Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Soo Many Pop-ups. Can't Stop Them. Surf Sidekick! Hijack Log.


  • This topic is locked This topic is locked
6 replies to this topic

#1 Leftbehind126

Leftbehind126

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:20 AM

Posted 05 April 2006 - 05:25 PM

I don't know what to do. I can't get rid of the surf sidekick. Heres my HijackThis Log. Someone help?


Logfile of HijackThis v1.99.1
Scan saved at 6:24:02 PM, on 4/5/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\YW50aG9ueQ\command.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\pfyhvle.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SYSC00.exe
C:\windows\system32\qkdsrego.exe
C:\WINDOWS\win32097162143708.exe
C:\WINDOWS\System32\lwinlrag.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\outlook\outlook.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\windows\mousepad8.exe
C:\WINDOWS\pfyhvleA.exe
C:\WINDOWS\ASEMBL~1\mmc.exe
C:\Program Files\Common Files\?racle\m?config.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\dwwin.exe
C:\Program Files\Common Files\Windows\services32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\BE Network\bin\context.exe
C:\Program Files\NaviSearch\bin\nls.exe
C:\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.exactsearch.net/sidesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O2 - BHO: (no name) - {6001CDF7-6F45-471b-A203-0225615E35A7} - C:\WINDOWS\DH.dll
O2 - BHO: XBTB04715 - {A8B0BDED-64A5-495b-97DA-42C0301E229B} - C:\PROGRA~1\TOOLBA~1\TOOLBA~1.DLL
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Toolbar888 - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Toolbar888\ToolBar888.dll
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" /disabled
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe
O4 - HKLM\..\Run: [{52-2A-A9-9F-ZN}] C:\windows\system32\qkdsrego.exe CORN001
O4 - HKLM\..\Run: [win32097162143708] C:\WINDOWS\win32097162143708.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\System32\lwinlrag.exe CORN001
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [newname] C:\windows\newname8.exe
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard8.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad8.exe
O4 - HKLM\..\Run: [pfyhvleA] C:\WINDOWS\pfyhvleA.exe
O4 - HKLM\..\Run: [McRegWiz] c:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - HKCU\..\Run: [Key] C:\DOCUME~1\Owner\LOCALS~1\Temp\20.tmp
O4 - HKCU\..\Run: [Oscb] "C:\WINDOWS\ASEMBL~1\mmc.exe" -vt yazr
O4 - HKCU\..\Run: [Qekr] C:\Program Files\Common Files\?racle\m?config.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000137.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\lwinlrag.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...83/mcinsctl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/03b96229e5e43c...ip/RdxIE601.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc1.webresponse.one.microsoft.com/...p/TLIEFlash.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,20/mcgdmgr.cab
O20 - AppInit_DLLs: repairs303169566.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\YW50aG9ueQ\command.exe
O23 - Service: iPod Service (iPodService) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\pfyhvle.exe

BC AdBot (Login to Remove)

 


m

#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:03:20 PM

Posted 06 April 2006 - 08:04 AM

Hello,

Go to start > controlpanel > software > add/remove programs and uninstall next:

Windows Overlay Components
Toolbar888
NaviSearch
Surfsidekick
Zeno/Zenosearch
OIN
<== if this one isn't present there, use this uninstaller:
http://www.outerinfo.com/OiUninstaller.exe

During the uninstall of surfsidekick, a new window will open, asking you to enter a code you'll find there. Please enter the code.
Then REBOOT!! This is really important

After reboot,

* Download Brute Force Uninstaller.
Unzip it to a folder of itís own (c:\BFU).
Read here how to unzip/extract properly:
http://metallica.geekstogo.com/xpcompressedexplanation.html
Start the Brute Force Uninstaller by doubleclicking BFU.exe

Next to the 'scriptfile to execute'-window you'll see a little icon as shown in next picture: Posted Image
When you click that icon, a little window will open that says: 'Please enter the full URL to the sript you want to execute'
In the field, copy and paste next URL:

http://metallica.geekstogo.com/alcanshorty.bfu

Click Ok.
Then click execute in Brute Force Uninstaller.

