleaned with backup
C:\Documents and Settings\Jim\Local Settings\Temp\i5.tmp -> Adware.SurfSide : Cleaned with backup
C:\Documents and Settings\Jim\Local Settings\Temp\temp.fr280E -> Downloader.Intexp.c : Cleaned with backup
C:\Documents and Settings\Jim\Local Settings\Temporary Internet Files\Content.IE5\0X2Z016Z\newfrn[1].exe -> Hijacker.VB.is : Cleaned with backup
C:\Documents and Settings\Jim\Local Settings\Temporary Internet Files\Content.IE5\4BSPEZOF\NNSCAA638[1].EXE -> Adware.NewDotNet : Cleaned with backup
C:\Documents and Settings\Jim\Local Settings\Temporary Internet Files\Content.IE5\4BSPEZOF\stub_113_4_0_4_0[1].exe -> Downloader.TSUpdate.o : Cleaned with backup
C:\Documents and Settings\Jim\Local Settings\Temporary Internet Files\Content.IE5\4DIFK9UZ\gimmygames[1].exe -> Downloader.VB.vr : Cleaned with backup
C:\Documents and Settings\Jim\Local Settings\Temporary Internet Files\Content.IE5\6JYLAZOX\rcverlib[1].exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\Documents and Settings\Jim\Local Settings\Temporary Internet Files\Content.IE5\6JYLAZOX\ucmoreiex[1].exe/UCMTSAIE.DLL -> Adware.Ucmore : Cleaned with backup
C:\Documents and Settings\Jim\Local Settings\Temporary Internet Files\Content.IE5\6JYLAZOX\ucmoreiex[1].exe/IUCMORE.DLL -> Adware.Ucmore : Cleaned with backup
C:\Documents and Settings\Jim\Local Settings\Temporary Internet Files\Content.IE5\8XY3S5MR\timessquare[1].exe -> Hijacker.StartPage.aw : Cleaned with backup
C:\Documents and Settings\Jim\Local Settings\Temporary Internet Files\Content.IE5\MVY7074X\Installer[1].exe -> Adware.Look2Me : Cleaned with backup
C:\Documents and Settings\Jim\Local Settings\Temporary Internet Files\Content.IE5\MVY7074X\myupdates[1].exe -> Downloader.Adload.l : Cleaned with backup
C:\Documents and Settings\Jim\Local Settings\Temporary Internet Files\Content.IE5\MVY7074X\winsysban[1].exe -> Hijacker.VB.kc : Cleaned with backup
C:\Documents and Settings\Jim\Local Settings\Temporary Internet Files\Content.IE5\O9YJK1IJ\ibycgt[1].cab/titno.exe -> Adware.MDH : Cleaned with backup
C:\Documents and Settings\Jim\Local Settings\Temporary Internet Files\Content.IE5\O9YJK1IJ\installerus[1].exe -> Downloader.Qoologic.at : Cleaned with backup
C:\Documents and Settings\Jim\Local Settings\Temporary Internet Files\Content.IE5\O9YJK1IJ\MTE3NDI6ODoxNg[1].exe -> Downloader.Small.buy : Cleaned with backup
C:\Documents and Settings\Jim\Local Settings\Temporary Internet Files\Content.IE5\O9YJK1IJ\winsysban5[2].exe -> Hijacker.VB.kc : Cleaned with backup
C:\Documents and Settings\Jim\Local Settings\Temporary Internet Files\Content.IE5\O9YJK1IJ\winsysupd5[1].exe -> Hijacker.StartPage.ahg : Cleaned with backup
C:\Documents and Settings\Jim\Local Settings\Temporary Internet Files\Content.IE5\OT2JQP0H\cygwid[1].exe -> Downloader.Small.bmx : Cleaned with backup
C:\Documents and Settings\Jim\Local Settings\Temporary Internet Files\Content.IE5\UTIRQDGJ\1[1].bin -> Downloader.Small.bue : Cleaned with backup
C:\Documents and Settings\Jim\Local Settings\Temporary Internet Files\Content.IE5\UTIRQDGJ\winsysban4[1].exe -> Hijacker.VB.kc : Cleaned with backup
C:\Documents and Settings\Jim\Local Settings\Temporary Internet Files\Content.IE5\UTIRQDGJ\winsysupd[1].exe -> Hijacker.StartPage.ahg : Cleaned with backup
C:\Documents and Settings\Jim\Local Settings\Temporary Internet Files\Content.IE5\YHY3U185\winsysupd4[1].exe -> Hijacker.StartPage.ahg : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@citi.bridgetrack[1].txt -> TrackingCookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@entrepreneur.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@revenue[2].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\81EB01AJ\drsmartload[1].exe -> Downloader.Adload.l : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\81EB01AJ\inrh9400[1].exe -> Downloader.Small.bke : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\81EB01AJ\installerus[1].exe -> Downloader.Qoologic.at : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\81EB01AJ\MTE3NDI6ODoxNg[1].exe -> Downloader.Small.buy : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ENIDAH4R\adtech2006a[1].exe -> Hijacker.VB.kc : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ENIDAH4R\ltndmain[1].dll -> Adware.Sud : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ENIDAH4R\rp[1].exe -> Backdoor.SdBot.aad : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ENIDAH4R\timessquare[1].exe -> Hijacker.StartPage.aw : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GNU96RM3\9400[1].cab/Quicklinks.exe -> Adware.MDH : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GNU96RM3\ltndload[1].dll -> Adware.Sud : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GNU96RM3\stub_113_4_0_4_0[1].exe -> Downloader.TSUpdate.o : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OT6N85YN\drsmartload246a[1].exe -> Downloader.Adload.j : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OT6N85YN\inst_0004[1].exe -> Downloader.Small.cam : Cleaned with backup
C:\Documents and Settings\Robyn\Cookies\robyn@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Robyn\Cookies\robyn@aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned with backup
C:\Documents and Settings\Robyn\Cookies\robyn@abetterinternet[2].txt -> TrackingCookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\Robyn\Cookies\robyn@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Robyn\Cookies\robyn@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Robyn\Cookies\robyn@adrevolver[3].txt -> TrackingCookie.Adrevolver : Cleaned with backup
C:\Documents and Settings\Robyn\Cookies\robyn@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Robyn\Cookies\robyn@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Robyn\Cookies\robyn@ads.realcastmedia[2].txt -> TrackingCookie.Realcastmedia : Cleaned with backup
C:\Documents and Settings\Robyn\Cookies\robyn@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\Robyn\Cookies\robyn@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Robyn\Cookies\robyn@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Robyn\Cookies\robyn@as1.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Robyn\Cookies\robyn@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Robyn\Cookies\robyn@banners.searchingbooth[2].txt -> TrackingCookie.Searchingbooth : Cleaned with backup
C:\Documents and Settings\Robyn\Cookies\robyn@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Robyn\Cookies\robyn@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Robyn\Cookies\robyn@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup
C:\Documents and Settings\Robyn\Cookies\robyn@c.goclick[2].txt -> TrackingCookie.Goclick : Cleaned with backup
C:\Documents and Settings\Robyn\Cookies\robyn@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Robyn\Cookies\robyn@cliks[2].txt -> TrackingCookie.Cliks : Cleaned with backup
