Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Lots Of Pop Ups


  • This topic is locked This topic is locked
14 replies to this topic

#1 brown627

brown627

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:36 AM

Posted 07 May 2006 - 08:04 PM

Proplems i'm having lots of pop ups and internet shutting down.

Logfile of HijackThis v1.99.1
Scan saved at 9:01:13 PM, on 5/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\VG9ueWE\command.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Network Monitor\netmon.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\outlook\outlook.exe
C:\windows\mousepad17.exe
C:\WINDOWS\SYSC00.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\windows\system32\fthot.exe
C:\windows\system32\pqdsregl.exe
C:\WINDOWS\win3206778604875.exe
C:\WINDOWS\system32\winlog.exe
C:\WINDOWS\ahoadtqA.exe
C:\WINDOWS\win3208860487577.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Windows Plus\Dancer\Dancer.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\lwinrqag.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\AdwareAlert\Launcher.exe
C:\Program Files\Outlook Express\wabfind.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\COMMON~1\MICROS~1\Msinfo\OFFPROV.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://fast-finder.com/searchresults.asp?si=20061&k=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://fast-finder.com/searchresults.asp?si=20061&k=
R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\odyau.exe
F2 - REG:system.ini: UserInit=userinit.exe,aygefvf.exe
O2 - BHO: XBTB04715 - {A8B0BDED-64A5-495b-97DA-42C0301E229B} - C:\PROGRA~1\TOOLBA~1\TOOLBA~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Toolbar888 - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Toolbar888\ToolBar888.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB001" /M "Stylus Photo R220"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard17.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad17.exe
O4 - HKLM\..\Run: [newname] C:\\newname17.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe
O4 - HKLM\..\Run: [w332ee1e.dll] RUNDLL32.EXE w332ee1e.dll,I2 000ac7e90332ee1e
O4 - HKLM\..\Run: [lstat] c:\windows\system32\fthot.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [{DA-AC-C0-02-ZN}] C:\windows\system32\pqdsregl.exe CORN004
O4 - HKLM\..\Run: [win3206778604875] C:\WINDOWS\win3206778604875.exe
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [ahoadtqA] C:\WINDOWS\ahoadtqA.exe
O4 - HKLM\..\Run: [win3208860487577] C:\WINDOWS\win3208860487577.exe
O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\lwinrqag.exe CORN004
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Dancer] "C:\Program Files\Windows Plus\Dancer\Dancer.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\Registry Cleaner Trial\Regclean.exe" -startminimize
O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00003.exe"
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\lwinrqag.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - AppInit_DLLs: repairs303169584.dll
O20 - Winlogon Notify: Extensions - C:\WINDOWS\system32\n2n60c5sef.dll (file missing)
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\VG9ueWE\command.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\ahoadtq.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

BC AdBot (Login to Remove)

 


m

#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:08:36 AM

Posted 08 May 2006 - 01:47 AM

Hello,

Perform everything in exactly the same order without missing any step!!

Go to start > controlpanel > software > add/remove programs and uninstall next programs if present:

Windows Overlay Components
Command
Network Monitor
SurfSideKick
Zeno / ZenoSearch
Registry Cleaner Trial
Toolbar888


REBOOT everytime when asked! This is important!

I also see you were dealing with Look2me, so not sure if everything is restored properly here..

* Download Brute Force Uninstaller.
Unzip it to a folder of it’s own (c:\BFU).
Read here how to unzip/extract properly:
http://metallica.geekstogo.com/xpcompressedexplanation.html
Start the Brute Force Uninstaller by doubleclicking BFU.exe

Next to the 'scriptfile to execute'-window you'll see a little icon as shown in next picture: Posted Image
When you click that icon, a little window will open that says: 'Please enter the full URL to the sript you want to execute'
In the field, copy and paste next URL:

http://metallica.geekstogo.com/alcanshorty.bfu

Click Ok.
Then click execute in Brute Force Uninstaller.

Extra note:
If nothing happens after pressing the Execute button, this means that the script didn't download. In that case, download the script ( alcanshorty.bfu ) manually from above url ( rightclick on it and choose 'save as' and save it in your BFU-folder). Then start BFU.exe again and click the browse button next to the 'scriptfile to execute'-window
Browse to the script you downloaded and Click Ok and Execute in Brute Force Uninstaller.


Wait for the complete script execution box to popup and press OK.
Press exit to terminate the BFU program.

Please download Look2Me-Destroyer.exe to your desktop.
  • Close all windows before continuing.
  • Double-click Look2Me-Destroyer.exe to run it.
  • Put a check next to Run this program as a task.
  • You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 1 minute. Click OK
  • When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
  • Once it's done scanning, click the Remove L2M button.
  • You will receive a Done Scanning message, click OK.
  • When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
  • Your computer will then shutdown.
  • Turn your computer back on.
If Look2Me-Destroyer does not reopen automatically, reboot and try again.

If you receive a message from your firewall about this program accessing the internet please allow it.

If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.
http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX

* Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Click the "Delete Cookies" button
  • Next to it, Click the "Delete Files" button
  • When prompted, place a check in: "Delete all offline content", click OK
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu on the left side of the Options window.
  • Click the Clear button located to the right of each option (History, Cookies, Cache).
  • Click OK to close the Options window
    Alternatively, you can clear all information stored while browsing by clicking Clear All.
    A confirmation dialog box will be shown before clearing the information.
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
  • Download qoofix.bat (rightclick on this link and choose save as)
  • Place qoofix.bat in your C:\BFU - folder. (Important!)
  • Doubleclick qooFix.bat, Close all browsers and explorer folders.
  • Choose option 1 (Qoolfix autofix) and follow the prompts.
  • Please be patient, it will take about five minutes.
* Perform an onlinescan with panda: (please use this scanner instead of any other scanner!)
Panda Online
- Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post the contents of the Panda scan report Together with the contents of Look2Me-Destroyer.txt present on your desktop and a new HiJackThis log.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 brown627

brown627
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:36 AM

Posted 12 May 2006 - 10:59 AM

This is my look2me-destroyer log. Length was to long to send all logs together. Hijackthis and activescan log will follow.
Thanks

Look2Me-Destroyer V1.0.12

Scanning for infected files.....
Scan started at 5/10/2006 8:59:10 PM

Infected! C:\WINDOWS\system32\n2n60c5sef.dll
Infected! C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP107\A0017052.dll
Infected! C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP107\A0018046.dll
Infected! C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP107\A0019052.dll
Infected! C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP107\A0020043.dll
Infected! C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP107\A0020117.dll
Infected! C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP107\A0020120.dll
Infected! C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP107\A0021117.dll
Infected! C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP107\A0021137.dll
Infected! C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP107\A0021150.dll
Infected! C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP107\A0022148.dll
Infected! C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP107\A0023148.dll
Infected! C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP107\A0024160.dll
Infected! C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP107\A0025139.dll
Infected! C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP108\A0027170.dll
Infected! C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP109\A0029153.dll
Infected! C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP109\A0029172.dll
Infected! C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP109\A0029173.dll
Infected! C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP109\A0029174.dll
Infected! C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP109\A0029175.dll
Infected! C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP109\A0029176.dll
Infected! C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP109\A0030138.dll
Infected! C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP109\A0030325.dll
Infected! C:\WINDOWS\system32\azaulaf91d2.dll
Infected! C:\WINDOWS\system32\enp6l17s1.dll
Infected! C:\WINDOWS\system32\fpj0031me.dll
Infected! C:\WINDOWS\system32\fpr0039me.dll
Infected! C:\WINDOWS\system32\h04mlah11d4.dll
Infected! C:\WINDOWS\system32\j6p0lg7m16.dll
Infected! C:\WINDOWS\system32\k0pmla711d.dll
Infected! C:\WINDOWS\system32\k4620ejoehoc0.dll
Infected! C:\WINDOWS\system32\m4ls0e37eh.dll
Infected! C:\WINDOWS\system32\mv42l9ho1.dll
Infected! C:\WINDOWS\system32\n02ulaf91d2.dll

Attempting to delete infected files...

Attempting to delete: C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP107\A0017052.dll
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP107\A0017052.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP107\A0018046.dll
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP107\A0018046.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP107\A0019052.dll
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP107\A0019052.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP107\A0020043.dll
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP107\A0020043.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP107\A0020117.dll
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP107\A0020117.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP107\A0020120.dll
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP107\A0020120.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP107\A0021117.dll
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP107\A0021117.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP107\A0021137.dll
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP107\A0021137.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP107\A0021150.dll
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP107\A0021150.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP107\A0022148.dll
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP107\A0022148.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP107\A0023148.dll
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP107\A0023148.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP107\A0024160.dll
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP107\A0024160.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP107\A0025139.dll
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP107\A0025139.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP108\A0027170.dll
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP108\A0027170.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP109\A0029153.dll
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP109\A0029153.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP109\A0029172.dll
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP109\A0029172.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP109\A0029173.dll
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP109\A0029173.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP109\A0029174.dll
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP109\A0029174.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP109\A0029175.dll
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP109\A0029175.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP109\A0029176.dll
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP109\A0029176.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP109\A0030138.dll
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP109\A0030138.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP109\A0030325.dll
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP109\A0030325.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\azaulaf91d2.dll
C:\WINDOWS\system32\azaulaf91d2.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\enp6l17s1.dll
C:\WINDOWS\system32\enp6l17s1.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\fpj0031me.dll
C:\WINDOWS\system32\fpj0031me.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\fpr0039me.dll
C:\WINDOWS\system32\fpr0039me.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\h04mlah11d4.dll
C:\WINDOWS\system32\h04mlah11d4.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\j6p0lg7m16.dll
C:\WINDOWS\system32\j6p0lg7m16.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\k0pmla711d.dll
C:\WINDOWS\system32\k0pmla711d.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\k4620ejoehoc0.dll
C:\WINDOWS\system32\k4620ejoehoc0.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\m4ls0e37eh.dll
C:\WINDOWS\system32\m4ls0e37eh.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\mv42l9ho1.dll
C:\WINDOWS\system32\mv42l9ho1.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\n02ulaf91d2.dll
C:\WINDOWS\system32\n02ulaf91d2.dll Deleted successfully!

