Help - Search - Members - Calendar
Full Version: Aim Virus
Lavasoft Support Forums > Archived Topics > Archives: Resolved/Inactive Topics > Resolved/Inactive HijackThis Logs
bers55
Jun 5 2006, 09:39 PM
I got a virus through aim saying something like would this look good on my myspace, and it gave me a virus. That sent people the same message through aim and pop ups came up. I ran ad- aware a few times and it showed things with level 10 tac ratings my average was 6.77 or something. I downloaded hijackthis like you said and this is the file.

Logfile of HijackThis v1.98.2
Scan saved at 4:21:36 PM, on 6/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\PROGRA~1\SYMANT~1.1\DefWatch.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Network Monitor\netmon.exe
C:\PROGRA~1\SYMANT~1.1\Rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\wmiapsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\SYMANT~1.1\vptray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\AOL\1103768149\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\mptft.exe
C:\WINDOWS\system32\ssn6tuu.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nr1rnqm8.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\ssec.exe
C:\WINDOWS\system32\tfthot.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
c:\program files\common files\aol\1103768149\ee\aolsoftware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\cidaemon.exe
C:\DOCUME~1\Default\LOCALS~1\Temp\Temporary Directory 1 for hijackthis1982.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalot.com/search.asp?si=20065&k=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=20065&k=
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\cccrs.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,mwivdit.exe
O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1.1\vptray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1103768149\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ftexc] C:\WINDOWS\system32\mptft.exe
O4 - HKLM\..\Run: [Hhl7RfpJ] "C:\WINDOWS\system32\ssn6tuu.exe"
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\SYSTEM32\mwinqqez.exe CORN003
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Zeno.lnk = C:\WINDOWS\SYSTEM32\mwinqqez.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - (no file)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Mah Jong Garden by pogo - http://mahjong2.pogo.com/applet-5.9.0.18/m...g-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://holdem2.pogo.com/applet-6.0.3.28/ho...m-ob-assets.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsc...72/mcinsctl.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundl...ArcadeRdxIE.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmg...,15/mcgdmgr.cab
O18 - Filter: text/html - {624A3CDB-8C0A-4902-8480-191582C8498E} - C:\WINDOWS\system32\x3cqp0.dll

I'm not sure what is should do?
It's similar to this: http://www.lavasoftsupport.com/index.php?showtopic=814
P.S. I'm not very educated
LS CalamityJane
Jun 5 2006, 10:32 PM
Oh dear, you have a really old, old version of HijackThis. Please delete all copies of that one and get the latest version 1.99.1. Plus you also need to make a folder to put your HijackThis into. I'll include extra help instructions for you to make it easier.

Please make a new folder to put your HijackThis.exe into. Anywhere on your hard drive is fine other than your Desktop or the Temp folder. We suggest you use something like "C:\Program Files\HijackThis" but feel free to use any name. See here for specific instructions and screen shots to help:
http://russelltexas.com/malware/createhjtfolder.htm
This is to ensure it makes the necessary backups for recovery if needed.

Download v. 1.99.1 of HijackThis
http://www.merijn.org/files/hijackthis.zip

or here
http://castlecops.com/downloads-file-328.html

Unzip/decompress the HijackThis.zip file and save the contents (HijackThis.exe) to the new folder you made

How to extract (decompress) zipped or compressed files
http://www.lvsonline.com/compresstut/index.shtml

Using Windows Explorer, navigate to the new folder you made and doubleclick on HijackThis.exe to open the program when it's time to post another log. (but not yet).
........................................................................
1. Download, install, and update Ewido AntiMalware to scan your system for trojans and other malware(get the free trial version)
http://www.ewido.net/en/download/

a. Install Ewido AntiMalware

b. Launch Ewido, there should be a big yellowE icon on your desktop, double-click it.

c. The program will prompt you to update click the OK button

d. The program will now go to the main screen

e. On the left hand side of the main screen click on Update

f. Click on Start. The update will start and a progress bar will show the updates being installed.

g. Do not scan yet. We'll do that later in SAFE MODE. After updating close Ewido and any open programs.

*Note: Ewido is a free trial product for 14 days. After that you can purchase it for full features OR you can also keep the free version to use as an on-demand scanner (recommended).
You will still be able to manually update Ewido using the *update* button smile.gif

2. Reboot into Safe Mode
You can usually do this by restarting your computer and continually tapping F8 until a menu appears. Highlight Safe Mode and hit enter.

How to start the computer in Safe mode
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

Once in safe mode, start Ewido AntiMalware

a. Click on scanner

b. Click on *complete system scan*

c. Let the program scan the machine.

d. While the scan is in progress you will be prompted to clean the first infected file it finds. Choose Remove, then put a check next to Perform action on all infections in the left corner of the box so you don't have to sit and watch Ewido the whole time.
Checkmark the box: *Create encrypted backup in the quarantine* (recommended)

Click OK.

When the scan finishes, click on "Save Report". This will create a text file. Make sure you know where to find this file again.

6. Reboot your computer back into normal mode.

7. Navigate to the new HijackThis folder you made. Double click on HijackThis.exe to open it and scan to make a fresh log please.

