Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Look2me, I Believe


  • This topic is locked This topic is locked
15 replies to this topic

#1 simgirl678

simgirl678

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:10 PM

Posted 28 August 2006 - 10:31 AM

Hello. Last week I posted here about a popup problem I've been having for about a month. Some of the popups/popunders are: Amaena, ad.yieldmanager, adfarm, drivecleaner, ilead.itrack, mpmediaholdings, cheappress, newsalone, dofact, greatbulletin, gojournalists, realrealities, img.mediaplex and yourtruths. They are constantly coming up every few minutes whenever I am online. Also, a file called Duce6, which according to a google search is some kind of Trojan, keeps coming back as a process under ctrl-alt-del, and in C:\WINDOWS\Duce6. At the moment its not there, as I deleted yet again, so I'm not sure if it will come back. Whenever I run Ad-Aware, things like Look2Me and Webhancer are found, which I delete, but it always says that some files could not be deleted. So far, I've run Ad-Aware and Spybot Search & Destroy.

Anyways, here is my logfile.

Logfile of HijackThis v1.99.1
Scan saved at 11:29:42 AM, on 28/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPMon32.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\sys0229337283.exe
C:\WINDOWS\win320883293372.exe
C:\WINDOWS\sys0132933728.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\NetAssistant\bin\mpbtn.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\System32\CTsvcCDA.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\DllHost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe
C:\WINDOWS\ms0537283293.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.begin2search.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.ca/0SEENCA/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R3 - URLSearchHook: (no name) - _{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: (no name) - {825A649A-197B-1495-3951-EEAEB7EB47F6} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe" -l
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [ovegcxz] C:\WINDOWS\System32\wwkmylm.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [dkz] C:\WINDOWS\dkz.exe
O4 - HKLM\..\Run: [ti2cqaga] C:\WINDOWS\system32\ti2cqaga.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPMon32.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_7.exe
O4 - HKLM\..\Run: [pop06ap] C:\WINDOWS\pop06ap2.exe
O4 - HKLM\..\Run: [plflgffA] C:\WINDOWS\plflgffA.exe
O4 - HKLM\..\Run: [njgijfcA] C:\WINDOWS\njgijfcA.exe
O4 - HKLM\..\Run: [xload] "C:\WINDOWS\xload.exe"
O4 - HKLM\..\Run: [ms0537283293] C:\WINDOWS\ms0537283293.exe
O4 - HKLM\..\Run: [win320728329337] C:\WINDOWS\win320728329337.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Program Files\webHancer\Programs\whsurvey.exe
O4 - HKLM\..\Run: [sys0229337283] C:\WINDOWS\sys0229337283.exe
O4 - HKLM\..\Run: [win320883293372] C:\WINDOWS\win320883293372.exe
O4 - HKLM\..\Run: [sys0132933728] C:\WINDOWS\sys0132933728.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: AOL 7.0 Tray Icon.lnk = C:\Program Files\AOL 7.0\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: NetAssistant.lnk = C:\Program Files\NetAssistant\bin\matcli.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.sxload.com
O15 - Trusted Zone: *.adgate.info (HKLM)
O15 - Trusted Zone: *.adsextend.net (HKLM)
O15 - Trusted Zone: *.dollarrevenue.com (HKLM)
O15 - Trusted Zone: *.elitemediagroup.net (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.matcash.com (HKLM)
O15 - Trusted Zone: *.media-motor.com (HKLM)
O15 - Trusted Zone: *.mediatickets.net (HKLM)
O15 - Trusted Zone: *.snipernet.biz (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://www.systemdoctor.com/download/2006/...FreeInstall.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/activex/pro...138302D2D2D.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsc...72/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - mk:@MSITStore:C:\DOCUME~1\Georgia\LOCALS~1\Temp\mma.chm::/joysavsht.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab
O16 - DPF: {68A2C3BD-7809-11D3-8ACF-0050046F2F9A} (AXELPlayer Class) - http://www.mindavenue.com/Downloads/AXELPlayerAX_Win32.cab
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmg...,15/mcgdmgr.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CBE2EB50-9EAB-4076-9F69-17C7C8BC3FE8}: NameServer = 67.69.184.235 67.69.184.84
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Telephony - C:\WINDOWS\system32\f6j20g1oe6.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\plflgff.exe (file missing)

Thanks for any help!!

Edited by simgirl678, 28 August 2006 - 10:37 AM.


BC AdBot (Login to Remove)

 


m

#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:12:10 AM

Posted 28 August 2006 - 02:46 PM

Hello,

Your system is terribly infected. Problem with these infections nowadays is, it causes a lot of damage. Even if we clean the malware off your system, I can't guarantee that your system will be clean afterwards, because these infections/bundles leave a lot of leftovers behind that most scanners won't even recognise and logs won't show.
Also, I can't promise you we can repair all the damage it caused... Even after cleaning the malware, you can still get errors afterwards because of the damage. Solving these is not always possible since it will be searching for a needle in a haystack to find the right cause and solution.
So, we can try to clean this up and do what we can, but keep in mind that we can't solve ALL problems this malware already caused.

It's better to print out the next instructions or save them in notepad, because you also have to work in safe mode without networking support, so this page wouldn't be available then.
It is also important you don't miss a step and perform everything in the right order!!

Please download VundoFix.exe to your C:\.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
* Download Brute Force Uninstaller.
Unzip it to a folder of it’s own (c:\BFU).
Read here how to unzip/extract properly:
http://metallica.geekstogo.com/xpcompressedexplanation.html
Start the Brute Force Uninstaller by doubleclicking BFU.exe

Next to the 'scriptfile to execute'-window you'll see a little icon as shown in next picture: Posted Image
When you click that icon, a little window will open that says: 'Please enter the full URL to the sript you want to execute'
In the field, copy and paste next URL:

http://metallica.geekstogo.com/alcanshorty.bfu

Click Ok.
Then click execute in Brute Force Uninstaller.

Extra note:
If nothing happens after pressing the Execute button, this means that the script didn't download. In that case, download the script
( alcanshorty.bfu ) manually from above url ( rightclick on it and choose 'save as' and save it in your BFU-folder). Then start BFU.exe again and click the browse button next to the 'scriptfile to execute'-window
Browse to the script you downloaded and Click Ok and Execute in Brute Force Uninstaller.


Wait for the complete script execution box to popup and press OK.
Press exit to terminate the BFU program.

-------------------------

Please download, install, and update Ewido anti-spyware
  • Load Ewido and then click the Update tab at the top. Under Manual Update click Start update.
  • After the update finishes (the status bar at the bottom will display "Update successful")
Don't use Ewido yet.

