Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis Log....pulling Hair Out...please Help


  • This topic is locked This topic is locked
14 replies to this topic

#1 shellybelly

shellybelly

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:19 PM

Posted 09 July 2006 - 07:35 PM

Please help, as I have tried everything on my own and I'm getting no where. My computer was running slow and we started noticing odd toolbars. We ran Spybot and AVG and removed some things I manually removed some toolbars from add/remove programs. AVG ran a scan and we moved things to the vault and deleted them. After that it still keeps poping up virus detected. Other things I notice are: my desktop background will not show, weather a personal pic or a windows pre-set. Also in IE I have to hit enter after typing and address atleast 2-3 times before it will even starting looking for the page. I ran a Hijackthis last night and with some research I deleted some items I felt safe deleting, that did not help. Spybot will not run a full scan anymore. Today I ran AVG in safe mode,with system restore turned off it locked up. I ran Stinger and it locked up-both programs are locking up at zipfldr.dll. I re-booted and ran Hijack This in safe mode here is my log:

Logfile of HijackThis v1.99.1
Scan saved at 8:04:28 PM, on 7/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [lpt] nmdllw.exe
O4 - HKLM\..\Run: [systemdll] killall.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [BHR4.1] C:\Program Files\Zamaan's Software\Browser Hijack Retaliator 4.1\BHR4.1.exe
O4 - HKLM\..\Run: [dmfok.exe] C:\WINDOWS\system32\dmfok.exe
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [fumas.exe] C:\WINDOWS\system32\fumas.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunOnce: [OOBEDDDemise] cmd /x /c erase C:\WINDOWS\System32\oobe\msoobe.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [KillAndClean] "C:\Program Files\KillAndClean\KillAndClean.exe"
O4 - HKCU\..\Run: [backorif] br0ken.exe
O4 - HKCU\..\Run: [msag] br0ken.exe
O4 - HKCU\..\Run: [Kargo] sysconf16.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/profiler/PCPitStop.CAB
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/shared/m...83/mcinsctl.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/shared/m...,20/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B4EE3181-1858-4E70-85BE-CE5A47CCA59F}: NameServer = 85.255.116.90,85.255.112.219
O17 - HKLM\System\CCS\Services\Tcpip\..\{EE8D4AB8-9B2D-4FA8-9799-BFBEB4794F50}: NameServer = 85.255.116.90,85.255.112.219
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.90 85.255.112.219
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.116.90 85.255.112.219
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.90 85.255.112.219
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Edited by shellybelly, 09 July 2006 - 10:09 PM.


BC AdBot (Login to Remove)

 


#2 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:06:19 PM

Posted 10 July 2006 - 01:19 PM

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download FixWareout

http://downloads.subratam.org/Fixwareout.exe


Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

When your system reboots, follow the prompts. Afterwards, Hijack This will launch. Close Hijack This, and click OK to proceed. )

Fix these with HJT – mark them, close IE, click fix checked

O17 - HKLM\System\CCS\Services\Tcpip\..\{B4EE3181-1858-4E70-85BE-CE5A47CCA59F}: NameServer = 85.255.116.90,85.255.112.219
O17 - HKLM\System\CCS\Services\Tcpip\..\{EE8D4AB8-9B2D-4FA8-9799-BFBEB4794F50}: NameServer = 85.255.116.90,85.255.112.219
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.90 85.255.112.219
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.116.90 85.255.112.219
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.90 85.255.112.219
If you have connection problems after this

* Go to Control Panel. - If you are using Windows XP's Category View, select the Network and Internet Connections category. If you are in Classic View, go to the next step .
· Double-click the Network Connections icon
· Right-click the Local Area Connection icon and select Properties.
· Hilight Internet Protocol (TCP/IP) and click the Properties button.
· Be sure Obtain DNS server address automatically is selected.
· OK your way out.


* Go to Start > Run and type in cmd
· Click OK.
· This will open a commad prompt.
· Type or copy and paste the following line in the command window:

ipconfig /flushdns
· Hit Enter
· Exit the command window

Do that before you restart.

=============
At the end of the fix, you may need to restart your computer again.

Finally, please post the contents of the logfile C:\fixwareout\report.txt, along with a new Hijack This log.

==================================
If you get an Autoexec nt error do the following

XP Fix - http://www.visualtour.com/downloads/

Scroll down to get XP Fix

And run FixWareout again.
====================================

Download the trial version of Ewido Security Suite http://www.ewido.net/en/download/ (W2K/XP Only)
· Install ewido.
· Run the application
· Click on scanner
· Click Complete System Scan and the scan will begin.
· When the scan is finished, Set all items to delete
· Apply all actions
· look at the bottom of the screen and click the Save report button.
· Save the report to your C: Drive
This will take some time to run!
RE-Boot
Post that log and a new HiJack log
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#3 shellybelly

shellybelly
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:19 PM

Posted 10 July 2006 - 06:07 PM

Ok, I did ran FixWareOut and below is the log. After it rebooted there was a Kill and Clean scanner on my desktop, and now as I type this I notice there is some strange toolbar on my IE. I removed the items from HJT and rebooted and ran a new HJT and they are all still there.

Here are the logs now I'm on to running Ewido and I'll post my HJT log after that. Should I turn off AVG during all this... I have it on still and the Virus detected keeps poping up

Thanks for your help, hopefully this all helps!


Fixwareout ver 1.003
Last edited 07/1/2006
Post this report in the forums please

Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9DD321AAE368-C54A-12C4-9FAC-CABD37C5{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}BC40AABB8507-8C28-1634-F4CD-F3021B11{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}1219F4D4A1D1-9508-B934-C112-B56AEA6E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}8A48883382DF-A499-7854-FBD0-FC35ED70{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}36F87820A82B-DD38-58B4-D833-8B7C136B{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}CAC55E40C79E-30A8-4194-8A6F-148704BF{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9F5DEE44FB87-4579-9A44-9442-BF5BE6B6{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A481EEFAE180-E97A-7744-517A-DF835E55{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3B03F846B8C6-8E6B-C674-CF01-988E575A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}27C4970D2672-B8E9-5104-890A-D29DC5C6{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5A777D6044F2-521B-1B14-6C07-0A92A21A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}03C2BD2E29B2-6779-2A94-2282-C802A3B2{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}BCA817A0F430-B369-4094-24EE-E51766B2{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}DA70C8D6BDE4-2AAB-E034-2A6C-411D1046{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}72A5D8DC0FC0-78DB-BB44-7875-5CFEFF73{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}734B2023ED63-E55A-FAD4-5094-855576BE{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}353B541227D4-A85A-FBB4-3E53-45E70CCA{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}67F8F99DE592-6DBB-8224-FB55-DADD5E3A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9323091BECC6-30BB-D354-7F81-AC7AFDDC{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}BC3256D52C3F-5B6A-C654-04CF-6DCA800C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}30F1A10038A3-22BB-8374-12BB-FD3B3E0C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5D73D1536812-5A08-6784-E47C-BB9AAFA5{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}DABE261338D7-09F8-C704-22A3-98A542A3{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}85A4B27C0CAF-C5F9-F7E4-18C7-FC36B67B{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A3B08A5BDC7E-AC2B-A1A4-24DF-B008CC14{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}75FD26CCA59D-85BB-C814-77B9-52627FF1{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}07E8FC225E8D-7EAA-D014-C6C1-2443B9C5{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}94BAC2D88A0C-778B-B924-86E1-8038575A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}95E9BCAD6D36-D6DA-F0C4-C040-3D59CCD0{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}ED2486239818-FDEB-98E4-4C32-17FD3AE7{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}AFC3890D024D-A18A-4BF4-6FFE-6140DED3{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}1F8EE4104057-5FFB-9364-E54A-91F1FCE9{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}1E2CFDA2EF0B-1049-E264-F171-42695DFE{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3017AD4AB72F-1708-1BB4-F08A-EFC89AB9{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}907DEFFBB052-9D2A-DC14-28FE-31B264BF{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A68DA53A0FD1-78B8-D144-53A3-06509191{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}92644D56C1CC-363A-6014-D191-A3D31BAA{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}8C1523DAAF3F-A05B-49D4-B9D3-F578DFDE{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}DA54D4329DBB-FA18-6194-D14A-329D4A7B{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}7B279130C0DB-982A-4F44-A3C6-9FFF8BBB{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5D72EBD980EF-58E9-6014-E3E9-12752DE3{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}431B30EBA11C-F80B-9564-5A00-1D5986AE{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}1F25BE54663C-6B1A-E8A4-085B-2699FF18{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}AFD131A84ECA-D1CA-20F4-8CAE-08AC196F{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\xedocne
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\gib_ogol
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\repiwoh
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\llun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\23plhps
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\mgcppp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\tesvaf
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\nlcalik
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\swen
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ogol
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\eno
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\eerht
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ruof
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\evif
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ypszr
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\putesprpgd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\lavinraCputeS
...

Microsoft ® Windows Script Host Version 5.6
Random Runs removed from HKLM
"dmfok.exe"=-
...