Extra note:
If nothing happens after pressing the Execute button, this means that the script didn't download. In that case, download the script ( alcanshorty.bfu ) manually from above url ( rightclick on it and choose 'save as' and save it in your BFU-folder). Then start BFU.exe again and click the browse button next to the 'scriptfile to execute'-window
Browse to the script you downloaded and Click Ok and Execute in Brute Force Uninstaller.


Wait for the complete script execution box to popup and press OK.
Press exit to terminate the BFU program.

Reboot once again and post a new hijackthislog. We'll work further from there.

Edited by miekiemoes, 06 April 2006 - 08:05 AM.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 Leftbehind126

Leftbehind126
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:20 AM

Posted 06 April 2006 - 11:26 PM

i did the instructions. Thanks for taking time to look and attempt to fix my problem. I dont know what the uninstaller thing did, but i still get all the pop-ups. and it still says "Brought to you by Surf Sidekick!" So i dont know if that means that Brute Force didn't work. But here is my new HijackThis file.


Logfile of HijackThis v1.99.1
Scan saved at 12:22:26 AM, on 4/7/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\win32097162143708.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\AIM\aim.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\System32\svchost.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\ms044370871621.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\vqkchaoA.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\ICROSO~1\rundll.exe
c:\ac2_0003.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\s?stem32\j?vaw.exe
C:\Program Files\webHancer\Programs\whagent.exe
C:\Program Files\webHancer\Programs\whsurvey.exe
C:\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll
O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" /disabled
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [win32097162143708] C:\WINDOWS\win32097162143708.exe
O4 - HKLM\..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe
O4 - HKLM\..\Run: [ms031437087162] C:\WINDOWS\ms031437087162.exe
O4 - HKLM\..\Run: [{52-2A-A9-9F-ZN}] c:\windows\system32\dwdsregt.exe CORN001
O4 - HKLM\..\Run: [w00249a1.dll] RUNDLL32.EXE w00249a1.dll,I2 00012f11000249a1
O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Program Files\webHancer\Programs\whsurvey.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [ms044370871621] C:\WINDOWS\ms044370871621.exe
O4 - HKLM\..\Run: [vqkchaoA] C:\WINDOWS\vqkchaoA.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [win32070871621437] C:\WINDOWS\win32070871621437.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - HKCU\..\Run: [Key] C:\DOCUME~1\Owner\LOCALS~1\Temp\20.tmp
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [Oscb] "C:\WINDOWS\ICROSO~1\rundll.exe" -vt yazr
O4 - HKCU\..\Run: [Prhghaph] C:\WINDOWS\s?stem32\j?vaw.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...83/mcinsctl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/03b96229e5e43c...ip/RdxIE601.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc1.webresponse.one.microsoft.com/...p/TLIEFlash.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,20/mcgdmgr.cab
O20 - AppInit_DLLs: repairs303169569.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: Themes - C:\WINDOWS\system32\ikakeng.dll (file missing)
O20 - Winlogon Notify: WebCheck - C:\WINDOWS\system32\fuamebuf.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: iPod Service (iPodService) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\vqkchao.exe (file missing)

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:03:20 PM

Posted 07 April 2006 - 02:24 AM

Hello,

I see new infections present again.

It is really important you perform every of my next step in the right order otherwise it will fail.
A couple of reboots in between are really needed.

Please download Look2Me-Destroyer.exe to your desktop.
  • Close all windows before continuing.
  • Double-click Look2Me-Destroyer.exe to run it.
  • Put a check next to Run this program as a task.
  • You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 1 minute. Click OK
  • When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
  • Once it's done scanning, click the Remove L2M button.
  • You will receive a Done Scanning message, click OK.
  • When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
  • Your computer will then shutdown.
  • Turn your computer back on.
If Look2Me-Destroyer does not reopen automatically, reboot and try again.

