Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Surf Side Kick Removal!


  • Please log in to reply
11 replies to this topic

#1 Mlester_18

Mlester_18

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:34 AM

Posted 09 August 2006 - 05:25 PM

I have spent the last 8 hours or so trying to get rid of this devil called Surf Side Kick! What is with the pop-ups? I have NO idea how I got infected..please help! I am a little tech-challenged but I am determined to get rid of this program. Thanks so much!

-meg

BC AdBot (Login to Remove)

 


#2 Mlester_18

Mlester_18
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:34 AM

Posted 09 August 2006 - 05:28 PM

I already sent ya'll a message about this but I forgot to paste the log I made with hijack this. Please help me get rid of surf side kick!

-Meg


Logfile of HijackThis v1.99.1
Scan saved at 6:22:58 PM, on 8/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\jpacrk.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ayqgr.exe
C:\WINDOWS\system32\ayqgr.exe
C:\WINDOWS\system32\ayqgr.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\progra~1\mcafee\MCAFEE~1\MssCli.exe
C:\Program Files\Common Files\AOL\1140060518\ee\AOLSoftware.exe
C:\WINDOWS\thiselt.exe
C:\WINDOWS\CCZoop05.exe
C:\kybrdff_8.exe
C:\dfndrff_8.exe
C:\WINDOWS\kisgxnqA.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\nwnmff_8.exe
C:\WINDOWS\system32\vp1i4.exe
C:\WINDOWS\system32\redistributor.exe
C:\PROGRA~1\COMMON~1\ukrr\ukrrm.exe
C:\Program Files\System Files\System.exe
C:\PROGRA~1\COMMON~1\ukrr\ukrra.exe
C:\Program Files\Network Monitor\netmon.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalot.com/search.asp?si=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\ayqgr.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,ktxkcqy.exe
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [AutoTBar] C:\hp\bin\autotbar.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MskDetct.exe /startup
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\MssCli.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1140060518\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [pop06apelt] C:\WINDOWS\thiselt.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\CCZoop05.exe
O4 - HKLM\..\Run: [wGzyM6F48] C:\WINDOWS\system32\apbzk.exe
O4 - HKLM\..\Run: [epy9J] "C:\WINDOWS\system32\l3jdfs.exe"
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_8.exe
O4 - HKLM\..\Run: [defender] C:\\dfndrff_8.exe
O4 - HKLM\..\Run: [ad8rIU3s] C:\WINDOWS\system32\cvn0.exe
O4 - HKLM\..\Run: [kisgxnqA] C:\WINDOWS\kisgxnqA.exe
O4 - HKLM\..\Run: [jhetri] C:\WINDOWS\system32\jpacrk.exe reg_run
O4 - HKLM\..\Run: [joec5a1f] RUNDLL32.EXE w16cb6c2.dll,n 002c5a1d0000000316cb6c2
O4 - HKLM\..\Run: [newname] C:\\nwnmff_8.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ukrr] C:\PROGRA~1\COMMON~1\ukrr\ukrrm.exe
O4 - HKCU\..\Run: [fdlvs] C:\WINDOWS\system32\jpacrk.exe reg_run
O4 - HKCU\..\Run: [CAS2] "C:\Program Files\System Files\System.exe"
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\RunOnce: [DelayShred] C:\PROGRA~1\McAfee\MCAFEE~2\SHREDD~1\SHRED32.EXE /q C:\PROGRA~1\SURFSI~1\Ssk.SH! C:\PROGRA~1\SURFSI~1\SskBho.SH! C:\PROGRA~1\SURFSI~1\SskCore.SH!
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: cwmdx.exe
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll
O15 - Trusted Zone: *.adgate.info
O15 - Trusted Zone: *.adsextend.net
O15 - Trusted Zone: *.dollarrevenue.com
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.errorsafe.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.matcash.com
O15 - Trusted Zone: *.media-motor.com
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mediatickets.net
O15 - Trusted Zone: *.mmohsix.com
O15 - Trusted Zone: *.snipernet.biz
O15 - Trusted Zone: *.systemdoctor.com
O15 - Trusted Zone: *.winantivirus.com
O15 - Trusted Zone: *.winfixer.com
O15 - Trusted Zone: *.adgate.info (HKLM)
O15 - Trusted Zone: *.adsextend.net (HKLM)
O15 - Trusted Zone: *.dollarrevenue.com (HKLM)
O15 - Trusted Zone: *.elitemediagroup.net (HKLM)
O15 - Trusted Zone: *.errorsafe.com (HKLM)
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.matcash.com (HKLM)
O15 - Trusted Zone: *.media-motor.com (HKLM)
O15 - Trusted Zone: *.mediatickets.net (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: *.snipernet.biz (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O15 - Trusted Zone: *.winfixer.com (HKLM)
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...om_bedroom1.xml
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://www.systemdoctor.com/download/2006/...FreeInstall.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...tup1.0.0.15.exe
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/activex/pro...138302D2D2D.exe
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} (mm06ocx.mm06ocxf) - mk:@MSITStore:C:\DOCUME~1\Owner\LOCALS~1\Temp\mma.chm::/joysavsht.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1132527164406
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1135089703171
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.1_04) - http://regent6.blackboard.com:8011/webapps...e-1_4_1-win.exe
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - mk:@MSITStore:C:\DOCUME~1\Owner\LOCALS~1\Temp\winfix.chm::/SystemDoctor2006FreeInstall.cab
O18 - Filter: text/html - {D5BA18F2-FF61-465F-831D-A6850B94FC01} - C:\WINDOWS\system32\vf1v62x.dll
O20 - AppInit_DLLs: repairs303169590.dll
O20 - Winlogon Notify: App Paths - C:\WINDOWS\system32\k4800elmehqa0.dll
O20 - Winlogon Notify: logons - C:\WINDOWS\system32\redist.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Sm9zZXBoIExlc3Rlcg\command.exe (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - McAfee, Inc. - c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\kisgxnq.exe

#3 didom

didom

  • Members
  • 1,389 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:34 AM

Posted 10 August 2006 - 07:08 AM

Download: DelDomains.inf
  • Locate DelDomains.inf
  • Right-click and select "Install"
Download Brute Force Uninstaller to your desktop.
  • Right click the file on your Desktop, and choose Extract All.
  • Click Next.
  • In the box to choose where to extract the files to:
  • Click Browse.
  • Click on the + sign next to My Computer
  • Click on Local Disk (C:) or whatever your primary drive is.
  • Click Make New Folder
  • Type in BFU
  • Click Next, and uncheck the Show Extracted Files box and then click Finish.
Download sidekickFix.bat (rightclick on that link and choose save as)
  • Place sidekickFix.bat in your C:\BFU - folder. (Important!)
  • Close all browsers and explorer folders.
  • Double-click on sidekickFix.bat
  • Click Yes and follow the prompts, when prompted to restart the PC please do so.
First download ewido anti-spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run ewido and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close ewido anti-spyware, Do Not run a scan just yet, we will shortly.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
    IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess:
  • Lauch ewido-anti-spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • ewido will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close ewido and reboot your system back into Normal Mode.
  • Please go HERE to run Panda's ActiveScan
    • Once you are on the Panda site click the Scan your PC button
    • A new window will open...click the Check Now button
    • Enter your Country
    • Enter your State/Province
    • Enter your e-mail address and click send
    • Select either Home User or Company
    • Click the big Scan Now button
    • If it wants to install an ActiveX component allow it
    • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    • When download is complete, click on My Computer to start the scan
    • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
  • Post the contents of the ActiveScan report, the results of the ewido report scan and a fresh HijackThis log.