PLEASE NOTE, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Example ipsec6.exe is legitimate

»»»»» Search by size and names...
C:\WINDOWS\SYSTEM32\IPSEC6.EXE
* csr.exe C:\WINDOWS\System32\CSJGX.EXE

»»»»» Misc files
* thequicklink C:\WINDOWS\System32\RWPEN.DLL

»»»»» Checking for older varients covered by the Rem3 tool

»»»»»
Search five digit cs, dm and jb files
This WILL/CAN also list Legit Files, Submit them at Virustotal
C:\WINDOWS\SYSTEM32\CSJGX.EXE 51,254 2006-07-07
Other suspects
Directory of C:\WINDOWS\system32
{F691CA80-EAC8-4F02-AC1D-ACE48A131DFA}.exe
{81FF9962-B580-4A8E-A1B6-C36645EB52F1}.exe
{EA6895D1-00A5-4659-B08F-C11ABE03B134}.exe
{3ED25721-9E3E-4106-9E85-FE089DBE27D5}.exe
{BBB8FFF9-6C3A-44F4-A289-BD0C031972B7}.exe
{B7A4D923-A41D-4916-81AF-BBD9234D45AD}.exe
{EDFD875F-3D9B-4D94-B50A-F3FAAD3251C8}.exe
{AAB13D3A-191D-4106-A363-CC1C65D44629}.exe
{19190560-3A35-441D-8B87-1DF0A35AD86A}.exe
{FB462B13-EF82-41CD-A2D9-250BBFFED709}.exe
{9BA98CFE-A80F-4BB1-8071-F27BA4DA7103}.exe
{EFD59624-171F-462E-9401-B0FE2ADFC2E1}.exe
{9ECF1F19-A45E-4639-BFF5-7504014EE8F1}.exe
{3DED0416-EFF6-4FB4-A81A-D420D0983CFA}.exe
{7EA3DF71-23C4-4E89-BEDF-8189326842DE}.exe
{0DCC95D3-040C-4C0F-AD6D-63D6DACB9E59}.exe
{A5758308-1E68-429B-B877-C0A88D2CAB49}.exe
{5C9B3442-1C6C-410D-AAE7-D8E522CF8E70}.exe
{1FF72625-9B77-418C-BB58-D95ACC62DF57}.exe
{41CC800B-FD42-4A1A-B2CA-E7CDB5A80B3A}.exe
{B76B63CF-7C81-4E7F-9F5C-FAC0C72B4A58}.exe
{3A245A89-3A22-407C-8F90-7D833162EBAD}.exe
{5AFAA9BB-C74E-4876-80A5-2186351D37D5}.exe
{C0E3B3DF-BB21-4738-BB22-3A83001A1F03}.exe
{C008ACD6-FC40-456C-A6B5-F3C25D6523CB}.exe
{CDDFA7CA-18F7-453D-BB03-6CCEB1903239}.exe
{A3E5DDAD-55BF-4228-BBD6-295ED99F8F76}.exe
{ACC07E54-35E3-4BBF-A58A-4D722145B353}.exe
{EB675558-4905-4DAF-A55E-36DE3202B437}.exe
{37FFEFC5-5787-44BB-BD87-0CF0CD8D5A27}.exe
{6401D114-C6A2-430E-BAA2-4EDB6D8C07AD}.exe
{2B66715E-EE42-4904-963B-034F0A718ACB}.exe
{2B3A208C-2822-49A2-9776-2B92E2DB2C30}.exe
{A12A29A0-70C6-41B1-B125-2F4406D777A5}.exe
{6C5CD92D-A098-4015-9E8B-2762D0794C72}.exe
{A575E889-10FC-476C-B6E8-6C8B648F30B3}.exe
{55E538FD-A715-4477-A79E-081EAFEE184A}.exe
{6B6EB5FB-2449-44A9-9754-78BF44EED5F9}.exe
{FB407841-F6A8-4914-8A03-E97C04E55CAC}.exe
{B631C7B8-338D-4B85-83DD-B28A02878F63}.exe
{07DE53CF-0DBF-4587-994A-FD28338884A8}.exe
{E6AEA65B-211C-439B-8059-1D1A4D4F9121}.exe
{11B1203F-DC4F-4361-82C8-7058BBAA04CB}.exe
{5C73DBAC-CAF9-4C21-A45C-863EAA123DD9}.exe
{00381EB8-6B07-4068-A151-F004874F7250}.exe
{84C1469A-63BC-4FA9-B9C8-397A9AC00C20}.exe
{C7E2A6F7-9412-4E7B-B334-62A1C03FA54E}.exe
{820037DD-145F-4F10-B11E-63DF8CBE4A5A}.exe
{5D90A4E7-54B6-4EFB-834E-39607947F5B2}.exe
{8B42B7F3-23E2-4738-8F90-8324DABC5F26}.exe
{A9EBE836-D905-462E-911E-C632AFA67AE1}.exe
{D9CED660-03F8-4C72-A0D6-4E153D41F44D}.exe
{CFFC579D-7DAB-48F7-B274-A889414E12BD}.exe
{BB538363-BB19-49C6-9CEA-FEC5A9FBBC1C}.exe
{8E6E26F8-C34A-4F52-851D-4B7CD032EFB6}.exe
{CCA4537D-B6EF-4AC1-8333-015B7955E1B9}.exe
{52F78665-969D-4A2B-8580-F358788B0C76}.exe
{CFE2FF2F-0EEA-492C-8C2F-7600237B0B58}.exe
{D3B682C2-C40A-4293-B77C-2BE00FBF8D8B}.exe
{36F4EF19-97B6-4445-AF02-07DD096B17B5}.exe
{623ABE07-C94B-4E86-B59D-67909BE81ECA}.exe
{DD7B2A6B-DB45-4675-89B6-2F73A3F5355B}.exe
{123E7334-38F8-4E56-859F-25663D1F0122}.exe
{882BC84A-E612-4CAA-89D4-148D74220328}.exe
{EBFF1615-B44B-4104-8D68-4E2EE4AD3ED4}.exe
{C3790561-E2D0-4200-B348-BCA4F821B61E}.exe
{51D48503-3274-41B4-A9ED-855D9F3CE770}.exe
{B4E47254-CCC4-44E4-83AA-1579A560D102}.exe
{05DD6746-2993-46F2-9854-8C171517C787}.exe
{344B56F7-4D2F-4E58-9EFE-F9C2E19C1998}.exe
{1FB5BF0E-FE7D-4B43-AF64-89B40F492CC7}.exe
{37D678B6-B926-47A4-872E-C738FE359456}.exe
{8C30797C-E95D-4BDC-B385-9912E942C0F3}.exe
{BFBF62B1-D651-4ECD-AFAB-200A741FAE5B}.exe
{90306824-ADFE-421A-98CA-02FA72535AD9}.exe
{9701DA54-405B-47E0-AE38-A49A14653410}.exe
{557AC36B-6E02-4F0C-82CF-DF2373FDB9DB}.exe
{98330CB4-4508-48D6-86DB-94BDF12CE324}.exe
{4E5BE159-356B-4F6E-A959-E212802D9D1A}.exe
{C45B1E22-6B11-4E6B-9F1E-1858CC2D62BC}.exe
{829304A4-A8DF-431C-A10B-58D8E8B095A3}.exe
{8AA065B0-5813-4E78-84B6-42DFABE1CB79}.exe
{10F6027F-D6D0-4FA2-A1A8-A32A4052A6E0}.exe
{18869586-45FE-44E8-BC85-B07F5B9A52BB}.exe
{BE81138D-F35B-48DC-A081-355E52C95BF9}.exe
{604CF305-EE3F-4D82-9FE8-CF0D50FB59B4}.exe
{BC8AB770-BFEE-45F4-8A3E-58E02278EFB6}.exe
{D3D8FE63-3905-484E-99F4-DC81627D8550}.exe
{4E3218F4-69CF-4207-A014-F96AF6D12321}.exe
{6E0B4CFC-F016-4801-A425-95485805D068}.exe
{98457C97-EED2-4734-9620-44168514959D}.exe
{B4750BDE-4F68-462E-BBEF-C43981DF0170}.exe
{63911B77-BF35-4ABB-B332-5C5BDB2C746C}.exe
{22636231-CC46-409C-AF30-AC6A93DCBBDF}.exe
{0B388F66-E4C5-4148-9A12-9CB420980E9A}.exe
{AD9FED7A-02A8-4C2D-87D8-1022427FB9ED}.exe


Logfile of HijackThis v1.99.1
Scan saved at 7:01:04 PM, on 7/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\AOL\1136242003\ee\aolsoftware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\HiJackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net
R3 - URLSearchHook: (no name) - {D742851F-98DB-C65E-F2F1-6F1F8C033475} - avpmondll.dll (file missing)
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\system32\{D6732FD6-8D29-4649-A550-5393E6EEDDBA}.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\system32\{D6732FD6-8D29-4649-A550-5393E6EEDDBA}.dll
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [lpt] nmdllw.exe
O4 - HKLM\..\Run: [systemdll] killall.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [BHR4.1] C:\Program Files\Zamaan's Software\Browser Hijack Retaliator 4.1\BHR4.1.exe
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [progmen] forces_elite.exe
O4 - HKLM\..\Run: [srbho] ATLIEHELPER.exe
O4 - HKLM\..\Run: [zaezl.exe] C:\WINDOWS\system32\zaezl.exe
O4 - HKLM\..\RunOnce: [OOBEDDDemise] cmd /x /c erase C:\WINDOWS\System32\oobe\msoobe.exe
O4 - HKCU\..\Run: [backorif] br0ken.exe
O4 - HKCU\..\Run: [msag] br0ken.exe
O4 - HKCU\..\Run: [Kargo] sysconf16.exe
O4 - HKCU\..\Run: [KillAndClean] "C:\Program Files\KillAndClean\KillAndClean.exe"
O4 - HKCU\..\Run: [Brong32] MSTCPDLL.exe
O4 - HKCU\..\Run: [atl_helper] Brong32.exe
O4 - HKCU\..\Run: [Shaitan1678] scanSYS.exe
O9 - Extra button: Start spyware remover - {BF69DF00-2734-477F-8257-27CD04F88779} - C:\Program Files\KillAndClean\KillAndClean.exe (HKCU)
O9 - Extra 'Tools' menuitem: Start spyware remover - {BF69DF00-2734-477F-8257-27CD04F88779} - C:\Program Files\KillAndClean\KillAndClean.exe (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/profiler/PCPitStop.CAB
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/shared/m...83/mcinsctl.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/shared/m...,20/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B4EE3181-1858-4E70-85BE-CE5A47CCA59F}: NameServer = 85.255.116.90,85.255.112.219
O17 - HKLM\System\CCS\Services\Tcpip\..\{EE8D4AB8-9B2D-4FA8-9799-BFBEB4794F50}: NameServer = 85.255.116.90,85.255.112.219
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.90 85.255.112.219
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.116.90 85.255.112.219
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.90 85.255.112.219
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

#4 shellybelly

shellybelly
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:19 PM

Posted 10 July 2006 - 08:22 PM

Ok still having major problems heres my new log files. Ewido seemed to remove the toolbar I was talking about but the Kill and Clean is still there.