Post both the HijackThis log and the Ewido log back here in your next reply
bers55
Jun 6 2006, 12:38 AM
Heres the hijackthis report

Logfile of HijackThis v1.99.1
Scan saved at 7:32:17 PM, on 6/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\PROGRA~1\SYMANT~1.1\DefWatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\SYMANT~1.1\vptray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\AOL\1103768149\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ssn6tuu.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\SYMANT~1.1\Rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
c:\program files\common files\aol\1103768149\ee\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalot.com/search.asp?si=20065&k=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=20065&k=
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\cccrs.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,mwivdit.exe
O2 - BHO: Yvakt Class - {5C3E6596-C64F-48E0-AC1E-B9C6EB3A5915} - C:\WINDOWS\system32\x3cqp0.dll
O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1.1\vptray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1103768149\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Hhl7RfpJ] "C:\WINDOWS\system32\ssn6tuu.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Zeno.lnk = C:\WINDOWS\SYSTEM32\mwinqqez.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Mah Jong Garden by pogo - http://mahjong2.pogo.com/applet-5.9.0.18/m...g-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://holdem2.pogo.com/applet-6.0.3.28/ho...m-ob-assets.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsc...72/mcinsctl.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundl...ArcadeRdxIE.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmg...,15/mcgdmgr.cab
O18 - Filter: text/html - {624A3CDB-8C0A-4902-8480-191582C8498E} - C:\WINDOWS\system32\x3cqp0.dll
O20 - Winlogon Notify: Control Panel - C:\WINDOWS\system32\lt4027hmg.dll (file missing)
O20 - Winlogon Notify: SharedDLLs - C:\WINDOWS\system32\guard.tmp (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1.1\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1.1\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Microsoft Performance WMI Adapter AddOn (WMIPervAddOn) - Unknown owner - C:\WINDOWS\wmiapsv.exe (file missing)

Do you know where the ewido report atoumaticly goes I can't find it under report which I though it said it was under?
bers55
Jun 6 2006, 01:32 AM
I found the first report by runnind a second. I must say that the computer seems much better but here it is. It's very long. So long I cut some of it out so between mozilla 7 to 164 and 164 to 180 and 180 -207 or something like that there's stuff missing saying about the same thing

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 7:25:04 PM, 6/5/2006
+ Report-Checksum: 2B916696

+ Scan result:

HKLM\SOFTWARE\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup
HKLM\SOFTWARE\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup
HKU\.DEFAULT\Software\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup
HKU\.DEFAULT\Software\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup
HKU\S-1-5-21-250459187-3625880845-85471822-1007\Software\dsktb -> Adware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-250459187-3625880845-85471822-1007\Software\dsktb\DesktopToolbar -> Adware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-250459187-3625880845-85471822-1007\Software\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup
HKU\S-1-5-21-250459187-3625880845-85471822-1007\Software\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup
HKU\S-1-5-18\Software\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup
HKU\S-1-5-18\Software\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup
[728] C:\WINDOWS\system32\guard.tmp -> Adware.Look2Me : Error during cleaning
[892] C:\WINDOWS\system32\jSvart.dll -> Adware.Look2Me : Cleaned with backup
C:\comscore.exe -> Dropper.Agent.hl : Cleaned with backup
C:\defender25.exe -> Downloader.Adload.bx : Cleaned with backup
:mozilla.6:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\2nj4y8o2.Default User\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\2nj4y8o2.Default User\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.164:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\2nj4y8o2.Default User\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.180:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\ea00zlzp.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.200:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\ea00zlzp.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.202:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\ea00zlzp.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.207:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\ea00zlzp.default\cookies.txt -> TrackingCookie.Adviva : Cleaned with backup
:mozilla.135:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.136:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.137:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.156:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Gator : Cleaned with backup
:mozilla.170:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.171:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.172:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.173:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup
:mozilla.176:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.177:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.178:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.179:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.180:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.181:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.182:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.183:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.184:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.185:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.186:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.187:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.188:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.189:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.190:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.191:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.192:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.193:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.194:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.197:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.198:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.199:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.200:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.201:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.202:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.203:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.205:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup
:mozilla.206:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup
:mozilla.208:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.212:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.213:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.214:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.215:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.216:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.217:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.218:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.219:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.220:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.221:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.222:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.223:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.224:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.225:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.226:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.227:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.228:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.229:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.230:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.231:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.232:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.233:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.234:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.235:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.239:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup
:mozilla.258:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Tracking101 : Cleaned with backup
:mozilla.259:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.277:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Bfast : Cleaned with backup
:mozilla.278:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Bfast : Cleaned with backup
:mozilla.280:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.281:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.282:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.283:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.284:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.285:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.286:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.287:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.288:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.289:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.290:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.292:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.304:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.305:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.306:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.307:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.309:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup
:mozilla.313:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
:mozilla.315:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Euniverseads : Cleaned with backup
:mozilla.316:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Euniverseads : Cleaned with backup
:mozilla.317:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Euniverseads : Cleaned with backup
:mozilla.318:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Ad-logics : Cleaned with backup
:mozilla.333:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.341:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.349:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.356:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.362:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.380:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.381:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.382:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.383:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.384:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.390:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.396:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.397:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.418:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.419:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.441:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
:mozilla.442:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
:mozilla.455:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Hypertracker : Cleaned with backup
:mozilla.491:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.492:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.558:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Realtracker : Cleaned with backup
:mozilla.581:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.608:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.611:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.612:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.613:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.614:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.615:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.616:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.617:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.646:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned with backup
:mozilla.647:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned with backup
:mozilla.651:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.652:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.676:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.677:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.678:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.681:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup
:mozilla.683:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.704:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.705:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.721:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.723:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.724:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.726:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.730:C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\u5s7ehnc.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@ads.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@anat.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@buycom.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@cartoonnetwork.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@cbs.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@chicagosuntimes.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@cz7.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@data1.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@data2.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@data3.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@data4.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@e-2dj6wjnyskcpkhp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@entrepreneur.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@h.starware[2].txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@harpo.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@komtrack[2].txt -> TrackingCookie.Komtrack : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@login.tracking101[2].txt -> TrackingCookie.Tracking101 : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@marthastewart.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@news.com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@ppms.popularix[2].txt -> TrackingCookie.Popularix : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@reciperewards.aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@sales.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@server3.web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@sonycorporate.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@try.starware[1].txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@webstat[2].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@www.adtrak[2].txt -> TrackingCookie.Adtrak : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Default\Cookies\default@yadro[2].txt -> TrackingCookie.Yadro : Cleaned with backup