If you receive a message from your firewall about this program accessing the internet please allow it.

If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.
http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX

Go to start > controlpanel > software > add/remove programs and uninstall Webhancer

This will ask you to reboot your system. Click yes.
Reboot.

Once rebooted, go to start > run and copy and paste next command in the field:

"C:\Program Files\SurfSideKick 3\Ssk.exe" /u <click enter>

This is the surfsidekick uninstaller, so a new window will open, asking you to enter a code you'll find there. Please enter the code.
Then REBOOT!! This is really important.

It's better to print out the next instructions or save it in notepad, because you also have to work in safe mode without networking support, so this page wouldn't be available then.
It is also important you don't miss a step and perform everything in the right order!!

* Please set your system to show all files; please see here if you're unsure how to do this.

Please download ATF Cleaner by Atribune to your desktop.
Do not use the program yet.

Please download Ewido anti-malware ; it is a free version of the program.
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu
  • Launch ewido by double-clicking on the icon on your desktop.
  • The program will now open to the main screen.
  • When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display ("Update successful")
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates
Don't run it yet.

* Reboot into Safe Mode`: ( without networking support !)
įTo get into the Safe mode as the computer is booting press and hold your "F8 Key". Use your arrow keys to move to "Safe Mode" and press your Enter key.

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll
O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [win32097162143708] C:\WINDOWS\win32097162143708.exe
O4 - HKLM\..\Run: [ms031437087162] C:\WINDOWS\ms031437087162.exe
O4 - HKLM\..\Run: [{52-2A-A9-9F-ZN}] c:\windows\system32\dwdsregt.exe CORN001
O4 - HKLM\..\Run: [w00249a1.dll] RUNDLL32.EXE w00249a1.dll,I2 00012f11000249a1
O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Program Files\webHancer\Programs\whsurvey.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [ms044370871621] C:\WINDOWS\ms044370871621.exe
O4 - HKLM\..\Run: [vqkchaoA] C:\WINDOWS\vqkchaoA.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [win32070871621437] C:\WINDOWS\win32070871621437.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - HKCU\..\Run: [Key] C:\DOCUME~1\Owner\LOCALS~1\Temp\20.tmp
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [Oscb] "C:\WINDOWS\ICROSO~1\rundll.exe" -vt yazr
O4 - HKCU\..\Run: [Prhghaph] C:\WINDOWS\s?stem32\j?vaw.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/03b96229e5e43c...ip/RdxIE601.cab
O20 - AppInit_DLLs: repairs303169569.dll
O20 - Winlogon Notify: Themes - C:\WINDOWS\system32\ikakeng.dll (file missing)
O20 - Winlogon Notify: WebCheck - C:\WINDOWS\system32\fuamebuf.dll
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\vqkchao.exe (file missing)


* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

* Using Windows Explorer, locate the following files/folders, and delete them if still present:

C:\WINDOWS\win32097162143708.exe
C:\WINDOWS\ms044370871621.exe
C:\WINDOWS\vqkchaoA.exe
C:\WINDOWS\Offun.exe
C:\Program Files\Internet Optimizer <== folder
c:\ac2_0003.exe
C:\Program Files\SurfSideKick 3 <== folder
C:\WINDOWS\ms031437087162.exe
c:\windows\system32\dwdsregt.exe
c:\windows\system32\w00249a1.dll
C:\WINDOWS\win32070871621437.exe
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.dll
Look in that same folder if there are other files present starting with ibm0000........ and delete them. Don't delete anything else present in that folder!!!

Next folders to delete are a bit more advanced. Because this infection creates bogus folders who look the same as legit folders, so please make sure you don't delete the legit folder!!!