---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 7:23:47 PM 7/10/2006

+ Scan result:



HKLM\SOFTWARE\Classes\ToolBand.ToolBandObj -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ToolBand.ToolBandObj.1 -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ToolBand.ToolBandObj\CLSID -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ToolBand.ToolBandObj\CurVer -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0000022.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0000023.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0000024.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0000025.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0000026.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0000027.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0000028.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0000029.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0000030.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0000031.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0000032.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0000033.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0000034.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0000035.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0000036.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0000037.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0000038.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0000039.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0000040.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0000041.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0000042.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0000043.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0000044.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0000045.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0000046.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0000047.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0000048.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0000049.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0000050.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0000051.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0000052.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0000053.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0000054.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0000055.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0000056.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0000057.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0000058.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0000059.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0000060.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0000061.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0000062.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0000063.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0000064.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0000065.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0000066.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0000067.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0000068.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0000069.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0000070.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0000071.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0000072.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0000073.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0000074.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0000075.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0000076.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0000077.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0000078.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0000079.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0000080.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0000081.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0000082.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0000083.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0000084.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0000085.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0000086.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{00381EB8-6B07-4068-A151-F004874F7250}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{05DD6746-2993-46F2-9854-8C171517C787}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{07DE53CF-0DBF-4587-994A-FD28338884A8}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{0B388F66-E4C5-4148-9A12-9CB420980E9A}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{0DCC95D3-040C-4C0F-AD6D-63D6DACB9E59}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{10F6027F-D6D0-4FA2-A1A8-A32A4052A6E0}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{11B1203F-DC4F-4361-82C8-7058BBAA04CB}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{123E7334-38F8-4E56-859F-25663D1F0122}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{18869586-45FE-44E8-BC85-B07F5B9A52BB}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{19190560-3A35-441D-8B87-1DF0A35AD86A}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{1FB5BF0E-FE7D-4B43-AF64-89B40F492CC7}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{1FF72625-9B77-418C-BB58-D95ACC62DF57}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{22636231-CC46-409C-AF30-AC6A93DCBBDF}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{2B3A208C-2822-49A2-9776-2B92E2DB2C30}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{2B66715E-EE42-4904-963B-034F0A718ACB}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{344B56F7-4D2F-4E58-9EFE-F9C2E19C1998}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{36F4EF19-97B6-4445-AF02-07DD096B17B5}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{37D678B6-B926-47A4-872E-C738FE359456}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{37FFEFC5-5787-44BB-BD87-0CF0CD8D5A27}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{3A245A89-3A22-407C-8F90-7D833162EBAD}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{3DED0416-EFF6-4FB4-A81A-D420D0983CFA}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{3ED25721-9E3E-4106-9E85-FE089DBE27D5}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{41CC800B-FD42-4A1A-B2CA-E7CDB5A80B3A}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{4E3218F4-69CF-4207-A014-F96AF6D12321}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{4E5BE159-356B-4F6E-A959-E212802D9D1A}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{51D48503-3274-41B4-A9ED-855D9F3CE770}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{52F78665-969D-4A2B-8580-F358788B0C76}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{557AC36B-6E02-4F0C-82CF-DF2373FDB9DB}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{55E538FD-A715-4477-A79E-081EAFEE184A}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{5AFAA9BB-C74E-4876-80A5-2186351D37D5}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{5C73DBAC-CAF9-4C21-A45C-863EAA123DD9}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{5C9B3442-1C6C-410D-AAE7-D8E522CF8E70}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{5D90A4E7-54B6-4EFB-834E-39607947F5B2}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{604CF305-EE3F-4D82-9FE8-CF0D50FB59B4}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{623ABE07-C94B-4E86-B59D-67909BE81ECA}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{63911B77-BF35-4ABB-B332-5C5BDB2C746C}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{6401D114-C6A2-430E-BAA2-4EDB6D8C07AD}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{6B6EB5FB-2449-44A9-9754-78BF44EED5F9}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{6C5CD92D-A098-4015-9E8B-2762D0794C72}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{6E0B4CFC-F016-4801-A425-95485805D068}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{7EA3DF71-23C4-4E89-BEDF-8189326842DE}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{81FF9962-B580-4A8E-A1B6-C36645EB52F1}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{820037DD-145F-4F10-B11E-63DF8CBE4A5A}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{829304A4-A8DF-431C-A10B-58D8E8B095A3}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{84C1469A-63BC-4FA9-B9C8-397A9AC00C20}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{882BC84A-E612-4CAA-89D4-148D74220328}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{8AA065B0-5813-4E78-84B6-42DFABE1CB79}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{8B42B7F3-23E2-4738-8F90-8324DABC5F26}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{8C30797C-E95D-4BDC-B385-9912E942C0F3}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{8E6E26F8-C34A-4F52-851D-4B7CD032EFB6}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{90306824-ADFE-421A-98CA-02FA72535AD9}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{9701DA54-405B-47E0-AE38-A49A14653410}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{98330CB4-4508-48D6-86DB-94BDF12CE324}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{98457C97-EED2-4734-9620-44168514959D}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{9BA98CFE-A80F-4BB1-8071-F27BA4DA7103}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{9ECF1F19-A45E-4639-BFF5-7504014EE8F1}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{A12A29A0-70C6-41B1-B125-2F4406D777A5}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{A3E5DDAD-55BF-4228-BBD6-295ED99F8F76}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{A5758308-1E68-429B-B877-C0A88D2CAB49}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{A575E889-10FC-476C-B6E8-6C8B648F30B3}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{A9EBE836-D905-462E-911E-C632AFA67AE1}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{AAB13D3A-191D-4106-A363-CC1C65D44629}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{ACC07E54-35E3-4BBF-A58A-4D722145B353}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{AD9FED7A-02A8-4C2D-87D8-1022427FB9ED}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{B4750BDE-4F68-462E-BBEF-C43981DF0170}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{B4E47254-CCC4-44E4-83AA-1579A560D102}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{B631C7B8-338D-4B85-83DD-B28A02878F63}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{B76B63CF-7C81-4E7F-9F5C-FAC0C72B4A58}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{B7A4D923-A41D-4916-81AF-BBD9234D45AD}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{BB538363-BB19-49C6-9CEA-FEC5A9FBBC1C}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{BBB8FFF9-6C3A-44F4-A289-BD0C031972B7}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{BC8AB770-BFEE-45F4-8A3E-58E02278EFB6}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{BE81138D-F35B-48DC-A081-355E52C95BF9}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{BFBF62B1-D651-4ECD-AFAB-200A741FAE5B}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{C008ACD6-FC40-456C-A6B5-F3C25D6523CB}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{C0E3B3DF-BB21-4738-BB22-3A83001A1F03}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{C3790561-E2D0-4200-B348-BCA4F821B61E}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{C45B1E22-6B11-4E6B-9F1E-1858CC2D62BC}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{C7E2A6F7-9412-4E7B-B334-62A1C03FA54E}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{CCA4537D-B6EF-4AC1-8333-015B7955E1B9}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{CDDFA7CA-18F7-453D-BB03-6CCEB1903239}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{CFE2FF2F-0EEA-492C-8C2F-7600237B0B58}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{CFFC579D-7DAB-48F7-B274-A889414E12BD}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{D3B682C2-C40A-4293-B77C-2BE00FBF8D8B}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{D3D8FE63-3905-484E-99F4-DC81627D8550}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{D9CED660-03F8-4C72-A0D6-4E153D41F44D}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{DD7B2A6B-DB45-4675-89B6-2F73A3F5355B}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{E6AEA65B-211C-439B-8059-1D1A4D4F9121}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{EA6895D1-00A5-4659-B08F-C11ABE03B134}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{EB675558-4905-4DAF-A55E-36DE3202B437}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{EBFF1615-B44B-4104-8D68-4E2EE4AD3ED4}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{EDFD875F-3D9B-4D94-B50A-F3FAAD3251C8}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{EFD59624-171F-462E-9401-B0FE2ADFC2E1}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{F691CA80-EAC8-4F02-AC1D-ACE48A131DFA}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{FB407841-F6A8-4914-8A03-E97C04E55CAC}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{FB462B13-EF82-41CD-A2D9-250BBFFED709}.exe -> Adware.FindSpy : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-532088075-3905404546-3244468699-1003\Dc4.exe -> Adware.Msnagent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0000115.dll -> Adware.SBSoft : Cleaned with backup (quarantined).
C:\WINDOWS\system32\__delete_on_reboot__{_D_6_7_3_2_F_D_6_-_8_D_2_9_-_4_6_4_9_-_A_5_5_0_-_5_3_9_3_E_6_E_E_D_D_B_A_}_._d_l_l_ -> Adware.SBSoft : Cleaned with backup (quarantined).
C:\WINDOWS\system32\rwpen.dll -> Adware.SBSoft : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0000103.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
C:\WINDOWS\system32\csjgx.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined).
[1612] VM_009D0000 -> Downloader.Agent.uj : Error during cleaning.
[1928] VM_008B0000 -> Downloader.Agent.uj : Error during cleaning.
[1936] VM_003B0000 -> Downloader.Agent.uj : Error during cleaning.
[1952] VM_008D0000 -> Downloader.Agent.uj : Error during cleaning.
[1996] VM_00890000 -> Downloader.Agent.uj : Error during cleaning.
[2012] VM_008B0000 -> Downloader.Agent.uj : Error during cleaning.
[3828] VM_00A00000 -> Downloader.Agent.uj : Error during cleaning.
[504] VM_00370000 -> Downloader.Agent.uj : Error during cleaning.
[696] VM_00D60000 -> Downloader.Agent.uj : Error during cleaning.
[720] VM_00BF0000 -> Downloader.Agent.uj : Error during cleaning.
C:\WINDOWS\system32\ld100.tmp -> Downloader.Zlob.fm : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq69.tmp -> Not-A-Virus.Hoax.Win32.Aflac.a : Ignored.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA7.tmp -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq23.tmp -> TrackingCookie.2o7 : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA8.tmp -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqD7.tmp -> TrackingCookie.Adserver : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqAD.tmp -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB0.tmp -> TrackingCookie.Bluestreak : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB6.tmp -> TrackingCookie.Bridgetrack : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB3.tmp -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB4.tmp -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@centrport[1].txt -> TrackingCookie.Centrport : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB5.tmp -> TrackingCookie.Centrport : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB8.tmp -> TrackingCookie.Clickbank : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqBA.tmp -> TrackingCookie.Clickzs : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6C.tmp -> TrackingCookie.Com : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB9.tmp -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqAE.tmp -> TrackingCookie.Falkag : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqBF.tmp -> TrackingCookie.Falkag : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqC0.tmp -> TrackingCookie.Findwhat : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqC3.tmp -> TrackingCookie.Hotlog : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@data2.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqC6.tmp -> TrackingCookie.Paycounter : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqC8.tmp -> TrackingCookie.Qksrv : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6E.tmp -> TrackingCookie.Questionmarket : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqC9.tmp -> TrackingCookie.Questionmarket : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqCB.tmp -> TrackingCookie.Revenue : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6D.tmp -> TrackingCookie.Ru4 : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqBE.tmp -> TrackingCookie.Ru4 : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB2.tmp -> TrackingCookie.Serving-sys : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqCC.tmp -> TrackingCookie.Serving-sys : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqCE.tmp -> TrackingCookie.Spylog : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqCF.tmp -> TrackingCookie.Statcounter : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqD0.tmp -> TrackingCookie.Tacoda : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqD1.tmp -> TrackingCookie.Tradedoubler : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqD2.tmp -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqD3.tmp -> TrackingCookie.Tribalfusion : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqD5.tmp -> TrackingCookie.Valueclick : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqD6.tmp -> TrackingCookie.Xxxcounter : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqAA.tmp -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@zedo[2].txt -> TrackingCookie.Zedo : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6F.tmp -> TrackingCookie.Zedo : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqD8.tmp -> TrackingCookie.Zedo : Cleaned.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0000100.exe -> Trojan.DNSChanger.ef : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0000108.exe -> Trojan.DNSChanger.ef : Cleaned with backup (quarantined).
[560] VM_003C0000 -> Trojan.DNSChanger.ef : Error during cleaning.
C:\Program Files\KillAndClean\KillAndClean.exe -> Trojan.Fakealert : Cleaned with backup (quarantined).
C:\Program Files\KillAndClean\KillAndCleanUpdate.exe -> Trojan.Fakealert : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1\A0000107.exe -> Trojan.Pakes : Cleaned with backup (quarantined).