C:\Documents and Settings\Default\Local Settings\Temp\Cookies\default@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Default\Local Settings\Temp\Cookies\default@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Default\Local Settings\Temp\Cookies\default@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\Default\Local Settings\Temp\Cookies\default@kmpads[2].txt -> TrackingCookie.Kmpads : Cleaned with backup
C:\Documents and Settings\Default\Local Settings\Temp\Cookies\default@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Default\Local Settings\Temp\Cookies\default@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Default\Local Settings\Temp\Cookies\default@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\Default\Local Settings\Temp\Cookies\default@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Default\Local Settings\Temp\temp.fr0DB4 -> Adware.Look2Me : Cleaned with backup
C:\Documents and Settings\Default\Local Settings\Temp\temp.fr7199 -> Adware.Look2Me : Cleaned with backup
C:\Documents and Settings\Default\Local Settings\Temporary Internet Files\Content.IE5\UZEBMX6R\AppWrap[1].exe -> Adware.AdURL : Cleaned with backup
C:\Documents and Settings\Default\Local Settings\Temporary Internet Files\Content.IE5\YX0Z65M5\AppWrap[1].exe -> Adware.AdURL : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\ѕуstem32\csrss.exe -> Downloader.PurityScan.cl : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\ѕуstem32\ѕуstem32\!update-3820.0000 -> Downloader.PurityScan.cl : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@media.top-banners[1].txt -> TrackingCookie.Top-banners : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\3RJI0TKF\drsmartload45a[1].exe -> Downloader.Adload.bo : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\3RJI0TKF\drsmartload[1].exe -> Downloader.Adload.bv : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\3RJI0TKF\gkyukar[1].cab/nr1rnqm8.exe -> Adware.Suggestor : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\3RJI0TKF\gkyukar[1].cab/mptft.exe -> Adware.SearchAssistant : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\3RJI0TKF\Installer[1].exe -> Adware.Look2Me : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\3RJI0TKF\stub_113_4_0_4_0[1].exe -> Downloader.TSUpdate.o : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\3RJI0TKF\webnexmk[1].exe -> Dropper.Agent.hl : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\4M5LYD55\drsmartload46a[1].exe -> Downloader.Adload.bo : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\BRAX4EY4\drsmartload849a[1].exe -> Downloader.Adload.bo : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\BRAX4EY4\installerwnus[1].exe -> Downloader.Qoologic.at : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\BRAX4EY4\MTE3NDI6ODoxNg[1].exe -> Downloader.Small.buy : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\BRAX4EY4\NNSCAA638[1].EXE -> Adware.NewDotNet : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\BRAX4EY4\numbsoft[1].exe -> Dropper.Agent.hl : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\BRAX4EY4\SS1001[1].exe -> Dropper.Small.qn : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\RI8MBX8M\comscore[1].exe -> Dropper.Agent.hl : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\RI8MBX8M\WHCC2[1].exe/whAgent.exe -> Adware.WebHancer : Cleaned with backup
C:\drsmartload1.exe -> Downloader.Adload.bv : Cleaned with backup
C:\drsmartload849a.exe -> Downloader.Adload.bo : Cleaned with backup
C:\keyboard25.exe -> Hijacker.StartPage.aju : Cleaned with backup
C:\MTE3NDI6ODoxNg.exe -> Downloader.Small.buy : Cleaned with backup
C:\newname25.exe -> Downloader.VB.abm : Cleaned with backup
C:\NNSCAA638.EXE -> Adware.NewDotNet : Cleaned with backup
C:\numbsoft.exe -> Dropper.Agent.hl : Cleaned with backup
C:\Program Files\AOD\timedata.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Common Files\zuiu\zuiua.exe -> Downloader.TSUpdate.l : Cleaned with backup
C:\Program Files\Common Files\zuiu\zuiud\zuiuc.dll -> Adware.TargetServer : Cleaned with backup
C:\Program Files\Common Files\zuiu\zuiul.exe -> Downloader.TSUpdate.p : Cleaned with backup
C:\Program Files\Common Files\zuiu\zuium.exe -> Downloader.TSUpdate.n : Cleaned with backup
C:\Program Files\Common Files\zuiu\zuiup.exe -> Downloader.TSUpdate.f : Cleaned with backup
C:\Program Files\MSN\mego.dll -> Downloader.Small.ctp : Cleaned with backup
C:\Program Files\Network Monitor\netmon.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Cleaned with backup
C:\Program Files\Snowball Wars\SnowballWars.exe -> Dropper.VB.mz : Cleaned with backup
C:\SS1001.exe -> Dropper.Small.qn : Cleaned with backup
C:\stub_113_4_0_4_0.exe -> Downloader.TSUpdate.o : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP981\A0054268.exe -> Downloader.Adload.bq : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP981\A0054276.exe -> Downloader.Adload.bv : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP981\A0054280.dll -> Downloader.Small.ctp : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP981\A0054281.exe -> Downloader.Small.ajc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP981\A0054283.exe -> Downloader.Small.ajc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP981\A0054285.exe -> Adware.Agent : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP982\A0054291.dll -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP982\A0054292.exe -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP982\A0054294.dll -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP982\A0054295.exe -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP982\A0054296.exe -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP982\A0054310.exe -> Downloader.Qoologic.at : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP982\A0054311.dll -> Adware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP982\snapshot\MFEX-3.DAT -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP982\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP982\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP983\A0054336.exe -> Downloader.Adload.bv : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP984\A0055361.exe -> Downloader.Adload.bv : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP985\A0055584.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP985\A0055585.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP985\A0055587.exe -> Adware.CommAd : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP985\A0055588.dll -> Adware.CommAd : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP985\A0055589.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP985\A0055601.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP985\A0055613.exe -> Adware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP985\A0055614.exe -> Adware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP985\A0055616.dll -> Adware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP985\A0055617.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP985\A0055628.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP985\A0055631.exe -> Adware.AdURL : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP985\A0055634.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP985\A0055647.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP985\A0055648.exe -> Adware.AdURL : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP985\A0055650.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP985\A0055679.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP985\A0055687.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP985\A0055699.exe -> Downloader.Adload.bv : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP985\A0055700.DLL -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP985\A0055709.exe -> Downloader.Small.buy : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP985\A0055710.exe/whAgent.exe -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP985\A0055711.DLL -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP985\A0055712.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP985\A0055718.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP985\A0055719.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP985\A0055730.exe -> Downloader.Adload.bv : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP985\A0055735.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP985\A0055736.dll -> Adware.CommAd : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP985\A0055747.exe -> Downloader.Adload.bv : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP985\A0055765.exe -> Adware.AdURL : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP986\A0055778.exe -> Adware.Suggestor : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP986\A0055780.exe -> Downloader.Small.buy : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP986\A0055784.dll -> Adware.Look2Me : Cleaned with backup
C:\warebundle.exe -> Adware.Look2Me : Cleaned with backup
C:\webnexmk.exe -> Dropper.Agent.hl : Cleaned with backup
C:\WINDOWS\drsmartload45a.exe -> Downloader.Adload.bo : Cleaned with backup
C:\WINDOWS\drsmartload46a.exe -> Downloader.Adload.bo : Cleaned with backup
C:\WINDOWS\drsmartload849a.exe -> Downloader.Adload.bo : Cleaned with backup
C:\WINDOWS\icont.exe -> Adware.AdURL : Cleaned with backup
C:\WINDOWS\msnupdate.exe -> Downloader.Adload.bq : Cleaned with backup
C:\WINDOWS\NDNuninstall6_38.exe -> Adware.NewDotNet : Cleaned with backup
C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup
C:\WINDOWS\RGVmYXVsdA\asappsrv.dll -> Adware.CommAd : Cleaned with backup
C:\WINDOWS\RGVmYXVsdA\command.exe -> Adware.CommAd : Cleaned with backup
C:\WINDOWS\save.exe/VVSN.exe -> Adware.SaveNow : Cleaned with backup
C:\WINDOWS\save.exe/VVSN.exe -> Adware.SaveNow : Cleaned with backup
C:\WINDOWS\SYSTEM32\DDDXOF.DLL -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\dmonwv.dll -> Downloader.Agent.agw : Cleaned with backup
C:\WINDOWS\SYSTEM32\dwdsregt.exe -> Adware.ZenoSearch : Cleaned with backup
C:\WINDOWS\SYSTEM32\fpj0031me.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\jSvart.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\m4po0e73eh.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\mptft.exe -> Adware.SearchAssistant : Cleaned with backup
C:\WINDOWS\SYSTEM32\mwinqqez.exe -> Adware.ZenoSearch : Cleaned with backup
C:\WINDOWS\SYSTEM32\ppdsregk.exe -> Adware.ZenoSearch : Cleaned with backup
C:\WINDOWS\SYSTEM32\qpaqe.dat -> Downloader.Qoologic.bj : Cleaned with backup
C:\WINDOWS\SYSTEM32\ssec.exe -> Trojan.Runner.h : Cleaned with backup
C:\WINDOWS\SYSTEM32\tfthot.exe -> Adware.SearchAssistant : Cleaned with backup
C:\WINDOWS\SYSTEM32\tzpmon.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\ZICORN003.exe -> Adware.ZenoSearch : Cleaned with backup
C:\WINDOWS\system32ssec.exe -> Trojan.Runner.h : Cleaned with backup
C:\WINDOWS\system32tfthot.exe -> Adware.SearchAssistant : Cleaned with backup
C:\WINDOWS\Temp\!update.exe -> Downloader.PurityScan.cl : Cleaned with backup
C:\WINDOWS\Temp\bw2.com -> Adware.AdURL : Cleaned with backup
C:\WINDOWS\Temp\Cookies\default@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\WINDOWS\Temp\Cookies\default@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\WINDOWS\Temp\Cookies\default@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\WINDOWS\Temp\E3E3F5.tmp/nr1rnqm8.exe -> Adware.Suggestor : Cleaned with backup
C:\WINDOWS\Temp\E3E3F5.tmp/mptft.exe -> Adware.SearchAssistant : Cleaned with backup
C:\WINDOWS\Temp\f276000.exe -> Downloader.Qoologic.bj : Cleaned with backup
C:\WINDOWS\Temp\i3F6.tmp -> Adware.SurfSide : Cleaned with backup
C:\WINDOWS\unwn.exe -> Trojan.Qoologic : Cleaned with backup
C:\WINDOWS\wmiapsv.exe -> Backdoor.SdBot.aad : Cleaned with backup
C:\ZIGID003.exe -> Adware.ZenoSearch : Cleaned with backup


