Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I Keep Geting The Same Popups And A Blue Spyware To Download


  • This topic is locked This topic is locked
19 replies to this topic

#1 iceoc

iceoc

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:35 PM

Posted 12 April 2006 - 11:51 PM

i need help i get lots of pop up on dest top here is my log file help me
Ad-Aware SE Build 1.06r1
Logfile Created on:Wednesday, April 12, 2006 4:25:05 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R103 10.04.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
ABetterInternet.Aurora(TAC index:10):1 total references
ABetterInternet.Nail(TAC index:5):1 total references
Adware.Freeprod Toolbar(TAC index:3):12 total references
Adware.Look2Me(TAC index:7):2 total references
Alexa(TAC index:5):10 total references
CmdServices(TAC index:4):30 total references
CoolWebSearch(TAC index:10):9 total references
FizzleBar(TAC index:5):2 total references
ImIServer IEPlugin(TAC index:5):4 total references
iSearch Toolbar(TAC index:3):20 total references
MicroGaming(TAC index:4):1 total references
Other(TAC index:5):1 total references
Softomate Toolbar(TAC index:9):5 total references
SurfSideKickBHO(TAC index:7):6 total references
Targetsaver(TAC index:8):1 total references
Tracking Cookie(TAC index:3):197 total references
WebHancer(TAC index:9):2 total references
Win32.P2P-Worm.Alcan.a(TAC index:8):8 total references
win32.Trojan.Dnschanger(TAC index:10):3 total references
Windows(TAC index:3):1 total references
VX2(TAC index:10):15 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R103 10.04.2006
Internal build : 120
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 603709 Bytes
Total size : 1990340 Bytes
Signature data size : 1976427 Bytes
Reference data size : 13401 Bytes
Signatures total : 54120
CSI Fingerprints total : 2301
CSI data size : 73588 Bytes
Target categories : 15
Target families : 870


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Non Intel
Memory available:28 %
Total physical memory:523496 kb
Available physical memory:145252 kb
Total page file size:1280260 kb
Available on page file:815892 kb
Total virtual memory:2097024 kb
Available virtual memory:2041624 kb
OS:Microsoft Windows XP Home Edition Service Pack 1 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Don't log streams smaller than 0 Bytes
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


4-12-2006 4:25:05 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 772
ThreadCreationTime : 4-12-2006 8:34:08 PM
BasePriority : Normal


#:2 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 844
ThreadCreationTime : 4-12-2006 8:34:11 PM
BasePriority : High


Adware.Look2Me Object Recognized!
Type : Process
Data : c6002gdmg60a2.dll
TAC Rating : 7
Category : Adware
Comment : iieshare.dll.dmp
Object : C:\WINDOWS\system32\


Warning! Adware.Look2Me Object found in memory(C:\WINDOWS\system32\c6002gdmg60a2.dll)


#:3 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 892
ThreadCreationTime : 4-12-2006 8:34:11 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:4 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 904
ThreadCreationTime : 4-12-2006 8:34:11 PM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:5 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1092
ThreadCreationTime : 4-12-2006 8:34:12 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1120
ThreadCreationTime : 4-12-2006 8:34:12 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [s24evmon.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1160
ThreadCreationTime : 4-12-2006 8:34:12 PM
BasePriority : Normal
FileVersion : 4, 1, 0, 3
ProductVersion : 4, 1, 0, 3
ProductName : Mobile Unit Support Service
CompanyName : Intel Corporation
FileDescription : Event Monitor - Supports driver extensions to NIC Driver for wireless adapters.
InternalName : S24EvMon
LegalCopyright : Copyright © 2001 - 2004 Intel Corporation, 1997 - 2001 Symbol Technologies, Inc. Portions Copyright © MIT
OriginalFilename : S24EvMon.exe

#:8 [lexbces.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1796
ThreadCreationTime : 4-12-2006 8:34:14 PM
BasePriority : Normal
FileVersion : 8.16
ProductVersion : 8.16
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LexBceS.exe

#:9 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1820
ThreadCreationTime : 4-12-2006 8:34:14 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:10 [lexpps.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1836
ThreadCreationTime : 4-12-2006 8:34:14 PM
BasePriority : Normal
FileVersion : 8.16
ProductVersion : 8.16
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LEXPPS.EXE
InternalName : LEXPPS
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LEXPPS.EXE
Comments : MarkVision for Windows '95 New P2P Server (32-bit)

#:11 [aolacsd.exe]
FilePath : C:\Program Files\Common Files\AOL\ACS\
ProcessID : 1988
ThreadCreationTime : 4-12-2006 8:34:15 PM
BasePriority : Normal
FileVersion : 3.0.0.1
ProductVersion : 3.0.0.1
ProductName : AOL Connectivity Service
CompanyName : America Online
FileDescription : AOL Connectivity Service
InternalName : AOLacsd
LegalCopyright : Copyright © 2004 America Online
OriginalFilename : AOLacsd.exe

#:12 [aoltsmon.exe]
FilePath : C:\Program Files\Common Files\AOL\TopSpeed\2.0\
ProcessID : 2004
ThreadCreationTime : 4-12-2006 8:34:15 PM
BasePriority : Normal
FileVersion : 2, 0, 0, 0
ProductVersion : 2, 0, 0, 0
ProductName : AOL TopSpeed™ Monitor
CompanyName : America Online, Inc
FileDescription : AOL TopSpeed™ Monitor
InternalName : AOL TopSpeed™ Monitor
LegalCopyright : Copyright © 2004 America Online, Inc.
OriginalFilename : aoltsmon.exe

#:13 [aolavupd.exe]
FilePath : C:\Program Files\Common Files\AOL\1134917598\ee\services\sscFirewallPlugin\ver1_10_3_1\
ProcessID : 2024
ThreadCreationTime : 4-12-2006 8:34:15 PM
BasePriority : Normal


#:14 [cisvc.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2036
ThreadCreationTime : 4-12-2006 8:34:15 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Content Index service
InternalName : cisvc.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : cisvc.exe

#:15 [command.exe]
FilePath : C:\WINDOWS\aWNl\
ProcessID : 160
ThreadCreationTime : 4-12-2006 8:34:15 PM
BasePriority : Normal


CmdServices Object Recognized!
Type : Process
Data : command.exe
TAC Rating : 4
Category : Adware
Comment :
Object : C:\WINDOWS\aWNl\


Warning! "C:\WINDOWS\aWNl\command.exe"Process could not be terminated!

#:16 [mcshield.exe]
FilePath : C:\PROGRA~1\mcafee.com\ANTIVI~1\
ProcessID : 532
ThreadCreationTime : 4-12-2006 8:34:17 PM
BasePriority : High


#:17 [moviel~1.exe]
FilePath : C:\PROGRA~1\MOVIEL~1\MOVIEL~1\
ProcessID : 568
ThreadCreationTime : 4-12-2006 8:34:17 PM
BasePriority : Normal
FileVersion : 3, 0, 0, 255
ProductVersion : 3, 0, 0, 255
ProductName : Movielink LLC. - Movielink Manager
CompanyName : Movielink LLC
FileDescription : Movielink Manager Core
InternalName : Movielink Core
LegalCopyright : Copyright © 2005, Movielink LLC
OriginalFilename : MovielinkCore.exe

#:18 [mpfservice.exe]
FilePath : C:\Program Files\mcafee.com\personal firewall\
ProcessID : 640
ThreadCreationTime : 4-12-2006 8:34:17 PM
BasePriority : Normal
FileVersion : 7.0.0.141
ProductVersion : 7.0.0.141
ProductName : McAfee Personal Firewall
CompanyName : McAfee Corporation
FileDescription : McAfee Personal Firewall Service
InternalName : MPFService
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : MpfService.exe
Comments : McAfee Personal Firewall Service

#:19 [netmon.exe]
FilePath : C:\Program Files\Network Monitor\
ProcessID : 788
ThreadCreationTime : 4-12-2006 8:34:18 PM
BasePriority : Normal


win32.Trojan.Dnschanger Object Recognized!
Type : Process
Data : netmon.exe
TAC Rating : 10
Category : Monitoring Tool
Comment :
Object : C:\Program Files\Network Monitor\


Warning! "C:\Program Files\Network Monitor\netmon.exe"Process could not be terminated!
Warning! "C:\Program Files\Network Monitor\netmon.exe"Process could not be terminated!

#:20 [regsrvc.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1284
ThreadCreationTime : 4-12-2006 8:34:19 PM
BasePriority : Normal
FileVersion : 4, 1, 0, 0
ProductVersion : 4, 1, 0, 0
ProductName : RegSrvc Module
CompanyName : Intel Corporation
FileDescription : RegSrvc Module
InternalName : RegSrvc
LegalCopyright : Copyright © 2002 - 2004 Intel Corporation
OriginalFilename : RegSrvc.EXE

#:21 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1748
ThreadCreationTime : 4-12-2006 8:34:20 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:22 [sscevthdlr.exe]
FilePath : C:\Program Files\Common Files\AOL\1134917598\ee\services\sscFirewallPlugin\ver1_10_3_1\
ProcessID : 2484
ThreadCreationTime : 4-12-2006 8:34:26 PM
BasePriority : Normal


iSearch Toolbar Object Recognized!
Type : Process
Data : asappsrv.dll
TAC Rating : 3
Category : Malware
Comment :
Object : C:\WINDOWS\aWNl\
FileVersion : 2.1.3.466
ProductVersion : 1.0.0.0


#:23 [pronomgr.exe]
FilePath : C:\Program Files\Intel\NCS\PROSet\
ProcessID : 2588
ThreadCreationTime : 4-12-2006 8:34:28 PM
BasePriority : Normal
FileVersion : 6.1.302.0
ProductVersion : 6.1.302.0
ProductName : Intel® Network Configuration Services
CompanyName : Intel® Corporation
FileDescription : PRONotifyMgr Module
InternalName : PRONotifyMgr
LegalCopyright : Copyright© 2001-2002 Intel Corporation
OriginalFilename : PRONoMgr.exe

iSearch Toolbar Object Recognized!
Type : Process
Data : asappsrv.dll
TAC Rating : 3
Category : Malware
Comment :
Object : C:\WINDOWS\aWNl\
FileVersion : 2.1.3.466
ProductVersion : 1.0.0.0


#:24 [pcmservice.exe]
FilePath : C:\Program Files\Dell\Media Experience\
ProcessID : 2596
ThreadCreationTime : 4-12-2006 8:34:28 PM
BasePriority : Normal
FileVersion : 1.0.1212
ProductVersion : 1.0.1212
ProductName : PCM2Launcher Application
CompanyName : CyberLink Corp.
FileDescription : PowerCinema Resident Program for Dell
InternalName : PowerCinema Resident Program for Dell
LegalCopyright : Copyright c 2003 CyberLink Corp.
OriginalFilename : PCM2Launcher.EXE

iSearch Toolbar Object Recognized!
Type : Process
Data : asappsrv.dll
TAC Rating : 3
Category : Malware
Comment :
Object : C:\WINDOWS\aWNl\
FileVersion : 2.1.3.466
ProductVersion : 1.0.0.0


#:25 [tfswctrl.exe]
FilePath : C:\WINDOWS\system32\dla\
ProcessID : 2604
ThreadCreationTime : 4-12-2006 8:34:28 PM
BasePriority : Normal
FileVersion : 1.04.07b
CompanyName : Sonic Solutions
FileDescription : Drive Letter Access Component
LegalCopyright : Copyright © 2004 Sonic Solutions

iSearch Toolbar Object Recognized!
Type : Process
Data : asappsrv.dll
TAC Rating : 3
Category : Malware
Comment :
Object : C:\WINDOWS\aWNl\
FileVersion : 2.1.3.466
ProductVersion : 1.0.0.0

Warning! "C:\WINDOWS\system32\dla\tfswctrl.exe"Process could not be terminated!