Making registry repairs.

Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Extensions

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{C0CBEA47-9F15-447D-8A25-0F4C16458D28}"
HKCR\Clsid\{C0CBEA47-9F15-447D-8A25-0F4C16458D28}

Restoring Windows certificates.

Replaced hosts file with default windows hosts file


Restoring SeDebugPrivilege for Administrators - Succeeded

#4 brown627

brown627
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:36 AM

Posted 12 May 2006 - 11:01 AM

Hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 11:27:27 AM, on 5/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\VG9ueWE\command.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ahoadtq.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\windows\system32\fthot.exe
C:\windows\system32\pqdsregl.exe
C:\WINDOWS\win3206778604875.exe
C:\WINDOWS\ahoadtqA.exe
C:\WINDOWS\win3208860487577.exe
C:\defender19a.exe
C:\Program Files\webHancer\Programs\whagent.exe
C:\Program Files\webHancer\Programs\whsurvey.exe
C:\WINDOWS\thiselt.exe
C:\WINDOWS\ms03875778604.exe
C:\WINDOWS\cfg32.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Windows Plus\Dancer\Dancer.exe
C:\PROGRA~1\COMMON~1\RACLE~1\winlogon.exe
C:\Program Files\Common Files\svchostsys\svchostsys.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Weather\Weather.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\cfg32a.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\GemMaster\ACTOROBJMCE.exe
C:\WINDOWS\??pPatch\?srss.exe
C:\PROGRA~1\COMMON~1\MICROS~1\Msinfo\OFFPROV.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://fast-finder.com/searchresults.asp?si=20061&k=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://fast-finder.com/searchresults.asp?si=20061&k=
R3 - URLSearchHook: (no name) - {EAC522A2-CA6F-CAE8-38F2-E37B44FE29E5} - C:\WINDOWS\system32\jyh.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\cfg32p.dll
O2 - BHO: web compressor - {23FB5ADD-DA37-4a40-9FC0-B0E2384CDE92} - C:\WINDOWS\system32\nsw27.dll
O2 - BHO: wb - {55BE9F0D-6CAF-4c3e-B125-5A13A8C9D0EC} - C:\WINDOWS\system32\nsl29.dll
O2 - BHO: RieMon Class - {70F6A776-579A-4C95-BA88-134253907752} - C:\WINDOWS\system32\irsmjhij.dll
O2 - BHO: CFG32S - {7564B020-44E8-4c9b-A887-C6EC41AC67DA} - C:\WINDOWS\cfg32r.dll
O2 - BHO: Related Page - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB57.dll
O2 - BHO: XBTB04715 - {A8B0BDED-64A5-495b-97DA-42C0301E229B} - C:\PROGRA~1\TOOLBA~1\tbu02640\TOOLBA~1.DLL
O2 - BHO: Scaggy Insert - {C68AE9C0-0909-4DDC-B661-C1AFB9F59898} - C:\WINDOWS\cfg32o.dll
O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll
O2 - BHO: (no name) - {EAC522A2-CA6F-CAE8-38F2-E37B44FE29E5} - C:\WINDOWS\system32\jyh.dll
O2 - BHO: Internet Explorer Web Content Catcher - {FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} - C:\Program Files\DNS\Catcher.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB57.dll
O3 - Toolbar: Toolbar888 - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Toolbar888\tbu02640\ToolBar888.dll
O3 - Toolbar: Search - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\WINDOWS\cfg32s.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB001" /M "Stylus Photo R220"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [keyboard] C:\\keyboard19.exe
O4 - HKLM\..\Run: [newname] C:\\newname19.exe
O4 - HKLM\..\Run: [xlmnto] C:\WINDOWS\system32\ytivuq.exe reg_run
O4 - HKLM\..\Run: [w332ee1e.dll] RUNDLL32.EXE w332ee1e.dll,I2 000ac7e90332ee1e
O4 - HKLM\..\Run: [lstat] c:\windows\system32\fthot.exe
O4 - HKLM\..\Run: [{DA-AC-C0-02-ZN}] C:\windows\system32\pqdsregl.exe CORN004
O4 - HKLM\..\Run: [win3206778604875] C:\WINDOWS\win3206778604875.exe
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [ahoadtqA] C:\WINDOWS\ahoadtqA.exe
O4 - HKLM\..\Run: [win3208860487577] C:\WINDOWS\win3208860487577.exe
O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [defender] C:\\defender19a.exe
O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Program Files\webHancer\Programs\whsurvey.exe
O4 - HKLM\..\Run: [pop06apelt] C:\WINDOWS\thiselt.exe
O4 - HKLM\..\Run: [ms03875778604] C:\WINDOWS\ms03875778604.exe
O4 - HKLM\..\Run: [Configuration Manager] C:\WINDOWS\cfg32.exe
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKLM\..\RunOnce: [Panda_cleaner_275273] C:\WINDOWS\system32\ActiveScan\pavdr.exe xPanda ActiveScan 275273
O4 - HKLM\..\RunOnce: [Panda_cleaner_268351] C:\WINDOWS\system32\ActiveScan\pavdr.exe xPanda ActiveScan 268351
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Dancer] "C:\Program Files\Windows Plus\Dancer\Dancer.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [uispv] C:\WINDOWS\system32\ytivuq.exe reg_run
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\Registry Cleaner Trial\regclean.exe" -startminimize
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-110-12-0000137.exe
O4 - HKCU\..\Run: [Uaol] "C:\PROGRA~1\COMMON~1\RACLE~1\winlogon.exe" -vt yazr
O4 - HKCU\..\Run: [Mfnlh] C:\WINDOWS\??pPatch\?srss.exe
O4 - HKCU\..\Run: [sys_up1] C:\Program Files\Common Files\svchostsys\svchostsys.exe
O4 - HKCU\..\Run: [irssyncd] C:\WINDOWS\system32\irssyncd.exe
O4 - Startup: Weather.lnk = C:\Program Files\Weather\Weather.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\lwinrqag.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} (mm06ocx.mm06ocxf) - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\VG9ueWE\command.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\ahoadtq.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

#5 brown627

brown627
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:36 AM

Posted 12 May 2006 - 12:23 PM

activescan log to long to send. Any suggestion on how to send the log?

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:08:36 AM

Posted 12 May 2006 - 01:08 PM

Hi, wait with the Panda log for now... Looks like the alcanshortyscript didn't run properly, or you didn't perform it in the right order.

Let's clean up a bit more first... because your system is still a mess. It actually suprises me that it will still start up.

First of all, Open your C:\BFU-folder and check if next is present: alcanshorty.bfu
In case it's not, download it from next link:
http://metallica.geekstogo.com/alcanshorty.bfu
Place alcanshorty.bfu in the C:\BFU-folder

It's better to print out the next instructions or save it in notepad, because you also have to work in safe mode without networking support, so this page wouldn't be available then.
It is also important you don't miss a step and perform everything in the right order!!

Go to start > controlpanel > software and uninstall next programs if present:

Windows Overlay Components
Command
WebHancer
Zenosearch
OINS
Purityscan
Registry Cleaner Trial
Surfsidekick
Toolbar888
Gemmaster


Please follow the instructions they give you during the uninstall.
Some programs will ask/tell to reboot. Please do so, this is important!
Once all above is uninstalled, perform next:

* Please set your system to show all files; please see here if you're unsure how to do this.

Please download Ewido anti-malware ; it is a free version of the program.
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu
  • Launch ewido by double-clicking on the icon on your desktop.
  • The program will now open to the main screen.
  • When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display ("Update successful")
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates
Don't run it yet.

* Reboot into Safe Mode`: ( without networking support !)
°To get into the Safe mode as the computer is booting press and hold your "F8 Key". Use your arrow keys to move to "Safe Mode" and press your Enter key.