::Report End
LS CalamityJane
Jun 6 2006, 01:50 AM
I'll come back to the Ewido logs...right now, let's get the Qoologic trojan

Please download Brute Force Uninstaller to your desktop.
  • Right click the BFU zip file on your desktop, and choose Extract All
  • Click "Next"
  • In the box to choose where to extract the files to,
  • Click "Browse"
  • Click on the + sign next to "My Computer"
  • Click on "Local Disk (C:) or whatever your primary drive is
  • Click "Make New Folder"
  • Type in BFU
  • Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
3. [*]Download qoofix.bat (rightclick on this link and
choose save as)

[*]Place qoofix.bat in your C:\BFU - folder. (Important!)

[*]Doubleclick qooFix.bat, Close all browsers and explorer folders.

[*]Choose option 1 (Qoolfix autofix) and follow the prompts.

[*]Please be patient, it will take about five minutes.

[*]After the PC has restarted please post another hijackthis log.
bers55
Jun 6 2006, 02:22 AM
Here is the new hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 9:15:59 PM, on 6/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\PROGRA~1\SYMANT~1.1\DefWatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\PROGRA~1\SYMANT~1.1\Rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\SYMANT~1.1\vptray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\AOL\1103768149\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ssn6tuu.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Digital Line Detect\DLG.exe
c:\program files\common files\aol\1103768149\ee\aolsoftware.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\HJT\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalot.com/search.asp?si=20065&k=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=20065&k=
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
O2 - BHO: Yvakt Class - {5C3E6596-C64F-48E0-AC1E-B9C6EB3A5915} - C:\WINDOWS\system32\x3cqp0.dll
O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1.1\vptray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1103768149\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Hhl7RfpJ] "C:\WINDOWS\system32\ssn6tuu.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Zeno.lnk = C:\WINDOWS\SYSTEM32\mwinqqez.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Mah Jong Garden by pogo - http://mahjong2.pogo.com/applet-5.9.0.18/m...g-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://holdem2.pogo.com/applet-6.0.3.28/ho...m-ob-assets.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsc...72/mcinsctl.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundl...ArcadeRdxIE.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmg...,15/mcgdmgr.cab
O18 - Filter: text/html - {624A3CDB-8C0A-4902-8480-191582C8498E} - C:\WINDOWS\system32\x3cqp0.dll
O20 - Winlogon Notify: Control Panel - C:\WINDOWS\system32\lt4027hmg.dll (file missing)
O20 - Winlogon Notify: SharedDLLs - C:\WINDOWS\system32\guard.tmp (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1.1\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1.1\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Microsoft Performance WMI Adapter AddOn (WMIPervAddOn) - Unknown owner - C:\WINDOWS\wmiapsv.exe (file missing)
LS CalamityJane
Jun 6 2006, 01:15 PM
Getting there. You had a ton of nasties on that system! ohmy.gif

Make a copy of these instructions so you have them handy, as the next steps need to be done with all browsers closed, so you won't be viewing this page. Have ONLY HijackThis open, and close any other open windows.