C:\Documents and Settings\Robyn\Cookies\robyn@com[2].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Robyn\Cookies\robyn@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\Robyn\Cookies\robyn@data2.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Robyn\Cookies\robyn@data3.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Robyn\Cookies\robyn@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Robyn\Cookies\robyn@e-2dj6wfmikoc5icp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Robyn\Cookies\robyn@e-2dj6wjnyagcpiko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Robyn\Cookies\robyn@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Robyn\Cookies\robyn@ehg-aviatechllc.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Robyn\Cookies\robyn@ehg-minglematch.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Robyn\Cookies\robyn@ehg-nestleusainc.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Robyn\Cookies\robyn@entrepreneur.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Robyn\Cookies\robyn@eztracks.aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned with backup
C:\Documents and Settings\Robyn\Cookies\robyn@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Robyn\Cookies\robyn@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned with backup
C:\Documents and Settings\Robyn\Cookies\robyn@greatoffers.aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned with backup
C:\Documents and Settings\Robyn\Cookies\robyn@h.starware[2].txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\Robyn\Cookies\robyn@hg1.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Robyn\Cookies\robyn@highbeam.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Robyn\Cookies\robyn@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Robyn\Cookies\robyn@hypertracker[1].txt -> TrackingCookie.Hypertracker : Cleaned with backup
C:\Documents and Settings\Robyn\Cookies\robyn@kmpads[2].txt -> TrackingCookie.Kmpads : Cleaned with backup
C:\Documents and Settings\Robyn\Cookies\robyn@linksynergy[1].txt -> TrackingCookie.Linksynergy : Cleaned with backup
C:\Documents and Settings\Robyn\Cookies\robyn@login.tracking101[2].txt -> TrackingCookie.Tracking101 : Cleaned with backup
C:\Documents and Settings\Robyn\Cookies\robyn@master.mx-targeting[1].txt -> TrackingCookie.Mx-targeting : Cleaned with backup
C:\Documents and Settings\Robyn\Cookies\robyn@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Robyn\Cookies\robyn@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Robyn\Cookies\robyn@overture[2].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Robyn\Cookies\robyn@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Robyn\Cookies\robyn@paypopup[1].txt -> TrackingCookie.Paypopup : Cleaned with backup
C:\Documents and Settings\Robyn\Cookies\robyn@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Robyn\Cookies\robyn@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Robyn\Cookies\robyn@reduxads.valuead[1].txt -> TrackingCookie.Valuead : Cleaned with backup
C:\Documents and Settings\Robyn\Cookies\robyn@revenue[2].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\Robyn\Cookies\robyn@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Robyn\Cookies\robyn@sales.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Robyn\Cookies\robyn@searchingbooth[1].txt -> TrackingCookie.Searchingbooth : Cleaned with backup
C:\Documents and Settings\Robyn\Cookies\robyn@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Robyn\Cookies\robyn@server3.web-stat[1].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\Robyn\Cookies\robyn@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Robyn\Cookies\robyn@shopathomeselect[1].txt -> TrackingCookie.Shopathomeselect : Cleaned with backup
C:\Documents and Settings\Robyn\Cookies\robyn@starware[2].txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\Robyn\Cookies\robyn@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Robyn\Cookies\robyn@stats.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned with backup
C:\Documents and Settings\Robyn\Cookies\robyn@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\Robyn\Cookies\robyn@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Robyn\Cookies\robyn@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Robyn\Cookies\robyn@targetnet[1].txt -> TrackingCookie.Targetnet : Cleaned with backup
C:\Documents and Settings\Robyn\Cookies\robyn@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Robyn\Cookies\robyn@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Robyn\Cookies\robyn@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Robyn\Cookies\robyn@valuead[1].txt -> TrackingCookie.Valuead : Cleaned with backup
C:\Documents and Settings\Robyn\Cookies\robyn@valueclick[2].txt -> TrackingCookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Robyn\Cookies\robyn@web2.realtracker[2].txt -> TrackingCookie.Realtracker : Cleaned with backup
C:\Documents and Settings\Robyn\Cookies\robyn@webstat[2].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\Robyn\Cookies\robyn@www.adtrak[2].txt -> TrackingCookie.Adtrak : Cleaned with backup
C:\Documents and Settings\Robyn\Cookies\robyn@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Robyn\Cookies\robyn@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Robyn\Cookies\robyn@www.realcastmedia[2].txt -> TrackingCookie.Realcastmedia : Cleaned with backup
C:\Documents and Settings\Robyn\Cookies\robyn@www.starware[1].txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\Robyn\Cookies\robyn@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Robyn\Cookies\robyn@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup
C:\Documents and Settings\Robyn\Cookies\robyn@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\Robyn\Local Settings\Temp\Cookies\robyn@abetterinternet[2].txt -> TrackingCookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\Robyn\Local Settings\Temp\Cookies\robyn@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Robyn\Local Settings\Temp\Cookies\robyn@ads.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : Cleaned with backup
C:\Documents and Settings\Robyn\Local Settings\Temp\Cookies\robyn@cliks[2].txt -> TrackingCookie.Cliks : Cleaned with backup
C:\Documents and Settings\Robyn\Local Settings\Temp\Cookies\robyn@com[2].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Robyn\Local Settings\Temp\Cookies\robyn@starware[2].txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\Robyn\Local Settings\Temp\Cookies\robyn@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\Robyn\Local Settings\Temp\Cookies\robyn@www.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : Cleaned with backup
C:\Documents and Settings\Robyn\Local Settings\Temp\Del3D8.tmp -> Downloader.Small.asf : Cleaned with backup
C:\Documents and Settings\Robyn\Local Settings\Temp\pdyiwokil.exe -> Backdoor.Rbot.adf : Cleaned with backup
C:\Documents and Settings\Robyn\Local Settings\Temp\res3D9.tmp -> Adware.180Solutions : Cleaned with backup
C:\Documents and Settings\Robyn\Local Settings\Temp\tm24902.exe -> Downloader.Qoologic.ax : Cleaned with backup