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://fast-finder.com/searchresults.asp?si=20061&k=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://fast-finder.com/searchresults.asp?si=20061&k=
R3 - URLSearchHook: (no name) - {EAC522A2-CA6F-CAE8-38F2-E37B44FE29E5} - C:\WINDOWS\system32\jyh.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\cfg32p.dll
O2 - BHO: web compressor - {23FB5ADD-DA37-4a40-9FC0-B0E2384CDE92} - C:\WINDOWS\system32\nsw27.dll
O2 - BHO: wb - {55BE9F0D-6CAF-4c3e-B125-5A13A8C9D0EC} - C:\WINDOWS\system32\nsl29.dll
O2 - BHO: RieMon Class - {70F6A776-579A-4C95-BA88-134253907752} - C:\WINDOWS\system32\irsmjhij.dll
O2 - BHO: CFG32S - {7564B020-44E8-4c9b-A887-C6EC41AC67DA} - C:\WINDOWS\cfg32r.dll
O2 - BHO: Related Page - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB57.dll
O2 - BHO: XBTB04715 - {A8B0BDED-64A5-495b-97DA-42C0301E229B} - C:\PROGRA~1\TOOLBA~1\tbu02640\TOOLBA~1.DLL
O2 - BHO: Scaggy Insert - {C68AE9C0-0909-4DDC-B661-C1AFB9F59898} - C:\WINDOWS\cfg32o.dll
O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll
O2 - BHO: (no name) - {EAC522A2-CA6F-CAE8-38F2-E37B44FE29E5} - C:\WINDOWS\system32\jyh.dll
O2 - BHO: Internet Explorer Web Content Catcher - {FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} - C:\Program Files\DNS\Catcher.dll
O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB57.dll
O3 - Toolbar: Toolbar888 - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Toolbar888\tbu02640\ToolBar888.dll
O3 - Toolbar: Search - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\WINDOWS\cfg32s.dll
O4 - HKLM\..\Run: [keyboard] C:\\keyboard19.exe
O4 - HKLM\..\Run: [newname] C:\\newname19.exe
O4 - HKLM\..\Run: [xlmnto] C:\WINDOWS\system32\ytivuq.exe reg_run
O4 - HKLM\..\Run: [w332ee1e.dll] RUNDLL32.EXE w332ee1e.dll,I2 000ac7e90332ee1e
O4 - HKLM\..\Run: [lstat] c:\windows\system32\fthot.exe
O4 - HKLM\..\Run: [{DA-AC-C0-02-ZN}] C:\windows\system32\pqdsregl.exe CORN004
O4 - HKLM\..\Run: [win3206778604875] C:\WINDOWS\win3206778604875.exe
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [ahoadtqA] C:\WINDOWS\ahoadtqA.exe
O4 - HKLM\..\Run: [win3208860487577] C:\WINDOWS\win3208860487577.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [defender] C:\\defender19a.exe
O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Program Files\webHancer\Programs\whsurvey.exe
O4 - HKLM\..\Run: [pop06apelt] C:\WINDOWS\thiselt.exe
O4 - HKLM\..\Run: [ms03875778604] C:\WINDOWS\ms03875778604.exe
O4 - HKLM\..\Run: [Configuration Manager] C:\WINDOWS\cfg32.exe
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [uispv] C:\WINDOWS\system32\ytivuq.exe reg_run
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\Registry Cleaner Trial\regclean.exe" -startminimize
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-110-12-0000137.exe
O4 - HKCU\..\Run: [Uaol] "C:\PROGRA~1\COMMON~1\RACLE~1\winlogon.exe" -vt yazr
O4 - HKCU\..\Run: [Mfnlh] C:\WINDOWS\??pPatch\?srss.exe
O4 - HKCU\..\Run: [sys_up1] C:\Program Files\Common Files\svchostsys\svchostsys.exe
O4 - HKCU\..\Run: [irssyncd] C:\WINDOWS\system32\irssyncd.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\lwinrqag.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} (mm06ocx.mm06ocxf) - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O18 - Filter: text/html - (no CLSID) - (no file)
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\VG9ueWE\command.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\ahoadtq.exe


* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

* Using Windows Explorer, locate the following files/folders, and delete them if still present:
Keep in mind, some will be hidden files and folders, so make sure hidden files and folders are shown as I already explained you previously.

C:\WINDOWS\VG9ueWE <== folder
C:\WINDOWS\ahoadtq.exe
C:\windows\system32\fthot.exe
C:\windows\system32\pqdsregl.exe
C:\WINDOWS\win3206778604875.exe
C:\WINDOWS\ahoadtqA.exe
C:\WINDOWS\win3208860487577.exe
C:\defender19a.exe
C:\WINDOWS\thiselt.exe
C:\WINDOWS\ms03875778604.exe
C:\WINDOWS\cfg32.exe
C:\Program Files\Common Files\svchostsys <== folder
C:\WINDOWS\cfg32a.exe
C:\Program Files\DNS <== folder
C:\Program Files\Toolbar888 <== folder
C:\keyboard19.exe
C:\newname19.exe
C:\Windows\system32\w332ee1e.dll
C:\Program Files\SurfSideKick 3 <== folder
C:\defender19a.exe
C:\Program Files\Common Files\mc-110-12-0000137.exe
C:\WINDOWS\system32\irssyncd.exe
C:\WINDOWS\system32\lwinrqag.exe
C:\WINDOWS\system32\dwdsregt.exe

* Open C:\BFU-folder and doubleclick BFU.exe
Next to the 'scriptfile to execute'-window, you'll find the browse button (yellow folder)
Click it and browse to alcanshorty.bfu
Click Ok and then click Execute below.

* Still in safe mode... * Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Click the "Delete Cookies" button
  • Next to it, Click the "Delete Files" button
  • When prompted, place a check in: "Delete all offline content", click OK
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu on the left side of the Options window.
  • Click the Clear button located to the right of each option (History, Cookies, Cache).
  • Click OK to close the Options window
    Alternatively, you can clear all information stored while browsing by clicking Clear All.
    A confirmation dialog box will be shown before clearing the information.
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
* Open Ewido anti-malware
Click on scanner

* Click Complete System Scan and the scan will begin.
* During the scan it will prompt you to clean files, click OK
* When the scan is finished, look at the bottom of the screen and click the Save report button.
* Save the report to your desktop

Close Ewido

* Reboot your system back to normal mode.

* Delete your previous Panda log and Perform an onlinescan with panda again: (please use this scanner instead of any other scanner!)
Panda Online
- Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post the contents of the Panda scan report in your next reply
together a fresh HijackThis log and the ewido-log so I can take another look.

Edited by miekiemoes, 12 May 2006 - 01:09 PM.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 brown627

brown627
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:36 AM

Posted 14 May 2006 - 09:47 PM

Incident Status Location

Adware:Adware/Deskwizz Not disinfected C:\bintheredunthat\VSL02.exe
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\LocalService\Cookies\system@888[1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\LocalService\Cookies\system@888[2].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\LocalService\Cookies\system@cassava[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\LocalService\Cookies\system@realmedia[2].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\LocalService\Cookies\system@winfixer[2].txt
Spyware:spyware/surfsidekick Not disinfected C:\Documents and Settings\Tonya\Application Data\Sskknwrd.dll
Adware:Adware/CWS.Searchmeup Not disinfected C:\Documents and Settings\Tonya\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-debb6b6-2b3430f5.zip[GetAccess.class]
Adware:Adware/CWS.Searchmeup Not disinfected C:\Documents and Settings\Tonya\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-debb6b6-2b3430f5.zip[Installer.class]
Adware:Adware/CWS.Searchmeup Not disinfected C:\Documents and Settings\Tonya\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-debb6b6-2fdf61e7.zip[GetAccess.class]
Adware:Adware/CWS.Searchmeup Not disinfected C:\Documents and Settings\Tonya\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-debb6b6-2fdf61e7.zip[Installer.class]
Spyware:Cookie/nCase Not disinfected C:\Documents and Settings\Tonya\Cookies\tonya@10103[1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Tonya\Cookies\tonya@888[2].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Tonya\Cookies\tonya@888[3].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Tonya\Cookies\tonya@ad.yieldmanager[2].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Tonya\Cookies\tonya@adopt.hbmediapro[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Tonya\Cookies\tonya@adrevolver[2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Tonya\Cookies\tonya@apmebf[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Tonya\Cookies\tonya@belnk[1].txt
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Tonya\Cookies\tonya@bravenet[2].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\Tonya\Cookies\tonya@cassava[1].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Tonya\Cookies\tonya@ccbill[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Tonya\Cookies\tonya@dist.belnk[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Tonya\Cookies\tonya@doubleclick[1].txt
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\Tonya\Cookies\tonya@fortunecity[2].txt
Spyware:Cookie/nCase Not disinfected C:\Documents and Settings\Tonya\Cookies\tonya@Kiddo[1].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Tonya\Cookies\tonya@maxserving[1].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Tonya\Cookies\tonya@offeroptimizer[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Tonya\Cookies\tonya@realmedia[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Tonya\Cookies\tonya@zedo[1].txt
Adware:Adware/Maxifiles Not disinfected C:\Documents and Settings\Tonya\Desktop\freeprodtb.exe
Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\Tonya\Local Settings\Temp\!update.exe
Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\Tonya\Local Settings\Temporary Internet Files\Content.IE5\C1Q345U7\!update-3895[1].0000
Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\Program Files\Common Files\Companion Wizard\WapCHK.dll
Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\Program Files\Common Files\Companion Wizard\WapCHK{E1B4F093-DC28-4722-9327-DABA21DDF394}.dll
Adware:Adware/PurityScan Not disinfected C:\Program Files\Common Files\?racle\winlogon.exe
Adware:Adware/NewAds Not disinfected C:\Program Files\WinAntiVirus Pro 2006\histor.exe
Adware:Adware/NewAds Not disinfected C:\Program Files\Windows\WinUpdate.exe[²ªÇ]
Spyware:Spyware/SurfSideKick Not disinfected C:\RECYCLER\S-1-5-21-1791450740-689350535-652897969-1005\Dc3\SskBho.dl_
Virus:Trj/Downloader.HPZ Not disinfected C:\WINDOWS\pf78.exe[pms111x.exe]
Virus:Trj/VB.MC Not disinfected C:\WINDOWS\pf78.exe[SYSC00.exe]
Adware:Adware/Deskwizz Not disinfected C:\WINDOWS\system32\VSL03.exe[VSL.dl_]
Adware:adware/dollarrevenue Not disinfected C:\WINDOWS\teller2.chk
Spyware:Spyware/Media-motor Not disinfected C:\WINDOWS\thiselt.exe