::Report end

Logfile of HijackThis v1.99.1
Scan saved at 9:18:57 PM, on 7/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Ahead\nero\nero.exe
C:\WINDOWS\system32\imapi.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\HiJackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net
R3 - URLSearchHook: (no name) - {D742851F-98DB-C65E-F2F1-6F1F8C033475} - avpmondll.dll (file missing)
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\system32\{D6732FD6-8D29-4649-A550-5393E6EEDDBA}.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\system32\{D6732FD6-8D29-4649-A550-5393E6EEDDBA}.dll (file missing)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [lpt] nmdllw.exe
O4 - HKLM\..\Run: [systemdll] killall.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [BHR4.1] C:\Program Files\Zamaan's Software\Browser Hijack Retaliator 4.1\BHR4.1.exe
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [progmen] forces_elite.exe
O4 - HKLM\..\Run: [srbho] ATLIEHELPER.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [drxug.exe] C:\WINDOWS\system32\drxug.exe
O4 - HKLM\..\RunOnce: [OOBEDDDemise] cmd /x /c erase C:\WINDOWS\System32\oobe\msoobe.exe
O4 - HKCU\..\Run: [backorif] br0ken.exe
O4 - HKCU\..\Run: [msag] br0ken.exe
O4 - HKCU\..\Run: [Kargo] sysconf16.exe
O4 - HKCU\..\Run: [Brong32] MSTCPDLL.exe
O4 - HKCU\..\Run: [atl_helper] Brong32.exe
O4 - HKCU\..\Run: [Shaitan1678] scanSYS.exe
O9 - Extra button: Start spyware remover - {BF69DF00-2734-477F-8257-27CD04F88779} - C:\Program Files\KillAndClean\KillAndClean.exe (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Start spyware remover - {BF69DF00-2734-477F-8257-27CD04F88779} - C:\Program Files\KillAndClean\KillAndClean.exe (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/profiler/PCPitStop.CAB
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/shared/m...83/mcinsctl.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/shared/m...,20/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B4EE3181-1858-4E70-85BE-CE5A47CCA59F}: NameServer = 85.255.116.90,85.255.112.219
O17 - HKLM\System\CCS\Services\Tcpip\..\{EE8D4AB8-9B2D-4FA8-9799-BFBEB4794F50}: NameServer = 85.255.116.90,85.255.112.219
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.90 85.255.112.219
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.116.90 85.255.112.219
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.90 85.255.112.219
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Edited by shellybelly, 10 July 2006 - 08:25 PM.


#5 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:06:19 PM

Posted 11 July 2006 - 02:39 PM

You may want to print this or save it to notepad as we will go to safe mode.

Download Hoster from here:
www.funkytoad.com/download/hoster.zip
Run the program Hoster and press Restore Original Hosts, OK, and Exit Program.
=================
Run fixwareout again

======================
Fix these with HJT – mark them, close IE, click fix checked

R3 - URLSearchHook: (no name) - {D742851F-98DB-C65E-F2F1-6F1F8C033475} - avpmondll.dll (file missing)

O2 - BHO: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\system32\{D6732FD6-8D29-4649-A550-5393E6EEDDBA}.dll (file missing)

O3 - Toolbar: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\system32\{D6732FD6-8D29-4649-A550-5393E6EEDDBA}.dll (file missing)

O4 - HKLM\..\Run: [lpt] nmdllw.exe

O4 - HKLM\..\Run: [systemdll] killall.exe

O4 - HKLM\..\Run: [progmen] forces_elite.exe

O4 - HKLM\..\Run: [srbho] ATLIEHELPER.exe

O4 - HKLM\..\Run: [drxug.exe] C:\WINDOWS\system32\drxug.exe

O4 - HKLM\..\RunOnce: [OOBEDDDemise] cmd /x /c erase C:\WINDOWS\System32\oobe\msoobe.exe

O4 - HKCU\..\Run: [backorif] br0ken.exe

O4 - HKCU\..\Run: [msag] br0ken.exe

O4 - HKCU\..\Run: [Kargo] sysconf16.exe

O4 - HKCU\..\Run: [Brong32] MSTCPDLL.exe

O4 - HKCU\..\Run: [atl_helper] Brong32.exe

O4 - HKCU\..\Run: [Shaitan1678] scanSYS.exe

O9 - Extra button: Start spyware remover - {BF69DF00-2734-477F-8257-27CD04F88779} - C:\Program Files\KillAndClean\KillAndClean.exe (file missing) (HKCU)

O9 - Extra 'Tools' menuitem: Start spyware remover - {BF69DF00-2734-477F-8257-27CD04F88779} - C:\Program Files\KillAndClean\KillAndClean.exe (file missing) (HKCU)

O17 - HKLM\System\CCS\Services\Tcpip\..\{B4EE3181-1858-4E70-85BE-CE5A47CCA59F}: NameServer = 85.255.116.90,85.255.112.219

O17 - HKLM\System\CCS\Services\Tcpip\..\{EE8D4AB8-9B2D-4FA8-9799-BFBEB4794F50}: NameServer = 85.255.116.90,85.255.112.219

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.90 85.255.112.219

O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.116.90 85.255.112.219

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.90 85.255.112.219

DownLoad http://www.downloads.subratam.org/KillBox.zip

Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

C:\WINDOWS\system32\nmdllw.exe
C:\WINDOWS\system32\killall.exe
C:\WINDOWS\system32\forces_elite.exe
C:\WINDOWS\system32\ATLIEHELPER.exe
C:\WINDOWS\system32\drxug.exe
C:\WINDOWS\system32\br0ken.exe
C:\WINDOWS\system32\sysconf16.exe
C:\WINDOWS\system32\MSTCPDLL.exe
C:\WINDOWS\system32\Brong32.exe
C:\WINDOWS\system32\scanSYS.exe

Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

START – RUN – type in %temp% - OK - Edit – Select all – File – Delete

Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

Not all temp files will delete and that is normal
Empty the recycle bin
Boot and post a new log from normal NOT safe mode

Please give feedback on what worked/didn’t work and the current status of your system
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#6 shellybelly

shellybelly
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:19 PM

Posted 11 July 2006 - 07:32 PM

Ok here are my new log files, the computer is still running about the same, still showing no desktop background, just a white screen that goes light then dark.

Logfile of HijackThis v1.99.1
Scan saved at 8:29:10 PM, on 7/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\HiJackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [BHR4.1] C:\Program Files\Zamaan's Software\Browser Hijack Retaliator 4.1\BHR4.1.exe
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/profiler/PCPitStop.CAB
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/shared/m...83/mcinsctl.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/shared/m...,20/mcgdmgr.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