#5 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:04:29 AM

Posted 11 February 2006 - 11:48 AM

Hello Jim,

Well done so far, :thumbsup:

You might want to print this out or save it as a text file on your Desktop, since working in safe mode will leave you without internet connection and you will not not be able to view this page.

1. Open Notepad, copy and paste the following text (in bold) into a new Notepad window.
Save it to your Desktop, as type "all files", as fixservice.bat:sc stop cmdService
sc stop lsass
sc delete cmdService
sc delete lsass
del fixservice.bat

Doubleclick fixservice.bat on your Desktop.

2. Boot into Safe Mode:
Restart your computer and tap F8 before WinXP starts to load and choose Safe Mode.
If done right a Windows Advanced Options menu will appear.
Select the Safe Mode option and press Enter.

3. Run HijackThis and check the following entries:R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = <a href="http://searchbar.findthewebsiteyouneed.com" rel="nofollow" target="_blank">http://searchbar.findthewebsiteyouneed.com</a>
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = <a href="http://searchbar.findthewebsiteyouneed.com" rel="nofollow" target="_blank">http://searchbar.findthewebsiteyouneed.com</a>
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = <a href="http://searchbar.findthewebsiteyouneed.com" rel="nofollow" target="_blank">http://searchbar.findthewebsiteyouneed.com</a>
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = <a href="http://www.findthewebsiteyouneed.com" rel="nofollow" target="_blank">http://www.findthewebsiteyouneed.com</a>
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = <a href="http://searchbar.findthewebsiteyouneed.com" rel="nofollow" target="_blank">http://searchbar.findthewebsiteyouneed.com</a>
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = <a href="http://searchbar.findthewebsiteyouneed.com" rel="nofollow" target="_blank">http://searchbar.findthewebsiteyouneed.com</a>
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
O4 - HKLM\..\Run: [Antivirus] C:\WINDOWS\b.exe
O4 - HKLM\..\Run: [y] C:\WINDOWS\System32\fxwriw.exe
O4 - HKLM\..\Run: [d] C:\WINDOWS\System32\lksktp.exe
O4 - HKLM\..\Run: [] c:\WINDOWS\System32\
O4 - HKLM\..\Run: [zzb] c:\WINDOWS\System32\zzb.exe
O4 - HKLM\..\Run: [6lP2Xn] C:\docume~1\robyn\locals~1\temp\6lP2Xn.exe
O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\PvwP.exe
O4 - HKLM\..\Run: [X4Pd] C:\windows\X4Pd.exe
O4 - HKLM\..\Run: [swkhHJME] C:\windows\swkhHJME.exe
O4 - HKLM\..\Run: [b8ihPiuQ] C:\documents and settings\heather\local settings\temp\b8ihPiuQ.exe
O4 - HKLM\..\Run: [GzN] C:\documents and settings\heather\local settings\temp\GzN.exe
O4 - HKLM\..\Run: [jWGSC5V0z] C:\documents and settings\heather\local settings\temp\jWGSC5V0z.exe
O4 - HKLM\..\Run: [VQm] C:\documents and settings\heather\local settings\temp\VQm.exe
O4 - HKLM\..\Run: [qhRfsb2v] C:\documents and settings\heather\local settings\temp\qhRfsb2v.exe
O4 - HKLM\..\Run: [vvlcci] c:\windows\system32\vvlcci.exe
O4 - HKLM\..\Run: [iisvers] C:\WINDOWS\iisvers.exe
O4 - HKLM\..\Run: [rgC.exe] c:\windows\system32\rgC.exe
O4 - HKLM\..\Run: [cnmmtix] c:\windows\system32\trynjnp.exe
O4 - HKLM\..\Run: [oFmg32g] memio800.exe
O4 - HKLM\..\Run: [khhdtmq] c:\windows\system32\lzpbcq.exe r
O4 - HKLM\..\Run: [Windows System32] explorer.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\System32\kwcyyi.exe reg_run
O4 - HKLM\..\Run: [IE6] ssmss.exe
O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd6.exe
O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban6.exe
O4 - HKLM\..\Run: [gimmygames] C:\\gimmygames.exe
O4 - HKLM\..\Run: [Winsock2 driver] ngldtsuw.exe
O4 - HKLM\..\Run: [susse] "C:\WINDOWS\System32\hpsw.exe"
O4 - HKLM\..\RunServices: [Windows System32] explorer.exe
O4 - HKLM\..\RunServices: [IE6] ssmss.exe
O4 - HKCU\..\Run: [Windows System32] explorer.exe
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - HKCU\..\RunServices: [Windows System32] explorer.exe
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O18 - Filter: text/html - {2F6E85DC-8D2D-4896-8A4F-7DF8A7B1749D} - C:\PROGRA~1\Jalmp\jalmp.dll
O20 - Winlogon Notify: Reliability - C:\WINDOWS\system32\k662lgjo16oc.dll

Close all open windows EXCEPT HijackThis, and click Fix Checked. Close HijackThis.