Logfile of HijackThis v1.99.1
Scan saved at 10:17:59 PM, on 5/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\cfg32.exe
C:\windows\system32\fthot.exe
C:\WINDOWS\thiselt.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Windows Plus\Dancer\Dancer.exe
C:\WINDOWS\??pPatch\?srss.exe
C:\Program Files\Common Files\svchostsys\svchostsys.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Weather\Weather.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\WinAntiVirus Pro 2006\histor.exe
C:\WINDOWS\cfg32a.exe
C:\PROGRA~1\COMMON~1\RACLE~1\winlogon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\COMMON~1\MICROS~1\Msinfo\OFFPROV.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://fast-finder.com/searchresults.asp?si=20061&k=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://fast-finder.com/searchresults.asp?si=20061&k=
R3 - URLSearchHook: (no name) - {EAC522A2-CA6F-CAE8-38F2-E37B44FE29E5} - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\cfg32p.dll
O2 - BHO: RieMon Class - {70F6A776-579A-4C95-BA88-134253907752} - C:\WINDOWS\system32\irsmjhij.dll (file missing)
O2 - BHO: CFG32S - {7564B020-44E8-4c9b-A887-C6EC41AC67DA} - C:\WINDOWS\cfg32r.dll
O2 - BHO: Scaggy Insert - {C68AE9C0-0909-4DDC-B661-C1AFB9F59898} - C:\WINDOWS\cfg32o.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Search - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\WINDOWS\cfg32s.dll
O4 - HKLM\..\Run: [{DA-AC-C0-02-ZN}] c:\windows\system32\pqdsregl.exe CORN004
O4 - HKLM\..\Run: [Configuration Manager] C:\WINDOWS\cfg32.exe
O4 - HKLM\..\Run: [lstat] c:\windows\system32\fthot.exe
O4 - HKLM\..\Run: [win3208860487577] C:\WINDOWS\win3208860487577.exe
O4 - HKLM\..\Run: [ahoadtqA] C:\WINDOWS\ahoadtqA.exe
O4 - HKLM\..\Run: [pop06apelt] C:\WINDOWS\thiselt.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Dancer] "C:\Program Files\Windows Plus\Dancer\Dancer.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [uispv] C:\WINDOWS\system32\ytivuq.exe reg_run
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\Registry Cleaner Trial\regclean.exe" -startminimize
O4 - HKCU\..\Run: [Uaol] "C:\PROGRA~1\COMMON~1\RACLE~1\winlogon.exe" -vt ndrv
O4 - HKCU\..\Run: [Mfnlh] C:\WINDOWS\??pPatch\?srss.exe
O4 - HKCU\..\Run: [sys_up1] C:\Program Files\Common Files\svchostsys\svchostsys.exe
O4 - HKCU\..\Run: [irssyncd] C:\WINDOWS\system32\irssyncd.exe
O4 - Startup: Weather.lnk = C:\Program Files\Weather\Weather.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe


---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 10:44:43 PM, 5/14/2006
+ Report-Checksum: 437D80F5

+ Scan result:

HKLM\SOFTWARE\Classes\AppID\BookedSpace.DLL -> Adware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\BHO.Adware -> Adware.Ezula : Cleaned with backup
HKLM\SOFTWARE\Classes\BHO.Adware\CLSID -> Adware.Ezula : Cleaned with backup
HKLM\SOFTWARE\Classes\BHO.Adware\CurVer -> Adware.Ezula : Cleaned with backup
HKLM\SOFTWARE\Classes\BHO.Adware.1 -> Adware.Ezula : Cleaned with backup
HKLM\SOFTWARE\Classes\BHO.Hider -> Adware.Ezula : Cleaned with backup
HKLM\SOFTWARE\Classes\BHO.Hider\CLSID -> Adware.Ezula : Cleaned with backup
HKLM\SOFTWARE\Classes\BHO.Hider\CurVer -> Adware.Ezula : Cleaned with backup
HKLM\SOFTWARE\Classes\BHO.Hider.1 -> Adware.Ezula : Cleaned with backup
HKLM\SOFTWARE\Classes\BookedSpace.Extension -> Adware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\BookedSpace.Extension\CLSID -> Adware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\BookedSpace.Extension\CurVer -> Adware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\BookedSpace.Extension.5 -> Adware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2178F3FB-2560-458f-BDEE-631E2FE0DFE4} -> Adware.WinAntiVirus : Cleaned with backup
HKLM\SOFTWARE\Classes\KBBar.KBBarBand -> Adware.PowerStrip : Cleaned with backup
HKLM\SOFTWARE\Classes\KBBar.KBBarBand\CLSID -> Adware.PowerStrip : Cleaned with backup
HKLM\SOFTWARE\Classes\KBBar.KBBarBand\CurVer -> Adware.PowerStrip : Cleaned with backup
HKLM\SOFTWARE\Classes\KBBar.KBBarBand.1 -> Adware.PowerStrip : Cleaned with backup
HKLM\SOFTWARE\ClickSpring -> Adware.PurityScan : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Netstat -> Adware.Ezula : Cleaned with backup
HKLM\SOFTWARE\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup
HKLM\SOFTWARE\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup
HKLM\SOFTWARE\webhancer -> Adware.WebHancer : Cleaned with backup
HKLM\SOFTWARE\webhancer\CC -> Adware.WebHancer : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{55BE9F0D-6CAF-4C3E-B125-5A13A8C9D0EC} -> Adware.Generic : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5AF2622-8C75-4DFB-9693-23AB7686A456} -> Adware.Generic : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FFF4E223-7019-4CE7-BE03-D7D3C8CCE884} -> Adware.Shorty : Cleaned with backup
HKU\S-1-5-21-1791450740-689350535-652897969-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2178F3FB-2560-458F-BDEE-631E2FE0DFE4} -> Adware.WinAntiVirus : Cleaned with backup
HKU\S-1-5-21-1791450740-689350535-652897969-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{55BE9F0D-6CAF-4C3E-B125-5A13A8C9D0EC} -> Adware.Generic : Cleaned with backup
HKU\S-1-5-21-1791450740-689350535-652897969-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5AF2622-8C75-4DFB-9693-23AB7686A456} -> Adware.Generic : Cleaned with backup
HKU\S-1-5-21-1791450740-689350535-652897969-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FFF4E223-7019-4CE7-BE03-D7D3C8CCE884} -> Adware.Shorty : Cleaned with backup
HKU\S-1-5-21-1791450740-689350535-652897969-1005\Software\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup
HKU\S-1-5-21-1791450740-689350535-652897969-1005\Software\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{55BE9F0D-6CAF-4C3E-B125-5A13A8C9D0EC} -> Adware.Generic : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5AF2622-8C75-4DFB-9693-23AB7686A456} -> Adware.Generic : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FFF4E223-7019-4CE7-BE03-D7D3C8CCE884} -> Adware.Shorty : Cleaned with backup
[3572] C:\Program Files\WinAntiVirus Pro 2006\histor.exe -> Adware.Agent : Cleaned with backup
C:\Documents and Settings\Tonya\Cookies\tonya@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Tonya\Cookies\tonya@zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Program Files\WinAntiVirus Pro 2006\histor.exe -> Adware.Agent : Cleaned with backup


::Report End

#8 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:08:36 AM

Posted 15 May 2006 - 02:12 AM

Hello,

Let's give this another round, because it looks like you missed some steps..
It also looks like you forgot to check and fix some entries in hijackthis.
I can't stress enough how important every step is! Because it will come back all the time otherwise.

I see you also forgot to clean cookies, temp etc.. as I ask before.
Not sure either if you performed my steps in safe mode when I asked.

It is also important you tell me if you couldn't delete a file.

So save next instructions in notepad, because when I ask you to boot in safe mode, this page won't be available.

* Go to start > controlpanel > software > add/remove programs and Uninstall WinAntiVirus Pro 2006.

Then download and use next uninstaller: http://www.outerinfo.com/OiUninstaller.exe

REBOOT afterwards!! Important!!

* Reboot into Safe Mode`: ( without networking support !)
°To get into the Safe mode as the computer is booting press and hold your "F8 Key". Use your arrow keys to move to "Safe Mode" and press your Enter key.