#4 Mlester_18

Mlester_18
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:34 AM

Posted 10 August 2006 - 07:30 PM

Ok, it took a few hours this morning to scan with EWIDO, then I had to go to work. I just downloaded the Panda scan and it isn't working because there is an error on the page. I'll send the reports from EWIDO though..and try the Panda thing again. Thanks so much..
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:58:16 AM 8/10/2006

+ Scan result:



HKLM\SOFTWARE\SecureWin -> Adware.Adlogix : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\OXINC5QR\thiselt[1].exe -> Adware.Agent : No action taken.
C:\Program Files\System Files\plugin.dll -> Adware.CASClient : No action taken.
C:\WINDOWS\system32\msfaol.dll -> Adware.ClientMan : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\temp.frA4E0 -> Adware.CommAd : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\temp.frB40F -> Adware.CommAd : No action taken.
C:\WINDOWS\toolbar_nieuw13.dll -> Adware.DotCom : No action taken.
C:\WINDOWS\system32\borlndmm.exe -> Adware.IEDriver : No action taken.
C:\Installer3.exe -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\ajivtmxx.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\dssapi.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\fbntext.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\nutplwiz.dll -> Adware.Look2Me : No action taken.
[692] C:\WINDOWS\system32\dssapi.dll -> Adware.Look2Me : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\CXEJ8T6R\joysavsht[1].cab/amm06.ocx -> Adware.MediaMotor : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\K9YNGDUV\mediaview[1].cab/amm06.ocx -> Adware.MediaMotor : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\WTMJCX6J\joysavsht[1].cab/amm06.ocx -> Adware.MediaMotor : No action taken.
C:\WINDOWS\Downloaded Program Files\amm06.ocx -> Adware.MediaMotor : No action taken.
C:\WINDOWS\Downloaded Program Files\search3.dll -> Adware.MegaSearch : No action taken.
C:\WINDOWS\bundles\runsearch.exe -> Adware.MegaSearch : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\8T6PGEJN\WinATS[1].cab/WinATS.dll -> Adware.Mirar : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\C5I7GHAJ\876057[1].exe -> Adware.Mirar : No action taken.
C:\WINDOWS\876057.exe -> Adware.Mirar : No action taken.
C:\WINDOWS\system32\WinATS.dll -> Adware.Mirar : No action taken.
C:\WINDOWS\system32\WinNB57.dll -> Adware.Mirar : No action taken.
C:\WINDOWS\system32\rυndll32.exe -> Adware.PurityScan : No action taken.
C:\WINDOWS\system32\smss.dll -> Adware.PurityScan : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\B2D2E.tmp/cvn0.exe -> Adware.SearchAssistant : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\C5I7GHAJ\bbqa[1].cab/cvn0.exe -> Adware.SearchAssistant : No action taken.
C:\WINDOWS\system32\afdaqd3.exe -> Adware.SearchAssistant : No action taken.
C:\WINDOWS\system32\bez6n4r21.exe -> Adware.SearchAssistant : No action taken.
C:\WINDOWS\system32\cvn0.exe -> Adware.SearchAssistant : No action taken.
C:\WINDOWS\system32\cymmh.exe -> Adware.SearchAssistant : No action taken.
C:\WINDOWS\system32\ghynf.exe -> Adware.SearchAssistant : No action taken.
C:\WINDOWS\system32afdaqd3.exe -> Adware.SearchAssistant : No action taken.
C:\WINDOWS\system32cymmh.exe -> Adware.SearchAssistant : No action taken.
C:\WINDOWS\system32ghynf.exe -> Adware.SearchAssistant : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\B2D2E.tmp/wfxqhv.exe -> Adware.Suggestor : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\B2D2E.tmp/zqskw.exe -> Adware.Suggestor : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\E2D28.tmp/vp1i4.exe -> Adware.Suggestor : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\8T6PGEJN\km57[1].cab/vp1i4.exe -> Adware.Suggestor : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\C5I7GHAJ\bbqa[1].cab/wfxqhv.exe -> Adware.Suggestor : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\C5I7GHAJ\bbqa[1].cab/zqskw.exe -> Adware.Suggestor : No action taken.
C:\WINDOWS\system32\n9nyb.exe -> Adware.Suggestor : No action taken.
C:\WINDOWS\system32\vf1v62x.dll -> Adware.Suggestor : No action taken.
C:\WINDOWS\system32\wfxqhv.exe -> Adware.Suggestor : No action taken.
C:\WINDOWS\system32\whcixm7.exe -> Adware.Suggestor : No action taken.
C:\WINDOWS\system32\y3aqsoepa.exe -> Adware.Suggestor : No action taken.
C:\WINDOWS\system32\zqskw.exe -> Adware.Suggestor : No action taken.
C:\WINDOWS\system32n9nyb.exe -> Adware.Suggestor : No action taken.
C:\WINDOWS\system32y3aqsoepa.exe -> Adware.Suggestor : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\i30.tmp -> Adware.SurfSide : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\i43.tmp -> Adware.SurfSide : No action taken.
C:\Program Files\SurfSideKick 3 -> Adware.SurfSide : No action taken.
C:\Program Files\SurfSideKick 3\Ssk.exe -> Adware.SurfSide : No action taken.
C:\Program Files\SurfSideKick 3\SskBho.dll -> Adware.SurfSide : No action taken.
C:\Program Files\SurfSideKick 3\SskCore.dll -> Adware.SurfSide : No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Surf SideKick -> Adware.SurfSide : No action taken.
HKLM\SOFTWARE\SurfSideKick3 -> Adware.SurfSide : No action taken.
HKLM\SOFTWARE\SurfSideKick3\Internet Explorer -> Adware.SurfSide : No action taken.
HKU\S-1-5-21-2671230539-2078821259-4118122541-500\Software\SurfSideKick3 -> Adware.SurfSide : No action taken.
HKU\S-1-5-21-2671230539-2078821259-4118122541-500\Software\SurfSideKick3\Internet Explorer -> Adware.SurfSide : No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~224468.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~274333.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~291946.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~304282.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~331878.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~340115.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~341730.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~35561.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~382435.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~383482.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~386587.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~390819.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~396075.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~399305.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~401391.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~405362.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~407189.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~409208.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~409993.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~418180.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~418637.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~418974.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~418997.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~423590.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~429337.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~429445.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~462219.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~462463.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~475501.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~475673.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~483770.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~484852.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~485737.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~486674.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~486721.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~487187.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~488179.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~490261.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~491810.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~492670.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~493875.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~493972.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~494330.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~494754.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~495235.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~495912.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~500809.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~501027.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~514771.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~523653.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~524775.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~535071.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~566095.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~566720.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~573780.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~573815.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~574186.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~574259.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~589036.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~604088.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~604489.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~626603.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~636025.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~636225.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~647720.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~649934.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~650237.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~655336.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~656511.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~658943.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~659047.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~663195.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~667226.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~675647.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~675803.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~677301.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~710603.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~714361.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~752330.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~761410.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~780188.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~784610.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~826163.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~860311.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~869340.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~904455.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~906362.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~922877.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~926864.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~943772.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~959027.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~961182.tmp -> Adware.Wintol : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\OXINC5QR\drsmartload46a[1].exe -> Downloader.Adload.ds : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\WTMJCX6J\drsmartload45a[1].exe -> Downloader.Adload.ds : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\WTMJCX6J\drsmartload849a[1].exe -> Downloader.Adload.ds : No action taken.
C:\drsmartload45a8b5.exe -> Downloader.Adload.ds : No action taken.
C:\drsmartload46a8b5.exe -> Downloader.Adload.ds : No action taken.
C:\drsmartload849a8b5.exe -> Downloader.Adload.ds : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\CXEJ8T6R\3138302D2D2D[1].exe -> Downloader.Adload.dt : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\C5I7GHAJ\kybrdff_8[1].exe -> Downloader.Adload.dv : No action taken.
C:\kybrdff_8.exe -> Downloader.Adload.dv : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\8T6PGEJN\dist13[1].exe -> Downloader.Agent.aaf : No action taken.
C:\Program Files\Cas2Stub\cas2stub.exe -> Downloader.Agent.aaf : No action taken.
C:\dist13.exe -> Downloader.Agent.aaf : No action taken.
C:\WINDOWS\system32\cic66289.exe -> Downloader.Agent.adz : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\8T6PGEJN\fym9bvo[1].exe -> Downloader.Agent.ala : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\WTMJCX6J\ddhb[1].exe -> Downloader.Agent.ala : No action taken.
C:\WINDOWS\ddhb.exe -> Downloader.Agent.ala : No action taken.
C:\fym9bvo.exe -> Downloader.Agent.ala : No action taken.