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.begin2search.com/sidesearch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R3 - URLSearchHook: (no name) - _{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
O3 - Toolbar: (no name) - {825A649A-197B-1495-3951-EEAEB7EB47F6} - (no file)
O4 - HKLM\..\Run: [ovegcxz] C:\WINDOWS\System32\wwkmylm.exe
O4 - HKLM\..\Run: [dkz] C:\WINDOWS\dkz.exe
O4 - HKLM\..\Run: [ti2cqaga] C:\WINDOWS\system32\ti2cqaga.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_7.exe
O4 - HKLM\..\Run: [pop06ap] C:\WINDOWS\pop06ap2.exe
O4 - HKLM\..\Run: [plflgffA] C:\WINDOWS\plflgffA.exe
O4 - HKLM\..\Run: [njgijfcA] C:\WINDOWS\njgijfcA.exe
O4 - HKLM\..\Run: [xload] "C:\WINDOWS\xload.exe"
O4 - HKLM\..\Run: [ms0537283293] C:\WINDOWS\ms0537283293.exe
O4 - HKLM\..\Run: [win320728329337] C:\WINDOWS\win320728329337.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Program Files\webHancer\Programs\whsurvey.exe
O4 - HKLM\..\Run: [sys0229337283] C:\WINDOWS\sys0229337283.exe
O4 - HKLM\..\Run: [win320883293372] C:\WINDOWS\win320883293372.exe
O4 - HKLM\..\Run: [sys0132933728] C:\WINDOWS\sys0132933728.exe
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O15 - Trusted Zone: *.sxload.com
O15 - Trusted Zone: *.adgate.info (HKLM)
O15 - Trusted Zone: *.adsextend.net (HKLM)
O15 - Trusted Zone: *.dollarrevenue.com (HKLM)
O15 - Trusted Zone: *.elitemediagroup.net (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.matcash.com (HKLM)
O15 - Trusted Zone: *.media-motor.com (HKLM)
O15 - Trusted Zone: *.mediatickets.net (HKLM)
O15 - Trusted Zone: *.snipernet.biz (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://www.systemdoctor.com/download/2006/...FreeInstall.cab
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/activex/pro...138302D2D2D.exe
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - mk:@MSITStore:C:\DOCUME~1\Georgia\LOCALS~1\Temp\mma.chm::/joysavsht.cab
O16 - DPF: {68A2C3BD-7809-11D3-8ACF-0050046F2F9A} (AXELPlayer Class) - http://www.mindavenue.com/Downloads/AXELPlayerAX_Win32.cab
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O20 - Winlogon Notify: Telephony - C:\WINDOWS\system32\f6j20g1oe6.dll
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\plflgff.exe (file missing)


* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

-------------------------

* Reboot into Safe Mode`: ( without networking support !)
°To get into the Safe mode as the computer is booting press and hold your "F8 Key". Use your arrow keys to move to "Safe Mode" and press your Enter key.

* Please set your system to show all files.
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.

* Using Windows Explorer, locate the following files/folders, and delete them if still present:

C:\WINDOWS\sys0229337283.exe
C:\WINDOWS\win320883293372.exe
C:\WINDOWS\sys0132933728.exe
C:\WINDOWS\ms0537283293.exe
C:\WINDOWS\System32\wwkmylm.exe
C:\WINDOWS\dkz.exe
C:\WINDOWS\system32\ti2cqaga.exe
C:\WINDOWS\pop06ap2.exe
C:\WINDOWS\plflgffA.exe
C:\WINDOWS\njgijfcA.exe
C:\WINDOWS\xload.exe
C:\WINDOWS\win320728329337.exe
---------------------------
Still in safe mode...
* Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Click the "Delete Cookies" button
  • Next to it, Click the "Delete Files" button
  • When prompted, place a check in: "Delete all offline content", click OK
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu on the left side of the Options window.
  • Click the Clear button located to the right of each option (History, Cookies, Cache).
  • Click OK to close the Options window
    Alternatively, you can clear all information stored while browsing by clicking Clear All.
    A confirmation dialog box will be shown before clearing the information.
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
------------------------
* Start Ewido...
  • Click on the Scanner tab at the top. Click the "Settings" tab and then change the recommended action to Quarantine and click Automatically generate report after every scan. Click back to the "Scan" tab and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.
  • Ewido will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. Ewido will display "All actions have been applied" on the right hand side.
  • Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
  • Close Ewido.
--------------------
* Reboot your system back to normal mode.

* Download Combofix to your desktop.
Doubleclick combo.exe
Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.

When finished and after reboot, it should open a log, combofix.txt.
Post this log in your next reply together with the contents of ewido-log present on your desktop, the contents of C:\vundofix.txt and a new HiJackThis log.
You may need several replies to post the logs...
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 simgirl678

simgirl678
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:10 PM

Posted 28 August 2006 - 07:13 PM

I didn't realize that it was so bad. :thumbsup: I hope that I didn't make it worse when I tried manually removing some of the problems a while ago. Thank you so much for your help and I really hope that I can clean up all of the damage, even though it sounds like I can't. I'm not doing all of this right now because I want to try doing everything at one time, so I be back soon to do everything. Thanks again!

Edited by simgirl678, 28 August 2006 - 10:02 PM.


#4 simgirl678

simgirl678
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:10 PM

Posted 28 August 2006 - 10:02 PM

Just to add something, Duce6 is back again because I've restarted the computer since I last posted. Should I post a new Hijackthis log? Thanks.

#5 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:12:10 AM

Posted 28 August 2006 - 11:53 PM

No, no need to post a new hijackthislog now. Just perform my steps as I told you and also delete Duce6 while in safe mode.

Then we'll see afterwards what's still left over and will deal with it. That's why it is important you follow all my steps in the right order and post the logs afterwards. Don't worry if some things won't get fixed yet...

Edited by miekiemoes, 28 August 2006 - 11:54 PM.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#6 simgirl678

simgirl678
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:10 PM

Posted 29 August 2006 - 06:08 PM

Ok, thanks for your help. I just have a question about the step where I put a check beside all of those items in Hijackthis and then click fixed. To get to that part of Hijackthis do I click on "None of the above, just start the program"? :thumbsup:

Edit: Well, since I was pretty sure that that was where I had to go to check off all of those things, I decided to click there, so right now I'm checking them all off. However, a couple of things that you listed are not there:
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_7.exe
O4 - HKLM\..\Run: [ms0537283293] C:\WINDOWS\ms0537283293.exe
O4 - HKLM\..\Run: [win320883293372] C:\WINDOWS\win320883293372.exe


Uh, is that bad?

Edited by simgirl678, 29 August 2006 - 06:24 PM.