4. Go to Windows Explorer, find and if still present delete these files/folders (in bold):C:\WINDOWS\b.exe
C:\WINDOWS\X4Pd.exe
C:\WINDOWS\swkhHJME.exe
C:\WINDOWS\iisvers.exe
C:\WINDOWS\winsysupd6.exe
C:\WINDOWS\winsysban6.exe
C:\WINDOWS\Smlt => entire folder
C:\WINDOWS\lsass.exe => NOT the one in the System32 folder (who is legitimate)
C:\WINDOWS\System32\fxwriw.exe
C:\WINDOWS\System32\lksktp.exe
C:\WINDOWS\System32\zzb.exe
C:\WINDOWS\System32\PvwP.exe
C:\WINDOWS\System32\vvlcci.exe
C:\WINDOWS\System32\rgC.exe
C:\WINDOWS\System32\trynjnp.exe
C:\WINDOWS\System32\lzpbcq.exe
C:\WINDOWS\System32\kwcyyi.exe
C:\WINDOWS\System32\hpsw.exe
C:\WINDOWS\system32\k662lgjo16oc.dll
C:\Program Files\Common Files\VCClient => entire folder
C:\Program Files\Ebates_MoeMoneyMaker => entire folder
C:\Program Files\Jalmp => entire folder
To locate and delete memio800.exe, you will have to search for the file, since its path is not clearly defined in the HijackThis log: Click Start > Search
In the Search for files or folders field, enter memio800.exe
In the Look in field, make sure My Computer is displayed.
In the Search options box, make sure Advanced options has been checked
Check the following options:Search system folders
Search hidden files and folders, and
Search sub-folders
Then click the Search now button
Once the search has been completed, delete any file(s) which may be found named memio800.exe

Use the same procedure to find and delete, if present:explorer.exe => you can delete any instances of this file found, except the one in the C:\WINDOWS folder and in C:\\i386, which are legitimate
ssmss.exe => be careful: smss.exe is a legitimate file!
gimmygames.exe
ngldtsuw.exe
[/list]5. Still in Safe Mode, clean the temp files:

Open Internet Explorer. You'll get a 404 page not found, but that is normal in safe mode.1. At the top, click Tools>Internet Options> and then, in the center click Delete Cookies
2. Click Delete Files and then in the new applet, check the box for all offline content
3. Click OK
4. Close that applet and open the C>Windows>Temp folder, and delete all files in there too, and all files in sub-folders of Temp.
5. Empty the C:\Windows\Prefetch Folder, repeat this about once a month. More if you use the internet a lot.
6. Empty ALL C:\Documents and Settings\<user name>\LocalSettings\Temp Folders
Note: If you cannot delete them all at once because you have too many, then click and hold ctrl and highlight a batch of them at a time. Once highlighted, R-click over the highlight and select delete. Rinse, lather, repeat until folder is empty.

6. Reboot into normal mode

7. Run HijackThis again and post a fresh log.

If you have any doubts about some step, please let me know,
BMThor
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#6 FFJim

FFJim
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:29 PM

Posted 13 February 2006 - 10:11 PM

Thanks for everything so far. Hopefully things will get better soon. Still getting popups (like Zeno for one) as I type this. :thumbsup:

Jim P.

Logfile of HijackThis v1.99.1
Scan saved at 10:03:30 PM, on 2/13/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\tqouigp.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\tqouigpA.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\WINDOWS\SYSC00.exe
C:\WINDOWS\win3209417226211.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\windows\system32\rmdsregp.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\qwinnsap.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Program Files\TheSearchAccelerator\UCMTSAIE.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [tqouigpA] C:\WINDOWS\tqouigpA.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe
O4 - HKLM\..\Run: [win3209417226211] C:\WINDOWS\win3209417226211.exe
O4 - HKLM\..\Run: [{E5-5D-DE-E3-ZN}] c:\windows\system32\rmdsregp.exe CORN001
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\System32\qwinnsap.exe CORN001
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\System32\kwcyyi.exe reg_run
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Zeno.lnk = C:\WINDOWS\SYSTEM32\qwinnsap.exe
O4 - Startup: Z_Start.lnk = C:\ZICORN001.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1120920594093
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O20 - Winlogon Notify: Reliability - C:\WINDOWS\system32\enp0l17m1.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\tqouigp.exe

#7 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:04:29 AM

Posted 14 February 2006 - 11:22 AM

Hello Jim,

Don't worry, we will get them all, however it would be preferable to keep going as fast as possible.
I don't know what is going on at your home, but you seem to gather malware faster than we can remove them.
I noticed there are 4 accounts on that PC. Please try to convince the other users to stay off the internet until your system is completely clear,
and protection has been upgraded!

You might want to print this out or save it as a text file on your Desktop, since working in safe mode will leave you without internet connection and you will not not be able to view this page.