Fixwareout ver 1.003
Last edited 07/1/2006
Post this report in the forums please

Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}FC88DB6DD62A-51F8-E364-B604-99FDEEE1{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}536CD34E552C-5588-0744-BDC9-76AB04BA{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}48AD40CEFD92-6AEB-4ED4-6CA5-466ABF67{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}35BF0840AE6A-4818-0604-6619-DE6F4767{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F7F76DD95425-E4DB-41F4-3DEC-98D1E237{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}32D74D84AAB0-84B9-3464-13B3-FF161A6F{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}959917718F88-E778-83E4-0E88-ECA42DBA{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}8C9AF07B324E-DF59-8574-CC98-9F07095E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}82475B550DCA-96DA-20B4-ECA0-A5E2DC51{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A8BC08EB2B88-4CD8-B6B4-63E7-02E8C4AA{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}194AFEE3F1A7-AB18-56D4-7450-FE1DDADE{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}7BFF7A801C4F-D118-38B4-7E63-789E2821{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3851C9F2F56C-E9BB-7D44-4B27-6493EC82{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F1685F602005-441A-B194-E7FC-FA75B122{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}2F232C806BF9-CEE9-D1F4-3D77-47F8378B{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}0D7388A08B9B-982B-7FF4-8485-826FD05D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}CAC56E107657-54B9-0E44-F34B-EF0498C9{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}33A28E27E769-5E29-7234-85F0-648F491E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C2F96D3C8AF1-4EC9-2FA4-E5B9-1E6517A9{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C8DFDF39B0AE-5EC9-5A34-B9D4-902AEB30{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}474BE061ECD6-7D19-B554-EC7D-701A2C19{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}2CF3E4B51F15-2DFA-0F44-2B2D-3DDD4EF5{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}49A80E1F49F6-7398-AEF4-FB94-6C407230{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}6F7E6A648CD2-E55A-7D44-0451-900B4CE4{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}6669F70BB73F-9E39-3EB4-C1E0-6B34611A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C7210A5B5D94-E2BA-2234-B178-7564A5D0{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}10E433C5E3EB-6B7A-DA84-D03F-851E400F{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}86EA496CBBCC-EDDB-9A74-A348-7AF9F4CA{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E6C3A236AAF6-A7BA-63D4-C5DE-6D24ED88{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}607AA2816F1B-13AA-6724-2B32-9C3A35C7{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}52F9CBB9F649-6D69-D0B4-1E6F-7BD79CF8{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}AEB98B2215A8-1A19-D514-C227-3347DED5{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E211A3C7C402-58CA-2174-32E6-C9334504{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}06584C02F689-76A8-4D44-EBEF-B9AACB14{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}AC24D74083FF-E76B-FE44-4E31-EC942E24{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4DC576E74086-3058-DF94-059F-60B9EF99{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}74B298F9AFF0-669A-E844-48EE-BD304AE7{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F65C30FE1238-7B98-E544-86B4-9E341C7D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}71A7E2C315BC-C2C8-54D4-5478-AE615996{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B4E4096D6D2A-1B49-E5A4-CD0A-BBC331CC{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}787DC858EA49-E3AA-E6B4-1FA8-E50CFF53{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}6CF624BC3521-35B8-17C4-793A-9A42EDE7{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A76181E60B53-050B-92E4-522E-47F7354F{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}7C3F5BA677C7-5619-D484-C9AE-9B2EA466{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}CB0722FD92B3-27CB-8304-AA38-EA074470{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}AB22EF26A949-6929-E7B4-D76F-5663A680{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}91FCE8169BF0-F888-4EB4-4B72-59A6D42E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}238C8CE23BC0-0D4A-1844-0653-88D26FD3{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}42FF5ABDF044-23A8-CD54-2BB7-AE279B9C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}002C9EF586E6-3E2A-4DD4-805D-27E9DDAB{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}601EB23BD095-65EA-FA84-0E28-D2F3842A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}1B23641F5DC2-C5AB-BC24-2615-B46CE26D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}1499FCD4B0DA-6B38-F544-7741-20A41549{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}716178D581DA-56FA-8644-AC26-07D412E6{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}809EE1EA3065-9808-5E64-CFCD-959ADD34{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}96F7E80EF3A7-376A-F404-1A6A-61A1E702{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}36F065D59C48-DDCB-0274-A674-A0B8613C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B11A80C8D037-4A18-8384-0E61-7F77D2E3{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}36223D5976CA-5A59-E304-4E00-161E4FC3{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}DF5400B03F40-235A-4F24-904E-192A196A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D74E73B2A167-ECD9-7574-DCEE-41D1266E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}192CE01D453E-DFBA-31F4-F406-BFF06DA8{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}02FF2F518114-B228-21C4-110B-4AA4386A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}49CAD14DA756-9418-4D64-1A58-DECC5252{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}7465C72D4F7A-60BB-6AA4-0B1B-64785CD0{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}7BD3BE8EFA5F-9D49-F5B4-586E-24CE3A43{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3F3EB0E7A5FA-E1E8-2604-A444-62333EC7{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}ABE5FD8FE433-D9CB-56C4-D2F3-70534E6E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}6F8C4DC3E921-89F9-D1F4-3F7C-BC189BCE{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D86752058593-026A-8C14-3A5F-84E7A274{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}FE1853579135-E458-4104-12CB-3DB2BB7D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}1E9B8BB89ECA-DFEA-8194-145A-1213B7E9{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}0D241504692F-58EB-9EB4-1AA2-C8980E7B{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}36DBA3B7E1DE-17AB-2084-4B5B-3A536D5B{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3252B27EB119-FBDB-2794-3DCA-9E001364{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5C61AB70EA15-C80B-4844-7856-9FAD42C9{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F9195BBCDDF1-CA7B-43E4-A9FE-A8C38593{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E7CE50255374-40C9-20E4-8DB9-887C5C9E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}50AEAE891CB4-5808-2174-B184-3D0C7FE3{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}DE13F45A66B0-6629-6314-EB81-06DE697C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B5953A984D8D-2EE9-72D4-F27F-E3F74AD9{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D1C03300306F-067A-6DE4-E634-0A7A392D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}FEDEED42B3C9-D618-2544-A2A1-5C5077E5{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}529BF1F77BC1-D4B8-C974-BF96-4D375A31{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}8B1FC221F62F-1EFA-CAF4-B7DB-BF4C0B1D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9AD8E7424C62-6F08-EB14-D719-53472FAA{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E82088D0D75E-C33A-F314-FAB7-9DAB7A89{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}FC53323C4C01-13D9-2174-F905-811D98D0{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E9E5B3B9B622-7D5A-9554-FAD6-3D4C1373{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3EF0C0959411-15FA-D5D4-C274-A90D081D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}24F9034E5161-6889-0854-D2A0-17E22F47{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C8320981C3BD-3ECA-EBD4-B795-4E075B9C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4002E0183CEA-FE6A-2704-9862-734709D5{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D594EFE7B1A1-52F9-6784-2F92-D101FCF4{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F2CC97B156F3-3028-C8C4-2F39-4D6401C6{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}448FA554062D-5159-BCD4-A3E5-7F7A8819{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}253638CA74FA-A96A-5C24-AFDE-9675FD72{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A10F84A0E95A-2048-A124-22AF-06D04A1E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4B1F1490B08B-2B0B-E714-9294-72DC8258{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}CE856A4A0330-E48A-8BE4-F5D2-043564ED{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B878A6CA203C-0359-38D4-9ECF-94FC4666{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9ED2E786C787-25C8-1C74-147C-704DD375{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D85B02B97819-6D88-0744-5BEC-8F79C23A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A9B3116E777F-E83B-FAE4-8F18-728234A0{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}002F7AE930DB-E31B-EF14-DC74-B5100DED{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F4F1B04C8B48-E06B-9464-5100-E5D6C0EB{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}754D11787FFD-7279-E984-2B21-0FBBECCA{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}50911859DBCB-9389-44C4-9A63-C8844BD2{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}8A432CAEF223-4458-A5D4-933D-3A1C26A3{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}2C6615F3C6FB-38C8-DD14-E6D3-EF60A211{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}DB38B1D9CEB4-EF78-BDF4-7290-CC81BD39{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}0E663D35694A-A389-99A4-2C35-7FC8CFA7{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E01249A25842-57D8-E604-ED2A-F9E9B606{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}36628BCD92E9-7798-DF94-831B-115F6810{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}7A69AC9460F0-B858-0974-D586-57312027{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}BEBD8F654C18-9548-3194-C55A-37A27EEA{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}6A2318969D84-C95A-9EF4-31AD-F64DD6B0{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}7CC32BDC0631-7DD8-B354-0227-72149FBF{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}01FEE44DD806-CFCB-F084-2D2D-62BA5F72{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}76318055F7DA-549A-80B4-3D23-68F2D5A2{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3E3B17ED1636-A69B-7934-9CCF-BA64CA31{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B70F567CA644-F1AA-A914-CB66-E80A8FC6{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}761706F02073-3128-F744-2D6A-0A966329{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9D1007A5A3F4-89DB-9E74-49EE-480A1994{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}2F4EB2F46D11-C0EB-C3E4-6AAE-0E836CD6{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E11C5FE44882-5309-1EC4-A9C8-D003DFA2{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3E957CC0CE44-CA48-D444-83CE-81D99F85{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}2F845D0F79FD-169B-9524-A834-BBA69ED2{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}684A87685E86-11DB-4274-91EC-AF466CD6{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}DB7F6CD39D1B-71D9-F064-B555-DF962ECD{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}DD8A7821FD81-9929-3DB4-87D2-99FBEE14{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}909E7F6DB82D-8869-1C24-9778-A5CBBDCD{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3F5E32BAF9EF-3B58-4434-EE9F-D8FA53AE{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}BC53BA8EC6AA-F0CB-1654-7CE4-1BF90D2D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D79E79E3EBC3-A359-40B4-1C1E-8C3310A4{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}6DDC8F1C2012-928A-18E4-ED49-F9E01DBA{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}CD8A7932ECBC-925B-A8B4-2F09-C42E43FA{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}92B7143EF1A6-3A49-4844-FDBF-5847CAB9{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}8CC2646A478A-E04B-43A4-E378-3248F60F{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}998B5E1359C6-1008-AAD4-6DC5-BF879C38{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5DBB545CE319-664B-E434-BDB2-1A2B38E5{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F18A39038256-53A9-0984-5EBD-76DF65A7{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}BF59B88A34FE-8B9B-7814-CC07-AEBFEF4C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}BAF1DEE7F911-C33A-FA84-26BF-CC98A458{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}154FCDA1AEE0-B36A-9284-2BC9-018F569D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}44B746FC7CE7-BD2B-ED74-7217-09ED5AA2{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9FFEC2F6B313-3458-A1C4-B415-BEA1553F{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9E0277512FE9-E7BA-1E74-13B4-68DCEE31{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F987D288EEF8-BCF9-4824-8197-8309B538{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}7EC609B6D9EE-ADB9-CAA4-576C-59EF2D77{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}2D3A9C0E7BCD-7849-A0D4-1A03-4CC74158{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}97B2F49257C8-8849-2514-9A13-BEA6030E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}6BF385F6C391-638B-5D64-6AB4-CFAB989B{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}297B12F9372C-A12A-E964-A691-AE542050{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}1CACBB461F24-0C09-C694-6D36-5185C33D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}8415F3E804A1-EAFA-BC34-089C-27D42268{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}54ADF59E8532-187A-1A74-C968-80EFA91E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4E815EC3470E-434B-D944-E7D8-2AE41454{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}02D4D0142224-711A-DD34-A392-1E1062F1{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5CD108A8620E-270A-98E4-9350-BCCB5670{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5D497B60BBAD-E289-5A44-8494-1768D562{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9DB3EA1807CF-F338-A5C4-F92B-2B16ABA2{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}641E3D2D3600-6F19-D294-1341-368027AD{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}ACFBE875CEF6-B6F9-2544-7A89-B48894E5{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}0E6E7C39FC04-4CB8-CF34-436B-E7F5ABF5{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}52474A3B533A-EA0A-C324-0E62-9E485C96{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}05A57E8B1AC0-4A19-A1F4-0E06-DA0AD3C2{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}DDDC4BB024B7-381A-2474-DBDB-0E44D560{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}592CDB89DF0A-E0C8-4884-AEE2-DF8907BB{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}46D1E24598B0-C1EB-6114-97E8-DF2B63B5{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}0D989B93C65A-4CF9-DA04-A6B8-3C3BAE78{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4671FF5AAF5E-06E8-7054-BA25-3E490A00{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4D0C56E47121-28F9-6594-47CA-7BA26264{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}56A2709BA496-8A0B-8014-B158-3A75C134{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}EA5E12518BDF-1E18-A5F4-CDD3-1D8F4F92{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}44487FA0F917-3339-D614-2ACE-E5195B76{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}91F48489B20E-C51B-6A64-CE47-F219ED78{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A072DBB3450D-4DDB-2F04-4516-5328F212{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D9CD427F67F4-CEDB-A3E4-AE74-96EBDBCB{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D11211706DA4-53BB-8B04-2CC1-FC2A8803{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A2D95ED5A150-FE5B-0DB4-F6E1-8033E529{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\swen
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ogol
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\eno
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\llun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\eerht
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ruof
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\evif
...