#7 simgirl678

simgirl678
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:10 PM

Posted 29 August 2006 - 09:05 PM

Ok, I finally finished all the steps. (The Ewido scan takes so long!!) First of all though, when I was in safe mode deleting all of those files, I deleted the ones that were there that I was supposed to delete, but there was a file called win3206728329332006.exe, so it's name is close to some other bad files. However, I didn't delete it because it wasn't listed. Should I have deleted it? Also, when Ewido was quarantining all of the bad files, it said that it couldn't quarantine one with look2me in it's name, and a message came up at one point, which I took a screenshot of, and am posting. Anyways, here are the requested logs. :thumbsup:

Gwen - 06-08-29 21:32:38.78
ComboFix 06.08.27BT - Running from: C:\Documents and Settings\Gwen\Desktop

((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))

REGISTRY ENTRIES REMOVED:

[HKEY_CLASSES_ROOT\CLSID\{2C95DBEE-BE9F-4BE9-A6AE-3BFC164EAFD2}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2C95DBEE-BE9F-4BE9-A6AE-3BFC164EAFD2}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2C95DBEE-BE9F-4BE9-A6AE-3BFC164EAFD2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2C95DBEE-BE9F-4BE9-A6AE-3BFC164EAFD2}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{289498BE-77F7-4D2C-9186-AFA9C9289D5D}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{289498BE-77F7-4D2C-9186-AFA9C9289D5D}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{289498BE-77F7-4D2C-9186-AFA9C9289D5D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{289498BE-77F7-4D2C-9186-AFA9C9289D5D}\InprocServer32]
@="C:\\WINDOWS\\system32\\FQSRCH.DLL"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{CF4BC4F1-4993-4B3E-A2C7-D59ABEBB39BC}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CF4BC4F1-4993-4B3E-A2C7-D59ABEBB39BC}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CF4BC4F1-4993-4B3E-A2C7-D59ABEBB39BC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CF4BC4F1-4993-4B3E-A2C7-D59ABEBB39BC}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{0F9A3F0F-7B97-4633-95D4-A69D669ACAFE}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0F9A3F0F-7B97-4633-95D4-A69D669ACAFE}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0F9A3F0F-7B97-4633-95D4-A69D669ACAFE}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0F9A3F0F-7B97-4633-95D4-A69D669ACAFE}\InprocServer32]
@="C:\\WINDOWS\\system32\\npprovau.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{3FE45AD4-B707-4F26-93A4-DFFBEC8964C6}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3FE45AD4-B707-4F26-93A4-DFFBEC8964C6}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3FE45AD4-B707-4F26-93A4-DFFBEC8964C6}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3FE45AD4-B707-4F26-93A4-DFFBEC8964C6}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{89922CC9-10F6-46AE-A8FE-A028C90DF5E8}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{89922CC9-10F6-46AE-A8FE-A028C90DF5E8}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{89922CC9-10F6-46AE-A8FE-A028C90DF5E8}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{89922CC9-10F6-46AE-A8FE-A028C90DF5E8}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{3366A978-D5D3-4A20-B4D2-A749793CCCA1}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3366A978-D5D3-4A20-B4D2-A749793CCCA1}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3366A978-D5D3-4A20-B4D2-A749793CCCA1}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3366A978-D5D3-4A20-B4D2-A749793CCCA1}\InprocServer32]
@="C:\\WINDOWS\\system32\\KLDRO.DLL"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{4621EC6B-590C-4DB5-814D-A20B64426B15}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4621EC6B-590C-4DB5-814D-A20B64426B15}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4621EC6B-590C-4DB5-814D-A20B64426B15}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4621EC6B-590C-4DB5-814D-A20B64426B15}\InprocServer32]
@="C:\\WINDOWS\\system32\\irmp.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{D9E87011-2BA2-4233-B85A-710EEECCD640}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D9E87011-2BA2-4233-B85A-710EEECCD640}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D9E87011-2BA2-4233-B85A-710EEECCD640}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D9E87011-2BA2-4233-B85A-710EEECCD640}\InprocServer32]
@="C:\\WINDOWS\\system32\\RCVPSP.DLL"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{75314B2B-1F8A-4765-A088-3A70511BED4A}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{75314B2B-1F8A-4765-A088-3A70511BED4A}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{75314B2B-1F8A-4765-A088-3A70511BED4A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{75314B2B-1F8A-4765-A088-3A70511BED4A}\InprocServer32]
@="C:\\WINDOWS\\system32\\mhtscax.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{101F52E7-60DB-43DF-83C1-7C758552A78F}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{101F52E7-60DB-43DF-83C1-7C758552A78F}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{101F52E7-60DB-43DF-83C1-7C758552A78F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{101F52E7-60DB-43DF-83C1-7C758552A78F}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{87585E41-38B1-4E6D-B287-69EBE5F3EBA4}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{87585E41-38B1-4E6D-B287-69EBE5F3EBA4}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{87585E41-38B1-4E6D-B287-69EBE5F3EBA4}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{87585E41-38B1-4E6D-B287-69EBE5F3EBA4}\InprocServer32]
@="C:\\WINDOWS\\system32\\rCschap.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{19AB1B11-A300-485F-A44F-F9C1C4138010}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{19AB1B11-A300-485F-A44F-F9C1C4138010}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{19AB1B11-A300-485F-A44F-F9C1C4138010}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{19AB1B11-A300-485F-A44F-F9C1C4138010}\InprocServer32]
@="C:\\WINDOWS\\system32\\mpmxsdk.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{E0DF6AA3-2A80-4C4B-AB5D-B9B8FFD5F4F1}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E0DF6AA3-2A80-4C4B-AB5D-B9B8FFD5F4F1}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E0DF6AA3-2A80-4C4B-AB5D-B9B8FFD5F4F1}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E0DF6AA3-2A80-4C4B-AB5D-B9B8FFD5F4F1}\InprocServer32]
@="C:\\WINDOWS\\system32\\jrcript.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{F1B85E6B-8A87-4D4F-9EC7-6928EFBCBEBF}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F1B85E6B-8A87-4D4F-9EC7-6928EFBCBEBF}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F1B85E6B-8A87-4D4F-9EC7-6928EFBCBEBF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F1B85E6B-8A87-4D4F-9EC7-6928EFBCBEBF}\InprocServer32]
@="C:\\WINDOWS\\system32\\rjpsnd.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{8E38053B-9D85-4D8D-A50E-0C89B0835E36}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8E38053B-9D85-4D8D-A50E-0C89B0835E36}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8E38053B-9D85-4D8D-A50E-0C89B0835E36}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8E38053B-9D85-4D8D-A50E-0C89B0835E36}\InprocServer32]
@="C:\\WINDOWS\\system32\\MNVCRT20.DLL"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{88C82B53-082E-48A1-AD82-E3B9C711577A}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{88C82B53-082E-48A1-AD82-E3B9C711577A}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{88C82B53-082E-48A1-AD82-E3B9C711577A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{88C82B53-082E-48A1-AD82-E3B9C711577A}\InprocServer32]
@="C:\\WINDOWS\\system32\\pgofmap.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{E86E1B04-AB92-45BB-8923-8B55E1EF82AF}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E86E1B04-AB92-45BB-8923-8B55E1EF82AF}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E86E1B04-AB92-45BB-8923-8B55E1EF82AF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E86E1B04-AB92-45BB-8923-8B55E1EF82AF}\InprocServer32]
@="C:\\WINDOWS\\system32\\mcapsspc.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{ABEB76B2-55C2-4C6C-A874-26D1410000E8}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{ABEB76B2-55C2-4C6C-A874-26D1410000E8}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{ABEB76B2-55C2-4C6C-A874-26D1410000E8}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{ABEB76B2-55C2-4C6C-A874-26D1410000E8}\InprocServer32]
@="C:\\WINDOWS\\system32\\mrjet35.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{B95A0A39-791D-4D77-AFFB-4B7C4CE0D361}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B95A0A39-791D-4D77-AFFB-4B7C4CE0D361}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B95A0A39-791D-4D77-AFFB-4B7C4CE0D361}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B95A0A39-791D-4D77-AFFB-4B7C4CE0D361}\InprocServer32]
@="C:\\WINDOWS\\system32\\MBVIDC32.DLL"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{B7340BAD-68D1-4745-A32F-58AC6B11ECFC}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B7340BAD-68D1-4745-A32F-58AC6B11ECFC}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B7340BAD-68D1-4745-A32F-58AC6B11ECFC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B7340BAD-68D1-4745-A32F-58AC6B11ECFC}\InprocServer32]
@="C:\\WINDOWS\\system32\\dcraw.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{CDE1FB82-585D-4897-BE23-04EA02646991}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CDE1FB82-585D-4897-BE23-04EA02646991}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CDE1FB82-585D-4897-BE23-04EA02646991}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CDE1FB82-585D-4897-BE23-04EA02646991}\InprocServer32]
@="C:\\WINDOWS\\system32\\mycories.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{490E208F-8247-49B7-890D-725E850BE096}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{490E208F-8247-49B7-890D-725E850BE096}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{490E208F-8247-49B7-890D-725E850BE096}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{490E208F-8247-49B7-890D-725E850BE096}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{87C3089B-BAA0-4398-AE70-A8D2F4E6689D}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{87C3089B-BAA0-4398-AE70-A8D2F4E6689D}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{87C3089B-BAA0-4398-AE70-A8D2F4E6689D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{87C3089B-BAA0-4398-AE70-A8D2F4E6689D}\InprocServer32]
@="C:\\WINDOWS\\system32\\rQstls.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{E24BBF3F-50FF-42DB-B5A3-FCA399D80E40}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E24BBF3F-50FF-42DB-B5A3-FCA399D80E40}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E24BBF3F-50FF-42DB-B5A3-FCA399D80E40}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E24BBF3F-50FF-42DB-B5A3-FCA399D80E40}\InprocServer32]
@="C:\\WINDOWS\\system32\\llcalsec.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{474CB9A3-32F4-464F-84AB-7B370B87D432}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{474CB9A3-32F4-464F-84AB-7B370B87D432}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{474CB9A3-32F4-464F-84AB-7B370B87D432}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{474CB9A3-32F4-464F-84AB-7B370B87D432}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


