Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Surf Sidekick / Winfixer / Others?


  • This topic is locked This topic is locked
10 replies to this topic

#1 Asyla

Asyla

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:06 PM

Posted 22 April 2006 - 02:56 PM

i downloaded a file a few days ago & suddenly started receiving a ton of ads, crazy minimising & maximising of windows, & error messages. i managed to get a few of the problems fixed and have run several programs but i'm having trouble getting rid of whats left. sorry i can't be more specific in identifying it.

heres my log

Logfile of HijackThis v1.99.1
Scan saved at 20:53:45, on 22/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\VoyagerTest\fts.exe
C:\Program Files\Philips\Digital Media Manager\java\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\SpyNoMore\SNM.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Philips\Digital Media Manager\java\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [w1dd1193.dll] RUNDLL32.EXE w1dd1193.dll,I2 0008667001dd1193
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1162
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{04F46272-E654-4F67-BF13-6A5071E2782C}: NameServer = 205.188.146.145
O17 - HKLM\System\CS1\Services\Tcpip\..\{04F46272-E654-4F67-BF13-6A5071E2782C}: NameServer = 205.188.146.145
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: DateTime - C:\WINDOWS\system32\m864lijq18oe.dll
O20 - Winlogon Notify: wineij32 - C:\WINDOWS\SYSTEM32\wineij32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

BC AdBot (Login to Remove)

 


#2 Daemon

Daemon

    Security Expert


  • Members
  • 1,446 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:06 PM

Posted 22 April 2006 - 03:04 PM

Click here to download ewido anti-malware - it is a trial version of the program.
  • Install ewido.
  • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • Launch ewido, there should be an icon on your desktop double-click it.
  • The program will now go to the main screen.
You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Then click on Start Update
The update will start and a progress bar will show the updates being installed. Then:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin (do not open any folders or open the windows control panel while the scan is in progress).
  • While the scan is in progress you will be prompted to clean files, click OK
  • When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop.
Now close ewido.

Rescan with HJT and post a new log here together with the ewido log so that any remnants can be removed manually.
Posted Image

Have I helped you? Please consider donating to help me continue with the fight against malware. Click here

#3 Asyla

Asyla
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:06 PM

Posted 22 April 2006 - 03:40 PM

new hjt log::

Logfile of HijackThis v1.99.1
Scan saved at 21:38:41, on 22/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\VoyagerTest\fts.exe
C:\Program Files\Philips\Digital Media Manager\java\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\SpyNoMore\SNM.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\TEMP\win30.tmp.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Philips\Digital Media Manager\java\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [w1dd1193.dll] RUNDLL32.EXE w1dd1193.dll,I2 0008667001dd1193
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1162
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{04F46272-E654-4F67-BF13-6A5071E2782C}: NameServer = 205.188.146.145
O17 - HKLM\System\CS1\Services\Tcpip\..\{04F46272-E654-4F67-BF13-6A5071E2782C}: NameServer = 205.188.146.145
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: DateTime - C:\WINDOWS\system32\m864lijq18oe.dll
O20 - Winlogon Notify: wineij32 - wineij32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe




ewido log::

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 21:37:31, 22/04/2006
+ Report-Checksum: 7552A81E

+ Scan result:

HKLM\SOFTWARE\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup
HKLM\SOFTWARE\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup
HKU\S-1-5-21-2071214997-1563291030-1314976057-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6001CDF7-6F45-471B-A203-0225615E35A7} -> Adware.Generic : Cleaned with backup
HKU\S-1-5-21-2071214997-1563291030-1314976057-1005\Software\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup
HKU\S-1-5-21-2071214997-1563291030-1314976057-1005\Software\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup
[172] C:\WINDOWS\TEMP\win39.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
C:\WINDOWS\system32\guard.tmp -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\wineij32.dll -> Trojan.Agent.qt : Cleaned with backup
C:\WINDOWS\system32\csmaddin.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\ld8ADA.tmp -> Downloader.Zlob.lu : Cleaned with backup
C:\WINDOWS\system32\interf.tlb -> Trojan.Small : Cleaned with backup
C:\WINDOWS\Temp\win36.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
C:\WINDOWS\Temp\win39.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
C:\WINDOWS\Temp\bw2.com -> Adware.AdURL : Cleaned with backup
C:\WINDOWS\Temp\win10.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
C:\WINDOWS\Temp\Cookies\kim@kmpads[1].txt -> TrackingCookie.Kmpads : Cleaned with backup
C:\WINDOWS\mtuninst.exe -> Adware.MediaTickets : Cleaned with backup
C:\WINDOWS\icont.exe -> Adware.AdURL : Cleaned with backup
C:\Documents and Settings\kim\Local Settings\Temp\Cookies\kim@122.2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\kim\Local Settings\Temp\Cookies\kim@com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\kim\Local Settings\Temp\Cookies\kim@kmpads[1].txt -> TrackingCookie.Kmpads : Cleaned with backup
C:\Documents and Settings\kim\Local Settings\Temp\Cookies\kim@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned with backup
C:\Documents and Settings\kim\Local Settings\Temp\Cookies\kim@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\kim\Local Settings\Temp\Cookies\kim@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\kim\Local Settings\Temp\Cookies\kim@rotator.adjuggler[2].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\kim\Local Settings\Temp\Temporary Internet Files\Content.IE5\EFSRWHOF\srveeg[1].exe -> Trojan.Dialer.oy : Cleaned with backup
C:\Documents and Settings\kim\Local Settings\Temp\Temporary Internet Files\Content.IE5\2EPRMVLG\srvbxn[1].exe -> Trojan.Dialer.oy : Cleaned with backup
C:\Documents and Settings\kim\Local Settings\Temp\Temporary Internet Files\Content.IE5\2EPRMVLG\srvinw[1].exe -> Trojan.Dialer.oy : Cleaned with backup
C:\Documents and Settings\kim\Local Settings\Temporary Internet Files\Content.IE5\BYGMY4N8\AppWrap[1].exe -> Adware.AdURL : Cleaned with backup
C:\Documents and Settings\kim\Desktop\3631382D2D2D.exe -> Downloader.Adload.ai : Cleaned with backup
C:\Documents and Settings\kim\Cookies\kim@112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\kim\Cookies\kim@com[2].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\kim\Cookies\kim@data3.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\kim\Cookies\kim@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\kim\Cookies\kim@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\kim\Cookies\kim@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\kim\Cookies\kim@122.2o7[3].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\kim\Cookies\kim@paypopup[1].txt -> TrackingCookie.Paypopup : Cleaned with backup
C:\Documents and Settings\kim\Cookies\kim@yadro[1].txt -> TrackingCookie.Yadro : Cleaned with backup
C:\Documents and Settings\kim\Cookies\kim@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned with backup
C:\Documents and Settings\kim\Cookies\kim@122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\kim\Cookies\kim@ad.yieldmanager[3].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\kim\Cookies\kim@112.2o7[3].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\kim\Cookies\kim@kmpads[1].txt -> TrackingCookie.Kmpads : Cleaned with backup
C:\Documents and Settings\kim\Cookies\kim@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\kim\Cookies\kim@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\kim\Cookies\kim@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\kim\Cookies\kim@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\kim\Cookies\kim@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned with backup
C:\Documents and Settings\kim\Cookies\kim@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned with backup
C:\Documents and Settings\kim\Cookies\kim@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\kim\Cookies\kim@cz4.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\kim\Cookies\kim@ads.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : Cleaned with backup
C:\Documents and Settings\kim\Cookies\kim@cz7.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.6:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.7:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.12:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.13:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.14:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.15:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.16:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.23:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.24:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.25:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.26:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.27:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.28:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.29:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.90:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.91:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.111:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.112:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.113:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.114:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.115:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.116:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.117:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.118:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.119:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.120:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.121:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.122:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.123:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.124:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.134:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.135:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.136:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.137:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.138:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.139:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.140:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.141:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.142:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.143:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.144:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.145:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.146:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.147:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.148:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.149:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.150:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.151:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.153:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup
:mozilla.172:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.173:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.174:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.175:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.176:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.177:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Starware : Cleaned with backup
:mozilla.178:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Starware : Cleaned with backup