#:26 [quickset.exe]
FilePath : C:\Program Files\Dell\QuickSet\
ProcessID : 2616
ThreadCreationTime : 4-12-2006 8:34:28 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : QuickSet Application
FileDescription : QuickSet MFC Application
InternalName : direct
LegalCopyright : Copyright © 2001
OriginalFilename : direct.EXE

iSearch Toolbar Object Recognized!
Type : Process
Data : asappsrv.dll
TAC Rating : 3
Category : Malware
Comment :
Object : C:\WINDOWS\aWNl\
FileVersion : 2.1.3.466
ProductVersion : 1.0.0.0


#:27 [apoint.exe]
FilePath : C:\Program Files\Apoint\
ProcessID : 2632
ThreadCreationTime : 4-12-2006 8:34:29 PM
BasePriority : Normal
FileVersion : 5.5.101.123
ProductVersion : 5.5.101.123
ProductName : Alps Pointing-device Driver
CompanyName : Alps Electric Co., Ltd.
FileDescription : Alps Pointing-device Driver
InternalName : Alps Pointing-device Driver
LegalCopyright : Copyright © 1999-2003 Alps Electric Co., Ltd.
OriginalFilename : Apoint.exe

iSearch Toolbar Object Recognized!
Type : Process
Data : asappsrv.dll
TAC Rating : 3
Category : Malware
Comment :
Object : C:\WINDOWS\aWNl\
FileVersion : 2.1.3.466
ProductVersion : 1.0.0.0


#:28 [aoldial.exe]
FilePath : C:\Program Files\Common Files\AOL\ACS\
ProcessID : 2640
ThreadCreationTime : 4-12-2006 8:34:29 PM
BasePriority : Normal
FileVersion : 3.0.0.1
ProductVersion : 3.0.0.1
ProductName : AOL Connectivity Service
CompanyName : America Online
FileDescription : AOL Connectivity Service Dialer
InternalName : AOLdial
LegalCopyright : Copyright © 2004 America Online
OriginalFilename : AOLdial.exe

iSearch Toolbar Object Recognized!
Type : Process
Data : asappsrv.dll
TAC Rating : 3
Category : Malware
Comment :
Object : C:\WINDOWS\aWNl\
FileVersion : 2.1.3.466
ProductVersion : 1.0.0.0


#:29 [mousepad10.exe]
FilePath : C:\windows\
ProcessID : 3852
ThreadCreationTime : 4-12-2006 8:34:41 PM
BasePriority : Normal
FileVersion : 1.00.0074
ProductVersion : 1.00.0074
ProductName : Project1
CompanyName : ÄÂÃÌÀ
InternalName : Project1
OriginalFilename : Project1.exe

iSearch Toolbar Object Recognized!
Type : Process
Data : asappsrv.dll
TAC Rating : 3
Category : Malware
Comment :
Object : C:\WINDOWS\aWNl\
FileVersion : 2.1.3.466
ProductVersion : 1.0.0.0


#:30 [mcvsescn.exe]
FilePath : C:\Program Files\mcafee.com\antivirus\
ProcessID : 4092
ThreadCreationTime : 4-12-2006 8:34:43 PM
BasePriority : Normal
FileVersion : 11, 0, 0, 24
ProductVersion : 11, 0, 0, 0
ProductName : McAfee VirusScan
CompanyName : McAfee, Inc.
FileDescription : McAfee VirusScan E-mail Scan Module
InternalName : mcvsescn
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : mcvsescn.EXE
Comments : McAfee VirusScan E-mail Scan Module

iSearch Toolbar Object Recognized!
Type : Process
Data : asappsrv.dll
TAC Rating : 3
Category : Malware
Comment :
Object : C:\WINDOWS\aWNl\
FileVersion : 2.1.3.466
ProductVersion : 1.0.0.0


#:31 [mpftray.exe]
FilePath : C:\Program Files\mcafee.com\personal firewall\
ProcessID : 956
ThreadCreationTime : 4-12-2006 8:34:43 PM
BasePriority : Normal
FileVersion : 7.0.0.141
ProductVersion : 7.0.0.141
ProductName : McAfee Personal Firewall (MPF)
CompanyName : McAfee Security
FileDescription : McAfee Personal Firewall Tray Monitor
InternalName : MpfTray
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : MPFTRAY.EXE
Comments : Tray Icon for McAfee Personal Firewall

iSearch Toolbar Object Recognized!
Type : Process
Data : asappsrv.dll
TAC Rating : 3
Category : Malware
Comment :
Object : C:\WINDOWS\aWNl\
FileVersion : 2.1.3.466
ProductVersion : 1.0.0.0


#:32 [dsagnt.exe]
FilePath : C:\Program Files\Dell Support\
ProcessID : 108
ThreadCreationTime : 4-12-2006 8:34:43 PM
BasePriority : Below Normal
FileVersion : 1, 1, 0, 73
ProductVersion : 1, 1, 0, 73
ProductName : Dell Support
CompanyName : Gteko Ltd.
FileDescription : Dell Support
InternalName : AUAgent
LegalCopyright : Copyright © 2000 - 2004 Gteko Ltd.
OriginalFilename : AUAgent.exe

iSearch Toolbar Object Recognized!
Type : Process
Data : asappsrv.dll
TAC Rating : 3
Category : Malware
Comment :
Object : C:\WINDOWS\aWNl\
FileVersion : 2.1.3.466
ProductVersion : 1.0.0.0


#:33 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ProcessID : 908
ThreadCreationTime : 4-12-2006 8:34:43 PM
BasePriority : Normal
FileVersion : 4.7.2010
ProductVersion : Version 4.7
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 1997-2003
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

iSearch Toolbar Object Recognized!
Type : Process
Data : asappsrv.dll
TAC Rating : 3
Category : Malware
Comment :
Object : C:\WINDOWS\aWNl\
FileVersion : 2.1.3.466
ProductVersion : 1.0.0.0


#:34 [?poolsv.exe]
FilePath : C:\WINDOWS\system32\?ecurity\
ProcessID : 1312
ThreadCreationTime : 4-12-2006 8:34:44 PM
BasePriority : Normal


iSearch Toolbar Object Recognized!
Type : Process
Data : asappsrv.dll
TAC Rating : 3
Category : Malware
Comment :
Object : C:\WINDOWS\aWNl\
FileVersion : 2.1.3.466
ProductVersion : 1.0.0.0

Warning! "C:\WINDOWS\system32\?ecurity\?poolsv.exe"Process could not be terminated!

#:35 [ymsgr_tray.exe]
FilePath : C:\Program Files\Yahoo!\Messenger\
ProcessID : 2168
ThreadCreationTime : 4-12-2006 8:34:52 PM
BasePriority : Normal


iSearch Toolbar Object Recognized!
Type : Process
Data : asappsrv.dll
TAC Rating : 3
Category : Malware
Comment :
Object : C:\WINDOWS\aWNl\
FileVersion : 2.1.3.466
ProductVersion : 1.0.0.0


#:36 [aolssc.exe]
FilePath : c:\program files\common files\aol\1134917598\ee\
ProcessID : 3048
ThreadCreationTime : 4-12-2006 8:39:02 PM
BasePriority : Normal
FileVersion : 1.4.12.1
ProductVersion : 1.4.12.1
ProductName : AOL Service Libraries
CompanyName : America Online, Inc.
FileDescription : AOL
InternalName : AOLSoftware
LegalCopyright : © 2005 America Online, Inc.
OriginalFilename : AOLSoftware.exe

iSearch Toolbar Object Recognized!
Type : Process
Data : asappsrv.dll
TAC Rating : 3
Category : Malware
Comment :
Object : C:\WINDOWS\aWNl\
FileVersion : 2.1.3.466
ProductVersion : 1.0.0.0


#:37 [iexplore.exe]
FilePath : C:\PROGRAM FILES\INTERNET EXPLORER\
ProcessID : 2964
ThreadCreationTime : 4-12-2006 8:39:21 PM
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

iSearch Toolbar Object Recognized!
Type : Process
Data : asappsrv.dll
TAC Rating : 3
Category : Malware
Comment :
Object : C:\WINDOWS\aWNl\
FileVersion : 2.1.3.466
ProductVersion : 1.0.0.0


#:38 [cidaemon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3236
ThreadCreationTime : 4-12-2006 8:41:32 PM
BasePriority : Idle
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Indexing Service filter daemon
InternalName : cidaemon.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : cidaemon.exe

#:39 [oasclnt.exe]
FilePath : C:\PROGRA~1\mcafee.com\ANTIVI~1\
ProcessID : 6032
ThreadCreationTime : 4-12-2006 9:49:06 PM
BasePriority : Normal
FileVersion : 11,0,0,21
ProductVersion : 11,0,0,0
ProductName : McAfee VirusScan API
CompanyName : McAfee, Inc.
FileDescription : McAfee VirusScan OAS Client
InternalName : OasClnt
LegalCopyright : Copyright © 2005 McAfee, Inc.
OriginalFilename : OasClnt.exe

iSearch Toolbar Object Recognized!
Type : Process
Data : asappsrv.dll
TAC Rating : 3
Category : Malware
Comment :
Object : C:\WINDOWS\aWNl\
FileVersion : 2.1.3.466
ProductVersion : 1.0.0.0

"C:\PROGRA~1\mcafee.com\ANTIVI~1\OasClnt.exe"Process terminated successfully

#:40 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 5772
ThreadCreationTime : 4-12-2006 9:50:28 PM
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

iSearch Toolbar Object Recognized!
Type : Process
Data : asappsrv.dll
TAC Rating : 3
Category : Malware
Comment :
Object : C:\WINDOWS\aWNl\
FileVersion : 2.1.3.466
ProductVersion : 1.0.0.0


Adware.Look2Me Object Recognized!
Type : Process
Data : mkdtcprx.dll
TAC Rating : 7
Category : Adware
Comment : iieshare.dll.dmp
Object : C:\WINDOWS\system32\


Warning! Adware.Look2Me Object found in memory(C:\WINDOWS\system32\mkdtcprx.dll)


#:41 [qfajwf.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1012
ThreadCreationTime : 4-12-2006 9:51:11 PM
BasePriority : Normal
FileVersion : 1, 1, 0, 9
ProductVersion : 0, 0, 7, 0

ABetterInternet.Aurora Object Recognized!
Type : Process
Data : qfajwf.exe
TAC Rating : 10
Category : Malware
Comment : fjrceae.exe.dmp
Object : C:\WINDOWS\System32\
FileVersion : 1, 1, 0, 9
ProductVersion : 0, 0, 7, 0

Warning! ABetterInternet.Aurora Object found in memory(C:\WINDOWS\System32\qfajwf.exe)

"C:\WINDOWS\System32\qfajwf.exe"Process terminated successfully
"C:\WINDOWS\System32\qfajwf.exe"Process terminated successfully

#:42 [aolsp scheduler.exe]
FilePath : c:\program files\common files\aol\1134917598\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\
ProcessID : 5080
ThreadCreationTime : 4-12-2006 9:59:01 PM
BasePriority : Normal


CmdServices Object Recognized!
Type : Process
Data : asappsrv.dll
TAC Rating : 4
Category : Adware
Comment : (CSI MATCH)
Object : C:\WINDOWS\aWNl\
FileVersion : 2.1.3.466
ProductVersion : 1.0.0.0