C:\WINDOWS\pf79.exe -> Downloader.Dyfuca.ei : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\OXINC5QR\drsmartload_js[1].htm -> Downloader.IstBar.j : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\8T6PGEJN\installerwnus[2].exe -> Downloader.Qoologic.at : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\tp7543.exe -> Downloader.Qoologic.ax : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\K9YNGDUV\rcverlib[1].exe -> Downloader.Qoologic.ax : No action taken.
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\OL278LUZ\rcverlib[1].exe -> Downloader.Qoologic.ax : No action taken.
C:\WINDOWS\system32\pmogd.dat -> Downloader.Qoologic.bj : No action taken.
[840] C:\WINDOWS\system32\pwadisk.dll -> Downloader.Qoologic.bj : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\8T6PGEJN\al3[1].txt -> Downloader.Small : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\8T6PGEJN\MTE3NDI6ODoxNg[1].exe -> Downloader.Small.buy : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\8T6PGEJN\idlemg[1].exe -> Downloader.Small.buy : No action taken.
C:\MTE3NDI6ODoxNg.exe -> Downloader.Small.buy : No action taken.
C:\MTE3NDI6ODoxNgnew.exe -> Downloader.Small.buy : No action taken.
C:\WINDOWS\idlemg.exe -> Downloader.Small.buy : No action taken.
C:\Program Files\Windows NT\tefot.dll -> Downloader.Small.ctp : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\WTMJCX6J\ac3_0003[1].exe -> Downloader.Small.cyh : No action taken.
C:\ac3_0003.exe -> Downloader.Small.cyh : No action taken.
C:\Program Files\Common Files\ukrr\ukrrp.exe -> Downloader.TSUpdate.f : No action taken.
C:\Program Files\Common Files\ukrr\ukrra.exe -> Downloader.TSUpdate.l : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\8T6PGEJN\stub_113_4_0_4_0[2].exe -> Downloader.TSUpdate.o : No action taken.
C:\stub_113_4_0_4_0newer.exe -> Downloader.TSUpdate.o : No action taken.
C:\Program Files\Common Files\ukrr\ukrrl.exe -> Downloader.TSUpdate.r : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\8T6PGEJN\loader[1].exe -> Downloader.VB.agk : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\K9YNGDUV\drsmartload[1].exe -> Downloader.VB.agk : No action taken.
C:\drsmartload.exe -> Downloader.VB.agk : No action taken.
C:\drsmartload1.exe -> Downloader.VB.agk : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\WTMJCX6J\nwnmff_8[1].exe -> Downloader.VB.aiy : No action taken.
C:\nwnmff_8.exe -> Downloader.VB.aiy : No action taken.
C:\WINDOWS\offun.exe -> Downloader.VB.nw : No action taken.
C:\WINDOWS\pms111x.exe -> Downloader.VB.tw : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~89308.tmp -> Downloader.Wintool.a : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~89691.tmp -> Downloader.Wintool.a : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~419048.tmp -> Downloader.Wintool.d : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~419122.tmp -> Downloader.Wintool.d : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~419310.tmp -> Downloader.Wintool.d : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~419548.tmp -> Downloader.Wintool.d : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~419554.tmp -> Downloader.Wintool.d : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\~708205.tmp -> Downloader.Wintool.d : No action taken.
C:\visfx500new.exe -> Dropper.Agent.aie : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\WTMJCX6J\SS1001[1].exe -> Dropper.Small.qn : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\WTMJCX6J\ss1205[1].exe -> Dropper.Small.qn : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\WTMJCX6J\wallpap[1].exe -> Hijacker.Small.jf : No action taken.
C:\Program Files\html1.htm -> Hijacker.Small.jf : No action taken.
C:\Program Files\html2.htm -> Hijacker.Small.jf : No action taken.
C:\WINDOWS\kisgxnqA.exe -> Hijacker.VB.ij : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\pre.exe -> Hijacker.VB.lb : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\K9EROPAN\dfndrff_8[1].exe -> Hijacker.VB.ly : No action taken.
C:\dfndrff_8.exe -> Hijacker.VB.ly : No action taken.
C:\WINDOWS\system32\mseggo.gif -> Logger.Delf.dx : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\SystemDoctor2006FreeInstall.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\8T6PGEJN\SystemDoctor2006FreeInstall[1].cab/USDR6_0001_D18M2707NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\C5I7GHAJ\SystemDoctor2006FreeInstall[1].exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\WTMJCX6J\SystemDoctor2006FreeInstall[1].cab/USDR6_0001_D08M0404NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : No action taken.
C:\WINDOWS\Downloaded Program Files\USDR6_0001_D08M0404NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : No action taken.
C:\WINDOWS\Downloaded Program Files\USDR6_0001_D18M2707NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\ICD1.tmp\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\8T6PGEJN\WinAntiVirusPro2006FreeInstall[1].cab/UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : No action taken.
C:\WINDOWS\Downloaded Program Files\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : No action taken.
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\CHIZ49AN\WinAntiVirusPro2006FreeInstall[1].cab/UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@heavycom.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@2o7[2].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@heavycom.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@sento.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\WINDOWS\Temp\Cookies\owner@heavycom.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\WINDOWS\Temp\Cookies\owner@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\LocalService\Cookies\owner@abetterinternet[1].txt -> TrackingCookie.Abetterinternet : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@ads.addynamix[1].txt -> TrackingCookie.Addynamix : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@ads.addynamix[1].txt -> TrackingCookie.Addynamix : No action taken.
C:\WINDOWS\Temp\Cookies\owner@ads.addynamix[2].txt -> TrackingCookie.Addynamix : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@rotator.adjuggler[2].txt -> TrackingCookie.Adjuggler : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@adrevolver[1].txt -> TrackingCookie.Adrevolver : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@adrevolver[2].txt -> TrackingCookie.Adrevolver : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@media.adrevolver[1].txt -> TrackingCookie.Adrevolver : No action taken.
C:\WINDOWS\Temp\Cookies\owner@media.adrevolver[1].txt -> TrackingCookie.Adrevolver : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@z1.adserver[1].txt -> TrackingCookie.Adserver : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@advertising[1].txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@atdmt[1].txt -> TrackingCookie.Atdmt : No action taken.
C:\WINDOWS\Temp\Cookies\owner@atdmt[1].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@bluestreak[1].txt -> TrackingCookie.Bluestreak : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@citi.bridgetrack[1].txt -> TrackingCookie.Bridgetrack : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@casalemedia[1].txt -> TrackingCookie.Casalemedia : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : No action taken.
C:\WINDOWS\Temp\Cookies\owner@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : No action taken.
C:\Documents and Settings\LocalService\Cookies\owner@cliks[1].txt -> TrackingCookie.Cliks : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@com[1].txt -> TrackingCookie.Com : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : No action taken.
C:\WINDOWS\Temp\Cookies\owner@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\WINDOWS\Temp\Cookies\owner@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@c.enhance[1].txt -> TrackingCookie.Enhance : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@as-us.falkag[1].txt -> TrackingCookie.Falkag : No action taken.
C:\WINDOWS\Temp\Cookies\owner@as-us.falkag[2].txt -> TrackingCookie.Falkag : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@fastclick[2].txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@fastclick[1].txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@findwhat[1].txt -> TrackingCookie.Findwhat : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@cityclub.gamingpromo[2].txt -> TrackingCookie.Gamingpromo : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@gamingpromo[1].txt -> TrackingCookie.Gamingpromo : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@banner.goldenpalace[2].txt -> TrackingCookie.Goldenpalace : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@goldenpalace[2].txt -> TrackingCookie.Goldenpalace : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@ehg-maniatv.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@banner.kiwicasino[2].txt -> TrackingCookie.Kiwicasino : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@kiwicasino[1].txt -> TrackingCookie.Kiwicasino : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@kmpads[2].txt -> TrackingCookie.Kmpads : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@kmpads[1].txt -> TrackingCookie.Kmpads : No action taken.
C:\WINDOWS\Temp\Cookies\owner@kmpads[2].txt -> TrackingCookie.Kmpads : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@linksynergy[1].txt -> TrackingCookie.Linksynergy : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : No action taken.
C:\WINDOWS\Temp\Cookies\owner@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@mediaplex[2].txt -> TrackingCookie.Mediaplex : No action taken.
C:\WINDOWS\Temp\Cookies\owner@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@perf.overture[1].txt -> TrackingCookie.Overture : No action taken.
C:\WINDOWS\Temp\Cookies\owner@data1.perf.overture[1].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@ads.pointroll[1].txt -> TrackingCookie.Pointroll : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@qksrv[1].txt -> TrackingCookie.Qksrv : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@questionmarket[2].txt -> TrackingCookie.Questionmarket : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@questionmarket[2].txt -> TrackingCookie.Questionmarket : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@revenue[1].txt -> TrackingCookie.Revenue : No action taken.
C:\WINDOWS\Temp\Cookies\owner@revenue[1].txt -> TrackingCookie.Revenue : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@edge.ru4[2].txt -> TrackingCookie.Ru4 : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@edge.ru4[2].txt -> TrackingCookie.Ru4 : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@serving-sys[1].txt -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : No action taken.
C:\WINDOWS\Temp\Cookies\owner@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@statcounter[1].txt -> TrackingCookie.Statcounter : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@statcounter[1].txt -> TrackingCookie.Statcounter : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@anad.tacoda[2].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@anat.tacoda[2].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@trafficmp[1].txt -> TrackingCookie.Trafficmp : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : No action taken.
C:\WINDOWS\Temp\Cookies\owner@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@ac2.valuead[2].txt -> TrackingCookie.Valuead : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@ac2.valuead[1].txt -> TrackingCookie.Valuead : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@reduxads.valuead[2].txt -> TrackingCookie.Valuead : No action taken.
C:\WINDOWS\Temp\Cookies\owner@ac2.valuead[1].txt -> TrackingCookie.Valuead : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\WINDOWS\Temp\Cookies\owner@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@c5.zedo[2].txt -> TrackingCookie.Zedo : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@zedo[2].txt -> TrackingCookie.Zedo : No action taken.
C:\WINDOWS\Temp\Cookies\owner@zedo[2].txt -> TrackingCookie.Zedo : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\WTMJCX6J\redistribute[1].exe -> Trojan.Agent.sx : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\ICD2.tmp\UDC6_0001_D10M2905NetInstaller.exe -> Trojan.Fakealert : No action taken.
C:\WINDOWS\Downloaded Program Files\UDC6_0001_D10M2905NetInstaller.exe -> Trojan.Fakealert : No action taken.
C:\WINDOWS\unwn.exe -> Trojan.Qoologic : No action taken.
C:\WINDOWS\SYSC00.exe -> Trojan.VB.tg : No action taken.
C:\WINDOWS\uni_eh.exe -> Trojan.VB.tg : No action taken.
C:\WINDOWS\unin101.exe -> Trojan.VB.tg : No action taken.