Microsoft ® Windows Script Host Version 5.6
Random Runs removed from HKLM
"dmvdg.exe"=-
...

PLEASE NOTE, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Example ipsec6.exe is legitimate

»»»»» Search by size and names...
C:\WINDOWS\SYSTEM32\IPSEC6.EXE
* csr.exe C:\WINDOWS\System32\CSYNA.EXE

»»»»» Misc files

»»»»» Checking for older varients covered by the Rem3 tool

»»»»»
Search five digit cs, dm and jb files
This WILL/CAN also list Legit Files, Submit them at Virustotal
C:\WINDOWS\SYSTEM32\CSYNA.EXE 51,278 2006-07-10
C:\WINDOWS\SYSTEM32\DMVDG.EXE 44,053 2004-08-04
Other suspects
Directory of C:\WINDOWS\system32
{925E3308-1E6F-4BD0-B5EF-051A5DE59D2A}.exe
{3088A2CF-1CC2-40B8-BB35-4AD60711211D}.exe
{BCBDBE69-47EA-4E3A-BDEC-4F76F724DC9D}.exe
{212F8235-6154-40F2-BDD4-D0543BBD270A}.exe
{87DE912F-74EC-46A6-B15C-E02B98484F19}.exe
{67B5915E-ECA2-416D-9333-719F0AF78444}.exe
{29F4F8D1-3DDC-4F5A-81E1-FDB81521E5AE}.exe
{431C57A3-851B-4108-B0A8-694AB9072A65}.exe
{46262AB7-AC74-4956-9F82-12174E65C0D4}.exe
{00A094E3-52AB-4507-8E60-E5FAA5FF1764}.exe
{87EAB3C3-8B6A-40AD-9FC4-A56C39B989D0}.exe
{5B36B2FD-8E79-4116-BE1C-0B89542E1D64}.exe
{BB7098FD-2EEA-4884-8C0E-A0FD98BDC295}.exe
{065D44E0-BDBD-4742-A183-7B420BB4CDDD}.exe
{2C3DA0AD-60E0-4F1A-91A4-0CA1B8E75A50}.exe
{69C584E9-26E0-423C-A0AE-A335B3A47425}.exe
{5FBA5F7E-B634-43FC-8BC4-40CF93C7E6E0}.exe
{5E49884B-98A7-4452-9F6B-6FEC578EBFCA}.exe
{DA720863-1431-492D-91F6-0063D2D3E146}.exe
{2ABA61B2-B29F-4C5A-833F-FC7081AE3BD9}.exe
{265D8671-4948-44A5-982E-DABB06B794D5}.exe
{0765BCCB-0539-4E89-A072-E0268A801DC5}.exe
{1F2601E1-293A-43DD-A117-4222410D4D20}.exe
{45414EA2-8D7E-449D-B434-E0743CE518E4}.exe
{E19AFE08-869C-47A1-A781-2358E95FDA45}.exe
{86224D72-C980-43CB-AFAE-1A408E3F5148}.exe
{D33C5815-63D6-496C-90C0-42F164BBCAC1}.exe
{050245EA-196A-469E-A21A-C2739F21B792}.exe
{B989BAFC-4BA6-46D5-B836-193C6F583FB6}.exe
{E0306AEB-31A9-4152-9488-8C75294F2B79}.exe
{85147CC4-30A1-4D0A-9487-DCB7E0C9A3D2}.exe
{77D2FE95-C675-4AAC-9BDA-EE9D6B906CE7}.exe
{835B9038-7918-4284-9FCB-8FEE882D789F}.exe
{13EECD86-4B31-47E1-AB7E-9EF2157720E9}.exe
{F3551AEB-514B-4C1A-8543-313B6F2CEFF9}.exe
{2AA5DE90-7127-47DE-B2DB-7EC7CF647B44}.exe
{D965F810-9CB2-4829-A63B-0EEA1ADCF451}.exe
{854A89CC-FB62-48AF-A33C-119F7EED1FAB}.exe
{C4FEFBEA-70CC-4187-B9B8-EF43A88B95FB}.exe
{7A56FD67-DBE5-4890-9A35-65283093A81F}.exe
{5E83B2A1-2BDB-434E-B466-913EC545BBD5}.exe
{83C978FB-5CD6-4DAA-8001-6C9531E5B899}.exe
{F06F8423-873E-4A34-B40E-A874A6462CC8}.exe
{9BAC7485-FBDF-4484-94A3-6A1FE3417B29}.exe
{AF34E24C-90F2-4B8A-B529-CBCE2397A8DC}.exe
{ABD10E9F-94DE-4E81-A829-2102C1F8CDD6}.exe
{4A0133C8-E1C1-4B04-953A-3CBE3E97E97D}.exe
{D2D09FB1-4EC7-4561-BC0F-AA6CE8AB35CB}.exe
{EA35AF8D-F9EE-4344-85B3-FE9FAB23E5F3}.exe
{DCDBBC5A-8779-42C1-9688-D28BD6F7E909}.exe
{41EEBF99-2D78-4BD3-9299-18DF1287A8DD}.exe
{DCE269FD-555B-460F-9D17-B1D93DC6F7BD}.exe
{6DC664FA-CE19-4724-BD11-68E58678A486}.exe
{2DE96ABB-438A-4259-B961-DF97F0D548F2}.exe
{58F99D18-EC38-444D-84AC-44EC0CC759E3}.exe
{2AFD300D-8C9A-4CE1-9035-28844EF5C11E}.exe
{6DC638E0-EAA6-4E3C-BE0C-11D64F2BE4F2}.exe
{4991A084-EE94-47E9-BD98-4F3A5A7001D9}.exe
{923669A0-A6D2-447F-8213-37020F607167}.exe
{6CF8A08E-66BC-419A-AA1F-446AC765F07B}.exe
{13AC46AB-FCC9-4397-B96A-6361DE71B3E3}.exe
{2A5D2F86-32D3-4B08-A945-AD7F55081367}.exe
{27F5AB26-D2D2-480F-BCFC-608DD44EEF10}.exe
{FBF94127-7220-453B-8DD7-1360CDB23CC7}.exe
{0B6DD46F-DA13-4FE9-A59C-48D9698132A6}.exe
{AEE72A73-A55C-4913-8459-81C456F8DBEB}.exe
{72021375-685D-4790-858B-0F0649CA96A7}.exe
{0186F511-B138-49FD-8977-9E29DCB82663}.exe
{606B9E9F-A2DE-406E-8D75-24852A94210E}.exe
{7AFC8CF7-53C2-4A99-983A-A49653D366E0}.exe
{93DB18CC-0927-4FDB-87FE-4BEC9D1B83BD}.exe
{112A06FE-3D6E-41DD-8C83-BF6C3F5166C2}.exe
{3A62C1A3-D339-4D5A-8544-322FEAC234A8}.exe
{2DB4488C-36A9-4C44-9839-BCBD95811905}.exe
{ACCEBBF0-12B2-489E-9727-DFF78711D457}.exe
{BE0C6D5E-0015-4649-B60E-84B8C40B1F4F}.exe
{DED0015B-47CD-41FE-B13E-BD039EA7F200}.exe
{0A432827-81F8-4EAF-B38E-F777E6113B9A}.exe
{A32C97F8-CEB5-4470-88D6-91879B20B58D}.exe
{573DD407-C741-47C1-8C52-787C687E2DE9}.exe
{6664CF49-FCE9-4D83-9530-C302AC6A878B}.exe
{DE465340-2D5F-4EB8-A84E-0330A4A658EC}.exe
{8528CD27-4929-417E-B0B2-B80B0941F1B4}.exe
{E1A40D60-FA22-421A-8402-A59E0A48F01A}.exe
{27DF5769-EDFA-42C5-A69A-AF47AC836352}.exe
{9188A7F7-5E3A-4DCB-9515-D260455AF844}.exe
{6C1046D4-93F2-4C8C-8203-3F651B79CC2F}.exe
{4FCF101D-29F2-4876-9F25-1A1B7EFE495D}.exe
{5D907437-2689-4072-A6EF-AEC3810E2004}.exe
{C9B570E4-597B-4DBE-ACE3-DB3C1890238C}.exe
{74F22E71-0A2D-4580-9886-1615E4309F42}.exe
{D180D09A-472C-4D5D-AF51-1149590C0FE3}.exe
{3731C4D3-6DAF-4559-A5D7-226B9B3B5E9E}.exe
{0D89D118-509F-4712-9D31-10C4C32335CF}.exe
{98A7BAD9-7BAF-413F-A33C-E57D0D88028E}.exe
{AAF27435-917D-41BE-80F6-26C4247E8DA9}.exe
{D1B0C4FB-BD7B-4FAC-AFE1-F26F122CF1B8}.exe
{13A573D4-69FB-479C-8B4D-1CB77F1FB925}.exe
{5E7705C5-1A2A-4452-816D-9C3B24DEEDEF}.exe
{D293A7A0-436E-4ED6-A760-F60300330C1D}.exe
{9DA47F3E-F72F-4D27-9EE2-D8D489A3595B}.exe
{C796ED60-18BE-4136-9266-0B66A54F31ED}.exe
{3EF7C0D3-481B-4712-8085-4BC198EAEA05}.exe
{E9C5C788-9BD8-4E02-9C04-47355205EC7E}.exe
{39583C8A-EF9A-4E34-B7AC-1FDDCBB5919F}.exe
{9C24DAF9-6587-4484-B08C-51AE07BA16C5}.exe
{463100E9-ACD3-4972-BDBF-911BE72B2523}.exe
{B5D635A3-B5B4-4802-BA71-ED1E7B3ABD63}.exe
{B7E0898C-2AA1-4BE9-BE85-F296405142D0}.exe
{9E7B3121-A541-4918-AEFD-ACE98BB8B9E1}.exe
{D7BB2BD3-BC21-4014-854E-5319753581EF}.exe
{472A7E48-F5A3-41C8-A620-39585025768D}.exe
{ECB981CB-C7F3-4F1D-9F98-129E3CD4C8F6}.exe
{E6E43507-3F2D-4C65-BC9D-334EF8DF5EBA}.exe
{7CE33326-444A-4062-8E1E-AF5A7E0BE3F3}.exe
{34A3EC42-E685-4B5F-94D9-F5AFE8EB3DB7}.exe
{0DC58746-B1B0-4AA6-BB06-A7F4D27C5647}.exe
{2525CCED-85A1-46D4-8149-657AD41DAC94}.exe
{A6834AA4-B011-4C12-822B-411815F2FF20}.exe
{2DD8175C-806B-4B61-9DC4-0EA24F551B12}.exe
{06F1C40B-7E7B-4E81-822B-A684624C1271}.exe
{5890EE3C-8730-4DB5-A21E-9ADF6A0FECC2}.exe
{D6A60BCD-3483-4E72-B334-65893B55D3FA}.exe