1. Open Notepad, copy and paste the following text (in bold) into a new Notepad window.
Save it to your Desktop, as type "all files", as fixserv.bat:sc stop Windows Overlay Components
sc delete Windows Overlay Components
del fixserv.bat

Doubleclick fixserv.bat on your Desktop.

2. Uninstall as much of malware as possible from the installed Software list:Go to Start > Settings > Control panel > Software > Add/remove programs and remove if present:Internet Optimizer
Search Accelerator
Zeno (search)
New.net or NewDotNet

Now, this last one is a tricky one: it may not be present in the Software list.
If it isn't, see if, using Windows Explorer, you can find an uninstaller in the folder C:\Program Files\NewDotNet. The uninstaller will be called uninstallX_XX.exe, where the X's stands for numbers.
If not, look in the C:\Windows or C:\Winnt, there it will be called NDNuninstallX_XX.exe

If you still haven't found it, you can use this uninstaller: uninstall6_38.exe.
After removal, you may be prompted to reboot. Please reboot even if not prompted.
However, before using this last means, please download WinsockXPFix and LSP-Fix.
If you can not connect to the Internet after removing New.net, please run the WinsockXPFix program I had you download earlier.
If you still can not connect to the Internet, please run the LSP-Fix program, and click on the finish button. Reboot and you should be able to get back on.
[/list]3. Please download, install and update Ad-Aware SE
Download the VX2 Cleaner Plug-in, install vx2cleaner_inst.exe, taking all the defaults there as well.
  • 1) Run Ad-Aware, and click Check for updates now.
    2) Select Configurations (click the Gear wheel at the top) as follows:
  • General Button > Safety & Settings: Check (Green) all three.
  • Tweak Button > Cleaning Engine > UNcheck "Always try to unload modules before deletion".
Click Proceed.
DO NOT RUN IT YET!
4. Please download, install, and update the NEW free version of Ewido anti-malware:
  • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • From the main ewido screen, click on update in the left menu, then click the Start update button.
  • After the update finishes (the status bar at the bottom will display "Update successful")
  • Close ewido. DO NOT RUN IT YET.
5. Boot into Safe Mode:
Restart your computer and tap F8 before WinXP starts to load and choose Safe Mode.
If done right a Windows Advanced Options menu will appear.
Select the Safe Mode option and press Enter.

6. Run HijackThis and check the following entries:R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll
O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Program Files\TheSearchAccelerator\UCMTSAIE.dll
O4 - HKLM\..\Run: [tqouigpA] C:\WINDOWS\tqouigpA.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe
O4 - HKLM\..\Run: [win3209417226211] C:\WINDOWS\win3209417226211.exe
O4 - HKLM\..\Run: [{E5-5D-DE-E3-ZN}] c:\windows\system32\rmdsregp.exe CORN001
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\System32\qwinnsap.exe CORN001
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\System32\kwcyyi.exe reg_run
O4 - Startup: Zeno.lnk = C:\WINDOWS\SYSTEM32\qwinnsap.exe
O4 - Startup: Z_Start.lnk = C:\ZICORN001.exe
O20 - Winlogon Notify: Reliability - C:\WINDOWS\system32\enp0l17m1.dll
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\tqouigp.exe

Close all open windows EXCEPT HijackThis, and click Fix Checked. Close HijackThis.

7. Go to Windows Explorer, find and if still present delete these files/folders (in bold):C:\ZICORN001.exe
C:\WINDOWS\nem220.dll
C:\WINDOWS\tqouigpA.exe
C:\WINDOWS\SYSC00.exe
C:\WINDOWS\win3209417226211.exe
C:\WINDOWS\tqouigp.exe
C:\WINDOWS\system32\rmdsregp.exe
C:\WINDOWS\System32\qwinnsap.exe
C:\WINDOWS\System32\kwcyyi.exe
C:\WINDOWS\SYSTEM32\qwinnsap.exe
C:\WINDOWS\system32\enp0l17m1.dll
C:\Program Files\TheSearchAccelerator => entire folder
C:\Program Files\Internet Optimizer => entire folder
8. Run Ad-Aware SE:
  • Click > "Scan Now" at the left
  • Deselect "Search for negligible risk entries" as negligible risk entries (MRU's) are not considered to be a threat.
  • Select "Search for low-risk threats"
  • Select "Perform full system scan"
  • Click Next
4) When the scan has completed, select Next.
  • In the Scanning Results window, select the "Critical Objects" tab.
  • Right-click on the screen and choose "Select all objects"
  • Click Next to remove the infections found, and click OK to the prompt.
9. Run Ewido anti-malware:
  • Click on the Scanner button in the left menu, then click on Complete System Scan. This scan can take quite a while to run.
  • You will be prompted to clean the first infection.
  • DO NOT Select Perform action on all infections, it's better to remove manually to avoid false positives.
    If you're not sure, select none for now.
  • When the scan finishes, click on "Save Report". This will create a text file. Make sure you know where to find this file again.
10. Reboot into normal mode

11. Reboot, run HijackThis again and post a fresh log, as well as the log from ewido.

If you have any doubts about some step, please let me know,
BMThor
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#8 FFJim

FFJim
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:29 PM

Posted 14 February 2006 - 08:13 PM

OK! Ready for what's next. The amazing thing is that this computer has only been used to work on this repair and to sync my Ipod twice. I'll work on protecting it better.