:mozilla.179:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Starware : Cleaned with backup
:mozilla.200:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
:mozilla.201:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
:mozilla.202:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
:mozilla.203:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
:mozilla.204:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
:mozilla.205:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
:mozilla.206:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.207:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.208:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.209:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.211:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Yadro : Cleaned with backup
:mozilla.212:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned with backup
:mozilla.215:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.216:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.217:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.220:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.221:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.222:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.223:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.225:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup
:mozilla.226:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.227:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.228:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.229:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.230:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.231:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.240:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.241:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.242:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.243:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.244:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.245:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.247:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.248:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.264:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.265:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.266:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.267:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.281:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.282:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.283:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.284:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.285:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.286:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.287:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.288:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.289:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.290:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.293:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.298:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.299:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.300:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.301:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.329:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.330:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.362:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.374:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned with backup
:mozilla.397:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Linkbuddies : Cleaned with backup
:mozilla.411:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.455:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.464:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.468:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.469:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.475:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.476:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.477:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.478:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.479:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.483:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.512:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.513:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.514:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.515:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.524:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Spylog : Cleaned with backup
:mozilla.533:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.534:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.539:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.540:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.541:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.542:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.543:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.544:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.545:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.546:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.547:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.548:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.549:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.550:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.582:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.583:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.596:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.597:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.598:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.599:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.600:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.601:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Enhance : Cleaned with backup
:mozilla.604:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.605:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.606:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.630:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned with backup
:mozilla.647:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.648:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.649:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.652:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Realtracker : Cleaned with backup
:mozilla.653:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Realtracker : Cleaned with backup
:mozilla.662:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup
:mozilla.683:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.684:C:\Documents and Settings\kim\Application Data\Mozilla\Firefox\Profiles\snrzx09g.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
C:\System Volume Information\_restore{7167BCE7-B0B2-428A-B01D-39F2A9232A8C}\RP108\A0139352.dll -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{7167BCE7-B0B2-428A-B01D-39F2A9232A8C}\RP108\A0140633.exe -> Downloader.VB.aaf : Cleaned with backup
C:\System Volume Information\_restore{7167BCE7-B0B2-428A-B01D-39F2A9232A8C}\RP108\A0140634.exe -> Hijacker.VB.mo : Cleaned with backup
C:\System Volume Information\_restore{7167BCE7-B0B2-428A-B01D-39F2A9232A8C}\RP108\A0140635.exe -> Downloader.VB.abj : Cleaned with backup
C:\System Volume Information\_restore{7167BCE7-B0B2-428A-B01D-39F2A9232A8C}\RP108\A0140776.exe -> Adware.MediaTickets : Cleaned with backup
C:\System Volume Information\_restore{7167BCE7-B0B2-428A-B01D-39F2A9232A8C}\RP108\A0140778.dll -> Adware.SurfSide : Cleaned with backup
C:\System Volume Information\_restore{7167BCE7-B0B2-428A-B01D-39F2A9232A8C}\RP108\A0140848.exe -> Adware.SurfSide : Cleaned with backup
C:\System Volume Information\_restore{7167BCE7-B0B2-428A-B01D-39F2A9232A8C}\RP109\A0140910.exe -> Downloader.Adload.as : Cleaned with backup
C:\System Volume Information\_restore{7167BCE7-B0B2-428A-B01D-39F2A9232A8C}\RP109\A0140918.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{7167BCE7-B0B2-428A-B01D-39F2A9232A8C}\RP109\A0141931.dll -> Adware.Look2Me : Cleaned with backup
C:\FOUND.001\FILE0004.CHK -> Adware.Look2Me : Cleaned with backup