Warning! CmdServices Object found in memory(C:\WINDOWS\aWNl\asappsrv.dll)

"c:\program files\common files\aol\1134917598\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe"Process terminated successfully

#:43 [aolsoftware.exe]
FilePath : C:\Program Files\Common Files\AOL\1134917598\ee\
ProcessID : 2676
ThreadCreationTime : 4-12-2006 9:59:43 PM
BasePriority : Normal
FileVersion : 1.4.12.1
ProductVersion : 1.4.12.1
ProductName : AOL Service Libraries
CompanyName : America Online, Inc.
FileDescription : AOL
InternalName : AOLSoftware
LegalCopyright : © 2005 America Online, Inc.
OriginalFilename : AOLSoftware.exe

iSearch Toolbar Object Recognized!
Type : Process
Data : asappsrv.dll
TAC Rating : 3
Category : Malware
Comment :
Object : C:\WINDOWS\aWNl\
FileVersion : 2.1.3.466
ProductVersion : 1.0.0.0


#:44 [aurareco.exe]
FilePath : C:\DOCUME~1\ice\LOCALS~1\Temp\
ProcessID : 5132
ThreadCreationTime : 4-12-2006 10:02:26 PM
BasePriority : Normal
FileVersion : 2, 0, 3, 7
ProductVersion : 2, 0, 3, 7

iSearch Toolbar Object Recognized!
Type : Process
Data : asappsrv.dll
TAC Rating : 3
Category : Malware
Comment :
Object : C:\WINDOWS\aWNl\
FileVersion : 2.1.3.466
ProductVersion : 1.0.0.0

"C:\DOCUME~1\ice\LOCALS~1\Temp\aurareco.exe"Process terminated successfully

#:45 [dinst.exe]
FilePath : C:\DOCUME~1\ice\LOCALS~1\Temp\
ProcessID : 3124
ThreadCreationTime : 4-12-2006 10:02:33 PM
BasePriority : Normal


ImIServer IEPlugin Object Recognized!
Type : Process
Data : dinst.exe
TAC Rating : 5
Category : Data Miner
Comment : dinst.exe.dmp
Object : C:\DOCUME~1\ice\LOCALS~1\Temp\


Warning! ImIServer IEPlugin Object found in memory(C:\DOCUME~1\ice\LOCALS~1\Temp\dinst.exe)

"C:\DOCUME~1\ice\LOCALS~1\Temp\dinst.exe"Process terminated successfully
"C:\DOCUME~1\ice\LOCALS~1\Temp\dinst.exe"Process terminated successfully

#:46 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 3100
ThreadCreationTime : 4-12-2006 11:17:42 PM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

CmdServices Object Recognized!
Type : Process
Data : asappsrv.dll
TAC Rating : 4
Category : Adware
Comment : (CSI MATCH)
Object : C:\WINDOWS\aWNl\
FileVersion : 2.1.3.466
ProductVersion : 1.0.0.0

Warning! CmdServices Object found in memory(C:\WINDOWS\aWNl\asappsrv.dll)


Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 4
Objects found so far: 28


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Adware.Freeprod Toolbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 3
Category : Adware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{a8b0bded-64a5-495b-97da-42c0301e229b}

FizzleBar Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : toolbarbesttoolbarstoolbar.besttoolbarstoolbarobject

FizzleBar Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : toolbarbesttoolbarstoolbar.besttoolbarstoolbarobject.1

Softomate Toolbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 9
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{cabbb49a-4d7b-415b-8250-15c3b854e9ff}

VX2 Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1214440339-2111687655-854245398-1005\software\aurora

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1214440339-2111687655-854245398-1005\software\aurora
Value : AUAc7C0u4t57D

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1214440339-2111687655-854245398-1005\software\aurora
Value : AUI3d5OfSInst

Alexa Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}

Alexa Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : MenuStatusBar

Alexa Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : Script

Alexa Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : clsid

Alexa Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : Icon

Alexa Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : HotIcon

Alexa Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : ButtonText

MicroGaming Object Recognized!
Type : Regkey
Data :
TAC Rating : 4
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1214440339-2111687655-854245398-1005\software\microgaming

Softomate Toolbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 9
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\toolbarbesttoolbarstoolbar.besttoolbarstoolbarobject

Softomate Toolbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 9
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\toolbarbesttoolbarstoolbar.besttoolbarstoolbarobject.1

Alexa Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : .DEFAULT\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}

Alexa Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : S-1-5-18\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}

Alexa Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : S-1-5-21-1214440339-2111687655-854245398-1005\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}

ABetterInternet.Nail Object Recognized!
Type : RegData
Data : explorer.exe
TAC Rating : 5
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows nt\currentversion\winlogon
Value : Shell
Data : explorer.exe

Windows Object Recognized!
Type : RegData
Data : explorer.exe
TAC Rating : 3
Category : Vulnerability
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows nt\currentversion\winlogon
Value : Shell
Data : explorer.exe

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 22
Objects found so far: 50


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 50

Adware.Freeprod Toolbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Adware
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\microsoft\internet explorer\toolbar\Webbrowser
Value : {77fbf9b8-1d37-4ff2-9ced-192d8e3aba6f}

Adware.Freeprod Toolbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Adware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-18\software\microsoft\internet explorer\toolbar\Webbrowser
Value : {77fbf9b8-1d37-4ff2-9ced-192d8e3aba6f}

Adware.Freeprod Toolbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 3
Category : Adware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1214440339-2111687655-854245398-1005\software\microsoft\internet explorer\toolbar\Webbrowser
Value : {77fbf9b8-1d37-4ff2-9ced-192d8e3aba6f}


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ice@2o7[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3254
Value : Cookie:ice@2o7.net/
Expires : 4-11-2011 10:06:14 AM
LastSync : Hits:3254
UseCount : 0
Hits : 3254

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ice@247realmedia[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:7
Value : Cookie:ice@247realmedia.com/
Expires : 12-31-2020 5:00:00 PM
LastSync : Hits:7
UseCount : 0
Hits : 7

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ice@z1.adserver[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1831
Value : Cookie:ice@z1.adserver.com/
Expires : 4-12-2007 10:48:16 AM
LastSync : Hits:1831
UseCount : 0
Hits : 1831

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ice@ehg-osiris.hitbox[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:31
Value : Cookie:ice@ehg-osiris.hitbox.com/
Expires : 3-7-2007 7:35:20 PM
LastSync : Hits:31
UseCount : 0
Hits : 31

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ice@adserver.sharewareonline[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:26
Value : Cookie:ice@adserver.sharewareonline.com/
Expires : 1-17-2038 5:00:00 PM
LastSync : Hits:26
UseCount : 0
Hits : 26

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ice@casinotropez[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:38
Value : Cookie:ice@casinotropez.com/
Expires : 4-9-2016 2:52:40 AM
LastSync : Hits:38
UseCount : 0
Hits : 38

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ice@statse.webtrendslive[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:857
Value : Cookie:ice@statse.webtrendslive.com/
Expires : 4-8-2016 10:05:02 AM
LastSync : Hits:857
UseCount : 0
Hits : 857

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ice@ads.pointroll[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1284
Value : Cookie:ice@ads.pointroll.com/
Expires : 12-31-2009 5:00:00 PM
LastSync : Hits:1284
UseCount : 0
Hits : 1284

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ice@iwon[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:8789
Value : Cookie:ice@iwon.com/
Expires : 1-17-2038 5:00:00 PM
LastSync : Hits:8789
UseCount : 0
Hits : 8789

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ice@adrevolver[3].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:112
Value : Cookie:ice@media.adrevolver.com/adrevolver/
Expires : 1-3-2009 11:39:18 PM
LastSync : Hits:112
UseCount : 0
Hits : 112

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ice@ehg-netquote.hitbox[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:ice@ehg-netquote.hitbox.com/
Expires : 1-19-2007 1:25:36 AM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ice@valueclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:194
Value : Cookie:ice@valueclick.com/
Expires : 4-5-2031 10:08:08 PM
LastSync : Hits:194
UseCount : 0
Hits : 194

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ice@perf.overture[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:152
Value : Cookie:ice@perf.overture.com/
Expires : 1-13-2010 2:03:24 AM
LastSync : Hits:152
UseCount : 0
Hits : 152

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ice@www.casinotropez[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:ice@www.casinotropez.com/
Expires : 1-13-2011 7:23:52 PM
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ice@tickle[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:11
Value : Cookie:ice@tickle.com/
Expires : 3-2-2008 2:21:16 PM
LastSync : Hits:11
UseCount : 0
Hits : 11

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ice@ehg-tigerdirect2.hitbox[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:231
Value : Cookie:ice@ehg-tigerdirect2.hitbox.com/
Expires : 3-27-2007 1:55:50 PM
LastSync : Hits:231
UseCount : 0
Hits : 231

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ice@casalemedia[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:8
Value : Cookie:ice@casalemedia.com/
Expires : 4-3-2007 3:49:42 AM
LastSync : Hits:8
UseCount : 0
Hits : 8

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ice@cgi-bin[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:ice@onlineid.bankofamerica.com/cgi-bin/
Expires : 1-28-2006 8:07:18 AM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ice@overture[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:582
Value : Cookie:ice@overture.com/
Expires : 4-9-2016 6:18:56 AM
LastSync : Hits:582
UseCount : 0
Hits : 582

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ice@data.coremetrics[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:57
Value : Cookie:ice@data.coremetrics.com/
Expires : 1-13-2021 1:28:08 PM
LastSync : Hits:57
UseCount : 0
Hits : 57

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ice@ehg-sierratradingpost.hitbox[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:ice@ehg-sierratradingpost.hitbox.com/
Expires : 1-19-2007 3:11:30 AM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ice@mediaplex[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:213
Value : Cookie:ice@mediaplex.com/
Expires : 6-21-2009 5:00:00 PM
LastSync : Hits:213
UseCount : 0
Hits : 213

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ice@pacificpoker[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:21
Value : Cookie:ice@pacificpoker.com/
Expires : 10-18-2007 12:41:26 AM
LastSync : Hits:21
UseCount : 0
Hits : 21

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ice@zedo[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:482
Value : Cookie:ice@zedo.com/
Expires : 1-11-2016 11:11:16 PM
LastSync : Hits:482
UseCount : 0
Hits : 482

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ice@ehg-samsungusa.hitbox[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:52
Value : Cookie:ice@ehg-samsungusa.hitbox.com/
Expires : 3-19-2007 10:48:16 PM
LastSync : Hits:52
UseCount : 0
Hits : 52

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ice@centrport[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:37
Value : Cookie:ice@centrport.net/
Expires : 12-31-2029 5:00:00 PM
LastSync : Hits:37
UseCount : 0
Hits : 37

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ice@fastclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1485
Value : Cookie:ice@fastclick.net/
Expires : 4-11-2008 10:56:22 AM
LastSync : Hits:1485
UseCount : 0
Hits : 1485

Tracking

BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:35 PM

Posted 13 April 2006 - 07:10 AM

Hello,

I see several different infections present.

Please perform next in the right order:

* Download Brute Force Uninstaller.
Unzip it to a folder of it’s own (c:\BFU).
Read here how to unzip/extract properly:
http://metallica.geekstogo.com/xpcompressedexplanation.html
Start the Brute Force Uninstaller by doubleclicking BFU.exe

Next to the 'scriptfile to execute'-window you'll see a little icon as shown in next picture: Posted Image
When you click that icon, a little window will open that says: 'Please enter the full URL to the sript you want to execute'
In the field, copy and paste next URL:

http://metallica.geekstogo.com/alcanshorty.bfu

Click Ok.
Then click execute in Brute Force Uninstaller.