Close all browsers and any open Windows. Open HijackThis and do a *scan only* When it finishes, put a checkmark against these entries, then press the *fix checked* button:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalot.com/search.asp?si=20065&k=

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=20065&k=

R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)

O2 - BHO: Yvakt Class - {5C3E6596-C64F-48E0-AC1E-B9C6EB3A5915} - C:\WINDOWS\system32\x3cqp0.dll

O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)

O4 - HKLM\..\Run: [Hhl7RfpJ] "C:\WINDOWS\system32\ssn6tuu.exe"

O4 - Startup: Zeno.lnk = C:\WINDOWS\SYSTEM32\mwinqqez.exe

O18 - Filter: text/html - {624A3CDB-8C0A-4902-8480-191582C8498E} - C:\WINDOWS\system32\x3cqp0.dll

O20 - Winlogon Notify: Control Panel - C:\WINDOWS\system32\lt4027hmg.dll (file missing)

O20 - Winlogon Notify: SharedDLLs - C:\WINDOWS\system32\guard.tmp (file missing)

O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)

O23 - Service: Microsoft Performance WMI Adapter AddOn (WMIPervAddOn) - Unknown owner - C:\WINDOWS\wmiapsv.exe (file missing)

Delete these files and/or folders (if found)

C:\WINDOWS\system32\x3cqp0.dll

C:\WINDOWS\system32\ssn6tuu.exe

C:\WINDOWS\SYSTEM32\mwinqqez.exe

C:\Program Files\Network Monitor (folder)

Reboot your PC.

After reboot, scan again with Adaware SE and let it remove any critical objects found.

Please can you make sure that you are using
Ad-aware SE Build 106r1
Note: If your version is 6.0 and not the SE, you need to uninstall and get the latest version from the above link.

[if not Uninstall your old Ad-aware first then install SE]
Then use the WebUpDate
to get the latest Definition file
SE1R110 31.05.2006
To do this Open Ad-aware
Click the WebUpDate
button at the top right hand side of the Ad-aware screen (The world globe).
Click "Connect"
Ad-aware will then download the latest Definition file for you.
To make sure it is updated , look at the main
Ad-aware screen, and look under "Initialization Status"
It should say the Latest Definition file.
then scan doing a "Full Scan" and then post your logfile here by using the Add-Reply Feature .
As Logs are stored in :
C:\Documents and Settings\USERNAME\Application Data\Lavasoft\Ad-aware\Logs\.
An easy way to get there is to
click Start,
click Run
And type in and press ENTER: %appdata%
then click Lavasoft
then Ad-Aware
and then Logs.
scroll down to find the latest one that you have
(by date & time)
and open it right Click select all
copy and then paste the contents of it here.
(Make sure that all of your Logfile has been posted, sometimes it will require two post's to get it all)
I recommend that you use the WebUpDate just before you scan that way you will always be up to date.

(note The Application Data is a hidden folder, so you will need to show hidden files and folders)
....................
Also, please scan with HijackThis to make a fresh HijackThis log and post that log along with the Adaware scan log.
bers55
Jun 6 2006, 09:35 PM
This is the log that was shown after I did the scan it said show logfile so this should be right.

Ad-Aware SE Build 1.06r1
Logfile Created on:Tuesday, June 06, 2006 4:00:49 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R110 31.05.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Adware.Look2Me(TAC index:7):1 total references
Adware.Yazzle(TAC index:7):2 total references
CmdServices(TAC index:4):4 total references
MRU List(TAC index:0):10 total references
Targetsaver(TAC index:8):1 total references
Tracking Cookie(TAC index:3):11 total references
Win32.Trojan.Downloader(TAC index:10):8 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


6-6-2006 4:00:49 PM - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Documents and Settings\Default\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office


MRU List Object Recognized!
Location: : C:\Documents and Settings\Default\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-250459187-3625880845-85471822-1007\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-250459187-3625880845-85471822-1007\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-250459187-3625880845-85471822-1007\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant


MRU List Object Recognized!
Location: : S-1-5-21-250459187-3625880845-85471822-1007\software\microsoft\windows\currentversion\applets\wordpad\recent file list
Description : list of recent files opened using wordpad


MRU List Object Recognized!
Location: : S-1-5-21-250459187-3625880845-85471822-1007\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-250459187-3625880845-85471822-1007\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-250459187-3625880845-85471822-1007\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 800
ThreadCreationTime : 6-6-2006 7:58:30 PM
BasePriority : Normal


#:2 [winlogon.exe]
FilePath : \??\C:\WINDOWS\System32\
ProcessID : 876
ThreadCreationTime : 6-6-2006 7:58:32 PM
BasePriority : High


#:3 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 920
ThreadCreationTime : 6-6-2006 7:58:33 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:4 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 932
ThreadCreationTime : 6-6-2006 7:58:33 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:5 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1080
ThreadCreationTime : 6-6-2006 7:58:35 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1172
ThreadCreationTime : 6-6-2006 7:58:36 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1584
ThreadCreationTime : 6-6-2006 7:58:39 PM
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:8 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1720
ThreadCreationTime : 6-6-2006 7:58:39 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:9 [aolacsd.exe]
FilePath : C:\Program Files\Common Files\AOL\ACS\
ProcessID : 1752
ThreadCreationTime : 6-6-2006 7:58:39 PM
BasePriority : Normal
FileVersion : 3.0.0.1
ProductVersion : 3.0.0.1
ProductName : AOL Connectivity Service
CompanyName : America Online
FileDescription : AOL Connectivity Service
InternalName : AOLacsd
LegalCopyright : Copyright © 2004 America Online
OriginalFilename : AOLacsd.exe