::Report End

#4 Daemon

Daemon

    Security Expert


  • Members
  • 1,446 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:06 PM

Posted 22 April 2006 - 09:08 PM

Please download Atribune's Look2Me-Destroyer.exe to your desktop.
  • Close all windows before continuing.
  • Double-click Look2Me-Destroyer.exe to run it.
  • Put a check next to Run this program as a task.
  • You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK
  • When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
  • Once it's done scanning, click the Remove L2M button.
  • You will receive a Done Scanning message, click OK.
  • When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
  • Your computer will then shutdown.
  • Turn your computer back on.
  • Please post the contents of C:\Look2Me-Destroyer.txt and a new HiJackThis log.
If you receive a message from your firewall about this program accessing the internet please allow it.
Posted Image

Have I helped you? Please consider donating to help me continue with the fight against malware. Click here

#5 Asyla

Asyla
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:06 PM

Posted 23 April 2006 - 03:56 AM

LTM:

Look2Me-Destroyer V1.0.12

Scanning for infected files.....
Scan started at 23/04/2006 09:47:15

Infected! C:\WINDOWS\system32\m864lijq18oe.dll
Infected! C:\WINDOWS\system32\fp2603fse.dll
Infected! C:\WINDOWS\system32\nbtui2.dll
Infected! C:\WINDOWS\system32\i2420choef4c0.dll
Infected! C:\WINDOWS\system32\guard.tmp

Attempting to delete infected files...

Attempting to delete: C:\WINDOWS\system32\m864lijq18oe.dll
C:\WINDOWS\system32\m864lijq18oe.dll could not be deleted!

Attempting to delete: C:\WINDOWS\system32\fp2603fse.dll
C:\WINDOWS\system32\fp2603fse.dll could not be deleted!

Attempting to delete: C:\WINDOWS\system32\nbtui2.dll
C:\WINDOWS\system32\nbtui2.dll could not be deleted!

Attempting to delete: C:\WINDOWS\system32\i2420choef4c0.dll
C:\WINDOWS\system32\i2420choef4c0.dll could not be deleted!

Attempting to delete: C:\WINDOWS\system32\guard.tmp
C:\WINDOWS\system32\guard.tmp could not be deleted!

Making registry repairs.

Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\URL

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{768286A6-C897-4008-8915-8491A0765305}"
HKCR\Clsid\{768286A6-C897-4008-8915-8491A0765305}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{9F360917-79D7-4161-ACA0-746FB4302FDA}"
HKCR\Clsid\{9F360917-79D7-4161-ACA0-746FB4302FDA}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{DEECEF5F-E4C7-441F-8504-3948D9562B01}"
HKCR\Clsid\{DEECEF5F-E4C7-441F-8504-3948D9562B01}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{E7C830AB-398C-4475-AA9C-AE799459AF37}"
HKCR\Clsid\{E7C830AB-398C-4475-AA9C-AE799459AF37}

Restoring Windows certificates.

Replaced hosts file with default windows hosts file


Restoring SeDebugPrivilege for Administrators - Succeeded

HJT:

Logfile of HijackThis v1.99.1
Scan saved at 09:54:45, on 23/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\VoyagerTest\fts.exe
C:\Program Files\Philips\Digital Media Manager\java\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\SpyNoMore\SNM.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Philips\Digital Media Manager\java\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [w1dd1193.dll] RUNDLL32.EXE w1dd1193.dll,I2 0008667001dd1193
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1162
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{04F46272-E654-4F67-BF13-6A5071E2782C}: NameServer = 205.188.146.145
O17 - HKLM\System\CS1\Services\Tcpip\..\{04F46272-E654-4F67-BF13-6A5071E2782C}: NameServer = 205.188.146.145
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: wineij32 - wineij32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

#6 Daemon

Daemon

    Security Expert


  • Members
  • 1,446 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:06 PM

Posted 23 April 2006 - 04:04 AM

Hmmm... do this for me. Download The Avenger by Swandog46, and save it to your Desktop. Extract avenger.exe from the Zip file and save it to your desktop

Run avenger.exe by double-clicking on it.
Check the 'Input script manually' box.
Click on the magnifying glass icon.
Copy everything in the code box below (don't copy the word "CODE in the box header, just the box contents starting at Files to delete) and paste it in the box that opens:

WARNING: This script is not a general fix. If you are not this user, running this script could damage your system

Files to delete:

C:\WINDOWS\system32\m864lijq18oe.dll
C:\WINDOWS\system32\fp2603fse.dll
C:\WINDOWS\system32\nbtui2.dll
C:\WINDOWS\system32\i2420choef4c0.dll
C:\WINDOWS\system32\guard.tmp

Now click the 'Done' button.
Click on the traffic light icon and OK the prompt.
You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it manually.