HIJACK THIS LOG ==>

Logfile of HijackThis v1.99.1
Scan saved at 8:09:18 PM, on 2/14/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nascar.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1120920594093
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O20 - Winlogon Notify: SideBySide - C:\WINDOWS\system32\mvn2l95o1.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe


EWIDO LOG ==>

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 8:02:36 PM, 2/14/2006
+ Report-Checksum: 2465295C

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{00000000-15D9-4736-AB29-131578A45F2B} -> Adware.Wordsonweb : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{39C78B50-7E98-4aa0-B007-D83114EA6E0F} -> Adware.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{39C78B50-7E98-4AA0-B007-D83114EA6E0F} -> Adware.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\WinAffiliateBHO.WinAffiliateIEExtensi.1 -> Adware.MidAddle : Cleaned with backup
HKU\S-1-5-21-4188247230-949902501-2404778162-1007\Software\ToolBar -> Adware.WebSearch : Cleaned with backup
[1420] C:\WINDOWS\system32\guard.tmp -> Adware.Look2Me : Error during cleaning
[1700] C:\WINDOWS\system32\guard.tmp -> Adware.Look2Me : Error during cleaning
C:\cygwid.exe -> Downloader.Small.bmx : Cleaned with backup
C:\Documents and Settings\Jim\Cookies\jim@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Jim\Cookies\jim@com[2].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Jim\Cookies\jim@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\Jim\Cookies\jim@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\Jim\Cookies\jim@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Jim\Cookies\jim@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Jim\Local Settings\Temp\cln4.tmp -> Downloader.Dyfuca.dp : Cleaned with backup
C:\Documents and Settings\Jim\Local Settings\Temporary Internet Files\Content.IE5\PF4DMDLN\actalert[1].exe -> Downloader.Dyfuca.dp : Cleaned with backup
C:\Documents and Settings\Robyn\Cookies\robyn@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Robyn\Cookies\robyn@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Robyn\Cookies\robyn@hypertracker[1].txt -> TrackingCookie.Hypertracker : Cleaned with backup
C:\Documents and Settings\Robyn\Cookies\robyn@paypopup[1].txt -> TrackingCookie.Paypopup : Cleaned with backup
C:\installerus.exe -> Downloader.Qoologic.at : Cleaned with backup
C:\inst_0004.exe -> Downloader.Small.cam : Cleaned with backup
C:\NNSCAA638.EXE -> Adware.NewDotNet : Cleaned with backup
C:\Program Files\Network Monitor\netmon.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Cleaned with backup
C:\RECYCLER\S-1-5-21-4188247230-949902501-2404778162-1007\Dc1172.exe -> Adware.ZenoSearch : Cleaned with backup
C:\RECYCLER\S-1-5-21-4188247230-949902501-2404778162-1007\Dc1173.exe -> Trojan.VB.tg : Cleaned with backup
C:\RECYCLER\S-1-5-21-4188247230-949902501-2404778162-1007\Dc1174.exe -> Downloader.VB.tw : Cleaned with backup
C:\RECYCLER\S-1-5-21-4188247230-949902501-2404778162-1007\Dc1175.exe -> Adware.ZenoSearch : Cleaned with backup
C:\RECYCLER\S-1-5-21-4188247230-949902501-2404778162-1007\Dc1176.exe -> Adware.ZenoSearch : Cleaned with backup
C:\RECYCLER\S-1-5-21-4188247230-949902501-2404778162-1007\Dc2.exe -> Downloader.VB.wg : Cleaned with backup
C:\RECYCLER\S-1-5-21-4188247230-949902501-2404778162-1007\Dc3.exe -> Hijacker.VB.ld : Cleaned with backup
C:\RECYCLER\S-1-5-21-4188247230-949902501-2404778162-1007\Dc395.tmp/titno.exe -> Adware.MDH : Cleaned with backup
C:\RECYCLER\S-1-5-21-4188247230-949902501-2404778162-1007\Dc4.exe -> Adware.Suggestor : Cleaned with backup
C:\RECYCLER\S-1-5-21-4188247230-949902501-2404778162-1007\Dc6\jalmp.dll -> Adware.Suggestor : Cleaned with backup
C:\RECYCLER\S-1-5-21-4188247230-949902501-2404778162-1007\Dc6\uninstall.exe -> Adware.Suggestor : Cleaned with backup
C:\RECYCLER\S-1-5-21-4188247230-949902501-2404778162-1007\Dc8.exe -> Downloader.VB.wd : Cleaned with backup
C:\RECYCLER\S-1-5-21-4188247230-949902501-2404778162-1007\Dc9.exe -> Downloader.VB.wd : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP843\A0039893.exe -> Adware.SurfSide : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP843\A0039973.exe -> Adware.SurfSide : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP843\A0040032.pif -> Trojan.Small.gf : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP843\A0040033.exe -> Worm.SpyBot.eu : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP843\A0040034.exe -> Backdoor.SdBot : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP843\A0040035.exe -> Worm.SpyBot.eu : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP843\A0040036.exe -> Downloader.Small.bmx : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP843\A0040037.exe -> Downloader.Qoologic.at : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP843\A0040038.exe -> Downloader.Adload.j : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP843\A0040039.exe -> Downloader.Adload.l : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP843\A0040040.exe -> Backdoor.Rbot.adf : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP843\A0040041.exe -> Backdoor.Rbot.adf : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP843\A0040042.exe -> Backdoor.SdBot : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP843\A0040044.exe -> Worm.SpyBot.eu : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP843\A0040045.exe -> Downloader.Small.bke : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP843\A0040047.exe -> Downloader.Qoologic.at : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP843\A0040048.exe -> Downloader.Small.cam : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP843\A0040050.EXE -> Adware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP843\A0040062.dll -> Adware.Suggestor : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP843\A0040063.exe -> Adware.Suggestor : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP843\A0040064.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP843\A0040065.exe -> Adware.Suggestor : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP843\A0040066.exe -> Backdoor.SdBot.aad : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP843\A0040068.exe -> Worm.SpyBot.eu : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP843\A0040069.exe -> Worm.Small.d : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP843\A0040071.exe -> Adware.IeSearchBar : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP843\A0040072.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP843\A0040074.