#7 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:06:19 PM

Posted 12 July 2006 - 12:12 PM

Delete these files

C:\WINDOWS\SYSTEM32\CSYNA.EXE
C:\WINDOWS\SYSTEM32\DMVDG.EXE

Go to the link below and download the trial version of SpySweeper:

SpySweeper http://www.webroot.com/consumer/products/s...4129&ac=tsg

* Click the Free Trial link under "SpySweeper" to download the program.
* Install it. Once the program is installed, it will open.
* It will prompt you to update to the latest definitions, click Yes.
* Once the definitions are installed, click Options on the left side.
* Click the Sweep Options tab.
* Under What to Sweep please put a check next to the following:
o Sweep Memory
o Sweep Registry
o Sweep Cookies
o Sweep All User Accounts
o Enable Direct Disk Sweeping
o Sweep Contents of Compressed Files
o Sweep for Rootkits

o Please UNCHECK Do not Sweep System Restore Folder.

* Click Sweep Now on the left side.
* Click the Start button.
* When it's done scanning, click the Next button.
* Make sure everything has a check next to it, then click the Next button.
* It will remove all of the items found.
* Click Session Log in the upper right corner, copy everything in that window.
* Click the Summary tab and click Finish.
* Paste the contents of the session log you copied into your next reply.
Also post a new Hijack This log.
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#8 shellybelly

shellybelly
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:19 PM

Posted 12 July 2006 - 09:02 PM

Ok here's the status... everytime I run the fixes you send it removes many things so hopefully we're on track. I want to say thank you for your help and patience. The one noticeable problem still is the background or lack there of. It shows on shutdown and startup but doesn't stay.