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://fast-finder.com/searchresults.asp?si=20061&k=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://fast-finder.com/searchresults.asp?si=20061&k=
R3 - URLSearchHook: (no name) - {EAC522A2-CA6F-CAE8-38F2-E37B44FE29E5} - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\cfg32p.dll
O2 - BHO: RieMon Class - {70F6A776-579A-4C95-BA88-134253907752} - C:\WINDOWS\system32\irsmjhij.dll (file missing)
O2 - BHO: CFG32S - {7564B020-44E8-4c9b-A887-C6EC41AC67DA} - C:\WINDOWS\cfg32r.dll
O2 - BHO: Scaggy Insert - {C68AE9C0-0909-4DDC-B661-C1AFB9F59898} - C:\WINDOWS\cfg32o.dll
O3 - Toolbar: Search - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\WINDOWS\cfg32s.dll
O4 - HKLM\..\Run: [{DA-AC-C0-02-ZN}] c:\windows\system32\pqdsregl.exe CORN004
O4 - HKLM\..\Run: [Configuration Manager] C:\WINDOWS\cfg32.exe
O4 - HKLM\..\Run: [lstat] c:\windows\system32\fthot.exe
O4 - HKLM\..\Run: [win3208860487577] C:\WINDOWS\win3208860487577.exe
O4 - HKLM\..\Run: [ahoadtqA] C:\WINDOWS\ahoadtqA.exe
O4 - HKLM\..\Run: [pop06apelt] C:\WINDOWS\thiselt.exe
O4 - HKCU\..\Run: [uispv] C:\WINDOWS\system32\ytivuq.exe reg_run
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\Registry Cleaner Trial\regclean.exe" -startminimize
O4 - HKCU\..\Run: [Uaol] "C:\PROGRA~1\COMMON~1\RACLE~1\winlogon.exe" -vt ndrv
O4 - HKCU\..\Run: [Mfnlh] C:\WINDOWS\??pPatch\?srss.exe
O4 - HKCU\..\Run: [sys_up1] C:\Program Files\Common Files\svchostsys\svchostsys.exe
O4 - HKCU\..\Run: [irssyncd] C:\WINDOWS\system32\irssyncd.exe
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com


* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

Please set your system to show all files.
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.
This is an important step, otherwise you won't be able to find some files and folders because they are hidden.

* Using Windows Explorer, locate the following files/folders, and delete them if still present:

C:\WINDOWS\cfg32.exe
C:\windows\system32\fthot.exe
C:\WINDOWS\thiselt.exe
C:\Program Files\Common Files\svchostsys <== folder
C:\Program Files\WinAntiVirus Pro 2006 <== folder
C:\WINDOWS\cfg32a.exe
C:\WINDOWS\cfg32s.dll
c:\windows\system32\pqdsregl.exe
C:\WINDOWS\win3208860487577.exe
C:\WINDOWS\ahoadtqA.exe
C:\WINDOWS\system32\ytivuq.exe
C:\Program Files\SurfSideKick 3 <== folder
C:\Program Files\Registry Cleaner Trial <== folder
C:\WINDOWS\system32\irssyncd.exe
C:\bintheredunthat\VSL02.exe
C:\Documents and Settings\Tonya\Application Data\Sskknwrd.dll
C:\Documents and Settings\Tonya\Desktop\freeprodtb.exe
C:\Program Files\Common Files\Companion Wizard\WapCHK.dll
C:\Program Files\Common Files\Companion Wizard\WapCHK{E1B4F093-DC28-4722-9327-DABA21DDF394}.dll
C:\Program Files\Windows\WinUpdate.exe
C:\WINDOWS\pf78.exe
C:\WINDOWS\pf78.exe
C:\WINDOWS\system32\VSL03.exe
C:\WINDOWS\teller2.chk

Please hide your hidden files and folders afterwards again, because above instructions to set your system to show all files, unhide legit files and folders as well.
And I don't want you to delete them because they may look suspicious. To hide them again, just perform the above instructions in the opposite way.

* Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Click the "Delete Cookies" button
  • Next to it, Click the "Delete Files" button
  • When prompted, place a check in: "Delete all offline content", click OK
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu on the left side of the Options window.
  • Click the Clear button located to the right of each option (History, Cookies, Cache).
  • Click OK to close the Options window
    Alternatively, you can clear all information stored while browsing by clicking Clear All.
    A confirmation dialog box will be shown before clearing the information.
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
Clearing Java Cache:
  • Go to Start > Control Panel double-click on the Java Icon (coffee cup) in the Control Panel.
  • It will say "Java Plug-in" under the icon.
  • Under Temporary Internet Files, click the Delete Files button.
  • There are three options in the window to clear the cache - Leave ALL 3 Checked
    • Downloaded Applets
      Downloaded Applications
      Other Files
  • Click OK on Delete Temporary Files Window.

    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Java Control Panel.
Reboot back to normal mode.

Update your Sun Java:
Updating Java:
  • Go to Start > Control Panel double-click on the Software icon > add/remove programs.
  • Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
    Select it and click Remove.
  • Then Download and install the newest version from here:http://www.java.com/en/download/manual.jsp
Please perform this online scan: Kaspersky Webscan
1. Read the Requirements and Privacy statement, then select "Accept"
2. A dialogue box will appearing asking "Do you want to install this software?" Name: kavwebscan_unicode.cab
3. Select "Install" to download the ActiveX controls that allows ActiveScan to run.
4. If running MSAS beta you may receive an alert that an IE ActiveX program requires your approval. Click "Allow"
5. When the download is complete it will say ready, click "Next"
6. Click "Scan Settings" and check the option to use the EXTENDED DATABASE, then click "OK"
7. Select a target to scan: Click on "My Computer"
8. When the scan is complete choose to save the results as "Save as Text"
9. Post the Kaspersky scan results in your next reply together with a new hijackthislog.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 brown627

brown627
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:36 AM

Posted 16 May 2006 - 04:52 PM

The following files was not found

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R3 - URLSearchHook: (no name) - {EAC522A2-CA6F-CAE8-38F2-E37B44FE29E5} - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O4 - HKLM\..\Run: [{DA-AC-C0-02-ZN}] c:\windows\system32\pqdsregl.exe CORN004
O4 - HKLM\..\Run: [Configuration Manager] C:\WINDOWS\cfg32.exe
O4 - HKLM\..\Run: [lstat] c:\windows\system32\fthot.exe
O4 - HKLM\..\Run: [win3208860487577] C:\WINDOWS\win3208860487577.exe
O4 - HKLM\..\Run: [ahoadtqA] C:\WINDOWS\ahoadtqA.exe
O4 - HKLM\..\Run: [pop06apelt] C:\WINDOWS\thiselt.exe
O4 - HKCU\..\Run: [uispv] C:\WINDOWS\system32\ytivuq.exe reg_run
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\Registry Cleaner Trial\regclean.exe" -startminimize
O4 - HKCU\..\Run: [Uaol] "C:\PROGRA~1\COMMON~1\RACLE~1\winlogon.exe" -vt ndrv
O4 - HKCU\..\Run: [Mfnlh] C:\WINDOWS\??pPatch\?srss.exe
O4 - HKCU\..\Run: [sys_up1] C:\Program Files\Common Files\svchostsys\svchostsys.exe
O4 - HKCU\..\Run: [irssyncd] C:\WINDOWS\system32\irssyncd.exe

C:\WINDOWS\system32\ytivuq.exe
C:\Program Files\SurfSideKick 3 <== folder
C:\Program Files\Registry Cleaner Trial <== folder

C:\Documents and Settings\Tonya\Application Data\Sskknwrd.dll


Logfile of HijackThis v1.99.1
Scan saved at 5:41:05 PM, on 5/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Windows Plus\Dancer\Dancer.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Weather\Weather.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Online Services\Refer me to more Internet Service Providers.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://fast-finder.com/searchresults.asp?si=20061&k=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://fast-finder.com/searchresults.asp?si=20061&k=
R3 - URLSearchHook: (no name) - {EAC522A2-CA6F-CAE8-38F2-E37B44FE29E5} - (no file)
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\cfg32p.dll (file missing)
O2 - BHO: RieMon Class - {70F6A776-579A-4C95-BA88-134253907752} - C:\WINDOWS\system32\irsmjhij.dll (file missing)
O2 - BHO: CFG32S - {7564B020-44E8-4c9b-A887-C6EC41AC67DA} - C:\WINDOWS\cfg32r.dll (file missing)
O2 - BHO: Scaggy Insert - {C68AE9C0-0909-4DDC-B661-C1AFB9F59898} - C:\WINDOWS\cfg32o.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Search - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\WINDOWS\cfg32s.dll
O4 - HKLM\..\Run: [{DA-AC-C0-02-ZN}] c:\windows\system32\pqdsregl.exe CORN004
O4 - HKLM\..\Run: [Configuration Manager] C:\WINDOWS\cfg32.exe
O4 - HKLM\..\Run: [lstat] c:\windows\system32\fthot.exe
O4 - HKLM\..\Run: [win3208860487577] C:\WINDOWS\win3208860487577.exe
O4 - HKLM\..\Run: [ahoadtqA] C:\WINDOWS\ahoadtqA.exe
O4 - HKLM\..\Run: [pop06apelt] C:\WINDOWS\thiselt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Dancer] "C:\Program Files\Windows Plus\Dancer\Dancer.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [uispv] C:\WINDOWS\system32\ytivuq.exe reg_run
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\Registry Cleaner Trial\regclean.exe" -startminimize
O4 - HKCU\..\Run: [sys_up1] C:\Program Files\Common Files\svchostsys\svchostsys.exe
O4 - HKCU\..\Run: [irssyncd] C:\WINDOWS\system32\irssyncd.exe
O4 - Startup: Weather.lnk = C:\Program Files\Weather\Weather.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} (mm06ocx.mm06ocxf) - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