#:10 [aoltsmon.exe]
FilePath : C:\Program Files\Common Files\AOL\TopSpeed\2.0\
ProcessID : 1796
ThreadCreationTime : 6-6-2006 7:58:40 PM
BasePriority : Normal
FileVersion : 2, 0, 0, 0
ProductVersion : 2, 0, 0, 0
ProductName : AOL TopSpeed™ Monitor
CompanyName : America Online, Inc
FileDescription : AOL TopSpeed™ Monitor
InternalName : AOL TopSpeed™ Monitor
LegalCopyright : Copyright © 2004 America Online, Inc.
OriginalFilename : aoltsmon.exe

#:11 [mainserv.exe]
FilePath : C:\Program Files\APC\APC PowerChute Personal Edition\
ProcessID : 1884
ThreadCreationTime : 6-6-2006 7:58:41 PM
BasePriority : Normal
FileVersion : 1, 3, 0, 0
ProductVersion : 1, 3, 0, 0
ProductName : APC PowerChute Personal Edition
CompanyName : American Power Conversion Corporation
FileDescription : Battery backup management service
InternalName : PowerChute
LegalCopyright : Copyright © 2002
OriginalFilename : PowerChute
Comments : Battery backup management service

#:12 [directcd.exe]
FilePath : C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\
ProcessID : 216
ThreadCreationTime : 6-6-2006 7:58:43 PM
BasePriority : Normal
FileVersion : 5.3.4.21
ProductVersion : 5.3.4.21
ProductName : DirectCD
CompanyName : Roxio
FileDescription : DirectCD Application
InternalName : DirectCD
LegalCopyright : Copyright © 2001,2002, Roxio, Inc.
OriginalFilename : Directcd.exe

#:13 [vptray.exe]
FilePath : C:\PROGRA~1\SYMANT~1.1\
ProcessID : 224
ThreadCreationTime : 6-6-2006 7:58:43 PM
BasePriority : Normal
FileVersion : 8.1.1.336
ProductVersion : 8.1.1.336
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus
LegalCopyright : Copyright © Symantec Corporation 1991-2003

#:14 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.5.0_06\bin\
ProcessID : 232
ThreadCreationTime : 6-6-2006 7:58:43 PM
BasePriority : Normal


#:15 [aolsoftware.exe]
FilePath : C:\Program Files\Common Files\AOL\1103768149\ee\
ProcessID : 240
ThreadCreationTime : 6-6-2006 7:58:43 PM
BasePriority : Normal
FileVersion : 1.4.9.1
ProductVersion : 1.4.9.1
ProductName : AOL Service Libraries
CompanyName : America Online, Inc.
FileDescription : AOL
InternalName : AOLSoftware
LegalCopyright : © 2005 America Online, Inc.
OriginalFilename : AOLSoftware.exe

#:16 [aoldial.exe]
FilePath : C:\Program Files\Common Files\AOL\ACS\
ProcessID : 248
ThreadCreationTime : 6-6-2006 7:58:43 PM
BasePriority : Normal
FileVersion : 3.0.0.1
ProductVersion : 3.0.0.1
ProductName : AOL Connectivity Service
CompanyName : America Online
FileDescription : AOL Connectivity Service Dialer
InternalName : AOLdial
LegalCopyright : Copyright © 2004 America Online
OriginalFilename : AOLdial.exe

#:17 [diagent.exe]
FilePath : C:\Program Files\Creative\SBLive\Diagnostics\
ProcessID : 296
ThreadCreationTime : 6-6-2006 7:58:43 PM
BasePriority : Normal
FileVersion : 1, 1, 4, 0
ProductVersion : 1.01.04
ProductName : Creative Diagnostics Agent
CompanyName : Creative Technology Ltd
FileDescription : Creative Diagnostics Agent
InternalName : Creative Diagnostics Agent
LegalCopyright : Copyright © 2002 Creative Technology Ltd
OriginalFilename : diagent.exe

#:18 [hpztsb04.exe]
FilePath : C:\WINDOWS\system32\spool\drivers\w32x86\3\
ProcessID : 308
ThreadCreationTime : 6-6-2006 7:58:43 PM
BasePriority : Normal
FileVersion : 2,80,0,0
ProductVersion : 2,80,0,0
ProductName : HP DeskJet
CompanyName : HP
LegalCopyright : Copyright © Hewlett-Packard Company 1999-2001

#:19 [ituneshelper.exe]
FilePath : C:\Program Files\iTunes\
ProcessID : 332
ThreadCreationTime : 6-6-2006 7:58:44 PM
BasePriority : Normal
FileVersion : 6.0.4.2
ProductVersion : 6.0.4.2
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2006 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe

#:20 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 340
ThreadCreationTime : 6-6-2006 7:58:44 PM
BasePriority : Normal
FileVersion : 7.0.4
ProductVersion : QuickTime 7.0.4
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
FileDescription : QuickTime Task
InternalName : QuickTime Task
LegalCopyright : Copyright Apple Computer, Inc. 1989-2006
OriginalFilename : QTTask.exe

#:21 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 356
ThreadCreationTime : 6-6-2006 7:58:44 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:22 [cisvc.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 624
ThreadCreationTime : 6-6-2006 7:58:45 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Content Index service
InternalName : cisvc.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : cisvc.exe