C:\WINDOWS\s?stem32 <== delete this folder, will most probably look like system32 and contains next file j?vaw.exe. Please don't try to delete the legit system32-folder here. You'll see, when you open the legit system32-folder, there will be A LOT of files and subfolders present in there. So don't delete that folder!!

C:\WINDOWS\ICROSO~1 <== this folder, will most probably look like Microsoft and contains the file rundll.exe. Don't delete any other folder looking like microsoft or microsoft.net. Make sure you don't delete the wrong folder!!
When in doubt, skip this step and tell me afterwards.

* Go to start > run and copy and paste next command in the field:

sc delete "Windows Overlay Components" < click ok >

* Still in safe mode... Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

* Open Ewido anti-malware
Click on scanner

* Click Complete System Scan and the scan will begin.
* During the scan it will prompt you to clean files, click OK
* When the scan is finished, look at the bottom of the screen and click the Save report button.
* Save the report to your desktop

Close Ewido

* Reboot your system back to normal mode.

* Perform an onlinescan with panda: (please use this scanner instead of any other scanner!)
Panda Online
- Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post the contents of the Panda scan report in your next reply
together a fresh HijackThis log and the ewido-log so I can take another look.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 Leftbehind126

Leftbehind126
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:20 AM

Posted 08 April 2006 - 02:10 PM

Okay, i followed the instructions. It got rid of the pop-ups, but the scanner still detects some stuff. Here are the logs u asked for. Thank you for taking your time to look at this. I'll ask my mom if i can donate to you for helping. You deserve something in return for the help.




Incident Status Location

Adware:Adware/Deskwizz Not disinfected C:\bintheredunthat\sk02.exe
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\LocalService\Cookies\system@webpower[2].txt
Spyware:spyware/surfsidekick Not disinfected C:\Documents and Settings\Owner\Application Data\Sskcwrd.dll
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Owner\Cookies\owner@888[1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Owner\Cookies\owner@888[2].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Owner\Cookies\owner@adopt.hbmediapro[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Owner\Cookies\owner@adrevolver[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Owner\Cookies\owner@advertising[1].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Owner\Cookies\owner@apmebf[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Owner\Cookies\owner@atwola[1].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Owner\Cookies\owner@azjmp[1].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\Owner\Cookies\owner@cassava[1].txt
Spyware:Cookie/Date Not disinfected C:\Documents and Settings\Owner\Cookies\owner@date[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Owner\Cookies\owner@doubleclick[2].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Owner\Cookies\owner@errorsafe[2].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Owner\Cookies\owner@fastclick[2].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Owner\Cookies\owner@i.screensavers[1].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Owner\Cookies\owner@maxserving[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Owner\Cookies\owner@media.fastclick[2].txt
Spyware:Cookie/AspinallsOnlineCasino Not disinfected C:\Documents and Settings\Owner\Cookies\owner@pacificpoker[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Owner\Cookies\owner@realmedia[2].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Owner\Cookies\owner@www.errorsafe[1].txt
Spyware:Cookie/FindtheWebsiteYouNeed Not disinfected C:\Documents and Settings\Owner\Cookies\owner@www.findthewebsiteyouneed[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Owner\Cookies\owner@xiti[1].txt
Adware:Adware/Maxifiles Not disinfected C:\Documents and Settings\Owner\mc-110-12-0000137.exe
Virus:Bck/IRCBot.WJ Not disinfected C:\Documents and Settings\Owner\rar.exe
Virus:Bck/Aemon.V Not disinfected C:\WINDOWS\country.exe
Adware:adware/exact.bargainbuddy Not disinfected C:\WINDOWS\system32\exclean.exe
Virus:Trj/Goldun.HF Not disinfected C:\WINDOWS\system32\nclabydll.dll
Virus:Bck/IRCBot.WJ Not disinfected C:\WINDOWS\system32\rar.exe
Adware:adware/dollarrevenue Not disinfected C:\WINDOWS\teller2.chk
Potentially unwanted tool:Application/KillApp.A Not disinfected C:\WINDOWS\tool1.exe
Potentially unwanted tool:Application/KillApp.A Not disinfected C:\WINDOWS\tool3.exe
Potentially unwanted tool:Application/KillApp.A Not disinfected C:\WINDOWS\tool4.exe
Adware:adware/cws.searchmeup Not disinfected C:\WINDOWS\uniq