Extra note:
If nothing happens after pressing the Execute button, this means that the script didn't download. In that case, download the script ( alcanshorty.bfu ) manually from above url ( rightclick on it and choose 'save as' and save it in your BFU-folder). Then start BFU.exe again and click the browse button next to the 'scriptfile to execute'-window
Browse to the script you downloaded and Click Ok and Execute in Brute Force Uninstaller.


Wait for the complete script execution box to popup and press OK.
Press exit to terminate the BFU program.

Please download Look2Me-Destroyer.exe to your desktop.
  • Close all windows before continuing.
  • Double-click Look2Me-Destroyer.exe to run it.
  • Put a check next to Run this program as a task.
  • You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 1 minute. Click OK
  • When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
  • Once it's done scanning, click the Remove L2M button.
  • You will receive a Done Scanning message, click OK.
  • When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
  • Your computer will then shutdown.
  • Turn your computer back on.
If Look2Me-Destroyer does not reopen automatically, reboot and try again.

If you receive a message from your firewall about this program accessing the internet please allow it.

If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.
http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX

* Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Click the "Delete Cookies" button
  • Next to it, Click the "Delete Files" button
  • When prompted, place a check in: "Delete all offline content", click OK
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu on the left side of the Options window.
  • Click the Clear button located to the right of each option (History, Cookies, Cache).
  • Click OK to close the Options window
    Alternatively, you can clear all information stored while browsing by clicking Clear All.
    A confirmation dialog box will be shown before clearing the information.
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
* Perform an onlinescan with panda: (please use this scanner instead of any other scanner!)
Panda Online
- Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

Click here to download HJTsetup.exe
  • Save HJTsetup.exe to your desktop.
  • Double click on the HJTsetup.exe icon on your desktop.
  • By default it will install to C:\Program Files\Hijack This.
  • Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
  • Put a check by Create a desktop icon then click Next again.
  • Continue to follow the rest of the prompts from there.
  • At the final dialogue box click Finish and it will launch Hijack This.
  • Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
  • Click Save to save the log file and then the log will open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply together with the contents of the Panda scan report and the contents of Look2Me-Destroyer.txt present on your desktop..
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 iceoc

iceoc
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:35 PM

Posted 14 April 2006 - 01:01 AM

this is what i find
Incident Status Location

Spyware:Spyware/New.net Not disinfected C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20060411103038.zip[newdotnet7_22.to_be_deleted_x]
Spyware:Spyware/New.net Not disinfected C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20060411103038.zip[newdotnet7_22.to_be_deleted]
Adware:Adware/WebHancer Not disinfected C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20060412054746.zip[whagent.exe]
Adware:Adware/WebHancer Not disinfected C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20060412054746.zip[whiehlpr.dll]
Adware:Adware/WebHancer Not disinfected C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20060412054746.zip[whsurvey.exe]
Adware:Adware/WebHancer Not disinfected C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20060412054746.zip[webhdll.dll]
Adware:Adware/WebHancer Not disinfected C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20060412054746.zip[whiehlpr.to_be_deleted]
Adware:Adware/WebHancer Not disinfected C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20060412054746.zip[whinstaller.exe]
Adware:Adware/WebHancer Not disinfected C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20060412054746.zip[whsurvey.to_be_deleted]
Adware:Adware/WebHancer Not disinfected C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20060412054746.zip[webhdll.to_be_deleted]
Adware:Adware/WebHancer Not disinfected C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20060412054746.zip[whiehlpr.to_be_deleted_x]
Adware:Adware/WebHancer Not disinfected C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20060412054746.zip[whsurvey.to_be_deleted_x]
Spyware:Spyware/New.net Not disinfected C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20060412061940.zip[NDNuninstall6_38.exe]
Spyware:Spyware/New.net Not disinfected C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20060412061940.zip[newdotnet6_38.dll]
Spyware:Spyware/New.net Not disinfected C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20060412061940.zip[uninstall6_38.exe]
Spyware:Spyware/New.net Not disinfected C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20060412061940.zip[newdotnet6_38.to_be_deleted]
Spyware:Spyware/New.net Not disinfected C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20060412061940.zip[newdotnet6_38.to_be_deleted_x]
Spyware:Spyware/New.net Not disinfected C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20060412063434.zip[newdotnet6_38.to_be_deleted]
Spyware:Spyware/New.net Not disinfected C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20060412063434.zip[newdotnet6_38.to_be_deleted_x]
Spyware:Spyware/New.net Not disinfected C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20060412064934.zip[newdotnet6_38.to_be_deleted]
Spyware:Spyware/New.net Not disinfected C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20060412064934.zip[newdotnet6_38.to_be_deleted_x]
Spyware:Spyware/New.net Not disinfected C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20060412070439.zip[newdotnet6_38.to_be_deleted]
Spyware:Spyware/New.net Not disinfected C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20060412070439.zip[newdotnet6_38.to_be_deleted_x]
Spyware:Spyware/New.net Not disinfected C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20060412071935.zip[newdotnet6_38.to_be_deleted]
Spyware:Spyware/New.net Not disinfected C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20060412071935.zip[newdotnet6_38.to_be_deleted_x]
Spyware:Spyware/New.net Not disinfected C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20060412073434.zip[newdotnet6_38.to_be_deleted]
Spyware:Spyware/New.net Not disinfected C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20060412073434.zip[newdotnet6_38.to_be_deleted_x]
Spyware:spyware/surfsidekick Not disinfected C:\Documents and Settings\ice\Application Data\Sskcwrd.dll
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\FlaPops 2.0.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Flaredance Firework Screensaver 1.1.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Flash 'n Bingo 1.4.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Flash 1.0.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Flash 2 Screensaver 2.1.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Flash Album Creator 1.54.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Flash Capture 1.2.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Flash Card Manager 2.0.5.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Flash Cards For Learning 1.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Flash Catcher 1.0.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Flash Catcher 2.5.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Flash CD & DVD Burner 2.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Flash Clock ScreenSaver FL.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Flash Compiler & Decompiler 0.91.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Flash Decompiler 2.6.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Flash Demo Builder 1 build 1136.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Flash Desktop 4.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Flash Desktops Professional 2.52.94.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Flash Effect Maker 2.3226.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Flash Favorite 1.4.8.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Flash File Recovery 1.6.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Flash Format (Handheld PC) 2.51.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Flash Format 2.66.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Flash Formmail 1.1.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Flash Games Collection 1.0.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Flash Jigsaw Producer 1.5.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Flash LipSync 1.02.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Flash LipSync Bundle 1.0.1.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Flash Menu Builder 1.0.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Flash Messaging System 5.2.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Flash Miner 1.4.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Flash Movie Player 1.4.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Flash mp3 Buttons 2.2.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Flash Online Scanner 1.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Flash Optimizer 1.4.5.1.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Flash Optimizer 1.45.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Flash Optimizer 1.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Flash Optimizer Lite 1.43 build 1.4.3.155.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Flash Packager 2.1.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Flash Player (Internet Explorer) 8.0.22.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Flash Player (NetscapeFirefox) 8.0.22.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Flash Player 8.0.22.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Flash Player Pro 2.8.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Flash Pro XP.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Flash Professional 8.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Flash Renamer 4.81.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Flash Saver Maker 1.65.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Flash Screen Saver 2.02.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Flash Screen Saver Builder 2.0.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Flash Screensaver 1.0.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Flash Screensaver 2.0.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Flash ScreenSaver Builder 4.8.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Flash Screensaver Creator 2.0.2.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Flash Screensaver DIY 1.7.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Flash ScreenSaver Maker 2.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Flash Screensaver Maker 3.92.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Flash Slide Show Fireworks MX2004MX8 1.1.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Flash Sound Grabber 1.05.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Flash Spider 2.01.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Flash to 3GP Converter 1.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Flash to PSP Converter 1.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Flash To Video Encoder 2.8.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Flash to Video Studio 1.0.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Flash Toolset Professional Edition 2.0.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Flash Video MX 2.0.5.7.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Flash Video Studio 1.5.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Flash Viewer 1.0.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Flash Wallpaper 1.01.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Flash Web Browser Watermelon 2.1.3.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Flash! from The Astronomer's Telegram 1.0.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Flash-Album Author 1.5.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Flash-Creator 1.0.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Flash-Math 1.0.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Flash-SWF to AVIGIF Converter 2.01.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Flash2Video 3.16 build 550.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Flash2X EXE Packager 2.0.2.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Flash2X Flash Hunter 2.0.3.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Free MP3s.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Free Screensavers.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Full Metal Panic Dual Audio.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Futurama Comics + Reader App.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Futurama Season 1 5 Complete Extras.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Get it now....zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\GigAlarm 1.28.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Giganews Binary Newsreader 3.1.6.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Gigantic (A Tale of Two Johns) Trailer .zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\GigaPacker 1.6.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\GigaSoft ProEssentials 5.0.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\GigaTask 2.17.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\GigaTrust for Email 3.2.385.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Gigli Trailer .zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\GIHS Affiliate Master Program 1.0.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\GimmeFreeData 1.5.1.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Gimp-Print 4.3.18.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Gin Rummy 16.4 build 16402.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Gin Rummy Pro 2.0.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Gin RummyVideo-Poker 2.1.59.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Gink in Trouble 1.0.11.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Ginkgo Paint 1.0.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\GIPALS General Interior-Point Algorithm Linear Solver 1.2.1.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\GIPALS32 - Linear Programming Library 1.2.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Girafa 2.12.06.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Giraffe 1.1.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Girder 3.3.1.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Girl On Playground Jigsaw Puzzle 96pc.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Girl straddling and riding life-sized Bugs Bunny wmv.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Girtab 1.2.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\GIS Image Analyzer 1.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\GIS.NET 1.1.3.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Gish .zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Gish 1.3.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Gish v1.3 patch .zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Gitarrero Beginner 1.2.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Give Me Too Network Sniffer 2.0.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Giving and Sharing Christmas Screensaver 1.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Giza 2.1.7.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Gizmo Database 2.0.2.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Gizmo Drive 2.0.3.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Gizmo Editor 2.0.5.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Gizmo Hasher 2.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Gizmo Project 1.0.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Gizmo Script 2.0.4.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Gizmo Synchronization 2.0.3.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Gizmo Toolbar 2.0.8.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Gizmo Village 2.0.8.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\GJ Pacman aMAZEment 1.0.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\GL Golf 1.86.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Glace 1.2.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Glacier Bay 1.0.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Glance 2.0.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Glary Utilities 1.3.0.8.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Glass Window 1.5.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\Glassbox Troubleshooter 1.1.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\GlassRoom 3.3.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\GLBasic SDK 1.4.zip[Setup.exe]

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:35 PM

Posted 14 April 2006 - 01:47 AM

Hi, can you also post the other logs I asked you?
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 iceoc

iceoc
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:35 PM

Posted 14 April 2006 - 02:50 PM

hope this work i had to do the look2me over do not no were the 1 i did. go let me no if it is good
Look2Me-Destroyer V1.0.12

Scanning for infected files.....
Scan started at 4/14/2006 3:34:06 PM


Attempting to delete infected files...

Making registry repairs.


Restoring Windows certificates.

Replaced hosts file with default windows hosts file


Restoring SeDebugPrivilege for Administrators - Succeeded

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:35 PM

Posted 14 April 2006 - 03:10 PM

And now a hijackthislog as I asked you before as well. :thumbsup:

Click here to download HJTsetup.exe

  • Save HJTsetup.exe to your desktop.
  • Double click on the HJTsetup.exe icon on your desktop.
  • By default it will install to C:\Program Files\Hijack This.
  • Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
  • Put a check by Create a desktop icon then click Next again.
  • Continue to follow the rest of the prompts from there.
  • At the final dialogue box click Finish and it will launch Hijack This.
  • Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
  • Click Save to save the log file and then the log will open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.


AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 iceoc

iceoc
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:35 PM

Posted 14 April 2006 - 04:38 PM

Logfile of HijackThis v1.99.1
Scan saved at 10:45:46 AM, on 4/12/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\1134917598\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\aWNl\command.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
C:\WINDOWS\System32\1XConfig.exe
C:\PROGRA~1\MOVIEL~1\MOVIEL~1\MOVIEL~1.EXE
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\OasClnt.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\AOL\1134917598\ee\AOLSoftware.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Movielink\MovielinkManager\Movielink User.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\AOL\1134917598\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCEvtHdlr.exe
C:\WINDOWS\System32\wnnryz.exe
C:\windows\mousepad10.exe
C:\WINDOWS\system32\qqdsrego.exe
C:\Program Files\Common Files\AOL\1134917598\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\WINDOWS\system32\?ecurity\?poolsv.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\rwinrrag.exe
C:\DOCUME~1\ice\LOCALS~1\Temp\aurareco.exe
C:\DOCUME~1\ice\LOCALS~1\Temp\dinst.exe
c:\program files\common files\aol\1134917598\ee\aolssc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://myacc.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,ofhvlxa.exe
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - (no file)
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: BestOffers Shopping v1.20 - {7FD44536-9DF0-4034-939F-5BD4D98E3187} - C:\Program Files\TBONAS\TBONlchr.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: i&Won Co-Pilot - {CA0B9B71-C2AF-11D3-B376-0800460222F0} - C:\Program Files\iWon\iWonBar\3.bin\IWONBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1134917598\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [LoadMSvcmm] "C:\Program Files\Movielink\MovielinkManager\Movielink User.exe"
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [Dinst]
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard10.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad10.exe
O4 - HKLM\..\Run: [newname] C:\windows\newname10.exe
O4 - HKLM\..\Run: [{C9-9F-FA-AB-ZN}] C:\WINDOWS\system32\qqdsrego.exe CORN001
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1134917598\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1134917598\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCRun.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
O4 - HKLM\..\Run: [mrnfbq] C:\WINDOWS\system32\mbjnbs.exe reg_run
O4 - HKLM\..\Run: [bcsipvn] C:\WINDOWS\System32\wnnryz.exe r
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [fqiw] C:\PROGRA~1\COMMON~1\fqiw\fqiwm.exe
O4 - HKCU\..\Run: [iougc] C:\WINDOWS\system32\mbjnbs.exe reg_run
O4 - HKCU\..\Run: [Iosu] "C:\WINDOWS\SSTEM~1\tracert.exe" -vt yazr
O4 - HKCU\..\Run: [Lwcgotvv] C:\WINDOWS\system32\?ecurity\?poolsv.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\rwinrrag.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\qqdsrego.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - http://sef.mlxchange.com/Control/MultiSelectComboBox.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by7fd.bay7.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1134162397990
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://sef.mlxchange.com/Control/MLXClientUtils.cab
O16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} - http://cc.iwon.com/ct/pm3/iwonpm_12_1,0,2,5.cab
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://sef.mlxchange.com/Control/IRCSharc.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - http://activex.microgaming.com/DLhelper/ve...n7/dlhelper.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...734/mcfscan.cab
O20 - AppInit_DLLs: repairs303169569.dll
O20 - Winlogon Notify: MediaContentIndex - C:\WINDOWS\system32\lvn4095qe.dll
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - America Online - C:\Program Files\Common Files\AOL\1134917598\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\aWNl\command.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
O23 - Service: Movielink Core Service - Movielink LLC - C:\PROGRA~1\MOVIEL~1\MOVIEL~1\MOVIEL~1.EXE
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\mvwqbbn.exe

#8 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:35 PM

Posted 14 April 2006 - 05:08 PM

Ok, it looks like we have to start all over again, because I am afraid, some steps I asked you previously to perform weren't performed or at least not exactly as I described.

That's why it is really important you perform EVERY step in the right order.
It also looks like I have to add some additional steps, since you are dealing with A LOT of different infections.
Your system is TERRIBLY infected!
I am actually wondering it is still able to boot properly.
And I also guess you didn't post the entire pandalog, because it is impossible it didn't list the other files present.

It's better to print out the next instructions or save it in notepad, because you also have to work in safe mode without networking support, so this page wouldn't be available then.
It is also important you don't miss a step and perform everything in the right order!!
I can't stress enough how important this is!!
I am not going to let you delete any files manually yet, just to be on the safe side, since most of the next steps you have to perform will already deal with most and otherwise it may getting confusing.

* Go to start > controlpanel > software > add/remove programs and uninstall next programs if present:

SurfsideKick
Webnexus
Network Monitor
PuritySCAN By OIN, OuterInfo or similar
Zenosearch
The Best Offers
iWon


REBOOT everytime when asked during the uninstalls!! Really important!!

After reboot,

* Please set your system to show all files; please see here if you're unsure how to do this.

Please download Ewido anti-malware ; it is a free version of the program.
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu
  • Launch ewido by double-clicking on the icon on your desktop.
  • The program will now open to the main screen.
  • When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display ("Update successful")
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates
Don't run it yet.

Not sure if you also performed next step previously, I guess not, since there has nothing being changed, so let's give the instructions again:

* Download Brute Force Uninstaller.
Unzip it to a folder of it’s own (c:\BFU).
Read here how to unzip/extract properly:
http://metallica.geekstogo.com/xpcompressedexplanation.html

Then rightclick on next link: http://metallica.geekstogo.com/alcanshorty.bfu
Choose save as.
Save this file alcanshorty.bfu in your c:\BFU-folder! Important!!

* Reboot into Safe Mode`: ( without networking support !)
°To get into the Safe mode as the computer is booting press and hold your "F8 Key". Use your arrow keys to move to "Safe Mode" and press your Enter key.

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,ofhvlxa.exe
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - (no file)
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: BestOffers Shopping v1.20 - {7FD44536-9DF0-4034-939F-5BD4D98E3187} - C:\Program Files\TBONAS\TBONlchr.dll
O3 - Toolbar: i&Won Co-Pilot - {CA0B9B71-C2AF-11D3-B376-0800460222F0} - C:\Program Files\iWon\iWonBar\3.bin\IWONBAR.DLL
O4 - HKLM\..\Run: [Dinst]
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard10.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad10.exe
O4 - HKLM\..\Run: [newname] C:\windows\newname10.exe
O4 - HKLM\..\Run: [{C9-9F-FA-AB-ZN}] C:\WINDOWS\system32\qqdsrego.exe CORN001
O4 - HKLM\..\Run: [mrnfbq] C:\WINDOWS\system32\mbjnbs.exe reg_run
O4 - HKLM\..\Run: [bcsipvn] C:\WINDOWS\System32\wnnryz.exe r
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [fqiw] C:\PROGRA~1\COMMON~1\fqiw\fqiwm.exe
O4 - HKCU\..\Run: [iougc] C:\WINDOWS\system32\mbjnbs.exe reg_run
O4 - HKCU\..\Run: [Iosu] "C:\WINDOWS\SSTEM~1\tracert.exe" -vt yazr
O4 - HKCU\..\Run: [Lwcgotvv] C:\WINDOWS\system32\?ecurity\?poolsv.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\rwinrrag.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\qqdsrego.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} - http://cc.iwon.com/ct/pm3/iwonpm_12_1,0,2,5.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - http://activex.microgaming.com/DLhelper/ve...n7/dlhelper.cab
O20 - AppInit_DLLs: repairs303169569.dll
O20 - Winlogon Notify: MediaContentIndex - C:\WINDOWS\system32\lvn4095qe.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\aWNl\command.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\mvwqbbn.exe


* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

* Open your c:\BFU-folder and doubleclick BFU.exe to start the program.
Next to the 'file to execute'-window, you'll find the icon of a folder.
Click that icon and browse to alcanshorty.bfu
Click Open.
Then click Execute in BFU.exe.
Let it perform its job.

* Still in safe mode... * Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Click the "Delete Cookies" button
  • Next to it, Click the "Delete Files" button
  • When prompted, place a check in: "Delete all offline content", click OK
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu on the left side of the Options window.
  • Click the Clear button located to the right of each option (History, Cookies, Cache).
  • Click OK to close the Options window
    Alternatively, you can clear all information stored while browsing by clicking Clear All.
    A confirmation dialog box will be shown before clearing the information.
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
* Open Ewido anti-malware
Click on scanner

* Click Complete System Scan and the scan will begin.
* During the scan it will prompt you to clean files, click OK
* When the scan is finished, look at the bottom of the screen and click the Save report button.
* Save the report to your desktop

Close Ewido

* Reboot your system back to normal mode.

Now I am going to ask you to run look2me Destroyer again. Please read the instructions very carefully, because I guess you didn't perform it right previously.
  • Close all windows before continuing.
  • Double-click Look2Me-Destroyer.exe to run it.
  • Put a check next to Run this program as a task.
  • You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 1 minute. Click OK
  • When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
  • Once it's done scanning, click the Remove L2M button.
  • You will receive a Done Scanning message, click OK.
  • When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
  • Your computer will then shutdown.
  • Turn your computer back on.
If Look2Me-Destroyer does not reopen automatically, reboot and try again.

If you receive a message from your firewall about this program accessing the internet please allow it.

If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.
http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX

* Perform an onlinescan with panda: (please use this scanner instead of any other scanner!)
Panda Online
- Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

I need next logs in your next reply/replies. (If they don't fit in one reply, use more instead)
  • New log from Panda Online
  • Ewido Log
  • Log from Look2me Destroyer
  • New Hijackthislog (so scan again with Hijackthis and save the log)

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 iceoc

iceoc
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:35 PM

Posted 15 April 2006 - 03:04 AM

Look2Me-Destroyer does not reopen automatically, i try rebooting and try again. but it will not reopen what now?