FILES REMOVED:

C:\WINDOWS\SYSTEM32\dn2401fqe.dll
C:\WINDOWS\SYSTEM32\lvnq0955e.dll
C:\WINDOWS\SYSTEM32\guard.tmp


Granting sedebugprivilege to Administrators ... successful


((((((((((((((((((((((((((((((((((((((((((((( Qoologic's Log )))))))))))))))))))))))))))))))))))))))))))))))))))


* * * PRE-RUN - Filepaths from Locate * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


2006-08-05 17:09 8464 --a------ C:\WINDOWS\SYSTEM32\sporder.dll


* * * POST-RUN - Files in the Quarantine folder * * * * * * * * * * * * * * * * * * * * * * * * *



DO NOT DELETE ANY FILES FROM THIS DIRECTORY UNLESS INSTRUCTED TO


((((((((((((((((((((((((((((((((((((((((((( E-Give / Ssk's Log )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\Georgia\Application Data\Sskcwrd.dll
C:\Documents and Settings\Georgia\Application Data\Sskknwrd.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\NetworkService\Application Data\NetMon


((((((((((((((((((((((((((((((( Files Created from 2006-07-29 to 2006-08-29 ))))))))))))))))))))))))))))))))))


2006-08-28 23:34 85,504 --a------ C:\VundoFix.exe
2006-08-28 23:10 159,744 --a------ C:\WINDOWS\win3206728329332006.exe
2006-08-05 17:09 8,464 --a------ C:\WINDOWS\SYSTEM32\sporder.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-08-29 21:21 -------- d-------- C:\Program Files\MSN Gaming Zone
2006-08-29 19:29 -------- d-------- C:\Program Files\HijackThis
2006-08-29 18:58 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2006-08-08 20:45 -------- d-------- C:\Program Files\Nancy Drew
2006-08-06 21:04 -------- d-------- C:\Program Files\ComPlus Applications
2006-08-06 21:04 -------- d-------- C:\Program Files\Common Files
2006-08-06 21:03 -------- d-------- C:\Program Files\MSN
2006-08-05 17:34 -------- d-------- C:\Documents and Settings\Gwen\Application Data\Lavasoft
2006-08-03 10:42 -------- d-------- C:\Documents and Settings\Gwen\Application Data\MSN6


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"BCMSMMSG"="BCMSMMSG.exe"
"diagent"="\"C:\\Program Files\\Creative\\SBLive\\Diagnostics\\diagent.exe\" startup"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"DVDSentry"="C:\\WINDOWS\\System32\\DSentry.exe"
"RealTray"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"MMTray"="C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mm_tray.exe"
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"MCUpdateExe"="C:\\PROGRA~1\\mcafee.com\\agent\\McUpdate.exe"
"AdaptecDirectCD"="\"C:\\Program Files\\Roxio\\Easy CD Creator 5\\DirectCD\\DirectCD.exe\""
"VirusScan Online"="\"c:\\PROGRA~1\\mcafee.com\\vso\\mcvsshld.exe\""
"Lexmark X5100 Series"="\"C:\\Program Files\\Lexmark X5100 Series\\lxbabmgr.exe\""
"Motive SmartBridge"="C:\\PROGRA~1\\NETASS~1\\SMARTB~1\\MotiveSB.exe"
"IPInSightLAN 01"="\"C:\\Program Files\\Visual Networks\\Visual IP InSight\\Sympatico Consumer\\IPClient.exe\" -l"
"mmtask"="C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mmtask.exe"
"VSOCheckTask"="\"c:\\PROGRA~1\\mcafee.com\\vso\\mcmnhdlr.exe\" /checktask"
"POINTER"="point32.exe"
"nwiz"="nwiz.exe /install"
"IPInSightMonitor 01"="\"C:\\Program Files\\Visual Networks\\Visual IP InSight\\Sympatico Consumer\\IPMon32.exe\""
"MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\""
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_03\\bin\\jusched.exe"
"HPHUPD08"="C:\\Program Files\\HP\\Digital Imaging\\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\\hphupd08.exe"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\" /WinStart"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonceex]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
@=""
"NoDriveTypeAutoRun"=hex:5f,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,38,01,00,00,00,00,00,00,c8,02,00,00,e2,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,38,01,00,00,00,00,00,00,c8,02,00,00,e2,02,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce]
"RunNarrator"=""

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce]
"RunNarrator"=""

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\ISP signup reminder 1.job
C:\WINDOWS\tasks\ISP signup reminder 2.job
C:\WINDOWS\tasks\ISP signup reminder 3.job
C:\WINDOWS\tasks\McAfee.com Update Check (D8VQYV21-Owner).job
C:\WINDOWS\tasks\McAfee.com Update Check (Removed-Chris).job
C:\WINDOWS\tasks\McAfee.com Update Check (Removed-Georgia).job
C:\WINDOWS\tasks\McAfee.com Update Check (Removed-Gwen).job
C:\WINDOWS\tasks\McAfee.com Update Check (Removed-Yvonne).job

Completion time: 29/08/2006 21:44:26.35
ComboFix.txt


Thats the combofix log . I'm also attaching the picture of the message from Ewido. :flowers: Btw, I said no to the message... In my next post I will attach the ewido log, the vundofix log and my new Hijackthis log.