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP843\A0040075.exe -> Hijacker.Agent.ep : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP843\A0040076.exe -> Backdoor.SdBot.aad : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP843\A0040078.exe -> Adware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP843\A0040079.exe -> Adware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP843\A0040082.dll -> Downloader.Qoologic.az : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP843\A0040083.exe -> Worm.SpyBot.eu : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP843\A0040084.exe -> Trojan.Pakes : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP843\A0040085.exe -> Logger.VB.eh : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP843\A0040086.exe -> Backdoor.SdBot : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP843\A0040087.exe -> Worm.SpyBot.eu : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP843\A0040088.exe -> Adware.Suggestor : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP843\A0040089.exe -> Adware.MDH : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP843\A0040090.DLL -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP843\A0040091.exe -> Worm.SpyBot.eu : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP843\A0040092.exe -> Downloader.Qoologic.at : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP843\A0040093.exe -> Worm.SpyBot.eu : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP843\A0040094.dll -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP843\A0040095.exe -> Worm.SpyBot.eu : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP843\A0040096.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP843\A0040097.exe -> Worm.SpyBot.eu : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP843\A0040099.exe -> Worm.SpyBot.eu : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP843\A0040100.exe -> Backdoor.Rbot.adf : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP843\A0040101.exe -> Worm.SpyBot.eu : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP843\A0040102.dll -> Downloader.Agent.b : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP843\A0040103.cpl -> Downloader.Qoologic.at : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP843\A0040104.exe -> Trojan.Runner.h : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP843\A0040105.exe -> Backdoor.Rbot.adf : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP843\A0040106.dll -> Hijacker.Agent.ep : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP843\A0040107.exe -> Worm.SpyBot.eu : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP843\A0041034.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP843\A0041035.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP843\A0041327.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP843\A0041331.DLL -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP847\A0041377.exe -> Downloader.Qoologic.at : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP847\A0041378.exe -> Downloader.VB.tw : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP847\A0041379.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP847\A0041384.exe -> Downloader.Qoologic.at : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP848\A0041460.dll -> Adware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP848\A0041462.exe -> Downloader.Qoologic.at : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP848\A0041463.exe -> Trojan.Pakes : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP848\A0041464.dll -> Downloader.Qoologic.az : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP848\A0041471.exe -> Downloader.Qoologic.at : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP848\A0041473.exe -> Trojan.Pakes : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP848\A0041474.dll -> Downloader.Qoologic.az : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP848\A0041477.dll -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP849\A0041494.exe -> Downloader.Qoologic.at : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP849\A0041505.exe -> Trojan.Pakes : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP849\A0041506.dll -> Downloader.Qoologic.az : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP849\A0041507.dll -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP849\A0041525.exe -> Adware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP849\A0041526.exe -> Adware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP849\A0041534.dll -> Adware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP849\A0041535.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP849\A0041539.DLL -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP849\A0041542.exe -> Downloader.Qoologic.at : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP849\A0041543.exe -> Trojan.Pakes : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP849\A0041544.dll -> Downloader.Qoologic.az : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP849\A0041545.dll -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP849\A0041557.exe -> Downloader.Qoologic.at : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP849\A0041558.exe -> Trojan.Pakes : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP849\A0041559.dll -> Downloader.Qoologic.az : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP849\A0041561.dll -> Downloader.Qoologic.at : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP849\A0041566.exe -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP849\A0041568.exe -> Downloader.Small.buy : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP849\A0041570.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP849\A0041571.exe -> Downloader.Dyfuca.ei : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP849\A0041574.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP849\A0041575.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP849\A0041577.exe/UCMTSAIE.DLL -> Adware.Ucmore : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP849\A0041577.exe/IUCMORE.DLL -> Adware.Ucmore : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP849\A0041578.exe -> Downloader.Small.buy : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP849\A0041579.exe -> Downloader.Adload.l : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP849\A0041580.exe -> Downloader.Dyfuca.ei : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP849\A0041581.dll -> Adware.CommAd : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP849\A0041582.exe -> Adware.CommAd : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP849\A0041583.exe -> Downloader.TSUpdate.o : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP849\A0041584.dll -> Adware.Sud : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP849\A0041585.dll -> Adware.Sud : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP849\A0041587.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP849\A0041588.DLL -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP849\A0041589.dll -> Downloader.Qoologic.at : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP849\A0041590.cpl -> Downloader.Qoologic.at : Cleaned with backup
C:\visfx500.exe -> Dropper.Agent.aie : Cleaned with backup
C:\WINDOWS\NDNuninstall6_38.exe -> Adware.NewDotNet : Cleaned with backup
C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup
C:\WINDOWS\offun.exe -> Downloader.VB.nw : Cleaned with backup
C:\WINDOWS\SYSTEM32\dwdsregt.exe -> Adware.ZenoSearch : Cleaned with backup
C:\WINDOWS\SYSTEM32\n48o0el3ehq.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\uxiime.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\vpkqq.dat -> Downloader.Qoologic.at : Cleaned with backup
C:\WINDOWS\SYSTEM32\wgse.exe -> Trojan.Runner.h : Cleaned with backup
C:\WINDOWS\SYSTEM32\WS2TIME.DLL -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\tqouigp.exe -> Hijacker.VB.ij : Cleaned with backup
C:\WINDOWS\tqouigpA.exe -> Hijacker.VB.ij : Cleaned with backup
C:\WINDOWS\winsysban7.exe -> Hijacker.VB.le : Cleaned with backup
C:\WINDOWS\winsysupd7.exe -> Downloader.VB.wg : Cleaned with backup