Logfile of HijackThis v1.99.1
Scan saved at 1:04:35 AM, on 4/8/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\AIM\aim.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" /disabled
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [McRegWiz] c:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - HKCU\..\Run: [Key] C:\DOCUME~1\Owner\LOCALS~1\Temp\20.tmp
O4 - HKCU\..\Run: [Oscb] "C:\WINDOWS\ICROSO~1\rundll.exe" -vt yazr
O4 - HKCU\..\Run: [Prhghaph] C:\WINDOWS\s?stem32\j?vaw.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...83/mcinsctl.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc1.webresponse.one.microsoft.com/...p/TLIEFlash.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,20/mcgdmgr.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\vqkchao.exe (file missing)



This next one is really long. It's the Ewido one. A lot of it was bullcrap stuff mIRC i think. Here it is though.


---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 11:54:08 PM, 4/7/2006
+ Report-Checksum: 8CC9FE52

+ Scan result:

HKLM\SOFTWARE\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Avenue Media\Internet Optimizer -> Adware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper -> Adware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 -> Adware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj -> Adware.MoneyTree : Cleaned with backup
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj\CLSID -> Adware.MoneyTree : Cleaned with backup
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj\CurVer -> Adware.MoneyTree : Cleaned with backup
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj.1 -> Adware.MoneyTree : Cleaned with backup
HKLM\SOFTWARE\Clickspring -> Adware.PurityScan : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt -> Adware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DyFuCA -> Adware.MoneyTree : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer -> Adware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kapabout -> Adware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Policies\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup
HKLM\SOFTWARE\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup
HKLM\SOFTWARE\webhancer -> Adware.WebHancer : Cleaned with backup
HKLM\SOFTWARE\webhancer\CC -> Adware.WebHancer : Cleaned with backup
C:\avenger\backup.zip/avenger/ac2_0003.exe -> Downloader.Small.cpu : Cleaned with backup
C:\bintheredunthat\vqkchao.exe -> Hijacker.VB.ij : Cleaned with backup
C:\bintheredunthat\vqkchaoA.exe -> Hijacker.VB.ij : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned with backup
C:\Documents and Settings\Owner\Complete\ Games.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\ Music.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\ Software.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\++ MVCD ++ ICE AGE 2 ++ GERMAN ++ WEBSEED ++.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\007 Spy Software v3 86 WinALL Cracked-NGEN zip.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\100 Greatest Rap Hip Hop Songs Of All Time.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\100 Greatest Rock Songs Of The 90 S.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\100 Top 30 Trance March 2006 Playlist By Dj Adriano.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\1000 Java Games 2006.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\10000 Fonts.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\16 Blocks FRENCH TS REPACK 1CD.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\1995 - Sting - The Living Sea - Jazz - www malomania com ar rar.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\1996 - Sting - Mercury Falling - Jazz - www malomania com-ar rar.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\2 Pac Discography.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\2000 - Sting - Live In Central Park (Bootleg) - www malomania com ar rar.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\38 Irish Drinking Songs.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\3D &amp; FANTASY ART v 17.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\3D Aquarium with+License.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\562 top rated e-books all the bestsellers in ms-reader format.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\About CNET Networks.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Acdc Discography 19cd H8me.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Act Of War High Treason Clonedvd Moncul.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Addison Wesley Spring Into Linux Apr 2005 eBook-BBL.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Adobe Acrobat 7 0 Pro With Keygen Squiggie.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Adobe After Effects 7 0 Pro.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Adobe After Effects V7 0 Dvd Incl Crack.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Adobe After Effects V7 0 Dvd.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Adobe Audition V2 0 English Www Pctorrent Com.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Adobe Creative Suite 2 Mac Keygen.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Adobe Creative Suite 2 Premium.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Adobe Creative Suite Production Studio Premium Iso Www Torobt Com Ar.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Adobe Creative Suite Production Studio Premium.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Adobe Cs 2 Premium Dvd With Activators Plus Extras Full Retail Versions.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Adobe Illustrator Cs2 V12 32321 39636 20013 25991 21407 29256 2080.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Adobe Photoshop Cs2 Iso Keygen.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Adobe Premiere Elements V2 0 Www Seedler Org.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Adobe Premiere Pro V2 0 Multi Www Pctorrent Com.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Advanced search.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Age Of Empires Iii Reloaded 3393982 Tpb.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Ahead DVD Ripper 1.4.1 Pro.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Air America Radio - The Al Franken Show 040406 [mp3].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Air America Radio - The Al Franken Show 040506 [mp3].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Air America Radio - The Al Franken Show 040606 [mp3].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Air America Radio - The Majority Report 040406 [mp3].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Air America Radio - The Majority Report 040506 [mp3].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Air America Radio - The Marc Maron Show 040306 [mp3].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Air America Radio - The Marc Maron Show 040506 [mp3].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Air America Radio - The Rachel Maddow Show 040406 [mp3].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Air America Radio - The Rachel Maddow Show 040506 [mp3].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Alcohol 120 1 9 5 3105.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Alcohol 120 V1 9 5 3823 Retail Fully Cracked Read Nfo Blizzard Proper.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Aliasmayaunlimited7011511998 Demonoid Com.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\All Software.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\American Idol S05E26 HDTV XviD-FQM [eztv].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\American Idol S05E27 HDTV XviD-XOR [eztv].zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\American Splendor.