Posted Image

Edited by Orange Blossom, 30 March 2008 - 09:54 PM.
Edit out personal information. ~ OB


#8 simgirl678

simgirl678
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:10 PM

Posted 29 August 2006 - 09:08 PM

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 9:23:35 PM 29/08/2006

+ Scan result:



C:\WINDOWS\SYSTEM32\BO2802040113.dll -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\bH.dll -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072618.exe -> Adware.ClickSpring : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072279.dll -> Adware.DotCom : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072539.dll -> Adware.DotCom : Cleaned with backup (quarantined).
C:\WINDOWS\toolbar_nieuw13.dll -> Adware.DotCom : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ISTbarISTbar -> Adware.HotBar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072370.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072436.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072443.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072455.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072472.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072488.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072508.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072568.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072583.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072623.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072660.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072719.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072732.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072753.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072793.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072810.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072822.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072831.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072840.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072857.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072864.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072869.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072878.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072882.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072892.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072896.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072928.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP195\A0072935.dLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP195\A0072939.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP195\A0072949.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP195\A0072950.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP195\A0072970.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP195\A0072979.dLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP195\A0072983.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP195\A0072993.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP195\A0072997.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP195\A0073010.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP195\A0073025.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP195\A0073032.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP195\A0073046.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP195\A0073072.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP195\A0073073.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP195\A0073083.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP195\A0073084.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP195\A0073093.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP195\A0073115.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP195\A0073124.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP195\A0073133.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP195\A0073140.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP195\A0073149.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP195\A0073156.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP195\A0073160.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP196\A0073178.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP196\A0073186.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP196\A0073196.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP196\A0073230.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP196\A0073539.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP196\A0073555.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP196\A0073566.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP197\A0073596.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP197\A0073597.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP197\A0073616.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP197\A0073617.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP197\A0073642.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP197\A0073668.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP197\A0073694.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP197\A0073701.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP197\A0073717.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP197\A0073730.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP197\A0073782.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP197\A0073797.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP197\A0073798.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP197\A0073814.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP197\A0073815.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP197\A0073830.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP197\A0073841.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP197\A0073849.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP197\A0073881.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP197\A0073882.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP197\A0073897.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP197\A0073898.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP197\A0073916.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP197\A0073917.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP197\A0073955.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP197\A0073983.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP197\A0073991.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP197\A0074006.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP197\A0074015.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP197\A0074023.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP197\A0074030.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP197\A0074034.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP197\A0074043.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP197\A0074055.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP197\A0074087.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP197\A0074097.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP197\A0074115.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP197\A0074160.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP197\A0074183.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP197\A0074201.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP197\A0075201.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP197\A0075216.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP197\A0075233.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP197\A0075236.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP197\A0075243.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP197\A0075247.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP197\A0075256.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP197\A0075291.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP197\A0075298.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP197\A0075307.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP197\A0075328.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP197\A0075354.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\CETDLL.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\DPRPSETU.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\DWDIM.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\SpdFilters3PS.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\djtmsft.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\e002lado1d0c.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\fpls0337e.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\i0240afqed2e0.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\i4nmle511h.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\i6420ghoe64c0.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\llcalsec.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\lvpu0979e.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\mmltus35.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\rQstls.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\shndmail.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\smclogon.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
[676] C:\WINDOWS\system32\cffview.dll -> Adware.Look2Me : Error during cleaning.
[760] C:\WINDOWS\system32\cffview.dll -> Adware.Look2Me : Error during cleaning.
C:\Documents and Settings\Georgia\Local Settings\Temp\mmxsnet.exe -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP192\A0071860.exe -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072104.exe -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072327.ocx -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072328.ocx -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072336.ocx -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072346.ocx -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072409.exe -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072535.exe -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072646.ocx -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072727.exe -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072770.ocx -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\Documents and Settings\Georgia\Local Settings\Temp\NNBar_VCSetup_876075.exe -> Adware.Mirar : Cleaned with backup (quarantined).
C:\Documents and Settings\Georgia\Local Settings\Temp\mit111.tmp.cab/NNBar_VCSetup_876075.exe -> Adware.Mirar : Error during cleaning.
C:\Documents and Settings\Georgia\Local Settings\Temp\mit111.tmp/NNBar_VCSetup_876075.exe -> Adware.Mirar : Error during cleaning.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072427.dll -> Adware.Mirar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072728.dll -> Adware.Mirar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072730.dll -> Adware.Mirar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072669.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072670.dll -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072671.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072672.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072676.dll -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072683.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072709.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072710.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP196\A0073421.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP196\A0073422.dll -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP196\A0073434.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP196\A0073435.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP196\A0073439.dll -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP196\A0073523.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP196\A0073535.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP197\A0073637.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP197\A0073641.dll -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP197\A0073772.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP197\A0073773.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKU\S-1-5-21-3582278927-2971143041-3204845381-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP192\A0071787.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072534.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\Georgia\Local Settings\Temp\i13D.tmp -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072435.dll -> Adware.SurfSide : Cleaned with backup (quarantined).
HKLM\SOFTWARE\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup (quarantined).
HKLM\SOFTWARE\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072652.exe/IUCMORE.DLL -> Adware.Ucmore : Error during cleaning.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072652.exe/UCMTSAIE.DLL -> Adware.Ucmore : Error during cleaning.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072652.exe/empty_00000001 -> Adware.Ucmore : Error during cleaning.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072100.exe -> Adware.VB : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072280.exe -> Adware.VB : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP197\A0074191.exe -> Adware.VB : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP192\A0071767.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP192\A0071796.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP192\A0071800.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP192\A0071804.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP192\A0071805.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP192\A0071814.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072233.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072234.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072235.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072236.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072335.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072397.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072399.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072400.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072403.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072405.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072418.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP197\A0073632.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP197\A0073633.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP197\A0073634.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP197\A0073775.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0071995.cmd -> Backdoor.Afcore.cq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP197\A0075306.dll -> Backdoor.Afcore.cr : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072378.exe -> Downloader.Adload.di : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072525.exe -> Downloader.Adload.di : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072528.exe -> Downloader.Adload.di : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072527.exe -> Downloader.Adload.dj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072771.exe -> Downloader.Adload.dl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP192\A0071832.dll -> Downloader.Agent.agw : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\sbe.exe -> Downloader.Agent.am : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP192\A0071774.exe -> Downloader.Dyfuca.ey : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP192\A0071861.exe -> Downloader.Dyfuca.ey : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072101.exe -> Downloader.Dyfuca.ey : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072382.exe -> Downloader.Dyfuca.ey : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072521.exe -> Downloader.Dyfuca.ey : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072522.exe -> Downloader.Dyfuca.ey : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072530.exe -> Downloader.Dyfuca.ey : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072647.exe -> Downloader.Lalus : Cleaned with backup (quarantined).