::Report End

THANKS AGAIN!!!

#9 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:04:29 AM

Posted 15 February 2006 - 10:11 AM

Looks much better Jim, :thumbsup:

Now let's see if we can get rid of Look2Me:

Please download Look2Me-Destroyer.exe to your desktop.
  • Close all windows before continuing.
  • Double-click Look2Me-Destroyer.exe to run it.
  • Put a check next to Run this program as a task.
  • You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK
  • When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
  • Once it's done scanning, click the Remove L2M button.
  • You will receive a Done Scanning message, click OK.
  • When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
  • Your computer will then shutdown.
  • Turn your computer back on.
  • Please post the contents of C:\Look2Me-Destroyer.txt and a new HiJackThis log.
If Look2Me-Destroyer does not reopen automatically, reboot and try again.

If you receive a message from your firewall about this program accessing the internet please allow it.

If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.
http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX

One word of advise on this one, Jim : :flowers:
Work slowly, wait patiently until each step has done his job and follow the instructions to the letter

Good luck,
BMThor :huh:
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#10 FFJim

FFJim
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:29 PM

Posted 15 February 2006 - 08:37 PM

Another task done! :thumbsup: Here are the logs.

HIJACK THIS ==>

Logfile of HijackThis v1.99.1
Scan saved at 8:33:37 PM, on 2/15/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nascar.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\System32\kwcyyi.exe reg_run
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1120920594093
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe



LOOK2ME-DESTROYER LOG ==>


Look2Me-Destroyer V1.0.5

Scanning for infected files.....
Scan started at 2/15/2006 8:25:12 PM

Infected! C:\WINDOWS\system32\mvn2l95o1.dll
Infected! C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP849\A0041613.dll
Infected! C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP849\A0041614.dll
Infected! C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP849\A0041622.dll
Infected! C:\WINDOWS\SYSTEM32\gppul3791.dll
Infected! C:\WINDOWS\SYSTEM32\hnsetup.dll
Infected! C:\WINDOWS\SYSTEM32\mvn2l95o1.dll
Infected! C:\WINDOWS\System32\guard.tmp

Attempting to delete infected files...

Attempting to delete: C:\WINDOWS\system32\mvn2l95o1.dll
C:\WINDOWS\system32\mvn2l95o1.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP849\A0041613.dll
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP849\A0041613.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP849\A0041614.dll
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP849\A0041614.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP849\A0041622.dll
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP849\A0041622.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\SYSTEM32\gppul3791.dll
C:\WINDOWS\SYSTEM32\gppul3791.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\SYSTEM32\hnsetup.dll
C:\WINDOWS\SYSTEM32\hnsetup.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\SYSTEM32\mvn2l95o1.dll
C:\WINDOWS\SYSTEM32\mvn2l95o1.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\System32\guard.tmp
C:\WINDOWS\System32\guard.tmp Deleted successfully!

Making registry repairs.

Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SideBySide

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{87367699-6E15-426F-9078-08CF5B0BEFCE}"
HKCR\Clsid\{87367699-6E15-426F-9078-08CF5B0BEFCE}

Restoring Windows certificates.

Replaced hosts file with default windows hosts file


Restoring SeDebugPrivilege for Administrators - Succeeded

THANKS AGAIN!!!

#11 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:04:29 AM

Posted 17 February 2006 - 03:57 AM

Hello Jim,

We're nearly there.

Can you check using Windows explorer if this file is still present? :C:\WINDOWS\System32\kwcyyi.exe
Please fix this entry, using HijackThis :O4 - HKLM\..\Run: [winsync] C:\WINDOWS\System32\kwcyyi.exe reg_run
Close HijackThis, and delete the file, if still present, using Windows explorer.

Please run HijackThis again and post a fresh log, so we can check and be sure everything is gone. :thumbsup:

Greetings,
BMThor
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#12 FFJim

FFJim
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:29 PM

Posted 17 February 2006 - 08:36 PM

Task performed.

*** On a related note, I ditched Norton which apparently wasn't getting the job done for me and am now using AVG. AVG picked up and handled a few things during installation.

Jim


HIJACK THIS LOG ==>

Logfile of HijackThis v1.99.1
Scan saved at 8:33:00 PM, on 2/17/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://com4.runboard.com/bknightstalkerspaintball
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1120920594093
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

#13 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:04:29 AM

Posted 19 February 2006 - 08:08 AM

Hello Jim,

Your log looks fine now.

Do you experience any problems anymore?

You can hide the hidden files and folders again:Click Start. Open My Computer.
Select the Tools menu and click Folder Options. Select the View Tab.
Under the Hidden files and folders heading deselect "Show hidden files and folders".
Check the "Hide protected operating system files (recommended)" option.
Click Yes to confirm. Click OK.
-----------------

Below I have included some recommendations on how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously ; these few simple steps can stave off the vast majority of spyware problems.

1. Please navigate to http://windowsupdate.microsoft.com/ on a regulare basis and download all the "critical updates" for Windows, including the latest version of Internet Explorer.
This can patch many of the security holes through which attackers can gain access to your computer.
Do this now to install SP2

2. It is important that you use a software firewall, to prevent unauthorised traffic both out of and into your computer.
Your log doesn't show a firewall running. If you have disabled it, please re-enable it.
If you do not have a firewall installed, please download and instal one of these excellent (and free) products: Sygate
Kerio
Tiny Personal Firewall
Outpost
It is important to note that you should only have one firewall installed at a time.
A tutorial on understanding and using firewalls may be found here.

3. In order to protect yourself better against spyware, you should consider installing and running, aside from Ad-Aware, some of the following free programs:Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

IE/Spyad
Places over 5000 dubious websites and domains in your IE's restricted zone.
Make sure to keep your antispyware programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

However do not use more then one active realtime protection!

4. Please consider using an alternate browser. Mozilla's Firefox browser is very good and more secure than Internet Explorer, immune to almost all known browser hijackers, and also has a built-in popup blocker (as an added benefit!) . If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/

Please also read Tony Klein's excellent article: How I got Infected in the First Place
and/or Grinlers tutorial on how malware is hidden and installed
Hopefully this should take care of your problems!

Please let me know if you have other questions.
Greetings,
BMThor
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users