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\AnyDVD v5 9 5 2 and Patch.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\AnyDVD5953 wsnd 1.24 universal patch.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Apple Motion 2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Atlas of the Human Brain 2nd Edition-MEDiSO.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Audio & Video.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Autodesk 3d Studio Max V8 0 Webinstall Incl Keymaker Xforce.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\AVConverter Mobile Ringtone Converter v2 3 19 WinALL Cracked-CzW zip.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Avid Liquid 7 Dvd English Www Pctorrent Com.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\B&W Pro 2 2.12.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\B-Coder Pro 4.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\B-Free Small Business 4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\B-Jigsaw 7.7.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\B-Randomizer 0.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\B-Tree 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\b-Wall XP Firewall Control 2.5.057.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\B.I.R.D. 1.21.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\B12 Anti Spyware 1.2.6.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\B2 CDLGen 3.1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\B2 Spice AD Lite 4.2.14.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\B2 Spice A_D 5.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\b2evolution 0.9.0.11.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\B3 HTML Studio 4.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\B4 1.1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\BAARK 3.01.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Babala 0.3.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Babarosa Gif Animator 3.6.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Babble MP3 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Babble Rock 10.1.0.11.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Babbling Brook 1.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\BabeFest 2002 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\BabelBloX 1.9.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\BabelCon 3.0 Content Management (CGIUSB Version) 3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Babelizer 1.5.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\BabeSave Screensaver Bikini Edition 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Babesavers Screensaver - Mariah Carey 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\BabeSavers Screensaver - Sexy Cindy Crawford 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\BabeX 1.12.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Babies of the Wilderness 1.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Babimals 2.06.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Babu Converter Plus 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Babushka 2.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Baby Album - Basic Edition 2.14 build 6.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Baby Article Collections 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Baby ASP Web Server 2.6.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Baby Boom 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Baby Boom II 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Baby Boomer Bible Browser 1.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Baby Days and Toddler Tales 1.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Baby Diary 1.9.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Baby In A Box Screen Saver 2.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Baby Its Me - Desktop Share 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Baby Names 1.1.0.4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Baby Names Dictionary 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Baby Safe 1.05.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Babya Logic 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Babyblues Wonderful Waterfalls 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\BabyDays 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\BabyKeys for Windows 1.5.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Babylon-Pro 5.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\BabyMelodyPilot (Macintosh) 1.1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\BabyMelodyPilot 1.3.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\BabyName 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\BabyPlan 2.1 eng..zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\BabyShield 2.4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\BabyWatch 211.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Baccarat Basic Strategy Analysis 2.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Baccarat Tool 1.3.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Bach Flower Emotional Wellness Quiz 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Bach, J.S. - Violin Concertos (Mullova), AAC @256.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Back Alley Brawl 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Back Online 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Back to Baghdad demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Back-IT-Up 5.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Back2Life 2.32.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Back2Life for TC 2.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Back4Win 5.0.0.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Back4WinXP 5.0.4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Backbase Community Edition 3.1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Backdrop GC 2.05.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Backer 6.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Backgammon 1.51.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Backgammon Blitz 1.9.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Backgammon Classic 3.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Backgammon Deluxe 1.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Backgammon, by George 1.91.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Background Buddy 1.06a.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Backlink Reporter 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\BackLinks Master 1.0.2.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\BackPack 2006 LE 2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\BackPack Professional 3.6.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Backspin Billiards 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Backstage 1.0 (b1).zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\BackStreet Browser 3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\BackTracker 2.1.0.72.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Backup 2.4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Backup dD 2.1 build 181.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Backup Deluxe 2005 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Backup E-mail 1.7 revision 0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Backup Files Pro 2006 build 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Backup for One 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Backup for Workgroups 2.6.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Backup Genie 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Backup Machine XP 1.1.27.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Backup Made Easy 3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Backup Made Simple 5.1.189.