C:\Documents and Settings\Georgia\Local Settings\Temp\drsmartload180a.exe -> Downloader.Pakes : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\redirect.vbs -> Downloader.Psyme.as : Cleaned with backup (quarantined).
C:\Documents and Settings\Georgia\Local Settings\Temp\!update.exe -> Downloader.PurityScan.cu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP192\A0071788.exe -> Downloader.PurityScan.cu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072761.exe -> Downloader.PurityScan.cu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP192\A0071756.exe -> Downloader.Qoologic.at : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP192\A0071833.exe -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP192\A0071835.exe -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP192\A0071836.dll -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072450.dll -> Downloader.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072543.exe -> Downloader.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072547.exe -> Downloader.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072731.dll -> Downloader.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP192\A0071751.exe -> Downloader.Small.ajc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072324.exe -> Downloader.Small.ajc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072649.exe -> Downloader.Small.buy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072650.exe -> Downloader.Small.buy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072651.exe -> Downloader.Small.buy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072768.exe -> Downloader.TSUpdate.f : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072762.exe -> Downloader.TSUpdate.l : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072766.exe -> Downloader.TSUpdate.n : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072764.exe -> Downloader.TSUpdate.r : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP192\A0071867.exe -> Downloader.VB.aga : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP192\A0071868.exe -> Downloader.VB.aga : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP192\A0071869.exe -> Downloader.VB.aga : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP192\A0071870.exe -> Downloader.VB.aga : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072333.exe -> Downloader.VB.aga : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072729.exe -> Downloader.VB.aga : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP195\A0073107.exe -> Downloader.VB.aga : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP195\A0073109.exe -> Downloader.VB.aga : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP195\A0073111.exe -> Downloader.VB.aga : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP195\A0073113.exe -> Downloader.VB.aga : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072526.exe -> Downloader.VB.aiw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072532.exe -> Downloader.VB.aiw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP195\A0073108.exe -> Downloader.VB.akq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP195\A0073110.exe -> Downloader.VB.akq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP195\A0073112.exe -> Downloader.VB.akq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP195\A0073114.exe -> Downloader.VB.akq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP197\A0073777.exe -> Downloader.VB.akq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP197\A0073837.exe -> Downloader.VB.akq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP197\A0073842.exe -> Downloader.VB.akq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP197\A0073844.exe -> Downloader.VB.akq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP197\A0073846.exe -> Downloader.VB.akq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP197\A0074134.exe -> Downloader.VB.akq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP192\A0071757.exe -> Downloader.VB.tw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP192\A0071866.exe -> Downloader.VB.tw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072331.exe -> Downloader.VB.tw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072332.exe -> Downloader.VB.tw : Cleaned with backup (quarantined).
C:\Documents and Settings\Georgia\Local Settings\Temp\xload.exe -> Downloader.VB.wz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072613.exe -> Downloader.VB.wz : Cleaned with backup (quarantined).
C:\Documents and Settings\Yvonne\Local Settings\Temporary Internet Files\Content.IE5\4BSPEZOF\LaunchJpu[1].htm -> Downloader.Weis : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072544.exe -> Dropper.Agent.aie : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072760.exe -> Dropper.Agent.aie : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\in10b6s.dll -> Dropper.Small.nj : Cleaned with backup (quarantined).
C:\Documents and Settings\Georgia\Local Settings\Temp\SUP_AV1.exe -> Dropper.Small.sc : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\calsdr.exe -> Dropper.Small.sc : Cleaned with backup (quarantined).
C:\Documents and Settings\Georgia\Local Settings\Temp\Temporary Internet Files\Content.IE5\10JQBJ53\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Georgia\Local Settings\Temp\Temporary Internet Files\Content.IE5\10JQBJ53\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Georgia\Local Settings\Temp\Temporary Internet Files\Content.IE5\18G7TPCL\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Georgia\Local Settings\Temp\Temporary Internet Files\Content.IE5\18G7TPCL\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Georgia\Local Settings\Temp\Temporary Internet Files\Content.IE5\18G7TPCL\popup[4].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Georgia\Local Settings\Temp\Temporary Internet Files\Content.IE5\7Z9J7L4W\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Georgia\Local Settings\Temp\Temporary Internet Files\Content.IE5\7Z9J7L4W\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Georgia\Local Settings\Temp\Temporary Internet Files\Content.IE5\7Z9J7L4W\popup[3].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Georgia\Local Settings\Temp\Temporary Internet Files\Content.IE5\7Z9J7L4W\popup[4].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Georgia\Local Settings\Temp\Temporary Internet Files\Content.IE5\FZ17BPKW\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Georgia\Local Settings\Temp\Temporary Internet Files\Content.IE5\G5EJCPMJ\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Georgia\Local Settings\Temp\Temporary Internet Files\Content.IE5\I9ZKDGJY\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Georgia\Local Settings\Temp\Temporary Internet Files\Content.IE5\I9ZKDGJY\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Georgia\Local Settings\Temp\Temporary Internet Files\Content.IE5\I9ZKDGJY\popup[3].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Georgia\Local Settings\Temp\Temporary Internet Files\Content.IE5\I9ZKDGJY\popup[4].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Georgia\Local Settings\Temp\Temporary Internet Files\Content.IE5\JO1XRKCC\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Georgia\Local Settings\Temp\Temporary Internet Files\Content.IE5\JO1XRKCC\popup[3].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Georgia\Local Settings\Temp\Temporary Internet Files\Content.IE5\MKPDFRJ7\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Georgia\Local Settings\Temp\Temporary Internet Files\Content.IE5\MKPDFRJ7\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Georgia\Local Settings\Temp\Temporary Internet Files\Content.IE5\O7ZRAKL9\popup[10].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Georgia\Local Settings\Temp\Temporary Internet Files\Content.IE5\O7ZRAKL9\popup[11].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Georgia\Local Settings\Temp\Temporary Internet Files\Content.IE5\O7ZRAKL9\popup[12].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Georgia\Local Settings\Temp\Temporary Internet Files\Content.IE5\O7ZRAKL9\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Georgia\Local Settings\Temp\Temporary Internet Files\Content.IE5\O7ZRAKL9\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Georgia\Local Settings\Temp\Temporary Internet Files\Content.IE5\O7ZRAKL9\popup[3].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Georgia\Local Settings\Temp\Temporary Internet Files\Content.IE5\O7ZRAKL9\popup[4].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Georgia\Local Settings\Temp\Temporary Internet Files\Content.IE5\O7ZRAKL9\popup[5].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Georgia\Local Settings\Temp\Temporary Internet Files\Content.IE5\O7ZRAKL9\popup[6].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Georgia\Local Settings\Temp\Temporary Internet Files\Content.IE5\O7ZRAKL9\popup[7].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Georgia\Local Settings\Temp\Temporary Internet Files\Content.IE5\O7ZRAKL9\popup[8].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Georgia\Local Settings\Temp\Temporary Internet Files\Content.IE5\O7ZRAKL9\popup[9].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Georgia\Local Settings\Temp\Temporary Internet Files\Content.IE5\R9WK0NFF\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Georgia\Local Settings\Temp\Temporary Internet Files\Content.IE5\R9WK0NFF\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Georgia\Local Settings\Temp\Temporary Internet Files\Content.IE5\R9WK0NFF\popup[3].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Georgia\Local Settings\Temp\Temporary Internet Files\Content.IE5\R9WK0NFF\popup[4].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Georgia\Local Settings\Temp\Temporary Internet Files\Content.IE5\SICT4NQT\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Georgia\Local Settings\Temp\Temporary Internet Files\Content.IE5\SICT4NQT\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Georgia\Local Settings\Temp\Temporary Internet Files\Content.IE5\SICT4NQT\popup[3].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Georgia\Local Settings\Temp\Temporary Internet Files\Content.IE5\WTANC5ER\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Georgia\Local Settings\Temp\Temporary Internet Files\Content.IE5\WTANC5ER\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Georgia\Local Settings\Temp\Temporary Internet Files\Content.IE5\WX678LQN\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Georgia\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZHKKGZRR\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP192\A0071791.exe -> Hijacker.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072348.exe -> Hijacker.Small : Cleaned with backup (quarantined).
C:\Program Files\MSN Gaming Zone\vinofy.html -> Hijacker.Small.jf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP192\A0071770.exe -> Hijacker.VB.ij : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP192\A0071776.exe -> Hijacker.VB.ij : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072383.exe -> Hijacker.VB.ij : Cleaned with backup (quarantined).
C:\bintheredunthat\njgijfc.exe -> Hijacker.VB.ij : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072531.exe -> Hijacker.VB.ly : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP194\A0072772.exe -> Hijacker.VB.ly : Cleaned with backup (quarantined).
C:\Documents and Settings\Georgia\Local Settings\Temp\SystemDoctor2006FreeInstall.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\USDR6_0001_D08M0404NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\USDR6_0001_D18M2707NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Cleaned with backup (quarantined).
C:\Documents and Settings\Georgia\Local Settings\Temp\Temporary Internet Files\Content.IE5\18G7TPCL\send_car_int[1].htm -> Not-A-Virus.Exploit.HTML.CodeBaseExec : Cleaned with backup (quarantined).
C:\Documents and Settings\Yvonne\Local Settings\Temporary Internet Files\Content.IE5\ALSJQ5Q5\send_car_int[1].htm -> Not-A-Virus.Exploit.HTML.CodeBaseExec : Cleaned with backup (quarantined).
C:\Documents and Settings\Yvonne\Local Settings\Temporary Internet Files\Content.IE5\ALSJQ5Q5\send_ocx_sof[1].htm -> Not-A-Virus.Exploit.HTML.CodeBaseExec : Cleaned with backup (quarantined).
C:\Documents and Settings\Yvonne\Local Settings\Temporary Internet Files\Content.IE5\O9YJK1IJ\send_car_int[1].htm -> Not-A-Virus.Exploit.HTML.CodeBaseExec : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\W96NG12R\send_car_int[1].htm -> Not-A-Virus.Exploit.HTML.CodeBaseExec : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\W96NG12R\send_ocx_sof[1].htm -> Not-A-Virus.Exploit.HTML.CodeBaseExec : Cleaned with backup (quarantined).
C:\Documents and Settings\Georgia\Cookies\georgia@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
C:\Documents and Settings\Georgia\Local Settings\Temp\Cookies\georgia@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
C:\Documents and Settings\Georgia\Cookies\georgia@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Georgia\Cookies\georgia@cbs.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Georgia\Cookies\georgia@chicagosuntimes.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Georgia\Cookies\georgia@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Georgia\Cookies\georgia@gettyimages.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Georgia\Cookies\georgia@harpo.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Georgia\Cookies\georgia@marketlive.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Georgia\Cookies\georgia@marksandspencer.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Georgia\Cookies\georgia@maxis.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Georgia\Cookies\georgia@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Georgia\Cookies\georgia@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Georgia\Cookies\georgia@nbcuniversal.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Georgia\Cookies\georgia@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Georgia\Cookies\georgia@usatoday1.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Georgia\Local Settings\Temp\Cookies\georgia@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Georgia\Local Settings\Temp\Cookies\georgia@cbs.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Georgia\Local Settings\Temp\Cookies\georgia@maxis.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Georgia\Local Settings\Temp\Cookies\georgia@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Gwen\Cookies\gwen@maxis.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Gwen\Cookies\gwen@msninvite.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Gwen\Cookies\gwen@newlinecinema.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Gwen\Cookies\gwen@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Yvonne\Cookies\yvonne@torstardigital.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Yvonne\Local Settings\Temp\Cookies\yvonne@msninvite.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents an