Here's the lastest logs

9:49 PM: Removal process completed. Elapsed time 00:00:35
9:49 PM: Quarantining All Traces: stopzilla cookie
9:49 PM: Quarantining All Traces: adminder cookie
9:49 PM: Quarantining All Traces: techtarget cookie
9:49 PM: Quarantining All Traces: tribalfusion cookie
9:49 PM: Quarantining All Traces: trafficmp cookie
9:49 PM: Quarantining All Traces: serving-sys cookie
9:49 PM: Quarantining All Traces: server.iad.liveperson cookie
9:49 PM: Quarantining All Traces: questionmarket cookie
9:49 PM: Quarantining All Traces: nextag cookie
9:49 PM: Quarantining All Traces: realmedia cookie
9:49 PM: Quarantining All Traces: mygeek cookie
9:49 PM: Quarantining All Traces: ru4 cookie
9:49 PM: Quarantining All Traces: overture cookie
9:49 PM: Quarantining All Traces: casalemedia cookie
9:49 PM: Quarantining All Traces: bluestreak cookie
9:49 PM: Quarantining All Traces: atwola cookie
9:49 PM: Quarantining All Traces: ask cookie
9:49 PM: Quarantining All Traces: apmebf cookie
9:49 PM: Quarantining All Traces: reunion cookie
9:49 PM: Quarantining All Traces: pointroll cookie
9:49 PM: Quarantining All Traces: adrevolver cookie
9:49 PM: Quarantining All Traces: yieldmanager cookie
9:49 PM: Quarantining All Traces: 80503492 cookie
9:49 PM: Quarantining All Traces: 2o7.net cookie
9:49 PM: Quarantining All Traces: 123count cookie
9:49 PM: Quarantining All Traces: kill & clean scanner and monitor
9:49 PM: Quarantining All Traces: raze spyware fakealert
9:49 PM: Quarantining All Traces: quicklink search toolbar
9:48 PM: Quarantining All Traces: trojan-secdrop
9:48 PM: Quarantining All Traces: trojan-downloader-ruin
9:48 PM: Quarantining All Traces: trojan-downloader-zlob
9:48 PM: Removal process initiated
9:38 PM: Traces Found: 163
9:38 PM: Full Sweep has completed. Elapsed time 00:07:47
9:38 PM: File Sweep Complete, Elapsed Time: 00:06:44
9:36 PM: Warning: Failed to access drive I:
9:36 PM: Warning: Failed to access drive H:
9:36 PM: Warning: Failed to access drive G:
9:36 PM: Warning: Failed to access drive F:
9:36 PM: Warning: Failed to access drive E:
9:36 PM: C:\WINDOWS\system32\{5890EE3C-8730-4DB5-A21E-9ADF6A0FECC2}.exe (ID = 125496)
9:35 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP1\A0000118.exe (ID = 316570)
9:35 PM: Found Adware: kill & clean scanner and monitor
9:34 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP1\A0000216.dll (ID = 73422)
9:34 PM: Found Adware: quicklink search toolbar
9:34 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000432.exe (ID = 81237)
9:34 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000471.exe (ID = 81237)
9:34 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000431.exe (ID = 81237)
9:33 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000403.exe (ID = 81237)
9:33 PM: Spy Installation Shield: found: Trojan Horse: trojan-secdrop, version 1.0.0.0
9:33 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0001372.exe (ID = 147)
9:33 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000420.exe (ID = 81237)
9:33 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000423.exe (ID = 81237)
9:33 PM: Spy Installation Shield: found: Trojan Horse: trojan-secdrop, version 1.0.0.0
9:33 PM: Spy Installation Shield: found: Trojan Horse: trojan-secdrop, version 1.0.0.0
9:33 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000402.exe (ID = 81237)
9:33 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP1\A0000116.exe (ID = 246)
9:33 PM: Spy Installation Shield: found: Trojan Horse: trojan-secdrop, version 1.0.0.0
9:33 PM: Spy Installation Shield: found: Trojan Horse: trojan-secdrop, version 1.0.0.0
9:33 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000401.exe (ID = 81237)
9:33 PM: Spy Installation Shield: found: Trojan Horse: trojan-secdrop, version 1.0.0.0
9:33 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP1\A0000222.exe (ID = 147)
9:33 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000400.exe (ID = 81237)
9:33 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000470.exe (ID = 81237)
9:33 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000399.exe (ID = 81237)
9:33 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000430.exe (ID = 81237)
9:33 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000429.exe (ID = 81237)
9:33 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000469.exe (ID = 81237)
9:33 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000398.exe (ID = 81237)
9:33 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000468.exe (ID = 81237)
9:33 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000467.exe (ID = 81237)
9:33 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000466.exe (ID = 81237)
9:33 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000465.exe (ID = 81237)
9:33 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000428.exe (ID = 81237)
9:32 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000422.exe (ID = 81237)
9:32 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0001371.exe (ID = 246)
9:32 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000397.exe (ID = 81237)
9:32 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000396.exe (ID = 81237)
9:32 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000395.exe (ID = 81237)
9:32 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000394.exe (ID = 81237)
9:32 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000393.exe (ID = 81237)
9:32 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000392.exe (ID = 81237)
9:32 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP1\A0000119.exe (ID = 125496)
9:32 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000391.exe (ID = 81237)
9:32 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000464.exe (ID = 81237)
9:32 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000390.exe (ID = 81237)
9:32 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000389.exe (ID = 81237)
9:32 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000388.exe (ID = 81237)
9:32 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000387.exe (ID = 81237)
9:32 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000386.exe (ID = 81237)
9:32 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000385.exe (ID = 81237)
9:32 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000384.exe (ID = 81237)
9:32 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000463.exe (ID = 81237)
9:32 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000462.exe (ID = 81237)
9:32 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000383.exe (ID = 81237)
9:32 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000461.exe (ID = 81237)
9:32 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000427.exe (ID = 81237)
9:32 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000460.exe (ID = 81237)
9:32 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000382.exe (ID = 81237)
9:32 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000459.exe (ID = 81237)
9:32 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000381.exe (ID = 81237)
9:32 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000426.exe (ID = 81237)
9:32 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000380.exe (ID = 81237)
9:32 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000425.exe (ID = 81237)
9:32 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000458.exe (ID = 81237)
9:32 PM: C:\Program Files\Yahoo!\YPSR\Quarantine\ppq69.tmp (ID = 198440)
9:32 PM: Found Adware: raze spyware fakealert
9:32 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000424.exe (ID = 81237)
9:32 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP1\A0000218.exe (ID = 246)
9:32 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000495.exe (ID = 81237)
9:32 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000494.exe (ID = 81237)
9:32 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000404.exe (ID = 81237)
9:32 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000493.exe (ID = 81237)
9:32 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000492.exe (ID = 81237)
9:32 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000379.exe (ID = 81237)
9:32 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000457.exe (ID = 81237)
9:32 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000378.exe (ID = 81237)
9:32 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000377.exe (ID = 81237)
9:32 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000405.exe (ID = 81237)
9:32 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000491.exe (ID = 81237)
9:32 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000406.exe (ID = 81237)
9:32 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000472.exe (ID = 81237)
9:32 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000473.exe (ID = 81237)
9:32 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000474.exe (ID = 81237)
9:32 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000407.exe (ID = 81237)
9:32 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000433.exe (ID = 81237)
9:32 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000475.exe (ID = 81237)
9:32 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000408.exe (ID = 81237)
9:32 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000476.exe (ID = 81237)
9:32 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000434.exe (ID = 81237)
9:32 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000435.exe (ID = 81237)
9:32 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000477.exe (ID = 81237)
9:32 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000436.exe (ID = 81237)
9:32 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000437.exe (ID = 81237)
9:32 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000478.exe (ID = 81237)
9:32 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000438.exe (ID = 81237)
9:32 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000439.exe (ID = 81237)
9:32 PM: C:\Program Files\Yahoo!\YPSR\Quarantine\ppq20.tmp (ID = 147)
9:32 PM: Found Trojan Horse: trojan-downloader-ruin
9:32 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000440.exe (ID = 81237)
9:32 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000421.exe (ID = 81237)
9:32 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000441.exe (ID = 81237)
9:32 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000479.exe (ID = 81237)
9:32 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000409.exe (ID = 81237)
9:32 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000480.exe (ID = 81237)
9:32 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000442.exe (ID = 81237)
9:32 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000419.exe (ID = 81237)
9:32 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000443.exe (ID = 81237)
9:32 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000481.exe (ID = 81237)
9:32 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000482.exe (ID = 81237)
9:32 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000444.exe (ID = 81237)
9:32 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000410.exe (ID = 81237)
9:32 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000445.exe (ID = 81237)
9:32 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000446.exe (ID = 81237)
9:32 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000447.exe (ID = 81237)
9:32 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000448.exe (ID = 81237)
9:31 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000449.exe (ID = 81237)
9:31 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000411.exe (ID = 81237)
9:31 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000450.exe (ID = 81237)
9:31 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000451.exe (ID = 81237)
9:31 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000412.exe (ID = 81237)
9:31 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000483.exe (ID = 81237)
9:31 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000484.exe (ID = 81237)
9:31 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000485.exe (ID = 81237)
9:31 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000452.exe (ID = 81237)
9:31 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000413.exe (ID = 81237)
9:31 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000486.exe (ID = 81237)
9:31 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000487.exe (ID = 81237)
9:31 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000488.exe (ID = 81237)
9:31 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000414.exe (ID = 81237)
9:31 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000453.exe (ID = 81237)
9:31 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000415.exe (ID = 81237)
9:31 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000489.exe (ID = 81237)
9:31 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000490.exe (ID = 81237)
9:31 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000454.exe (ID = 81237)
9:31 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000418.exe (ID = 81237)
9:31 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000455.exe (ID = 81237)
9:31 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000416.exe (ID = 81237)
9:31 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000417.exe (ID = 81237)
9:31 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP3\A0000456.exe (ID = 81237)
9:31 PM: Found Trojan Horse: trojan-secdrop
9:31 PM: Starting File Sweep
9:31 PM: Cookie Sweep Complete, Elapsed Time: 00:00:01
9:31 PM: c:\documents and settings\owner\cookies\owner@www.stopzilla[2].txt (ID = 3466)
9:31 PM: Found Spy Cookie: stopzilla cookie
9:31 PM: c:\documents and settings\owner\cookies\owner@www.adminder[2].txt (ID = 2079)
9:31 PM: Found Spy Cookie: adminder cookie
9:31 PM: c:\documents and settings\owner\cookies\owner@whatis.techtarget[1].txt (ID = 3500)
9:31 PM: Found Spy Cookie: techtarget cookie
9:31 PM: c:\documents and settings\owner\cookies\owner@tribalfusion[1].txt (ID = 3589)
9:31 PM: Found Spy Cookie: tribalfusion cookie
9:31 PM: c:\documents and settings\owner\cookies\owner@trafficmp[1].txt (ID = 3581)
9:31 PM: Found Spy Cookie: trafficmp cookie
9:31 PM: c:\documents and settings\owner\cookies\owner@serving-sys[2].txt (ID = 3343)
9:31 PM: Found Spy Cookie: serving-sys cookie
9:31 PM: c:\documents and settings\owner\cookies\owner@server.iad.liveperson[1].txt (ID = 3341)
9:31 PM: Found Spy Cookie: server.iad.liveperson cookie
9:31 PM: c:\documents and settings\owner\cookies\owner@realmedia[2].txt (ID = 3235)
9:31 PM: c:\documents and settings\owner\cookies\owner@questionmarket[2].txt (ID = 3217)
9:31 PM: Found Spy Cookie: questionmarket cookie
9:31 PM: c:\documents and settings\owner\cookies\owner@perf.overture[1].txt (ID = 3106)
9:31 PM: c:\documents and settings\owner\cookies\owner@nextag[2].txt (ID = 5014)
9:31 PM: Found Spy Cookie: nextag cookie
9:31 PM: c:\documents and settings\owner\cookies\owner@network.realmedia[1].txt (ID = 3236)
9:31 PM: Found Spy Cookie: realmedia cookie
9:31 PM: c:\documents and settings\owner\cookies\owner@mygeek[1].txt (ID = 3041)
9:31 PM: Found Spy Cookie: mygeek cookie
9:31 PM: c:\documents and settings\owner\cookies\owner@msnportal.112.2o7[1].txt (ID = 1958)
9:31 PM: c:\documents and settings\owner\cookies\owner@edge.ru4[1].txt (ID = 3269)
9:31 PM: Found Spy Cookie: ru4 cookie
9:31 PM: c:\documents and settings\owner\cookies\owner@data4.perf.overture[2].txt (ID = 3106)
9:31 PM: Found Spy Cookie: overture cookie
9:31 PM: c:\documents and settings\owner\cookies\owner@casalemedia[1].txt (ID = 2354)
9:31 PM: Found Spy Cookie: casalemedia cookie
9:31 PM: c:\documents and settings\owner\cookies\owner@bluestreak[2].txt (ID = 2314)
9:31 PM: Found Spy Cookie: bluestreak cookie
9:31 PM: c:\documents and settings\owner\cookies\owner@atwola[1].txt (ID = 2255)
9:31 PM: Found Spy Cookie: atwola cookie
9:31 PM: c:\documents and settings\owner\cookies\owner@ask[1].txt (ID = 2245)
9:31 PM: Found Spy Cookie: ask cookie
9:31 PM: c:\documents and settings\owner\cookies\owner@apmebf[2].txt (ID = 2229)
9:31 PM: Found Spy Cookie: apmebf cookie
9:31 PM: c:\documents and settings\owner\cookies\owner@affiliates.reunion[1].txt (ID = 3256)
9:31 PM: Found Spy Cookie: reunion cookie
9:31 PM: c:\documents and settings\owner\cookies\owner@ads.pointroll[1].txt (ID = 3148)
9:31 PM: Found Spy Cookie: pointroll cookie
9:31 PM: c:\documents and settings\owner\cookies\owner@adrevolver[3].txt (ID = 2088)
9:31 PM: c:\documents and settings\owner\cookies\owner@adrevolver[2].txt (ID = 2088)
9:31 PM: Found Spy Cookie: adrevolver cookie
9:31 PM: c:\documents and settings\owner\cookies\owner@ad.yieldmanager[1].txt (ID = 3751)
9:31 PM: Found Spy Cookie: yieldmanager cookie
9:31 PM: c:\documents and settings\owner\cookies\owner@80503492[1].txt (ID = 2013)
9:31 PM: Found Spy Cookie: 80503492 cookie
9:31 PM: c:\documents and settings\owner\cookies\owner@2o7[1].txt (ID = 1957)
9:31 PM: Found Spy Cookie: 2o7.net cookie
9:31 PM: c:\documents and settings\owner\cookies\owner@123count[1].txt (ID = 1927)
9:31 PM: Found Spy Cookie: 123count cookie
9:31 PM: Starting Cookie Sweep
9:31 PM: Registry Sweep Complete, Elapsed Time:00:00:09
9:31 PM: HKLM\software\classes\vsenchancer.chl\ (ID = 1519792)
9:31 PM: HKCR\vsenchancer.chl\ (ID = 1519747)
9:31 PM: HKLM\software\classes\media-codec.chl\ (ID = 1247793)
9:31 PM: HKCR\media-codec.chl\ (ID = 1247790)
9:31 PM: Found Trojan Horse: trojan-downloader-zlob
9:31 PM: Starting Registry Sweep
9:31 PM: Memory Sweep Complete, Elapsed Time: 00:00:39
9:30 PM: Starting Memory Sweep
9:30 PM: Sweep initiated using definitions version 717
9:30 PM: Spy Sweeper 5.0.5.1286 started
9:30 PM: | Start of Session, Wednesday, July 12, 2006 |
********
9:30 PM: | End of Session, Wednesday, July 12, 2006 |
9:30 PM: Your spyware definitions have been updated.
7:52 PM: Warning: Access is denied
Keylogger Shield: On
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites Shield: Off
Hosts File Shield: On
Spy Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
7:51 PM: Shield States
7:51 PM: Spyware Definitions: 691
7:51 PM: Spy Sweeper 5.0.5.1286 started
7:51 PM: Spy Sweeper 5.0.5.1286 started
7:51 PM: | Start of Session, Wednesday, July 12, 2006 |
********

Logfile of HijackThis v1.99.1
Scan saved at 9:58:21 PM, on 7/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\HiJackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.net
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [IPHSend] "C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe"
O4 - HKLM\..\Run: [BHR4.1] C:\Program Files\Zamaan's Software\Browser Hijack Retaliator 4.1\BHR4.1.exe
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/profiler/PCPitStop.CAB
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/shared/m...83/mcinsctl.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/shared/m...,20/mcgdmgr.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

Edited by shellybelly, 12 July 2006 - 09:02 PM.


#9 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:06:19 PM

Posted 13 July 2006 - 10:43 AM

CLean

Turn off restore points, boot, turn them back on – here’s how

XP
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam


Go to post #8 in this link

http://forums.techguy.org/security/345137-...blem-fixes.html
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#10 shellybelly

shellybelly
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:19 PM

Posted 13 July 2006 - 01:16 PM

Ok...the desktop restore program didn't work.... any suggestions?

Thanks

#11 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:06:19 PM

Posted 13 July 2006 - 02:18 PM

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present). We’ll get them next step.
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#12 shellybelly

shellybelly
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:19 PM

Posted 13 July 2006 - 07:51 PM

Here is the log:


SmitFraudFix v2.70

Scan done at 20:50:18.81, Thu 07/13/2006
Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Owner\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="C:\\WINDOWS\\desktop.html"
"SubscribedURL"="C:\\WINDOWS\\desktop.html"
"FriendlyName"="Security"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

#13 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:06:19 PM

Posted 14 July 2006 - 09:59 AM

Go to Control Panel > Display.
Click on the "Desktop" tab then click the "Customize Desktop" button.
Click on the "Web" tab.
Under "Web Pages" you should see an entry checked called something like "Security" or similar.
Select that entry and click the "Delete" button. Click OK then Apply and OK.
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#14 shellybelly

shellybelly
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:19 PM

Posted 17 July 2006 - 05:34 PM

THANK YOU!!!!! We are up and running perfectly!!!!

#15 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:06:19 PM

Posted 17 July 2006 - 06:18 PM

Great - closing thread
"Nothing could be finer than to be in South Carolina ............"

Member ASAP




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users