::Report end

#5 Mlester_18

Mlester_18
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:34 AM

Posted 10 August 2006 - 07:32 PM

And here is the HijackThis Logfile..

Logfile of HijackThis v1.99.1
Scan saved at 8:31:11 PM, on 8/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\progra~1\mcafee\MCAFEE~1\MssCli.exe
C:\Program Files\Common Files\AOL\1140060518\ee\AOLSoftware.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\System Files\System.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\kisgxnq.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalot.com/search.asp?si=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,ktxkcqy.exe
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [AutoTBar] C:\hp\bin\autotbar.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MskDetct.exe /startup
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\MssCli.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1140060518\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [wGzyM6F48] C:\WINDOWS\system32\apbzk.exe
O4 - HKLM\..\Run: [epy9J] "C:\WINDOWS\system32\l3jdfs.exe"
O4 - HKLM\..\Run: [joec5a1f] RUNDLL32.EXE w16cb6c2.dll,n 002c5a1d0000000316cb6c2
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [NwCplMonitor] C:\WINDOWS\system32\redistributor.exe
O4 - HKLM\..\Run: [kisgxnqA] C:\WINDOWS\kisgxnqA.exe
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ukrr] C:\PROGRA~1\COMMON~1\ukrr\ukrrm.exe
O4 - HKCU\..\Run: [CAS2] "C:\Program Files\System Files\System.exe"
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: cwmdx.exe
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O15 - Trusted Zone: *.adgate.info
O15 - Trusted Zone: *.adsextend.net
O15 - Trusted Zone: *.dollarrevenue.com
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.errorsafe.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.matcash.com
O15 - Trusted Zone: *.media-motor.com
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mediatickets.net
O15 - Trusted Zone: *.mmohsix.com
O15 - Trusted Zone: *.snipernet.biz
O15 - Trusted Zone: *.systemdoctor.com
O15 - Trusted Zone: *.winantivirus.com
O15 - Trusted Zone: *.winfixer.com
O15 - Trusted Zone: *.adgate.info (HKLM)
O15 - Trusted Zone: *.adsextend.net (HKLM)
O15 - Trusted Zone: *.dollarrevenue.com (HKLM)
O15 - Trusted Zone: *.elitemediagroup.net (HKLM)
O15 - Trusted Zone: *.errorsafe.com (HKLM)
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.matcash.com (HKLM)
O15 - Trusted Zone: *.media-motor.com (HKLM)
O15 - Trusted Zone: *.mediatickets.net (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: *.snipernet.biz (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O15 - Trusted Zone: *.winfixer.com (HKLM)
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...om_bedroom1.xml
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://www.systemdoctor.com/download/2006/...FreeInstall.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...tup1.0.0.15.exe
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/activex/pro...138302D2D2D.exe
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} (mm06ocx.mm06ocxf) - mk:@MSITStore:C:\DOCUME~1\Owner\LOCALS~1\Temp\mma.chm::/joysavsht.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1132527164406
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1135089703171
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.1_04) - http://regent6.blackboard.com:8011/webapps...e-1_4_1-win.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - mk:@MSITStore:C:\DOCUME~1\Owner\LOCALS~1\Temp\winfix.chm::/SystemDoctor2006FreeInstall.cab
O18 - Filter: text/html - {D5BA18F2-FF61-465F-831D-A6850B94FC01} - C:\WINDOWS\system32\vf1v62x.dll
O20 - AppInit_DLLs: repairs303169590.dll
O20 - Winlogon Notify: logons - C:\WINDOWS\system32\redist.dll (file missing)
O20 - Winlogon Notify: OemStartMenuData - C:\WINDOWS\system32\lvj0091me.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Sm9zZXBoIExlc3Rlcg\command.exe (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - McAfee, Inc. - c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\kisgxnq.exe

#6 didom

didom

  • Members
  • 1,389 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:34 AM

Posted 11 August 2006 - 07:06 AM

I see only "no action taken" on the Ewido report.

Scan again, and do this in the order listed.

Before saving the report, you need to click on *Recommended Action* and choose *Quarantine*

Posted Image

Then click on *apply to all actions* button

Posted Image

Now Ewido will begin to clean all those infected files in the list.

When it's done, you will then see a message in green letters that says "all actions have been applied"

At that point, then press the *Save Report* and post those results back here.

#7 Mlester_18

Mlester_18
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:34 AM

Posted 11 August 2006 - 10:48 PM

Here is the new report. I am still getting a ton of pop-ups while online. Will those go away or do I need to do something further? My brother has his laptop on the same network as mine and his comp. crashed earlier. We are buying the new McAfee software to update everything. I guess they had let the subscription run out and the computer has been without spyware or virus protection since April. One more thing, is AOL instant messenger to blame for all of this? Thanks so much for all of your help..I really do appreciate it.


+ Created at: 5:37:57 PM 8/11/2006

+ Scan result:



HKLM\SOFTWARE\SecureWin -> Adware.Adlogix : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\OXINC5QR\thiselt[1].exe -> Adware.Agent : Cleaned with backup (quarantined).
C:\Program Files\System Files\plugin.dll -> Adware.CASClient : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msfaol.dll -> Adware.ClientMan : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\temp.frA4E0 -> Adware.CommAd : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\temp.frB40F -> Adware.CommAd : Cleaned with backup (quarantined).
C:\WINDOWS\toolbar_nieuw13.dll -> Adware.DotCom : Cleaned with backup (quarantined).
C:\WINDOWS\system32\borlndmm.exe -> Adware.IEDriver : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dssapi.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\fbntext.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\miencode.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\uzrvoica.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
[688] C:\WINDOWS\system32\miencode.dll -> Adware.Look2Me : Error during cleaning.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\CXEJ8T6R\joysavsht[1].cab/amm06.ocx -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\K9YNGDUV\mediaview[1].cab/amm06.ocx -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\WTMJCX6J\joysavsht[1].cab/amm06.ocx -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\amm06.ocx -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\search3.dll -> Adware.MegaSearch : Cleaned with backup (quarantined).
C:\WINDOWS\bundles\runsearch.exe -> Adware.MegaSearch : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\8T6PGEJN\WinATS[1].cab/WinATS.dll -> Adware.Mirar : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\C5I7GHAJ\876057[1].exe -> Adware.Mirar : Cleaned with backup (quarantined).
C:\WINDOWS\876057.exe -> Adware.Mirar : Cleaned with backup (quarantined).
C:\WINDOWS\system32\WinATS.dll -> Adware.Mirar : Cleaned with backup (quarantined).
C:\WINDOWS\system32\WinNB57.dll -> Adware.Mirar : Cleaned with backup (quarantined).
C:\WINDOWS\system32\rυndll32.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\system32\smss.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\B2D2E.tmp/cvn0.exe -> Adware.SearchAssistant : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\C5I7GHAJ\bbqa[1].cab/cvn0.exe -> Adware.SearchAssistant : Cleaned with backup (quarantined).
C:\WINDOWS\system32\afdaqd3.exe -> Adware.SearchAssistant : Cleaned with backup (quarantined).
C:\WINDOWS\system32\bez6n4r21.exe -> Adware.SearchAssistant : Cleaned with backup (quarantined).
C:\WINDOWS\system32\cymmh.exe -> Adware.SearchAssistant : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ghynf.exe -> Adware.SearchAssistant : Cleaned with backup (quarantined).
C:\WINDOWS\system32afdaqd3.exe -> Adware.SearchAssistant : Cleaned with backup (quarantined).
C:\WINDOWS\system32cymmh.exe -> Adware.SearchAssistant : Cleaned with backup (quarantined).
C:\WINDOWS\system32ghynf.exe -> Adware.SearchAssistant : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\B2D2E.tmp/wfxqhv.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\B2D2E.tmp/zqskw.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\E2D28.tmp/vp1i4.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\8T6PGEJN\km57[1].cab/vp1i4.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\C5I7GHAJ\bbqa[1].cab/wfxqhv.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\C5I7GHAJ\bbqa[1].cab/zqskw.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\n9nyb.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\vf1v62x.dll -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\wfxqhv.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\whcixm7.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\y3aqsoepa.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\zqskw.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\WINDOWS\system32n9nyb.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\WINDOWS\system32y3aqsoepa.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\i30.tmp -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\i43.tmp -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\Program Files\SurfSideKick 3 -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\Program Files\SurfSideKick 3\SskBho.dll -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\Program Files\SurfSideKick 3\SskCore.dll -> Adware.SurfSide : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Surf SideKick -> Adware.SurfSide : Cleaned with backup (quarantined).
HKLM\SOFTWARE\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup (quarantined).
HKLM\SOFTWARE\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup (quarantined).
HKU\S-1-5-21-2671230539-2078821259-4118122541-500\Software\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup (quarantined).
HKU\S-1-5-21-2671230539-2078821259-4118122541-500\Software\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~224468.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~274333.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~291946.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~304282.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~331878.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~340115.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~341730.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~35561.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~382435.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~383482.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~386587.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~390819.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~396075.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~399305.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~401391.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~405362.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~407189.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~409208.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~409993.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~418180.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~418637.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~418974.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~418997.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~423590.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~429337.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~429445.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~462219.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~462463.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~475501.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~475673.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~483770.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~484852.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~485737.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~486674.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~486721.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~487187.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~488179.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~490261.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~491810.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~492670.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~493875.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~493972.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~494330.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~494754.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~495235.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~495912.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~500809.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~501027.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~514771.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~523653.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~524775.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~535071.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~566095.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~566720.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~573780.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~573815.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~574186.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~574259.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~589036.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~604088.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~604489.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~626603.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~636025.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~636225.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~647720.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~649934.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~650237.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~655336.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~656511.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~658943.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~659047.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~663195.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~667226.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~675647.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~675803.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~677301.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~710603.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~714361.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~752330.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~761410.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~780188.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~784610.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~826163.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~860311.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~869340.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~904455.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~906362.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~922877.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~926864.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~943772.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~959027.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~961182.tmp -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\OXINC5QR\drsmartload46a[1].exe -> Downloader.Adload.ds : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\WTMJCX6J\drsmartload45a[1].exe -> Downloader.Adload.ds : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\WTMJCX6J\drsmartload849a[1].exe -> Downloader.Adload.ds : Cleaned with backup (quarantined).
C:\drsmartload45a8b5.exe -> Downloader.Adload.ds : Cleaned with backup (quarantined).
C:\drsmartload46a8b5.exe -> Downloader.Adload.ds : Cleaned with backup (quarantined).
C:\drsmartload849a8b5.exe -> Downloader.Adload.ds : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\CXEJ8T6R\3138302D2D2D[1].exe -> Downloader.Adload.dt : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\C5I7GHAJ\kybrdff_8[1].exe -> Downloader.Adload.dv : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\8T6PGEJN\dist13[1].exe -> Downloader.Agent.aaf : Cleaned with backup (quarantined).
C:\Program Files\Cas2Stub\cas2stub.exe -> Downloader.Agent.aaf : Cleaned with backup (quarantined).
C:\dist13.exe -> Downloader.Agent.aaf : Cleaned with backup (quarantined).
C:\WINDOWS\system32\cic66289.exe -> Downloader.Agent.adz : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\8T6PGEJN\fym9bvo[1].exe -> Downloader.Agent.ala : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\WTMJCX6J\ddhb[1].exe -> Downloader.Agent.ala : Cleaned with backup (quarantined).
C:\WINDOWS\ddhb.exe -> Downloader.Agent.ala : Cleaned with backup (quarantined).
C:\fym9bvo.exe -> Downloader.Agent.ala : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\OXINC5QR\drsmartload_js[1].htm -> Downloader.IstBar.j : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\8T6PGEJN\installerwnus[2].exe -> Downloader.Qoologic.at : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\tp7543.exe -> Downloader.Qoologic.ax : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\K9YNGDUV\rcverlib[1].exe -> Downloader.Qoologic.ax : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\OL278LUZ\rcverlib[1].exe -> Downloader.Qoologic.ax : Cleaned with backup (quarantined).
C:\WINDOWS\system32\pmogd.dat -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
[840] C:\WINDOWS\system32\pwadisk.dll -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\8T6PGEJN\al3[1].txt -> Downloader.Small : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\8T6PGEJN\MTE3NDI6ODoxNg[1].exe -> Downloader.Small.buy : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\8T6PGEJN\idlemg[1].exe -> Downloader.Small.buy : Cleaned with backup (quarantined).
C:\MTE3NDI6ODoxNg.exe -> Downloader.Small.buy : Cleaned with backup (quarantined).
C:\MTE3NDI6ODoxNgnew.exe -> Downloader.Small.buy : Cleaned with backup (quarantined).
C:\WINDOWS\idlemg.exe -> Downloader.Small.buy : Cleaned with backup (quarantined).
C:\Program Files\Windows NT\tefot.dll -> Downloader.Small.ctp : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\WTMJCX6J\ac3_0003[1].exe -> Downloader.Small.cyh : Cleaned with backup (quarantined).
C:\ac3_0003.exe -> Downloader.Small.cyh : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\8T6PGEJN\stub_113_4_0_4_0[2].exe -> Downloader.TSUpdate.o : Cleaned with backup (quarantined).
C:\stub_113_4_0_4_0newer.exe -> Downloader.TSUpdate.o : Cleaned with backup (quarantined).
C:\Program Files\Common Files\ukrr\ukrrl.exe -> Downloader.TSUpdate.r : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\8T6PGEJN\loader[1].exe -> Downloader.VB.agk : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\K9YNGDUV\drsmartload[1].exe -> Downloader.VB.agk : Cleaned with backup (quarantined).
C:\drsmartload.exe -> Downloader.VB.agk : Cleaned with backup (quarantined).
C:\drsmartload1.exe -> Downloader.VB.agk : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\WTMJCX6J\nwnmff_8[1].exe -> Downloader.VB.aiy : Cleaned with backup (quarantined).
C:\WINDOWS\offun.exe -> Downloader.VB.nw : Cleaned with backup (quarantined).
C:\WINDOWS\pms111x.exe -> Downloader.VB.tw : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~89308.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~89691.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~419048.tmp -> Downloader.Wintool.d : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~419122.tmp -> Downloader.Wintool.d : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~419310.tmp -> Downloader.Wintool.d : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~419548.tmp -> Downloader.Wintool.d : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~419554.tmp -> Downloader.Wintool.d : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\~708205.tmp -> Downloader.Wintool.d : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\WTMJCX6J\SS1001[1].exe -> Dropper.Small.qn : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\WTMJCX6J\ss1205[1].exe -> Dropper.Small.qn : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\WTMJCX6J\wallpap[1].exe -> Hijacker.Small.jf : Cleaned with backup (quarantined).
C:\Program Files\html1.htm -> Hijacker.Small.jf : Cleaned with backup (quarantined).
C:\Program Files\html2.htm -> Hijacker.Small.jf : Cleaned with backup (quarantined).
C:\WINDOWS\kisgxnqA.exe -> Hijacker.VB.ij : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\pre.exe -> Hijacker.VB.lb : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\K9EROPAN\dfndrff_8[1].exe -> Hijacker.VB.ly : Cleaned with backup (quarantined).
C:\WINDOWS\system32\mseggo.gif -> Logger.Delf.dx : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\SystemDoctor2006FreeInstall.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\8T6PGEJN\SystemDoctor2006FreeInstall[1].cab/USDR6_0001_D18M2707NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\C5I7GHAJ\SystemDoctor2006FreeInstall[1].exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\WTMJCX6J\SystemDoctor2006FreeInstall[1].cab/USDR6_0001_D08M0404NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\USDR6_0001_D08M0404NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\USDR6_0001_D18M2707NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\ICD1.tmp\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\ICD3.tmp\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\IF5EX4XE\WinAntiVirusPro2006FreeInstall[1].cab/UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\8T6PGEJN\WinAntiVirusPro2006FreeInstall[1].cab/UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\CHIZ49AN\WinAntiVirusPro2006FreeInstall[1].cab/UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@heavycom.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@heavycom.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@sento.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Cookies\owner@heavycom.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Cookies\owner@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Cookies\owner@abetterinternet[1].txt -> TrackingCookie.Abetterinternet : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Cookies\owner@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@rotator.adjuggler[2].txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@media.adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Cookies\owner@media.adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Cookies\owner@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Cookies\owner@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@citi.bridgetrack[1].txt -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Cookies\owner@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Cookies\owner@cliks[1].txt -> TrackingCookie.Cliks : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@com[1].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Cookies\owner@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Cookies\owner@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Cookies\owner@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@cityclub.gamingpromo[2].txt -> TrackingCookie.Gamingpromo : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@gamingpromo[1].txt -> TrackingCookie.Gamingpromo : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@banner.goldenpalace[2].txt -> TrackingCookie.Goldenpalace : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@goldenpalace[2].txt -> TrackingCookie.Goldenpalace : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@ehg-maniatv.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@banner.kiwicasino[2].txt -> TrackingCookie.Kiwicasino : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@kiwicasino[1].txt -> TrackingCookie.Kiwicasino : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@kmpads[2].txt -> TrackingCookie.Kmpads : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@kmpads[1].txt -> TrackingCookie.Kmpads : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Cookies\owner@kmpads[2].txt -> TrackingCookie.Kmpads : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@linksynergy[1].txt -> TrackingCookie.Linksynergy : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Cookies\owner@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Cookies\owner@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Cookies\owner@data1.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@qksrv[1].txt -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Cookies\owner@revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Cookies\owner@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@anat.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Cookies\owner@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@ac2.valuead[2].txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@ac2.valuead[1].txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@reduxads.valuead[2].txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Cookies\owner@ac2.valuead[1].txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Cookies\owner@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Cookies\owner@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Cookies\owner@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@c5.zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Cookies\owner@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\WTMJCX6J\redistribute[1].exe -> Trojan.Agent.sx : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\ICD2.tmp\UDC6_0001_D10M2905NetInstaller.exe -> Trojan.Fakealert : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\UDC6_0001_D10M2905NetInstaller.exe -> Trojan.Fakealert : Cleaned with backup (quarantined).
C:\WINDOWS\unwn.exe -> Trojan.Qoologic : Cleaned with backup (quarantined).
C:\WINDOWS\SYSC00.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
C:\WINDOWS\uni_eh.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
C:\WINDOWS\unin101.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).