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Backup Magic 1.6.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\BackUp Maker Standard Edition 4.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Backup Manager 1.0.7.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Backup Manager 2.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Backup MyPC (Europe) 5.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Backup Platinum 2.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Backup Plus 7.7.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Backup Plus DVD Edition 1.1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Backup Premium 2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Backup Rescue 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Backup Scheduler 1.0.0.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\BackUp Solutions Online Backup 7.5.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Backup to DVDCD 5.1.189.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Backup To Neighbor 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Backup Utility System 1.0.7.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Backup Watcher for MySQL 1.9.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Backup Wolf 3.13.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Backup Xpresso 2.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Backup-2006 Studio 5.1.2.203.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Backup-Burner CD-Recording Component 5.6.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Backup2000 1.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Backup2005 Synchronizer 3.2.4.30.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Backup2Net 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Backup4all 3.0 build 193.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\BackupAssist 2.3.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\BackupBuddy Personal 2.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\BackupBuddy Professional 2.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\BackupBuddyVFS Personal 3.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\BackupBuddyVFS Professional 3.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\BackupIQ 7.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\BackupMe 1.28.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\BackupOnDemand 2.7.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\BackupSW 3.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\BackUpTime 1.4 build 3569.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\BackupXfer for Palm 1.2d1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\BackupXpress Pro 2.74.41 build 191.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Backzilla.Net 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Bad Apples 1.3.11.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Bad Breath, Morning Breath 12 - Step Plan 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Bad Check Tracker 2.0.03.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Bad Cookie (OS X) 1.6.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Bad Cookie 1.6.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Bad Games Autorun 0.52.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Bad Intentionz 1.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Bad Mojo demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Bad News Bears Trailer .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Bad Toys 3D 1.95.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\BadBlue Personal Edition 2.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\BadCopy Pro 3.8 build 1108.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\BadgeBuilder Express 4.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Baggle 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Bagle_X Toolbar 4.5.96.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\BakBot 3.00.24.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\BaKoMa TeX 7.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Baladana 4.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Balarama Fonts 1.08.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Balder Multiboot 2.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Baldies demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Baldur's Gate II Throne of Bhaal v26498 Patch .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Balistick 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Ball Attack 1.12.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Ball Bounce Deluxe 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Ball Deluxe 7.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Ball-Bar 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\BallClicks 1.0.4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Ballet .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Ballistics 1.0.1 patch .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Ballistics 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Ballistics demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Ballistik 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Ballmaster 2 1.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Balloon Blast .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Balloon Dart 1.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Balloon OCX 2.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Balloon Tooltips .NET 2.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Ballooneys Lite Screensaver 2.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\BalloonRain 1.0d.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Balloons Animated Jigsaw Puzzle 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Balls 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Balls Millennium 1.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Balls of Steel Patch 1.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Balls Up Episode 1 1.11a.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\BallSwapper 1.05.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Bamboozle 1.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Bambusa (Classic) 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Bambusa 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\BananaPC 4.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Bananas In Space 1.4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Band Minus One 2.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Band Name Generator 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Band Promotion Tracker 0.01.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Band-in-a-Box 9.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\BanderSnatch 1.0.6.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Bandit's Big Adventure 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Bandits Phoenix Rising 1.1 patch .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Bandits Phoenix Rising 1.1.1 patch .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Bandits Phoenix Rising demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Bandits Phoenix Rising, All Territories, 1.1 patch .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Bandwidth Controller 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Bandwidth Meter 5.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Bandwidth Monitor 1.0.003.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Bandwidth Monitor for IIS 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Bandwidth Monitor Pro 1.29.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Bandwidth Tester 0.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Owner\Complete\BandX 1.41.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Docu