#10 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:35 PM

Posted 15 April 2006 - 07:45 AM

Skip that step with Look2me Destroyer.. we'll deal with it afterwards. Please make sure you *did perform all the other steps.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 iceoc

iceoc
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:35 PM

Posted 15 April 2006 - 11:51 AM

OK HERE IT IS
Incident Status Location

Spyware:spyware/surfsidekick Not disinfected C:\Documents and Settings\ice\Application Data\Sskcwrd.dll
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\GlidePics 3D 1.088.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\GPSengine 2.11.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\GPSMap 5.0.zip[Setup.exe]
Virus:Trj/Gaodrop.A Not disinfected C:\Documents and Settings\ice\Complete\GPSNavX 2.13.zip[Setup.exe]
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\ice\Cookies\ice@888[1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\ice\Cookies\ice@888[2].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\ice\Cookies\ice@adopt.hbmediapro[2].txt
Spyware:Cookie/BestOffersNetworks Not disinfected C:\Documents and Settings\ice\Cookies\ice@bestoffersnetworks[2].txt
Spyware:Cookie/Btgrab Not disinfected C:\Documents and Settings\ice\Cookies\ice@btg.btgrab[3].txt
Spyware:Cookie/Btgrab Not disinfected C:\Documents and Settings\ice\Cookies\ice@btg.btgrab[4].txt
Spyware:Cookie/Btgrab Not disinfected C:\Documents and Settings\ice\Cookies\ice@btg.btgrab[5].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\ice\Cookies\ice@cassava[1].txt
Spyware:Cookie/Twain-Tech Not disinfected C:\Documents and Settings\ice\Cookies\ice@cliks[2].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\ice\Cookies\ice@maxserving[1].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\ice\Cookies\ice@offeroptimizer[1].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\ice\Cookies\ice@offeroptimizer[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\ice\Cookies\ice@realmedia[1].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\ice\Cookies\ice@searchportal.information[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\ice\Desktop\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\ice\Desktop\smitRem.exe[Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\ice\My Documents\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\ice\My Documents\smitRem.exe[Process.exe]
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\LocalService\Cookies\system@cassava[1].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\LocalService\Cookies\system@did-it[1].txt
Spyware:Cookie/AspinallsOnlineCasino Not disinfected C:\Documents and Settings\LocalService\Cookies\system@pacificpoker[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\LocalService\Cookies\system@realmedia[1].txt
Virus:Bck/IRCBot.WJ Not disinfected C:\iexplore.exe
Adware:Adware/Exact.BargainBuddy Not disinfected C:\Program Files\BE Network\bin\context.exe
Potentially unwanted tool:Application/iWon Not disinfected C:\Program Files\Hijackthis\backups\backup-20060415-013138-973.inf
Potentially unwanted tool:Application/iWon Not disinfected C:\Program Files\iWon\iWonBar\3.bin\NPIWON0.DLL
Potentially unwanted tool:Application/iWon Not disinfected C:\Program Files\iWon\iWonSlot\3.bin\IWONSLOT.DLL
Adware:Adware/ActivShopper Not disinfected C:\Program Files\TBONAS\TBONlchr.dll
Virus:Bck/IRCBot.WJ Not disinfected C:\Setup.exe
Adware:Adware/CommAd Not disinfected C:\WINDOWS\aWNl\uqh5.vbs
Adware:Adware/EnhSrch Not disinfected C:\WINDOWS\dsr.dll
Adware:Adware/EnhSrch Not disinfected C:\WINDOWS\dsr.exe
Adware:Adware/Twain-Tech Not disinfected C:\WINDOWS\inf\twaintec.inf
Adware:adware/ieplugin Not disinfected C:\WINDOWS\kwv2.dat
Adware:adware/aurora Not disinfected C:\WINDOWS\Nail.exe
Adware:Adware/PurityScan Not disinfected C:\WINDOWS\system32\hco.dll
Virus:Bck/IRCBot.WJ Not disinfected C:\WINDOWS\system32\rar.exe
Adware:Adware/Aurora Not disinfected C:\WINDOWS\system32\vqdyteo.exe
Adware:adware/dollarrevenue Not disinfected C:\WINDOWS\teller2.chk
THE NEXT 1 ---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 3:31:43 AM, 4/15/2006
+ Report-Checksum: D7C0D40C