::Report end

#8 Mlester_18

Mlester_18
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:34 AM

Posted 11 August 2006 - 10:53 PM

Here is the new highjack file.

Logfile of HijackThis v1.99.1
Scan saved at 11:49:50 PM, on 8/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\jpacrk.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\progra~1\mcafee\MCAFEE~1\MssCli.exe
C:\Program Files\Common Files\AOL\1140060518\ee\AOLSoftware.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\System Files\System.exe
C:\WINDOWS\kisgxnq.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ayqgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalot.com/search.asp?si=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll (file missing)
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\ayqgr.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,ktxkcqy.exe
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [AutoTBar] C:\hp\bin\autotbar.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MskDetct.exe /startup
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\MssCli.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1140060518\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [wGzyM6F48] C:\WINDOWS\system32\apbzk.exe
O4 - HKLM\..\Run: [epy9J] "C:\WINDOWS\system32\l3jdfs.exe"
O4 - HKLM\..\Run: [joec5a1f] RUNDLL32.EXE w16cb6c2.dll,n 002c5a1d0000000316cb6c2
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [NwCplMonitor] C:\WINDOWS\system32\redistributor.exe
O4 - HKLM\..\Run: [jhetri] C:\WINDOWS\system32\jpacrk.exe reg_run
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [kisgxnqA] C:\WINDOWS\kisgxnqA.exe
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ukrr] C:\PROGRA~1\COMMON~1\ukrr\ukrrm.exe
O4 - HKCU\..\Run: [CAS2] "C:\Program Files\System Files\System.exe"
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [fdlvs] C:\WINDOWS\system32\jpacrk.exe reg_run
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: cwmdx.exe
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O15 - Trusted Zone: *.adgate.info
O15 - Trusted Zone: *.adsextend.net
O15 - Trusted Zone: *.dollarrevenue.com
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.errorsafe.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.matcash.com
O15 - Trusted Zone: *.media-motor.com
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mediatickets.net
O15 - Trusted Zone: *.mmohsix.com
O15 - Trusted Zone: *.snipernet.biz
O15 - Trusted Zone: *.systemdoctor.com
O15 - Trusted Zone: *.winantivirus.com
O15 - Trusted Zone: *.winfixer.com
O15 - Trusted Zone: *.adgate.info (HKLM)
O15 - Trusted Zone: *.adsextend.net (HKLM)
O15 - Trusted Zone: *.dollarrevenue.com (HKLM)
O15 - Trusted Zone: *.elitemediagroup.net (HKLM)
O15 - Trusted Zone: *.errorsafe.com (HKLM)
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.matcash.com (HKLM)
O15 - Trusted Zone: *.media-motor.com (HKLM)
O15 - Trusted Zone: *.mediatickets.net (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: *.snipernet.biz (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O15 - Trusted Zone: *.winfixer.com (HKLM)
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...om_bedroom1.xml
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://www.systemdoctor.com/download/2006/...FreeInstall.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...tup1.0.0.15.exe
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/activex/pro...138302D2D2D.exe
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} (mm06ocx.mm06ocxf) - mk:@MSITStore:C:\DOCUME~1\Owner\LOCALS~1\Temp\mma.chm::/joysavsht.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1132527164406
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1135089703171
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.1_04) - http://regent6.blackboard.com:8011/webapps...e-1_4_1-win.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - mk:@MSITStore:C:\DOCUME~1\Owner\LOCALS~1\Temp\winfix.chm::/SystemDoctor2006FreeInstall.cab
O18 - Filter: text/html - {D5BA18F2-FF61-465F-831D-A6850B94FC01} - C:\WINDOWS\system32\vf1v62x.dll
O20 - AppInit_DLLs: repairs303169590.dll
O20 - Winlogon Notify: Hints - C:\WINDOWS\system32\p0n80a5ued.dll
O20 - Winlogon Notify: logons - C:\WINDOWS\system32\redist.dll (file missing)
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Sm9zZXBoIExlc3Rlcg\command.exe (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - McAfee, Inc. - c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\kisgxnq.exe

#9 didom

didom

  • Members
  • 1,389 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:34 AM

Posted 12 August 2006 - 05:17 AM

Your system is terribly infected. Problem with these infections nowadays is, it causes a lot of damage. Even if we clean the malware off your system, I can't guarantee that your system will be clean afterwards, because these infections/bundles leave a lot of leftovers behind that most scanners won't even recognise and logs won't show.
Also, I can't promise you we can repair all the damage it caused... Even after cleaning the malware, you can still get errors afterwards because of the damage. Solving these is not always possible since it will be searching for a needle in a haystack to find the right cause and solution.
So, we can try to clean this up and do what we can, but keep in mind that we can't solve ALL problems this malware already caused.

------------------------------------

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Step #1

Go to start > controlpanel > software > add/remove programs and uninstall next if present:

Oin
Yazzle by Oin
Purityscan by Oin
Snowballwars by Oin

or anything similar with OIN or OuterInfo in it.


If OIN not listed, download and run this uninstaller.

Reboot when done! Really important!

Step #2

Please download Look2Me-Destroyer.exe to your desktop.
  • Close all windows before continuing.
  • Double-click Look2Me-Destroyer.exe to run it.
  • Put a check next to Run this program as a task.
  • You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 1 minute. Click OK
  • When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
  • Once it's done scanning, click the Remove L2M button.
  • You will receive a Done Scanning message, click OK.
  • When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
  • Your computer will then shutdown.
  • Turn your computer back on.
If Look2Me-Destroyer does not reopen automatically, reboot and try again.