#10 brown627

brown627
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:36 AM

Posted 16 May 2006 - 04:55 PM

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Tuesday, May 16, 2006 5:34:25 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 16/05/2006
Kaspersky Anti-Virus database records: 194346
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 64267
Number of viruses found: 89
Number of infected objects: 692
Number of suspicious objects: 0
Duration of the scan process: 00:37:25

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Tonya\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-debb6b6-2b3430f5.zip/GetAccess.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped
C:\Documents and Settings\Tonya\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-debb6b6-2b3430f5.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped
C:\Documents and Settings\Tonya\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-debb6b6-2b3430f5.zip ZIP: infected - 2 skipped
C:\Documents and Settings\Tonya\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-debb6b6-2fdf61e7.zip/GetAccess.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped
C:\Documents and Settings\Tonya\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-debb6b6-2fdf61e7.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped
C:\Documents and Settings\Tonya\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-debb6b6-2fdf61e7.zip ZIP: infected - 2 skipped
C:\Documents and Settings\Tonya\Desktop\oiuninstaller.exe/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Documents and Settings\Tonya\Desktop\oiuninstaller.exe NSIS: infected - 1 skipped
C:\Program Files\Common Files\EliteMediaGroupOinUninstaller.exe/data0002 Infected: Trojan.Win32.Scapur.k skipped
C:\Program Files\Common Files\EliteMediaGroupOinUninstaller.exe NSIS: infected - 1 skipped
C:\Program Files\DNS\Catcher.tmp Infected: not-a-virus:AdWare.Win32.Maxifiles.a skipped
C:\Program Files\HijackThis\backups\backup-20060514-163233-184.dll Infected: not-a-virus:AdWare.Win32.MediaMotor.n skipped
C:\Program Files\HijackThis\backups\backup-20060514-163233-303.dll Infected: not-a-virus:AdWare.Win32.Maxifiles.a skipped
C:\Program Files\Online Services\Refer me to more Internet Service Providers.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
C:\Program Files\Toolbar888\ToolBar888.dll Infected: not-a-virus:AdWare.Win32.Softomate.j skipped
C:\Program Files\Windows\WinUpdate.exe/stream/data0004 Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped
C:\Program Files\Windows\WinUpdate.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Agent.y skipped
C:\Program Files\Windows\WinUpdate.exe/stream Infected: not-a-virus:AdWare.Win32.Agent.y skipped
C:\Program Files\Windows\WinUpdate.exe NSIS: infected - 3 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP107\A0015060.exe Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP107\A0016041.exe Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP107\A0016042.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP107\A0016043.dll Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP107\A0016044.exe Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP107\A0019057.exe Infected: not-a-virus:Downloader.Win32.DigStream skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP107\A0019066.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP107\A0019067.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP107\A0020042.dll Infected: not-a-virus:AdWare.Win32.NewDotNet.i skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP107\A0020111.exe Infected: not-a-virus:AdWare.Win32.SurfSide.ao skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP107\A0020112.exe/InpB/Ssk.exe Infected: not-a-virus:AdWare.Win32.SurfSide.ao skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP107\A0020112.exe/InpB/Ssk3RepairInstall.exe Infected: not-a-virus:AdWare.Win32.SurfSide.ap skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP107\A0020112.exe/InpB Infected: not-a-virus:AdWare.Win32.SurfSide.ap skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP107\A0020112.exe CAB: infected - 3 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP107\A0020118.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ap skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP107\A0023174.exe/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP107\A0023174.exe/data.rar/whSurvey.exe Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP107\A0023174.exe/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP107\A0023174.exe/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP107\A0023174.exe/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP107\A0023174.exe RarSFX: infected - 5 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP107\A0023175.exe/data0004 Infected: Trojan-Downloader.Win32.Small.ctp skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP107\A0023175.exe/data0005 Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP107\A0023175.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP107\A0023176.exe Infected: Trojan-Dropper.Win32.Agent.aie skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP107\A0023177.EXE Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP107\A0023178.exe Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP107\A0023179.exe Infected: Trojan-Dropper.Win32.Small.qn skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP107\A0023180.exe Infected: Trojan-Downloader.Win32.Adload.ba skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP107\A0023181.exe Infected: Trojan-Downloader.Win32.Small.cpu skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP107\A0024149.dll Infected: Trojan-Downloader.Win32.Small.ctp skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP107\A0024150.exe Infected: Trojan-Clicker.Win32.Agent.gp skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP107\A0024151.exe Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP107\A0024152.exe Infected: Trojan-Clicker.Win32.VB.ij skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP107\A0024153.exe Infected: Trojan-Downloader.Win32.VB.nw skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP107\A0024154.exe Infected: Trojan-Clicker.Win32.VB.ij skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP107\A0024155.exe/data0002 Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP107\A0024155.exe/data0003 Infected: Trojan.Win32.VB.tg skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP107\A0024155.exe/data0006 Infected: Trojan.Win32.VB.tg skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP107\A0024155.exe/data0007 Infected: Trojan.Win32.VB.tg skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP107\A0024155.exe NSIS: infected - 4 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP107\A0024156.exe Infected: Trojan-Downloader.Win32.Dyfuca.ei skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP107\A0024157.exe Infected: Trojan.Win32.VB.tg skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP107\A0024158.exe Infected: Trojan.Win32.VB.tg skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP107\A0024161.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP107\A0024162.dll Infected: Trojan-Downloader.Win32.Agent.agw skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP107\A0024163.exe Infected: Trojan-Downloader.Win32.Qoologic.c skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP107\A0024165.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP107\A0025137.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP107\A0025138.dll Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP107\A0025156.dll Infected: Trojan-Downloader.Win32.Agent.agw skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP107\A0025157.exe Infected: Trojan-Downloader.Win32.Qoologic.c skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP107\A0026137.exe Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP107\A0026139.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP107\A0026154.dll Infected: Trojan-Downloader.Win32.Agent.agw skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP107\A0026155.exe Infected: Trojan-Downloader.Win32.Qoologic.c skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP107\A0026156.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP108\A0026269.exe Infected: Backdoor.Win32.EggDrop.v skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP108\A0027137.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP108\A0027166.dll Infected: Trojan-Downloader.Win32.Agent.agw skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP108\A0027168.exe Infected: Trojan-Downloader.Win32.Qoologic.c skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP109\A0028137.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP109\A0029152.dll Infected: Trojan-Downloader.Win32.Agent.agw skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP109\A0029154.exe Infected: Trojan-Downloader.Win32.Qoologic.c skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP109\A0029157.dll Infected: Trojan-Downloader.Win32.Dyfuca.gen skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP109\A0029158.dll Infected: Trojan-Downloader.Win32.Dyfuca.dt skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP109\A0029159.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP109\A0029161.exe Infected: Trojan-Downloader.Win32.Dyfuca.ez skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP109\A0029162.exe Infected: Trojan-Downloader.Win32.Dyfuca.ei skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP109\A0029163.exe Infected: Trojan-Downloader.Win32.Dyfuca.ez skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP109\A0029164.exe Infected: Trojan-Downloader.Win32.TSUpdate.n skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP109\A0029165.exe Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP109\A0029166.exe Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP109\A0029167.exe Infected: Trojan-Downloader.Win32.VB.nw skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP109\A0029168.exe Infected: Trojan-Downloader.Win32.Dyfuca.ei skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP109\A0029169.exe Infected: Trojan-Downloader.Win32.TSUpdate.o skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP109\A0029170.exe Infected: Trojan-Clicker.Win32.Agent.gp skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP109\A0029178.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP109\A0029181.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP109\A0029182.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP109\A0030137.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP109\A0030139.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP109\A0030140.dll Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP109\A0030141.exe Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP109\A0030142.exe Infected: not-a-virus:Monitor.Win32.NetMon.a skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP109\A0030144.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP109\A0030146.exe Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP109\A0030159.dll Infected: Trojan-Downloader.Win32.Agent.agw skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP109\A0030160.exe Infected: Trojan-Downloader.Win32.Qoologic.c skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP109\A0030324.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.n skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP109\A0031137.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP109\A0032137.exe Infected: not-a-virus:AdWare.Win32.SurfSide.ao skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP109\A0032152.dll Infected: Trojan-Downloader.Win32.Agent.agw skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP109\A0032153.exe Infected: Trojan-Downloader.Win32.Qoologic.c skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP109\A0032180.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP109\A0032181.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP109\A0032182.exe/InpB/Ssk.exe Infected: not-a-virus:AdWare.Win32.SurfSide.ao skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP109\A0032182.exe/InpB/Ssk3RepairInstall.exe Infected: not-a-virus:AdWare.Win32.SurfSide.ap skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP109\A0032182.exe/InpB Infected: not-a-virus:AdWare.Win32.SurfSide.ap skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP109\A0032182.exe CAB: infected - 3 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP109\A0033137.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP109\A0033144.dll Infected: not-a-virus:AdWare.Win32.NewDotNet.i skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP109\A0033145.exe Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP109\A0033161.dll Infected: Trojan-Downloader.Win32.Agent.agw skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP109\A0033162.exe Infected: Trojan-Downloader.Win32.Qoologic.c skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP109\A0033173.exe Infected: Trojan-Spy.Win32.Small.dg skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP109\A0034137.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP109\A0034152.dll Infected: Trojan-Downloader.Win32.Agent.agw skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP109\A0034153.exe Infected: Trojan-Downloader.Win32.Qoologic.c skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP109\A0034159.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.n skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP110\A0034171.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP110\A0034172.dll Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP110\A0034173.exe Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP110\A0034193.dll Infected: Trojan-Downloader.Win32.Agent.agw skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP110\A0034194.exe Infected: Trojan-Downloader.Win32.Qoologic.c skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP110\A0035171.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP110\A0035185.exe/data0001 Infected: Trojan-Downloader.NSIS.Agent.p skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP110\A0035185.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP110\A0035188.dll Infected: Trojan-Downloader.Win32.Agent.agw skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP110\A0035189.exe Infected: Trojan-Downloader.Win32.Qoologic.c skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP110\A0035195.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP110\A0035209.dll Infected: Trojan-Downloader.Win32.Agent.agw skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP110\A0035210.exe Infected: Trojan-Downloader.Win32.Qoologic.c skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP110\A0036195.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP110\A0036211.dll Infected: Trojan-Downloader.Win32.Agent.agw skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP110\A0036212.exe Infected: Trojan-Downloader.Win32.Qoologic.c skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP110\A0036214.exe/data0001 Infected: Trojan-Downloader.NSIS.Agent.p skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP110\A0036214.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP110\A0037204.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP110\A0037222.exe/stream/data0007 Infected: not-a-virus:AdWare.Win32.Softomate.j skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP110\A0037222.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.j skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP110\A0037222.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP110\snapshot\MFEX-1.DAT Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP110\snapshot\MFEX-10.DAT Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP110\snapshot\MFEX-11.DAT Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP110\snapshot\MFEX-12.DAT Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP110\snapshot\MFEX-13.DAT Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP110\snapshot\MFEX-14.DAT Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP110\snapshot\MFEX-15.DAT Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP110\snapshot\MFEX-16.DAT Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP110\snapshot\MFEX-17.DAT Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP110\snapshot\MFEX-18.DAT Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP110\snapshot\MFEX-19.DAT Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP110\snapshot\MFEX-2.DAT Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP110\snapshot\MFEX-20.DAT Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP110\snapshot\MFEX-21.DAT Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP110\snapshot\MFEX-22.DAT Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP110\snapshot\MFEX-23.DAT Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP110\snapshot\MFEX-24.DAT Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP110\snapshot\MFEX-25.DAT Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP110\snapshot\MFEX-26.DAT Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP110\snapshot\MFEX-27.DAT Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP110\snapshot\MFEX-28.DAT Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP110\snapshot\MFEX-29.DAT Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP110\snapshot\MFEX-3.DAT Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP110\snapshot\MFEX-30.DAT Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP110\snapshot\MFEX-31.DAT Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP110\snapshot\MFEX-32.DAT Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP110\snapshot\MFEX-33.DAT Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP110\snapshot\MFEX-34.DAT Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP110\snapshot\MFEX-36.DAT Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP110\snapshot\MFEX-37.DAT Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP110\snapshot\MFEX-38.DAT Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP110\snapshot\MFEX-39.DAT Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP110\snapshot\MFEX-4.DAT Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP110\snapshot\MFEX-40.DAT Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP110\snapshot\MFEX-41.DAT Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP110\snapshot\MFEX-5.DAT Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP110\snapshot\MFEX-58.DAT Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP110\snapshot\MFEX-59.DAT Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP110\snapshot\MFEX-6.DAT Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP110\snapshot\MFEX-60.DAT Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP110\snapshot\MFEX-61.DAT Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP110\snapshot\MFEX-62.DAT Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP110\snapshot\MFEX-63.DAT Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP110\snapshot\MFEX-64.DAT Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP110\snapshot\MFEX-7.DAT Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP110\snapshot\MFEX-8.DAT Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP110\snapshot\MFEX-9.DAT Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0038204.