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:03:20 PM

Posted 08 April 2006 - 02:46 PM

Hello,

Yes I know the scanner would still find some files. It looks like you also forgot some entries in hijackthis and forgot another step. :thumbsup:

* Clean your IE cookies and cache:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Click the "Delete Cookies" button
  • Next to it, Click the "Delete Files" button
  • When prompted, place a check in: "Delete all offline content", click OK
* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - HKCU\..\Run: [Key] C:\DOCUME~1\Owner\LOCALS~1\Temp\20.tmp
O4 - HKCU\..\Run: [Oscb] "C:\WINDOWS\ICROSO~1\rundll.exe" -vt yazr
O4 - HKCU\..\Run: [Prhghaph] C:\WINDOWS\s?stem32\j?vaw.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\vqkchao.exe (file missing)


* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

Delete next files:

C:\Documents and Settings\Owner\mc-110-12-0000137.exe
C:\Documents and Settings\Owner\rar.exe
C:\WINDOWS\country.exe
C:\WINDOWS\system32\exclean.exe
C:\WINDOWS\system32\nclabydll.dll
C:\WINDOWS\system32\rar.exe
C:\WINDOWS\teller2.chk
C:\WINDOWS\tool1.exe
C:\WINDOWS\tool3.exe
C:\WINDOWS\tool4.exe
C:\WINDOWS\uniq
C:\bintheredunthat\sk02.exe
C:\Documents and Settings\Owner\Application Data\Sskcwrd.dll

empty your recyclebin.

Perform next step again, because you forgot that:

* Go to start > run and copy and paste next command in the field:

sc delete "Windows Overlay Components" < click ok >


Download and Save blacklight to your desktop.
F-Secure Blacklight: http://www.f-secure.com/blacklight/try.shtml
Double-click blbeta.exe then accept the agreement.
click > scan then > next,
You'll see a list of all items found.
Don't choose for rename yet! I want to see the log first, because legit items can also be present there...
There must be also a log on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers)
Post the contents of the log in your next reply together with a new hijackthislog.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:03:20 PM

Posted 15 April 2006 - 11:17 AM

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users