Step #3

Please download Qoofix by Rubber Ducky to your desktop.
  • Right click on the Qoofix folder, and choose "Extract All". Extract Qoofix to your C: drive
  • Close all windows and programs, including internet windows.
  • Go to C:\Qoofix and open the folder, then double click on Qoofix.exe
  • Click Begin Removal and wait for the scan to finish
  • If Qoofix finds an infection, select yes to restart your computer
  • You will now find a log from this tool, located at C:\Qoofix\Qoofix Logfile.txt Copy and paste the contents of that report, along with the contents of C:\Look2Me-Destroyer.txt and a new HiJackThis log into your next reply here.


#10 Mlester_18

Mlester_18
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:34 AM

Posted 12 August 2006 - 01:20 PM

Here is the new Logfile:

Logfile of HijackThis v1.99.1
Scan saved at 2:17:19 PM, on 8/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\kisgxnq.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\svchost.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\progra~1\mcafee\MCAFEE~1\MssCli.exe
C:\Program Files\Common Files\AOL\1140060518\ee\AOLSoftware.exe
C:\WINDOWS\system32\apbzk.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\y3aqsoepa.exe
C:\WINDOWS\system32\l3jdfs.exe
C:\WINDOWS\system32\afdaqd3.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\System Files\System.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalot.com/search.asp?si=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll (file missing)
O2 - BHO: Vdrw Class - {8711CF54-E9C5-4DB4-9B9F-7D67393CC771} - C:\WINDOWS\system32\vf1v62x.dll
O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [AutoTBar] C:\hp\bin\autotbar.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MskDetct.exe /startup
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\MssCli.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1140060518\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [wGzyM6F48] C:\WINDOWS\system32\apbzk.exe
O4 - HKLM\..\Run: [epy9J] "C:\WINDOWS\system32\l3jdfs.exe"
O4 - HKLM\..\Run: [joec5a1f] RUNDLL32.EXE w16cb6c2.dll,n 002c5a1d0000000316cb6c2
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [NwCplMonitor] C:\WINDOWS\system32\redistributor.exe
O4 - HKLM\..\Run: [kisgxnqA] C:\WINDOWS\kisgxnqA.exe
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ukrr] C:\PROGRA~1\COMMON~1\ukrr\ukrrm.exe
O4 - HKCU\..\Run: [CAS2] "C:\Program Files\System Files\System.exe"
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O15 - Trusted Zone: *.adgate.info
O15 - Trusted Zone: *.adsextend.net
O15 - Trusted Zone: *.dollarrevenue.com
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.errorsafe.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.matcash.com
O15 - Trusted Zone: *.media-motor.com
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mediatickets.net
O15 - Trusted Zone: *.mmohsix.com
O15 - Trusted Zone: *.snipernet.biz
O15 - Trusted Zone: *.systemdoctor.com
O15 - Trusted Zone: *.winantivirus.com
O15 - Trusted Zone: *.winfixer.com
O15 - Trusted Zone: *.adgate.info (HKLM)
O15 - Trusted Zone: *.adsextend.net (HKLM)
O15 - Trusted Zone: *.dollarrevenue.com (HKLM)
O15 - Trusted Zone: *.elitemediagroup.net (HKLM)
O15 - Trusted Zone: *.errorsafe.com (HKLM)
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.matcash.com (HKLM)
O15 - Trusted Zone: *.media-motor.com (HKLM)
O15 - Trusted Zone: *.mediatickets.net (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: *.snipernet.biz (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O15 - Trusted Zone: *.winfixer.com (HKLM)
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...om_bedroom1.xml
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://www.systemdoctor.com/download/2006/...FreeInstall.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...tup1.0.0.15.exe
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/activex/pro...138302D2D2D.exe
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} (mm06ocx.mm06ocxf) - mk:@MSITStore:C:\DOCUME~1\Owner\LOCALS~1\Temp\mma.chm::/joysavsht.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1132527164406
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1135089703171
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.1_04) - http://regent6.blackboard.com:8011/webapps...e-1_4_1-win.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - mk:@MSITStore:C:\DOCUME~1\Owner\LOCALS~1\Temp\winfix.chm::/SystemDoctor2006FreeInstall.cab
O18 - Filter: text/html - {D5BA18F2-FF61-465F-831D-A6850B94FC01} - C:\WINDOWS\system32\vf1v62x.dll
O20 - AppInit_DLLs: repairs303169590.dll
O20 - Winlogon Notify: logons - C:\WINDOWS\system32\redist.dll (file missing)
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Sm9zZXBoIExlc3Rlcg\command.exe (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - McAfee, Inc. - c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\kisgxnq.exe

The Qoofix:

Qoofix v1.03 by http://www.malwarebytes.org
Scan started on [8/12/2006] at [2:05:09 PM]
-------------------------------------------------------------
No malicious modules found!
-------------------------------------------------------------
C:\WINDOWS\system32\ayqgr.exe will be deleted on reboot!
C:\WINDOWS\system32\jpacrk.exe will be deleted on reboot!
C:\WINDOWS\system32\ktxkcqy.exe will be deleted on reboot!
C:\WINDOWS\system32\pmogd.dat will be deleted on reboot!
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\cwmdx.exe will be deleted on reboot!

User prompted YES to reboot, system now rebooting...
-------------------------------------------------------------
Scan COMPLETED SUCCESSFULLY on [8/12/2006] at [2:08:50 PM]

Note: Some registry keys may have been removed.



And L2M:

Look2Me-Destroyer V1.0.12

Scanning for infected files.....
Scan started at 8/12/2006 10:26:03 AM

Infected! C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP572\A0067452.dll
Infected! C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP572\A0067453.dll
Infected! C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP572\A0067454.dll

Attempting to delete infected files...

Attempting to delete: C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP572\A0067452.dll
C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP572\A0067452.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP572\A0067453.dll
C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP572\A0067453.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP572\A0067454.dll
C:\System Volume Information\_restore{6CD01810-EFB9-4AF0-A405-DE07EB8CD51D}\RP572\A0067454.dll Deleted successfully!

Making registry repairs.


Restoring Windows certificates.

Replaced hosts file with default windows hosts file


Restoring SeDebugPrivilege for Administrators - Succeeded

Thanks so so so VERY much!

#11 Mlester_18

Mlester_18
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:34 AM

Posted 12 August 2006 - 01:23 PM

I have now been on for about..20 minutes and no pop-ups have arrived. I am so grateful for your time and services, this mal-ware is ridiculous! Thank you a thousand times...

-Meg

#12 didom

didom

  • Members
  • 1,389 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:34 AM

Posted 12 August 2006 - 03:52 PM

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Step #1

Click Start> Run> type in CMD tap enter. Type the following into command prompt:

sc stop cmdService

Hit 'enter' and type the following:

sc delete cmdService

Hit 'enter' and type the following:

sc stop "Windows Overlay Components"

Hit 'enter' and type the following:

sc delete "Windows Overlay Components"

At the command prompt: type exit.

Then reboot your computer.

Step #2

Download: DelDomains.inf
  • Locate DelDomains.inf
  • Right-click and select "Install"
Step #3

Scan again with HijackThis and check the following items:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalot.com/search.asp?si=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=

R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll (file missing)

O2 - BHO: Vdrw Class - {8711CF54-E9C5-4DB4-9B9F-7D67393CC771} - C:\WINDOWS\system32\vf1v62x.dll
O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)

O4 - HKLM\..\Run: [wGzyM6F48] C:\WINDOWS\system32\apbzk.exe
O4 - HKLM\..\Run: [epy9J] "C:\WINDOWS\system32\l3jdfs.exe"
O4 - HKLM\..\Run: [joec5a1f] RUNDLL32.EXE w16cb6c2.dll,n 002c5a1d0000000316cb6c2
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [NwCplMonitor] C:\WINDOWS\system32\redistributor.exe
O4 - HKLM\..\Run: [kisgxnqA] C:\WINDOWS\kisgxnqA.exe
O4 - HKCU\..\Run: [ukrr] C:\PROGRA~1\COMMON~1\ukrr\ukrrm.exe
O4 - HKCU\..\Run: [CAS2] "C:\Program Files\System Files\System.exe"
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Startup: PowerReg Scheduler V3.exe