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0039204.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0039211.exe Infected: Trojan-Clicker.Win32.VB.ij skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0039212.exe Infected: Trojan-Clicker.Win32.VB.ij skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0039213.exe/data0002 Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0039213.exe/data0003 Infected: Trojan.Win32.VB.tg skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0039213.exe/data0006 Infected: Trojan.Win32.VB.tg skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0039213.exe/data0007 Infected: Trojan.Win32.VB.tg skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0039213.exe NSIS: infected - 4 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0039214.exe Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0039215.exe Infected: Trojan.Win32.VB.tg skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0039216.exe Infected: Trojan.Win32.VB.tg skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0039217.dll Infected: Trojan-Downloader.Win32.Agent.agw skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0039218.exe Infected: Trojan-Downloader.Win32.Qoologic.c skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0039223.dll Infected: not-a-virus:AdWare.Win32.CASClient.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0039224.exe Infected: not-a-virus:AdWare.Win32.CASClient.d skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0039225.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.n skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0039231.dll Infected: not-a-virus:AdWare.Win32.Softomate.j skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0039232.exe Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0039233.exe Infected: Trojan-Downloader.Win32.TSUpdate.o skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0040195.exe Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0040196.exe Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0040198.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0040211.dll Infected: Trojan-Downloader.Win32.Agent.agw skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0040212.exe Infected: Trojan-Downloader.Win32.Qoologic.c skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0041195.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0041206.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0041212.dll Infected: Trojan-Downloader.Win32.Agent.agw skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0041215.exe Infected: Trojan-Downloader.Win32.Qoologic.c skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0042195.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0042206.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0042210.dll Infected: Trojan-Downloader.Win32.Agent.agw skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0042212.exe Infected: Trojan-Downloader.Win32.Qoologic.c skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0042216.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.n skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0042217.exe Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0042218.exe Infected: Trojan-Dropper.Win32.Small.qn skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0042219.exe Infected: Trojan-Downloader.Win32.TSUpdate.o skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0043195.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0043196.dll Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0043197.exe Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0043198.exe Infected: not-a-virus:Monitor.Win32.NetMon.a skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0043210.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0043214.dll Infected: Trojan-Downloader.Win32.Agent.agw skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0043215.exe Infected: Trojan-Downloader.Win32.Qoologic.c skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0044195.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0044205.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0044213.dll Infected: Trojan-Downloader.Win32.Agent.agw skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0044214.exe Infected: Trojan-Downloader.Win32.Qoologic.c skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0045195.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0045205.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0045210.dll Infected: Trojan-Downloader.Win32.Agent.agw skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0045212.exe Infected: Trojan-Downloader.Win32.Qoologic.c skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0046195.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0046205.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0046212.dll Infected: Trojan-Downloader.Win32.Agent.agw skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0046213.exe Infected: Trojan-Downloader.Win32.Qoologic.c skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0047195.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0047205.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0047211.dll Infected: Trojan-Downloader.Win32.Agent.agw skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0047212.exe Infected: Trojan-Downloader.Win32.Qoologic.c skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0047216.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.n skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0047217.exe Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0047218.exe Infected: Trojan-Dropper.Win32.Small.qn skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0047219.exe Infected: Trojan-Downloader.Win32.TSUpdate.o skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0048195.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0048196.dll Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0048197.exe Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0048198.exe Infected: not-a-virus:Monitor.Win32.NetMon.a skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0048199.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0048200.exe Infected: not-a-virus:AdWare.Win32.SurfSide.ao skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0048217.dll Infected: Trojan-Downloader.Win32.Agent.agw skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0048218.exe Infected: Trojan-Downloader.Win32.Qoologic.c skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0048227.exe/stream/data0004 Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0048227.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Agent.y skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0048227.exe/stream Infected: not-a-virus:AdWare.Win32.Agent.y skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0048227.exe NSIS: infected - 3 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0049209.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0050205.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0051204.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0052204.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0053204.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0054205.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0055204.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0055206.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0055210.dll Infected: not-a-virus:AdWare.Win32.Maxifiles.a skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0055214.exe/stream/data0004 Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0055214.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Agent.y skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0055214.exe/stream Infected: not-a-virus:AdWare.Win32.Agent.y skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0055214.exe NSIS: infected - 3 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0055215.exe/stream/data0007 Infected: not-a-virus:AdWare.Win32.Softomate.j skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0055215.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.j skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0055215.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0056205.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0056208.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0056209.dll Infected: not-a-virus:AdWare.Win32.Maxifiles.a skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0056224.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.n skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0056225.dll Infected: not-a-virus:AdWare.Win32.Softomate.j skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0056226.dll Infected: not-a-virus:AdWare.Win32.Softomate.j skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0056227.exe Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0056228.exe Infected: Trojan-Dropper.Win32.Small.qn skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0056229.exe Infected: Trojan-Downloader.Win32.TSUpdate.o skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0057195.dll Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0057196.exe Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0057197.exe Infected: not-a-virus:Monitor.Win32.NetMon.a skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0057207.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0057210.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0057214.dll Infected: not-a-virus:AdWare.Win32.Maxifiles.a skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0057219.dll Infected: Trojan-Downloader.Win32.Agent.agw skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0057220.exe Infected: Trojan-Downloader.Win32.Qoologic.c skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0058195.exe/data0002/data0011/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0058195.exe/data0002/data0011/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0058195.exe/data0002/data0011/data.rar/whSurvey.exe Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0058195.exe/data0002/data0011/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0058195.exe/data0002/data0011/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0058195.exe/data0002/data0011/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0058195.exe/data0002/data0011 Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0058195.exe/data0002 Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0058195.exe NSIS: infected - 8 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0058196.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0058206.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0058207.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0058212.dll Infected: not-a-virus:AdWare.Win32.Maxifiles.a skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0059195.dll Infected: not-a-virus:AdWare.Win32.SideFind.a skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0059204.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0059206.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0059209.dll Infected: not-a-virus:AdWare.Win32.Maxifiles.a skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0059217.exe/data0001 Infected: Trojan-Downloader.NSIS.Agent.p skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP111\A0059217.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP112\A0059226.exe Infected: Trojan.Win32.VB.tg skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP112\A0060201.ocx Infected: not-a-virus:AdWare.Win32.MediaMotor.n skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP112\A0060207.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP112\A0060208.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP112\A0060212.dll Infected: not-a-virus:AdWare.Win32.Maxifiles.a skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP112\A0060217.exe/stream/data0004 Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP112\A0060217.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Agent.y skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP112\A0060217.exe/stream Infected: not-a-virus:AdWare.Win32.Agent.y skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP112\A0060217.exe NSIS: infected - 3 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP112\A0060218.exe/stream/data0007 Infected: not-a-virus:AdWare.Win32.Softomate.j skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP112\A0060218.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.j skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP112\A0060218.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP112\A0061200.ocx Infected: not-a-virus:AdWare.Win32.MediaMotor.n skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP112\A0061206.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP112\A0061207.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP112\A0061209.dll Infected: not-a-virus:AdWare.Win32.Maxifiles.a skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP112\A0061217.exe/stream/data0004 Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP112\A0061217.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Agent.y skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP112\A0061217.exe/stream Infected: not-a-virus:AdWare.Win32.Agent.y skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP112\A0061217.exe NSIS: infected - 3 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP112\A0061220.exe Infected: not-a-virus:AdWare.Win32.SurfSide.ao skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP112\A0061221.exe/InpB/Ssk.exe Infected: not-a-virus:AdWare.Win32.SurfSide.ao skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP112\A0061221.exe/InpB/Ssk3RepairInstall.exe Infected: not-a-virus:AdWare.Win32.SurfSide.ap skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP112\A0061221.exe/InpB Infected: not-a-virus:AdWare.Win32.SurfSide.ap skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP112\A0061221.exe CAB: infected - 3 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP112\A0062195.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ap skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP112\A0062201.ocx Infected: not-a-virus:AdWare.Win32.MediaMotor.n skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP112\A0062207.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP112\A0062209.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP112\A0062211.dll Infected: not-a-virus:AdWare.Win32.Maxifiles.a skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP112\A0062216.exe/stream/data0004 Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP112\A0062216.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Agent.y skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP112\A0062216.exe/stream Infected: not-a-virus:AdWare.Win32.Agent.y skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP112\A0062216.exe NSIS: infected - 3 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP112\A0062217.exe/stream/data0007 Infected: not-a-virus:AdWare.Win32.Softomate.j skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP112\A0062217.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.j skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP112\A0062217.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP112\A0063204.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP112\A0063205.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.j skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP112\A0063208.dll Infected: not-a-virus:AdWare.Win32.Maxifiles.a skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP112\A0063211.exe/stream/data0004 Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP112\A0063211.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Agent.y skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP112\A0063211.exe/stream Infected: not-a-virus:AdWare.Win32.Agent.y skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP112\A0063211.exe NSIS: infected - 3 skipped
C:\Syste