#9 simgirl678

simgirl678
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:10 PM

Posted 29 August 2006 - 09:09 PM

VundoFix V6.1.2

Checking Java version...

Java version is 1.5.0.3

Scan started at 11:35:06 PM 28/08/2006

Listing files found while scanning....

No infected files were found.


Beginning removal...


And finally here's the Hijackthis log. :thumbsup:

Logfile of HijackThis v1.99.1
Scan saved at 10:08:34 PM, on 29/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPMon32.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\NetAssistant\bin\mpbtn.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.ca/0SEENCA/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe" -l
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPMon32.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: AOL 7.0 Tray Icon.lnk = C:\Program Files\AOL 7.0\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: NetAssistant.lnk = C:\Program Files\NetAssistant\bin\matcli.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsc...72/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmg...,15/mcgdmgr.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CBE2EB50-9EAB-4076-9F69-17C7C8BC3FE8}: NameServer = 67.69.184.235 67.69.184.84
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe



Lastly, thanks for all your help! Right now there's no popups. :flowers: But it still seems to be taking longer than usual to log on to my account on windows.

Edited by simgirl678, 29 August 2006 - 09:21 PM.


#10 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:12:10 AM

Posted 30 August 2006 - 02:24 AM

Hello,

Well, we really made progress here.. :thumbsup:

No, that's ok if some entries weren't present in hijackthis. Alcanshorty most probably already took care of them.
Also, don't worry about the Ewido scan.. You'll see when you scan another time with Ewido that it will delete them now without any error. (It will actually not find these files anymore, since combofix already took care of it).
That's why the combofix was needed, to delete leftovers from the infections you are dealing with and to show a log of what files are still present.

Ok, let's deal with the rest now..

There was indeed no vundo present on your system, so that's already good. Your hijackthislog looks clean again, so nothing to fix in there..