O15 - Trusted Zone: *.adgate.info
O15 - Trusted Zone: *.adsextend.net
O15 - Trusted Zone: *.dollarrevenue.com
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.errorsafe.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.matcash.com
O15 - Trusted Zone: *.media-motor.com
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mediatickets.net
O15 - Trusted Zone: *.mmohsix.com
O15 - Trusted Zone: *.snipernet.biz
O15 - Trusted Zone: *.systemdoctor.com
O15 - Trusted Zone: *.winantivirus.com
O15 - Trusted Zone: *.winfixer.com
O15 - Trusted Zone: *.adgate.info (HKLM)
O15 - Trusted Zone: *.adsextend.net (HKLM)
O15 - Trusted Zone: *.dollarrevenue.com (HKLM)
O15 - Trusted Zone: *.elitemediagroup.net (HKLM)
O15 - Trusted Zone: *.errorsafe.com (HKLM)
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.matcash.com (HKLM)
O15 - Trusted Zone: *.media-motor.com (HKLM)
O15 - Trusted Zone: *.mediatickets.net (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: *.snipernet.biz (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O15 - Trusted Zone: *.winfixer.com (HKLM)

O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/activex/pro...138302D2D2D.exe
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} (mm06ocx.mm06ocxf) - mk:@MSITStore:C:\DOCUME~1\Owner\LOCALS~1\Temp\mma.chm::/joysavsht.cab
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
016 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - mk:@MSITStore:C:\DOCUME~1\Owner\LOCALS~1\Temp\winfix.chm::/SystemDoctor2006FreeInstall.cab

O20 - AppInit_DLLs: repairs303169590.dll
O20 - Winlogon Notify: logons - C:\WINDOWS\system32\redist.dll (file missing)

O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Sm9zZXBoIExlc3Rlcg\command.exe (file missing)
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\kisgxnq.exe

After checking these items, close all browser windows except HijackThis and click "Fix checked".

Then reboot your computer.

Step #3

Please download Brute Force Uninstaller to your desktop.
  • Right click the BFU folder on your desktop, and choose Extract All
  • Click "Next"
  • In the box to choose where to extract the files to,
  • Click "Browse"
  • Click on the + sign next to "My Computer"
  • Click on "Local Disk (C:) or whatever your primary drive is
  • Click "Make New Folder"
  • Type in BFU
  • Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.
Save it in the same folder you made earlier (c:\BFU).

Do not do anything with these yet!

Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping F8 until a menu appears. Highlight Safe Mode and hit enter.

Please go to Start > My Computer and navigate to the C:\BFU folder.
  • Start the Brute Force Uninstaller by doubleclicking BFU.exe
  • Behind the scriptline to execute field click the folder icon Posted Image and select alcanshorty.bfu
  • Press Execute and let the program do it’s job. (You ought to see a progress bar if you did this correctly.)
  • Wait for the complete script execution box to pop up and press OK.
  • Press exit to terminate the BFU program.
Step #4

STAY IN SAFE MODE!!

We need to make sure all hidden files are showing so please:
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Under the Hidden files and folders heading select Show hidden files and folders.
  • Uncheck the Hide file extensions for known types option.
  • Uncheck the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Click OK.
Step #5

Find and delete these files and folders (if they are still there):
C:\WINDOWS\system32\apbzk.exe
C:\WINDOWS\system32\y3aqsoepa.exe
C:\WINDOWS\system32\l3jdfs.exe
C:\WINDOWS\system32\afdaqd3.exe
C:\WINDOWS\kisgxnqA.exe
C:\WINDOWS\system32\redistributor.exe
C:\Program Files\Common Files\ukrr <= folder
C:\Program Files\System Files\System.exe
C:\Program Files\SurfSideKick 3 <= folder
C:\WINDOWS\system32\vf1v62x.dll
C:\WINDOWS\system32\redist.dll
C:\WINDOWS\Sm9zZXBoIExlc3Rlcg <= folder
C:\WINDOWS\kisgxnq.exe


Step #7

Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Click the "Delete Cookies" button
  • Next to it, Click the "Delete Files" button
  • When prompted, place a check in: "Delete all offline content", click OK
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu on the left side of the Options window.
  • Click the Clear button located to the right of each option (History, Cookies, Cache).
  • Click OK to close the Options window
    Alternatively, you can clear all information stored while browsing by clicking Clear All.
    A confirmation dialog box will be shown before clearing the information.
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
Reboot your computer normally.

Step #8

Please download Spybot Search & Destroy.

1. Install Spybot S&D, accepting the Default Settings

2. In the Menu Bar at the top of the Spybot window you will see 'Mode'. Make certain that 'default mode' has a check mark beside it.

3. Close ALL windows except Spybot S&D

4. Click the button to ‘Search for Updates’ then download and install the Updates.


Please download Ad-Aware SE.

1. Download and Install Ad-Aware SE, keeping the default options. However, some of the settings will need to be changed before your first scan

2.Close ALL windows except Ad-Aware SE

3. Click on the‘world’ icon at the top right of the Ad-Aware SE window and let AdAware SE update the reference list for the adware and malware.

4. Once the update is finished click on the ‘Gear’ icon (second from the left at the top of the window) to access the preferences/settings window

1) In the ‘General’ window make sure the following are selected in green:
*Automatically save log-file
*Automatically quarantine objects prior to removal
*Safe Mode (always request confirmation)

Under Definitions:
*Prompt to udate outdated definitions - set the number of days

2) Click on the ‘Scanning’ button on the left and select in green :

Under Driver, Folders & Files:
*Scan Within Archives

Under Select drives & folders to scan -
*choose all hard drives

Under Memory & Registry: all green
*Scan Active Processes
*Scan Registry
*Deep Scan Registry
*Scan my IE favorites for banned URL’s
*Scan my Hosts file

3) Click on the ‘Advanced’ button on the left and select in green:

Under Shell Integration:
*Move deleted files to recycle bin

Under Logfile Detail Level: (all green)
*include addtional object information
*DESELECT - include negligible objects information
*include environment information

Under Alternate Data Streams:
*Don't log streams smaller than 0 bytes
*Don't log ADS with the following names: CA_INOCULATEIT

4) Click the ‘Tweak’ button and select in green:

Under the ‘Scanning Engine’:
*Unload recognized processes during scanning
*Scan registry for all users instead of current user only

Under the ‘Cleaning Engine’:
*Let Windows remove files in use at next reboot

Under the Log Files:
*Include basic Ad-aware SE settings in logfile
*Include additional Ad-aware SE settings in logfile
*Please do not check and make Green: Include Module list in logfile


5. Click on ‘Proceed’ to save the settings.

Reboot Your System in Safe Mode:
  • Restart the computer.
  • As soon as BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears.
  • Use the arrow keys to select the Safe Mode menu item.
  • Press the Enter key.
Open Spybot S&D.

1. Click the button ‘Check for Problems'

2. When Spybot is complete, it will be showing ‘RED’ entries bold 'Black' entries and ‘GREEN’ entries in the window

3. Make certain there is a check mark beside all of the RED entries ONLY.

4. Choose ‘Fix Selected Problems’ and allow Spybot to fix the RED entries.

5. REBOOT (IN SAFE MODE AGAIN) to complete the scan and clear memory.

Open Ad-Aware SE

1. Click ‘Start’

*Choose:'Perform Full System Scan'
*DESELECT "Search for negligible risk entries", as negligible risk entries (MRU's) are not considered to be a threat.

2. Click ‘Next’ and Ad-Aware SE will scan your hard drive(s) with the options you have selected and clean automatically.

3. If Ad-Aware SE finds bad entries in the registry or bad files, you will receive a list of what it found in the window

4. Save the log file when it asks and then click ‘finish’

5. REBOOT (IN NORMAL MODE) to complete the removal of what Ad-Aware SE found.

Step #9

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report
Step #10

Please run a free online scan with Kaspersky AntiVirus (works only with MS Internet Explorer 5.0 or higher).
Go to http://www.kaspersky.com/virusscanner and click the "Kaspersky Online Scanner" button (NOT "Kaspersky File Scanner").
  • In the new window that opens, click the "Accept" button to accept the user agreement, install the ActiveX control, and download the program.
  • When you get the Windows dialog asking if you want to install this software, click the "Install" button.
  • When the "Update progress" line changes to "Ready" and the "NEXT ->" button lights up with a green arrow, click it.
  • Click on the "Scan Settings" button, and in the next window select the "extended" database, and click Ok.
  • Under "Please select a target to scan:", click My Computer to start the scan.
When the scan is finished, click the "Save as Text" button, and save the file as kavscan.txt to your Desktop, close the Kaspersky On-line Scanner window, and post the text in kavscan.txt in your next reply.

Step #11

Start HijackThis and perform a new scan.

Use the Add Reply button to post your new logs back here (you don't have to post the Ad-Aware and/or Spybot log) along withas details of any problems you encountered performing the above steps and I will review it when it comes in.

Edited by didom, 12 August 2006 - 04:09 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users