#11 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:08:36 AM

Posted 16 May 2006 - 05:49 PM

Hello,

Not sure why you couldn't find these entries in your log while they are still showing in your latest log though...

So please take a good look..


* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://fast-finder.com/searchresults.asp?si=20061&k=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://fast-finder.com/searchresults.asp?si=20061&k=
R3 - URLSearchHook: (no name) - {EAC522A2-CA6F-CAE8-38F2-E37B44FE29E5} - (no file)
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\cfg32p.dll (file missing)
O2 - BHO: RieMon Class - {70F6A776-579A-4C95-BA88-134253907752} - C:\WINDOWS\system32\irsmjhij.dll (file missing)
O2 - BHO: CFG32S - {7564B020-44E8-4c9b-A887-C6EC41AC67DA} - C:\WINDOWS\cfg32r.dll (file missing)
O2 - BHO: Scaggy Insert - {C68AE9C0-0909-4DDC-B661-C1AFB9F59898} - C:\WINDOWS\cfg32o.dll (file missing)
O3 - Toolbar: Search - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\WINDOWS\cfg32s.dll
O4 - HKLM\..\Run: [{DA-AC-C0-02-ZN}] c:\windows\system32\pqdsregl.exe CORN004
O4 - HKLM\..\Run: [Configuration Manager] C:\WINDOWS\cfg32.exe
O4 - HKLM\..\Run: [lstat] c:\windows\system32\fthot.exe
O4 - HKLM\..\Run: [win3208860487577] C:\WINDOWS\win3208860487577.exe
O4 - HKLM\..\Run: [ahoadtqA] C:\WINDOWS\ahoadtqA.exe
O4 - HKLM\..\Run: [pop06apelt] C:\WINDOWS\thiselt.exe
O4 - HKCU\..\Run: [uispv] C:\WINDOWS\system32\ytivuq.exe reg_run
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\Registry Cleaner Trial\regclean.exe" -startminimize
O4 - HKCU\..\Run: [sys_up1] C:\Program Files\Common Files\svchostsys\svchostsys.exe
O4 - HKCU\..\Run: [irssyncd] C:\WINDOWS\system32\irssyncd.exe
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} (mm06ocx.mm06ocxf) - http://cabs.elitemediagroup.net/cabs/mediaview.cab


* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

I also see you didn't update your Sun Java yet as I mentioned here:

Updating Java:

  • Go to Start > Control Panel double-click on the Software icon > add/remove programs.
  • Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
    It should have next icon next to it: Posted Image
    Select it and click Remove.
  • Then Download and install the newest version from here:http://www.java.com/en/download/manual.jsp


I can't stress enough how important this is!

Also clean your java cache:
Clearing Java Cache:
  • Go to Start > Control Panel double-click on the Java Icon (coffee cup) in the Control Panel.
  • It will say "Java Plug-in" under the icon.
  • Under Temporary Internet Files, click the Delete Files button.
  • There are three options in the window to clear the cache - Leave ALL 3 Checked
    • Downloaded Applets
      Downloaded Applications
      Other Files
  • Click OK on Delete Temporary Files Window.

    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Java Control Panel.
Then delete next folders and files (I already asked you to delete some before, but I see they are still present):

C:\Documents and Settings\Tonya\Desktop\oiuninstaller.exe
C:\Program Files\Common Files\EliteMediaGroupOinUninstaller.exe
C:\Program Files\DNS <== folder
C:\Program Files\Online Services <== folder
C:\Program Files\Toolbar888 <== folder
C:\Program Files\Windows\WinUpdate.exe

Reboot and post a new hijackthislog in your next reply.

Edited by miekiemoes, 16 May 2006 - 05:51 PM.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#12 brown627

brown627
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:36 AM

Posted 17 May 2006 - 06:36 PM

Logfile of HijackThis v1.99.1
Scan saved at 7:34:26 PM, on 5/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Windows Plus\Dancer\Dancer.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Weather\Weather.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Dancer] "C:\Program Files\Windows Plus\Dancer\Dancer.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: Weather.lnk = C:\Program Files\Weather\Weather.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

#13 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:08:36 AM

Posted 18 May 2006 - 12:08 AM

This is much better. :thumbsup:
Actually, your hijackthislog looks clean again. :flowers:

Perform a full scan with an updated Adaware SE and/or Spybot S&D to get rid of some leftovers if still present.
If you don't have those programs yet, you can find the downloadlocations in my signature.

Let me know in your next reply how things are running now.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#14 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:08:36 AM

Posted 22 May 2006 - 05:32 PM

Problem solved here?
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#15 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:08:36 AM

Posted 25 May 2006 - 05:51 PM

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users