Please post a new HijackThis log and the log file from Avenger at C:\avenger.txt
Posted Image

Have I helped you? Please consider donating to help me continue with the fight against malware. Click here

#7 Asyla

Asyla
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:06 PM

Posted 23 April 2006 - 04:14 AM

hjt::

Logfile of HijackThis v1.99.1
Scan saved at 10:13:03, on 23/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\VoyagerTest\fts.exe
C:\Program Files\Philips\Digital Media Manager\java\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\SpyNoMore\SNM.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Philips\Digital Media Manager\java\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [w1dd1193.dll] RUNDLL32.EXE w1dd1193.dll,I2 0008667001dd1193
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1162
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{04F46272-E654-4F67-BF13-6A5071E2782C}: NameServer = 205.188.146.145
O17 - HKLM\System\CS1\Services\Tcpip\..\{04F46272-E654-4F67-BF13-6A5071E2782C}: NameServer = 205.188.146.145
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: wineij32 - wineij32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe



avenger::

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\xjfrajtl

*******************

Script file located at: \??\C:\WINDOWS\system32\uguirphc.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\m864lijq18oe.dll deleted successfully.


File C:\WINDOWS\system32\fp2603fse.dll not found!
Deletion of file C:\WINDOWS\system32\fp2603fse.dll failed!

Could not process line:
C:\WINDOWS\system32\fp2603fse.dll
Status: 0xc0000034



File C:\WINDOWS\system32\nbtui2.dll not found!
Deletion of file C:\WINDOWS\system32\nbtui2.dll failed!

Could not process line:
C:\WINDOWS\system32\nbtui2.dll
Status: 0xc0000034



File C:\WINDOWS\system32\i2420choef4c0.dll not found!
Deletion of file C:\WINDOWS\system32\i2420choef4c0.dll failed!

Could not process line:
C:\WINDOWS\system32\i2420choef4c0.dll
Status: 0xc0000034



File C:\WINDOWS\system32\guard.tmp not found!
Deletion of file C:\WINDOWS\system32\guard.tmp failed!

Could not process line:
C:\WINDOWS\system32\guard.tmp
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.

#8 Daemon

Daemon

    Security Expert


  • Members
  • 1,446 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:06 PM

Posted 23 April 2006 - 05:45 AM

OK good. Make sure that you have no browser windows open as this could prevent the fix from working properly. Open HijackThis, scan and when complete, remove the following entries by checking the box to the left and clicking 'fixed checked':

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
O4 - HKLM\..\Run: [w1dd1193.dll] RUNDLL32.EXE w1dd1193.dll,I2 0008667001dd1193
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1162
O20 - Winlogon Notify: wineij32 - wineij32.dll (file missing)


Exit HijackThis when done. Reboot, rescan with HijackThis and post a new log here.
Posted Image

Have I helped you? Please consider donating to help me continue with the fight against malware. Click here

#9 Asyla

Asyla
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:06 PM

Posted 23 April 2006 - 06:00 AM

Logfile of HijackThis v1.99.1
Scan saved at 11:57:05, on 23/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\VoyagerTest\fts.exe
C:\Program Files\Philips\Digital Media Manager\java\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\SpyNoMore\SNM.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Philips\Digital Media Manager\java\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{04F46272-E654-4F67-BF13-6A5071E2782C}: NameServer = 205.188.146.145
O17 - HKLM\System\CS1\Services\Tcpip\..\{04F46272-E654-4F67-BF13-6A5071E2782C}: NameServer = 205.188.146.145
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

#10 Daemon

Daemon

    Security Expert


  • Members
  • 1,446 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:06 PM

Posted 23 April 2006 - 06:02 AM

Looks better - how is it running now?
Posted Image

Have I helped you? Please consider donating to help me continue with the fight against malware. Click here

#11 Daemon

Daemon

    Security Expert


  • Members
  • 1,446 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:06 PM

Posted 29 April 2006 - 01:10 PM

As this problem has been resolved the topic will be closed. If you need this topic reopened, please email the moderating team - be sure to include the address of the thread and the name you posted under.
Posted Image

Have I helped you? Please consider donating to help me continue with the fight against malware. Click here




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users