Delete next file:

C:\WINDOWS\win3206728329332006.exe

But it still seems to be taking longer than usual to log on to my account on windows.

Well, fisrt thing we can do here is disable some unnecessary startups.
To do this, perform next:

Go to start > run and type: msconfig
Select the tab: Startup

There you will see all the programs starting up with windows.
Some are not needed and can also cause a system slowdown.
That's why it's a good idea to disable them there by unchecking them. Don't disable them all there! Because some are needed!

You can always access these programs by going to your startmenu > all programs or start them manually via the Programs Folder where they are present.
You can always enable them afterwards again.

Next are not needed to start with windows:
  • [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
  • [UpdReg] C:\WINDOWS\UpdReg.EXE
  • [DVDSentry] C:\WINDOWS\System32\DSentry.exe
  • [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe
  • [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
  • [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
  • [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
  • [IPInSightLAN 01] "C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe
  • [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
  • [nwiz] nwiz.exe
  • [IPInSightMonitor 01] "C:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPMon32.exe
  • [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe
  • [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe
  • [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
  • [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
  • [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
  • [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe
  • [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe
  • [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe
  • HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
The choice is yours ofcourse which above ones you find necessary to startup with windows. But in general, they are not required.

Also, I asked to install Ewido as well. This program starts up with windows as well and runs in the background, using extra sources. This will only work for 2 weeks, since you are using the Trial version of Ewido with all functions enabled. Once the trial has expired, ewido will revert to a free version with less functions, but you can still use it to scan and it will still be able to update. But it won't run in the background anymore. So, actually, you can already disable that background guard anyway.
To do this...

1. Open ewido by double-clicking the yellow 'e' icon in the system tray.
2. In the 'Your security status' section, toggle the ewido Guard realtime protection 'off' by clicking 'active' which will then change the protection status to 'inactive'.
3. When you reboot, ewido will prompt you as to whether you would like to "Restart the guard?".
4. Reply 'no' and set it to 'inactive'.

Extra remarks..
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 5.0 Update 8.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name. It should have the Posted Image icon next to it.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-1_5_0_08-windowsi586-p.exe to install the newest version.
But I want to check something else as well, just to make sure nothing is lurking there, so perform next:

* Download sophos-anti-rootkit: http://www.sophos.com/products/free-tools/...ti-rootkit.html
  • Place it on your desktop.
  • Doubleclick sarsfx.exe to extract the files. Leave the default settings.
  • Open the folder C:\SOPHTEMP and doubleclick sargui.exe to start the program.
  • Make sure next are checked:
    • Running processes
    • Windows Registry
    • Local Hard Drives
  • Click the "Start Scan" button.
  • Click the "OK" button after you get the notification that the scan has finished. This to close the program.
  • Then, go to start > run and copy and paste next in the field: %temp%\sarscan.log
  • This should open the log from the rootkit scan. Post this log in your next reply.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 simgirl678

simgirl678
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:10 PM

Posted 30 August 2006 - 09:44 AM

Thanks for the help. Ok, so far I've installed the new version of java, and deleted the previous one, and stopped a couple of things from starting up with windows using msconfig. For that last program that you wanted me to get, is there anyway to download it without putting your whole name, country and email address? Thanks.

Edited by simgirl678, 30 August 2006 - 10:05 AM.


#12 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:12:10 AM

Posted 30 August 2006 - 10:14 AM

No, you only get it when you enter your name (you can use a fake name as well). This is to agree with the license.

If you feel uncomfortable with doing this, you can try this tool instead which searches for the same:

Download and Save blacklight to your desktop.
F-Secure Blacklight: https://europe.f-secure.com/blacklight/try.shtml
Double-click blbeta.exe then accept the agreement.
click > scan then > next,
You'll see a list of all items found.
Don't choose for rename yet! I want to see the log first, because legit items can also be present there...
There must be also a log on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers)
Post the contents of the log in your next reply.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#13 simgirl678

simgirl678
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:10 PM

Posted 30 August 2006 - 03:42 PM

Ok, thanks. :thumbsup: It was mostly that I didn't want to give my email address. I was going to download the sophos one ahyway, but now I've decided to get the blacklight one, which I'm scanning with right now.. I'll post the log afterwards.

Edit: Here it is.

08/30/06 16:38:38 [Info]: BlackLight Engine 1.0.46 initialized
08/30/06 16:38:38 [Info]: OS: 5.1 build 2600 (Service Pack 2)
08/30/06 16:38:38 [Note]: 7019 4
08/30/06 16:38:38 [Note]: 7005 0
08/30/06 16:38:45 [Note]: 7006 0
08/30/06 16:38:45 [Note]: 7011 3096
08/30/06 16:38:45 [Note]: 7026 0
08/30/06 16:38:45 [Note]: 7026 0
08/30/06 16:38:53 [Note]: FSRAW library version 1.7.1019
08/30/06 16:42:34 [Note]: 2000 1006
08/30/06 16:43:44 [Note]: 7007 0

Nothing found. Should I get the Sophos one too just to be on the safe side? Or do you think that the computer's all clean... I hope so. :D

Edited by simgirl678, 30 August 2006 - 03:46 PM.


#14 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:12:10 AM

Posted 31 August 2006 - 01:01 AM

Hi,

No, I guess we are ok here. Sophos does the same as blacklight does. I just wanted you to run one of these scans just to make sure nothing is lurking there, but nothing was found.

To keep this clean in the future, I would suggest the following things:

Install Spywareblaster
SpywareBlaster doesn`t scan and clean for so-called spyware, but prevents it from being installed in the first place. It blocks the popular spyware ActiveX controls, and also prevents the installation of any of them via a webpage.

* Avoid illegal sites, because that's where most malware is present.
* Don't click on links inside popups.
* Don't click on links in spam messages claiming to offer anti-spyware software; because most of these so called removers ARE spyware.
* Download free software only from sites you know and trust. Because a lot of free software can bundle other software, including spyware.

Let your antispywarescanner(s) scan frequently and don't forget to update before.

And I do suggest you perform an online virusscan once in a while. (Housecall and/or Bitdefender). Because what one virusscanner can't find another one maybe can.
Also make sure that your virusscanner, the one that is installed on your system is always up to date!

Make sure your windows has the latest updates: http://windowsupdate.microsoft.com/

If you are having XP SP2, read here how to configure Security Features for Internet Explorer:
http://www.microsoft.com/technet/security/...xp/iesecxp.mspx

Also visit this Free Online Scanner for PC Health and Safety and Microsoft Security At Home for tips to Protect your Pc, Protect yourself and Protect your Family.

More info on how to prevent malware you can also find here (By Tony Klein)
and here: http://wiki.castlecops.com/Malware_Prevent...nt_Re-infection

Also read: Simple and easy ways to keep your computer safe and secure on the Internet

Happy surfing again! :thumbsup:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#15 simgirl678

simgirl678
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:10 PM

Posted 31 August 2006 - 02:49 PM

Ok, thanks for the tips. And thank you so so so much for your help! My computer is much better now. :thumbsup: I'm glad I found this site.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users