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{00F1D395-4744-40f0-A611-980F61AE2C59} -> Adware.DrSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3D782BB3-F2A5-11D3-BF4C-000000000000} -> Adware.ActivShopper : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7FD44536-9DF0-4034-939F-5BD4D98E3187} -> Adware.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F5DE8ADB-4A69-4e56-96AB-823171C8E9D8} -> Adware.Generic : Cleaned with backup
HKLM\SOFTWARE\iGlobalMedia -> Adware.AceClubCasino : Cleaned with backup
HKLM\SOFTWARE\iGlobalMedia\Installer -> Adware.AceClubCasino : Cleaned with backup
HKLM\SOFTWARE\iGlobalMedia\partybingo -> Adware.AceClubCasino : Cleaned with backup
HKLM\SOFTWARE\iGlobalMedia\partybingo\casino -> Adware.AceClubCasino : Cleaned with backup
HKLM\SOFTWARE\iGlobalMedia\partybingo\casino\options -> Adware.AceClubCasino : Cleaned with backup
HKLM\SOFTWARE\iGlobalMedia\partybingo\casino\upgrades -> Adware.AceClubCasino : Cleaned with backup
HKLM\SOFTWARE\iGlobalMedia\partybingo\casino\version -> Adware.AceClubCasino : Cleaned with backup
HKLM\SOFTWARE\iGlobalMedia\partybingo\casino\version\bingo -> Adware.AceClubCasino : Cleaned with backup
HKLM\SOFTWARE\iGlobalMedia\partybingo\casino\version\boardbabe -> Adware.AceClubCasino : Cleaned with backup
HKLM\SOFTWARE\iGlobalMedia\partybingo\casino\version\client -> Adware.AceClubCasino : Cleaned with backup
HKLM\SOFTWARE\iGlobalMedia\partybingo\casino\version\coolbananas -> Adware.AceClubCasino : Cleaned with backup
HKLM\SOFTWARE\iGlobalMedia\partybingo\casino\version\flamingo -> Adware.AceClubCasino : Cleaned with backup
HKLM\SOFTWARE\iGlobalMedia\partybingo\casino\version\funkychicken -> Adware.AceClubCasino : Cleaned with backup
HKLM\SOFTWARE\iGlobalMedia\partybingo\casino\version\games -> Adware.AceClubCasino : Cleaned with backup
HKLM\SOFTWARE\iGlobalMedia\partybingo\casino\version\goannagold -> Adware.AceClubCasino : Cleaned with backup
HKLM\SOFTWARE\iGlobalMedia\partybingo\casino\version\goldeneagle -> Adware.AceClubCasino : Cleaned with backup
HKLM\SOFTWARE\iGlobalMedia\partybingo\casino\version\goldengopher -> Adware.AceClubCasino : Cleaned with backup
HKLM\SOFTWARE\iGlobalMedia\partybingo\casino\version\hotroller -> Adware.AceClubCasino : Cleaned with backup
HKLM\SOFTWARE\iGlobalMedia\partybingo\casino\version\junglerumble -> Adware.AceClubCasino : Cleaned with backup
HKLM\SOFTWARE\iGlobalMedia\partybingo\casino\version\kangacash -> Adware.AceClubCasino : Cleaned with backup
HKLM\SOFTWARE\iGlobalMedia\partybingo\casino\version\kenodll -> Adware.AceClubCasino : Cleaned with backup
HKLM\SOFTWARE\iGlobalMedia\partybingo\casino\version\kookakeno -> Adware.AceClubCasino : Cleaned with backup
HKLM\SOFTWARE\iGlobalMedia\partybingo\casino\version\magicmanslot -> Adware.AceClubCasino : Cleaned with backup
HKLM\SOFTWARE\iGlobalMedia\partybingo\casino\version\metropolis -> Adware.AceClubCasino : Cleaned with backup
HKLM\SOFTWARE\iGlobalMedia\partybingo\casino\version\nextgenvpdll -> Adware.AceClubCasino : Cleaned with backup
HKLM\SOFTWARE\iGlobalMedia\partybingo\casino\version\piggypayback -> Adware.AceClubCasino : Cleaned with backup
HKLM\SOFTWARE\iGlobalMedia\partybingo\casino\version\predatorslot -> Adware.AceClubCasino : Cleaned with backup
HKLM\SOFTWARE\iGlobalMedia\partybingo\casino\version\safecrackerkeno -> Adware.AceClubCasino : Cleaned with backup
HKLM\SOFTWARE\iGlobalMedia\partybingo\casino\version\silvercity -> Adware.AceClubCasino : Cleaned with backup
HKLM\SOFTWARE\iGlobalMedia\partybingo\casino\version\slotsdll -> Adware.AceClubCasino : Cleaned with backup
HKLM\SOFTWARE\iGlobalMedia\partybingo\casino\version\tod -> Adware.AceClubCasino : Cleaned with backup
HKLM\SOFTWARE\iGlobalMedia\partybingo\casino\version\upgrader -> Adware.AceClubCasino : Cleaned with backup
HKLM\SOFTWARE\iGlobalMedia\partybingo\casino\version\vegasclub -> Adware.AceClubCasino : Cleaned with backup
HKLM\SOFTWARE\iGlobalMedia\partybingo\server -> Adware.AceClubCasino : Cleaned with backup
HKLM\SOFTWARE\iGlobalMedia\planetluckcasino -> Adware.AceClubCasino : Cleaned with backup
HKLM\SOFTWARE\iGlobalMedia\planetluckcasino\casino -> Adware.AceClubCasino : Cleaned with backup
HKLM\SOFTWARE\iGlobalMedia\planetluckcasino\casino\upgrades -> Adware.AceClubCasino : Cleaned with backup
HKLM\SOFTWARE\iGlobalMedia\planetluckcasino\casino\version -> Adware.AceClubCasino : Cleaned with backup
HKLM\SOFTWARE\iGlobalMedia\planetluckcasino\casino\version\blackjack -> Adware.AceClubCasino : Cleaned with backup
HKLM\SOFTWARE\iGlobalMedia\planetluckcasino\casino\version\boardbabe -> Adware.AceClubCasino : Cleaned with backup
HKLM\SOFTWARE\iGlobalMedia\planetluckcasino\casino\version\caribbeanpoker -> Adware.AceClubCasino : Cleaned with backup
HKLM\SOFTWARE\iGlobalMedia\planetluckcasino\casino\version\client -> Adware.AceClubCasino : Cleaned with backup
HKLM\SOFTWARE\iGlobalMedia\planetluckcasino\casino\version\coolbananas -> Adware.AceClubCasino : Cleaned with backup
HKLM\SOFTWARE\iGlobalMedia\planetluckcasino\casino\version\flamingo -> Adware.AceClubCasino : Cleaned with backup
HKLM\SOFTWARE\iGlobalMedia\planetluckcasino\casino\version\funkychicken -> Adware.AceClubCasino : Cleaned with backup
HKLM\SOFTWARE\iGlobalMedia\planetluckcasino\casino\version\games -> Adware.AceClubCasino : Cleaned with backup
HKLM\SOFTWARE\iGlobalMedia\planetluckcasino\casino\version\goannagold -> Adware.AceClubCasino : Cleaned with backup
HKLM\SOFTWARE\iGlobalMedia\planetluckcasino\casino\version\goldeneagle -> Adware.AceClubCasino : Cleaned with backup
HKLM\SOFTWARE\iGlobalMedia\planetluckcasino\casino\version\goldengopher -> Adware.AceClubCasino : Cleaned with backup
HKLM\SOFTWARE\iGlobalMedia\planetluckcasino\casino\version\highlimitblackjack -> Adware.AceClubCasino : Cleaned with backup
HKLM\SOFTWARE\iGlobalMedia\planetluckcasino\casino\version\hotroller -> Adware.AceClubCasino : Cleaned with backup
HKLM\SOFTWARE\iGlobalMedia\planetluckcasino\casino\version\junglerumble -> Adware.AceClubCasino : Cleaned with backup
HKLM\SOFTWARE\iGlobalMedia\planetluckcasino\casino\version\kangacash -> Adware.AceClubCasino : Cleaned with backup
HKLM\SOFTWARE\iGlobalMedia\planetluckcasino\casino\version\kookakeno -> Adware.AceClubCasino : Cleaned with backup
HKLM\SOFTWARE\iGlobalMedia\planetluckcasino\casino\version\letitride -> Adware.AceClubCasino : Cleaned with backup
HKLM\SOFTWARE\iGlobalMedia\planetluckcasino\casino\version\magicmanslot -> Adware.AceClubCasino : Cleaned with backup
HKLM\SOFTWARE\iGlobalMedia\planetluckcasino\casino\version\megaeuropeanroulette -> Adware.AceClubCasino : Cleaned with backup
HKLM\SOFTWARE\iGlobalMedia\planetluckcasino\casino\version\metropolis -> Adware.AceClubCasino : Cleaned with backup
HKLM\SOFTWARE\iGlobalMedia\planetluckcasino\casino\version\multiplayerblackjack -> Adware.AceClubCasino : Cleaned with backup
HKLM\SOFTWARE\iGlobalMedia\planetluckcasino\casino\version\piggypayback -> Adware.AceClubCasino : Cleaned with backup
HKLM\SOFTWARE\iGlobalMedia\planetluckcasino\casino\version\predatorslot -> Adware.AceClubCasino : Cleaned with backup
HKLM\SOFTWARE\iGlobalMedia\planetluckcasino\casino\version\safecrackerkeno -> Adware.AceClubCasino : Cleaned with backup
HKLM\SOFTWARE\iGlobalMedia\planetluckcasino\casino\version\silvercity -> Adware.AceClubCasino : Cleaned with backup
HKLM\SOFTWARE\iGlobalMedia\planetluckcasino\casino\version\threecardpoker -> Adware.AceClubCasino : Cleaned with backup
HKLM\SOFTWARE\iGlobalMedia\planetluckcasino\casino\version\tod -> Adware.AceClubCasino : Cleaned with backup
HKLM\SOFTWARE\iGlobalMedia\planetluckcasino\casino\version\upgrader -> Adware.AceClubCasino : Cleaned with backup
HKLM\SOFTWARE\iGlobalMedia\planetluckcasino\casino\version\vegasclub -> Adware.AceClubCasino : Cleaned with backup
HKLM\SOFTWARE\iGlobalMedia\planetluckcasino\casino\version\vpokerdw -> Adware.AceClubCasino : Cleaned with backup
HKLM\SOFTWARE\iGlobalMedia\planetluckcasino\casino\version\vpokerjob -> Adware.AceClubCasino : Cleaned with backup
HKLM\SOFTWARE\iGlobalMedia\planetluckcasino\casino\version\vpokerjp -> Adware.AceClubCasino : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00F1D395-4744-40f0-A611-980F61AE2C59} -> Adware.DrSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F5DE8ADB-4A69-4e56-96AB-823171C8E9D8} -> Adware.Generic : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bsto-1 -> Adware.BetterInternet : Cleaned with backup
HKLM\SOFTWARE\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup
HKLM\SOFTWARE\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ZepMon -> Adware.BetterInternet : Cleaned with backup
HKLM\SYSTEM\CurrentControlSet\Services\SvcProc -> Adware.BetterInternet : Cleaned with backup
HKLM\SYSTEM\CurrentControlSet\Services\SvcProc\Security -> Adware.BetterInternet : Cleaned with backup
HKLM\SYSTEM\CurrentControlSet\Services\SvcProc\Enum -> Adware.BetterInternet : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7FD44536-9DF0-4034-939F-5BD4D98E3187} -> Adware.Generic : Cleaned with backup
HKU\S-1-5-21-1214440339-2111687655-854245398-500\Software\aurora -> Adware.BetterInternet : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7FD44536-9DF0-4034-939F-5BD4D98E3187} -> Adware.Generic : Cleaned with backup
[816] C:\WINDOWS\System32\bajzyrp.exe -> Trojan.Agent.ay : Cleaned with backup
[904] C:\Program Files\Cas2Stub\cas2stub.exe -> Downloader.Agent.aaf : Cleaned with backup
C:\dist13.exe -> Downloader.Agent.aaf : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20060411055123.zip/WINDOWS/Nail.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20060411100223.zip/WINDOWS/Nail.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20060411103038.zip/Program Files/newdotnet/newdotnet7_22.to_be_deleted_x -> Adware.NewDotNet : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20060411103038.zip/Program Files/newdotnet/newdotnet7_22.to_be_deleted -> Adware.NewDotNet : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20060411103041.zip/WINDOWS/Nail.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20060412054746.zip/Program Files/webhancer/programs/whagent.exe -> Adware.WebHancer : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20060412054746.zip/Program Files/webhancer/programs/whiehlpr.dll -> Adware.WebHancer : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20060412054746.zip/Program Files/webhancer/programs/whsurvey.exe -> Adware.WebHancer : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20060412054746.zip/Program Files/webhancer/Programs/webhdll.dll -> Adware.WebHancer : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20060412054746.zip/Program Files/webhancer/Programs/whiehlpr.to_be_deleted -> Adware.WebHancer : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20060412054746.zip/Program Files/webhancer/Programs/whsurvey.to_be_deleted -> Adware.WebHancer : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20060412054746.zip/Program Files/webhancer/programs/webhdll.to_be_deleted -> Adware.WebHancer : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20060412054746.zip/Program Files/webhancer/programs/whiehlpr.to_be_deleted_x -> Adware.WebHancer : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20060412054746.zip/Program Files/webhancer/programs/whsurvey.to_be_deleted_x -> Adware.WebHancer : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20060412061940.zip/WINDOWS/NDNuninstall6_38.exe -> Adware.NewDotNet : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20060412061940.zip/Program Files/newdotnet/newdotnet6_38.dll -> Adware.NewDotNet : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20060412061940.zip/Program Files/newdotnet/uninstall6_38.exe -> Adware.NewDotNet : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20060412061940.zip/Program Files/newdotnet/newdotnet6_38.to_be_deleted -> Adware.NewDotNet : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20060412061940.zip/Program Files/newdotnet/newdotnet6_38.to_be_deleted_x -> Adware.NewDotNet : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20060412063434.zip/Program Files/newdotnet/newdotnet6_38.to_be_deleted -> Adware.NewDotNet : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20060412063434.zip/Program Files/newdotnet/newdotnet6_38.to_be_deleted_x -> Adware.NewDotNet : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20060412064934.zip/Program Files/newdotnet/newdotnet6_38.to_be_deleted -> Adware.NewDotNet : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20060412064934.zip/Program Files/newdotnet/newdotnet6_38.to_be_deleted_x -> Adware.NewDotNet : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20060412070439.zip/Program Files/newdotnet/newdotnet6_38.to_be_deleted -> Adware.NewDotNet : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20060412070439.zip/Program Files/newdotnet/newdotnet6_38.to_be_deleted_x -> Adware.NewDotNet : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20060412071935.zip/Program Files/newdotnet/newdotnet6_38.to_be_deleted -> Adware.NewDotNet : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20060412071935.zip/Program Files/newdotnet/newdotnet6_38.to_be_deleted_x -> Adware.NewDotNet : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20060412073434.zip/Program Files/newdotnet/newdotnet6_38.to_be_deleted -> Adware.NewDotNet : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20060412073434.zip/Program Files/newdotnet/newdotnet6_38.to_be_deleted_x -> Adware.NewDotNet : Cleaned with backup
C:\Documents and Settings\ice\Complete\FlaPops 2.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Flaredance Firework Screensaver 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Flash 'n Bingo 1.4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Flash 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Flash 2 Screensaver 2.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Flash Album Creator 1.54.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Flash Capture 1.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Flash Card Manager 2.0.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Flash Cards For Learning 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Flash Catcher 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Flash Catcher 2.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Flash CD & DVD Burner 2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Flash Clock ScreenSaver FL.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Flash Compiler & Decompiler 0.91.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Flash Decompiler 2.6.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Flash Demo Builder 1 build 1136.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Flash Desktop 4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Flash Desktops Professional 2.52.94.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Flash Effect Maker 2.3226.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Flash Favorite 1.4.8.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Flash File Recovery 1.6.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Flash Format (Handheld PC) 2.51.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Flash Format 2.66.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Flash Formmail 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Flash Games Collection 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Flash Jigsaw Producer 1.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Flash LipSync 1.02.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Flash LipSync Bundle 1.0.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Flash Menu Builder 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Flash Messaging System 5.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Flash Miner 1.4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Flash Movie Player 1.4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Flash mp3 Buttons 2.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Flash Online Scanner 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Flash Optimizer 1.4.5.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Flash Optimizer 1.45.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Flash Optimizer 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Flash Optimizer Lite 1.43 build 1.4.3.155.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Flash Packager 2.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Flash Player (Internet Explorer) 8.0.22.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Flash Player (NetscapeFirefox) 8.0.22.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Flash Player 8.0.22.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Flash Player Pro 2.8.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Flash Pro XP.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Flash Professional 8.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Flash Renamer 4.81.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Flash Saver Maker 1.65.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Flash Screen Saver 2.02.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Flash Screen Saver Builder 2.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Flash Screensaver 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Flash Screensaver 2.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Flash ScreenSaver Builder 4.8.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Flash Screensaver Creator 2.0.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Flash Screensaver DIY 1.7.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Flash ScreenSaver Maker 2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Flash Screensaver Maker 3.92.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Flash Slide Show Fireworks MX2004MX8 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Flash Sound Grabber 1.05.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Flash Spider 2.01.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Flash to 3GP Converter 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Flash to PSP Converter 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Flash To Video Encoder 2.8.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Flash to Video Studio 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Flash Toolset Professional Edition 2.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Flash Video MX 2.0.5.7.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Flash Video Studio 1.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Flash Viewer 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Flash Wallpaper 1.01.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Flash Web Browser Watermelon 2.1.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Flash! from The Astronomer's Telegram 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Flash-Album Author 1.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Flash-Creator 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Flash-Math 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Flash-SWF to AVIGIF Converter 2.01.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Flash2Video 3.16 build 550.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Flash2X EXE Packager 2.0.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Flash2X Flash Hunter 2.0.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Free MP3s.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Free Screensavers.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Full Metal Panic Dual Audio.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Futurama Comics + Reader App.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Futurama Season 1 5 Complete Extras.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Get it now....zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\GigAlarm 1.28.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Giganews Binary Newsreader 3.1.6.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Gigantic (A Tale of Two Johns) Trailer .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\GigaPacker 1.6.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\GigaSoft ProEssentials 5.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\GigaTask 2.17.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\GigaTrust for Email 3.2.385.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Gigli Trailer .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\GIHS Affiliate Master Program 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\GimmeFreeData 1.5.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Gimp-Print 4.3.18.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Gin Rummy 16.4 build 16402.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Gin Rummy Pro 2.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Gin RummyVideo-Poker 2.1.59.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Gink in Trouble 1.0.11.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Ginkgo Paint 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\GIPALS General Interior-Point Algorithm Linear Solver 1.2.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\GIPALS32 - Linear Programming Library 1.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Girafa 2.12.06.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Giraffe 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Girder 3.3.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Girl On Playground Jigsaw Puzzle 96pc.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Girl straddling and riding life-sized Bugs Bunny wmv.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Girtab 1.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\GIS Image Analyzer 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\GIS.NET 1.1.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Gish .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Gish 1.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Gish v1.3 patch .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Gitarrero Beginner 1.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Give Me Too Network Sniffer 2.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Giving and Sharing Christmas Screensaver 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Giza 2.1.7.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Gizmo Database 2.0.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Gizmo Drive 2.0.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Gizmo Editor 2.0.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Gizmo Hasher 2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Gizmo Project 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Gizmo Script 2.0.4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Gizmo Synchronization 2.0.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Gizmo Toolbar 2.0.8.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Gizmo Village 2.0.8.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\GJ Pacman aMAZEment 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\GL Golf 1.86.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Glace 1.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Glacier Bay 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Glance 2.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Glary Utilities 1.3.0.8.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Glass Window 1.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Glassbox Troubleshooter 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\GlassRoom 3.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\GLBasic SDK 1.4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\glChat 6.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Glest 1.1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Glg Toolkit 2.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\GLHexen 2 Update 0.8.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\GlidePics 3D 1.088.zip/Setup.exe -> Worm.VB.dw : Error during cleaning
C:\Documents and Settings\ice\Complete\GLM# 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\GLMStat 5.7.4.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\GLMStat X 5.7.7.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Global Audio Control 1.8.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Global Calendar Sharing 2002XP 2.1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Global Calendar Sharing 2003 2.1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Global Clipboard 1.9.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Global Conquest 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Global Defense Network 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Global IM 2.0.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Global Internet Dialer 9.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Global Job Messenger--For Employers 2.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Global Job Messenger--For Jobseekers 2.1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Global MU Online 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Global Network Inventory 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Global Operations - GOEdit patch .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Global Operations 1.1 demo patch .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Global Operations 1.2 patch (Asia) .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Global Operations multiplayer demo .zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Global Positioning Submitter 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Global Search And Replace 1.5.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Global Site Support 1.12.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Global Time Synchronizer 1.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Global Torrent Searcher 0.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Global Tracks 6.14.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Global Village 56K PC Card Firmware Update 2.081.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Global Village K56flex Firmware PC Card Updater 1.120.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Global Village TelePort 56 K56flex Firmware Updater 1.201.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Global Village TelePort Platinum Comm Slot Firmware Upgrade 1.511.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\GlobalDrive Virtual Disk Drive 3.0.2.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\GlobalFax for Teleport Modems 2.6.8.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\GlobalFax TelePort 56 x2 Updater 1.0.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\GlobalOffice 2.02.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\GlobalSale Software 5.6.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\GlobalScape Secure FTP Server 3.1.3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\GlobalSpellChecker 1.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\GlobalTraceRoute 2005.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\GlobalWx Weathermapper 1.81.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Globex 3.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Globex Pro 3.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\GlobFX Composer 1.0.9.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\Glog 1.1.zip/Setup.exe -> Worm.VB.dw : Cleaned

#12 iceoc

iceoc
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:35 PM

Posted 15 April 2006 - 11:58 AM

HERE IS THE HIJACK LOG LET ME NO WHAT TO DO ABOUT LOOK2ME AND LET YOU NO IT WORKING SOME WHAT BETTER Logfile of HijackThis v1.99.1
Scan saved at 12:54:46 PM, on 4/15/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\PROGRA~1\MOVIEL~1\MOVIEL~1\MOVIEL~1.EXE
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Common Files\AOL\1134917598\ee\AOLSoftware.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Movielink\MovielinkManager\Movielink User.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\WINDOWS\System32\vqdyteo.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\WINDOWS\System32\1XConfig.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://myacc.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll
O2 - BHO: BestOffers Shopping BHO - {F5DE8ADB-4A69-4e56-96AB-823171C8E9D8} - C:\Program Files\TBONAS\TBONlchr.dll
O2 - BHO: (no name) - {FEE72F11-96A7-9308-AB1B-CD5E626F60B1} - C:\WINDOWS\System32\hco.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: BestOffers Shopping v1.20 - {7FD44536-9DF0-4034-939F-5BD4D98E3187} - C:\Program Files\TBONAS\TBONlchr.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1134917598\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [LoadMSvcmm] "C:\Program Files\Movielink\MovielinkManager\Movielink User.exe"
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [euyaojc] C:\WINDOWS\System32\vqdyteo.exe r
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [fqiw] C:\PROGRA~1\COMMON~1\fqiw\fqiwm.exe
O4 - HKCU\..\Run: [iougc] C:\WINDOWS\system32\mbjnbs.exe reg_run
O4 - HKCU\..\Run: [Iosu] "C:\WINDOWS\SSTEM~1\tracert.exe" -vt ndrv
O4 - HKCU\..\Run: [Lwcgotvv] C:\WINDOWS\system32\?ecurity\?poolsv.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - http://sef.mlxchange.com/Control/MultiSelectComboBox.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by7fd.bay7.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1134162397990
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://sef.mlxchange.com/Control/MLXClientUtils.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://sef.mlxchange.com/Control/IRCSharc.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...734/mcfscan.cab
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Movielink Core Service - Movielink LLC - C:\PROGRA~1\MOVIEL~1\MOVIEL~1\MOVIEL~1.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe

#13 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:35 PM

Posted 15 April 2006 - 12:10 PM

Hello,

Well I have good news for you.... Look2me is gone, so you don't have to worry about that now.

Anyway, now since look2me is gone, we can deal with the other infection you are having, using the VX2 Cleaner plugin, so please perform the next steps in exactly the way I ask you. :thumbsup:

Download Lavasoft's Ad-Aware and the VX2 Cleaner Plug-in. Install Ad-Aware using the default options, then install vx2cleaner_inst.exe, taking all the defaults there as well.

Run Ad-Aware, update to the latest definitions, then click on Add-ons in the lefthand column.
Select VX2 Cleaner V2.0 and click Run Tool.
Click "OK", then, if something is found, click "Clean" as in the directions given.
Click "Close", and exit Ad-Aware.

Reboot your PC and run Ad-Aware again.
This time, click on the Start button in Ad-Aware, select "Perform smart system scan" and click Next.
Once the scan finishes, click "Next" again.
Select all objects found (right click anywhere in the list of found objects and click "Select All Objects").
Click "Next" one more time, then "OK" to confirm the removal.

You will be prompted to set Ad-Aware to run on reboot, click "OK". Exit Ad-Aware and restart your PC once again.

When Ad-Aware starts up, click on "Start", then "Next".
Follow the steps above if anything is found, or click "Finish", then exit Ad-Aware.

Perform another scan again with Ewido and post a new hijacthislog together with the log from ewido.
Then we'll deal with all the rest in once.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#14 iceoc

iceoc
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:35 PM

Posted 15 April 2006 - 03:04 PM

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 3:54:10 PM, 4/15/2006
+ Report-Checksum: 8EEE3242

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{3D782BB3-F2A5-11D3-BF4C-000000000000} -> Adware.ActivShopper : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7FD44536-9DF0-4034-939F-5BD4D98E3187} -> Adware.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F5DE8ADB-4A69-4e56-96AB-823171C8E9D8} -> Adware.Generic : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{7FD44536-9DF0-4034-939F-5BD4D98E3187} -> Adware.Generic : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F5DE8ADB-4A69-4e56-96AB-823171C8E9D8} -> Adware.Generic : Cleaned with backup
HKU\S-1-5-21-1214440339-2111687655-854245398-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6001CDF7-6F45-471B-A203-0225615E35A7} -> Adware.Generic : Cleaned with backup
HKU\S-1-5-21-1214440339-2111687655-854245398-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7FD44536-9DF0-4034-939F-5BD4D98E3187} -> Adware.Generic : Cleaned with backup
HKU\S-1-5-21-1214440339-2111687655-854245398-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F5DE8ADB-4A69-4E56-96AB-823171C8E9D8} -> Adware.Generic : Cleaned with backup
HKU\S-1-5-21-1214440339-2111687655-854245398-1005\Software\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup
HKU\S-1-5-21-1214440339-2111687655-854245398-1005\Software\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup
C:\Documents and Settings\ice\Complete\GlidePics 3D 1.088.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\GPSengine 2.11.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\GPSMap 5.0.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Complete\GPSNavX 2.13.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\ice\Cookies\ice@bestoffersnetworks[2].txt -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\Documents and Settings\ice\Cookies\ice@cliks[2].txt -> TrackingCookie.Cliks : Cleaned with backup
C:\Documents and Settings\ice\Cookies\ice@com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\ice\Cookies\ice@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Program Files\TBONAS\TBONlchr.dll -> Adware.ActivShopper : Cleaned with backup
C:\WINDOWS\system32\vqdyteo.exe -> Trojan.Agent.ay : Cleaned with backup


::Report End Logfile of HijackThis v1.99.1
Scan saved at 3:57:18 PM, on 4/15/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\PROGRA~1\MOVIEL~1\MOVIEL~1\MOVIEL~1.EXE
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Common Files\AOL\1134917598\ee\AOLSoftware.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Movielink\MovielinkManager\Movielink User.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\WINDOWS\System32\1XConfig.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\ewido anti-malware\SecuritySuite.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://myacc.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
O2 - BHO: (no name) - {FEE72F11-96A7-9308-AB1B-CD5E626F60B1} - C:\WINDOWS\System32\hco.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1134917598\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [LoadMSvcmm] "C:\Program Files\Movielink\MovielinkManager\Movielink User.exe"
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [fqiw] C:\PROGRA~1\COMMON~1\fqiw\fqiwm.exe
O4 - HKCU\..\Run: [iougc] C:\WINDOWS\system32\mbjnbs.exe reg_run
O4 - HKCU\..\Run: [Iosu] "C:\WINDOWS\SSTEM~1\tracert.exe" -vt ndrv
O4 - HKCU\..\Run: [Lwcgotvv] C:\WINDOWS\system32\?ecurity\?poolsv.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - http://sef.mlxchange.com/Control/MultiSelectComboBox.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by7fd.bay7.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1134162397990
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://sef.mlxchange.com/Control/MLXClientUtils.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://sef.mlxchange.com/Control/IRCSharc.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...734/mcfscan.cab
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Movielink Core Service - Movielink LLC - C:\PROGRA~1\MOVIEL~1\MOVIEL~1\MOVIEL~1.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe

#15 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:35 PM

Posted 15 April 2006 - 03:18 PM

Ok, we are finally getting somewhere... step by step.
Your system was really badly infected, but we could already solve most here.

But, we are not finished yet though...

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://myacc.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
O2 - BHO: (no name) - {FEE72F11-96A7-9308-AB1B-CD5E626F60B1} - C:\WINDOWS\System32\hco.dll
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKCU\..\Run: [fqiw] C:\PROGRA~1\COMMON~1\fqiw\fqiwm.exe
O4 - HKCU\..\Run: [iougc] C:\WINDOWS\system32\mbjnbs.exe reg_run
O4 - HKCU\..\Run: [Iosu] "C:\WINDOWS\SSTEM~1\tracert.exe" -vt ndrv
O4 - HKCU\..\Run: [Lwcgotvv] C:\WINDOWS\system32\?ecurity\?poolsv.exe


* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!


Please make sure your hidden folders and files are shown:

Please set your system to show all files.
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.

Delete next files if still present:

C:\Documents and Settings\ice\Application Data\Sskcwrd.dll
C:\iexplore.exe
C:\Program Files\BE Network\bin\context.exe
C:\Program Files\iWon <== folder
C:\Program Files\TBONAS <== folder
C:\Setup.exe
C:\WINDOWS\aWNl <== folder
C:\WINDOWS\dsr.dll
C:\WINDOWS\dsr.exe
C:\WINDOWS\inf\twaintec.inf
C:\WINDOWS\kwv2.dat
C:\WINDOWS\system32\hco.dll
C:\WINDOWS\system32\rar.exe
C:\WINDOWS\teller2.chk
C:\PROGRAM FILES\COMMON Files\fqiw <== folder

Don't worry if you couldn't find some files and folders anymore.

Please hide your hidden files and folders afterwards again, because above instructions to set your system to show all files, unhide legit files and folders as well.
And I don't want you to delete them because they may look suspicious. To hide them again, just perform the above instructions in the opposite way.

Perform next step again:

* Clean your Cache and Cookies in IE:

  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Click the "Delete Cookies" button
  • Next to it, Click the "Delete Files" button
  • When prompted, place a check in: "Delete all offline content", click OK
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu on the left side of the Options window.
  • Click the Clear button located to the right of each option (History, Cookies, Cache).
  • Click OK to close the Options window
    Alternatively, you can clear all information stored while browsing by clicking Clear All.
    A confirmation dialog box will be shown before clearing the information.
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.


Then scan again with Panda and post the log in your next reply together with a new hijackthislog. :thumbsup:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users