#:23 [dsagnt.exe]
FilePath : C:\Program Files\Dell Support\
ProcessID : 780
ThreadCreationTime : 6-6-2006 7:58:46 PM
BasePriority : Below Normal
FileVersion : 1, 1, 0, 73
ProductVersion : 1, 1, 0, 73
ProductName : Dell Support
CompanyName : Gteko Ltd.
FileDescription : Dell Support
InternalName : AUAgent
LegalCopyright : Copyright © 2000 - 2004 Gteko Ltd.
OriginalFilename : AUAgent.exe

#:24 [aim.exe]
FilePath : C:\Program Files\AIM\
ProcessID : 788
ThreadCreationTime : 6-6-2006 7:58:47 PM
BasePriority : Normal
FileVersion : 5.9.3861
ProductVersion : 5.9.3861
ProductName : AOL Instant Messenger
CompanyName : America Online, Inc.
FileDescription : AOL Instant Messenger
InternalName : AIM
LegalCopyright : Copyright © 1996-2005 America Online, Inc.
OriginalFilename : AIM.EXE

#:25 [ctsvccda.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1092
ThreadCreationTime : 6-6-2006 7:58:49 PM
BasePriority : Normal
FileVersion : 1.0.1.0
ProductVersion : 1.0.0.0
ProductName : Creative Service for CDROM Access
CompanyName : Creative Technology Ltd
FileDescription : Creative Service for CDROM Access
InternalName : CTsvcCDAEXE
LegalCopyright : Copyright © Creative Technology Ltd., 1999. All rights reserved.
OriginalFilename : CTsvcCDA.EXE

#:26 [waol.exe]
FilePath : C:\Program Files\America Online 9.0b\
ProcessID : 1096
ThreadCreationTime : 6-6-2006 7:58:49 PM
BasePriority : Idle


#:27 [defwatch.exe]
FilePath : C:\PROGRA~1\SYMANT~1.1\
ProcessID : 1300
ThreadCreationTime : 6-6-2006 7:58:51 PM
BasePriority : Normal
FileVersion : 8.1.1.336
ProductVersion : 8.1.1.336
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Virus Definition Daemon
InternalName : DefWatch
LegalCopyright : Copyright © 1998 Symantec Corporation
OriginalFilename : DefWatch.exe

#:28 [ewidoctrl.exe]
FilePath : C:\Program Files\ewido anti-malware\
ProcessID : 1452
ThreadCreationTime : 6-6-2006 7:58:51 PM
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : ewido control
CompanyName : ewido networks
FileDescription : ewido control
InternalName : ewido control
LegalCopyright : Copyright © 2004
OriginalFilename : ewidoctrl.exe

#:29 [reader_sl.exe]
FilePath : C:\Program Files\Adobe\Acrobat 7.0\Reader\
ProcessID : 1476
ThreadCreationTime : 6-6-2006 7:58:52 PM
BasePriority : Normal
FileVersion : 7.0.5.2005092300
ProductVersion : 7.0.5.2005092300
ProductName : Adobe Acrobat
CompanyName : Adobe Systems Incorporated
FileDescription : Adobe Acrobat SpeedLauncher
LegalCopyright : Copyright 1984-2005 Adobe Systems Incorporated and its licensors. All rights reserved.
OriginalFilename : AcroSpeedLaunch.exe

#:30 [ewidoguard.exe]
FilePath : C:\Program Files\ewido anti-malware\
ProcessID : 1488
ThreadCreationTime : 6-6-2006 7:58:52 PM
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : guard
CompanyName : ewido networks
FileDescription : guard
InternalName : guard
LegalCopyright : Copyright © 2004
OriginalFilename : guard.exe

#:31 [dlg.exe]
FilePath : C:\Program Files\Digital Line Detect\
ProcessID : 1572
ThreadCreationTime : 6-6-2006 7:58:52 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : BVRP Software TestLine
CompanyName : BVRP Software
FileDescription : Digital Line Detection
InternalName : TestLine
LegalCopyright : Copyright © 2001
OriginalFilename : TestLine.exe

#:32 [aolsoftware.exe]
FilePath : c:\program files\common files\aol\1103768149\ee\
ProcessID : 480
ThreadCreationTime : 6-6-2006 7:58:56 PM
BasePriority : Normal
FileVersion : 1.4.9.1
ProductVersion : 1.4.9.1
ProductName : AOL Service Libraries
CompanyName : America Online, Inc.
FileDescription : AOL
InternalName : AOLSoftware
LegalCopyright : © 2005 America Online, Inc.
OriginalFilename : AOLSoftware.exe

#:33 [rtvscan.exe]
FilePath : C:\PROGRA~1\SYMANT~1.1\
ProcessID : 548
ThreadCreationTime : 6-6-2006 7:58:58 PM
BasePriority : Normal
FileVersion : 8.1.1.336
ProductVersion : 8.1.1.336
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus
LegalCopyright : Copyright © Symantec Corporation 1991-2003

#:34 [nvsvc32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 760
ThreadCreationTime : 6-6-2006 7:59:01 PM
BasePriority : Normal
FileVersion : 6.14.10.7730
ProductVersion : 6.14.10.7730
ProductName : NVIDIA Driver Helper Service, Version 77.30
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 77.30
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:35 [mspmspsv.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1272
ThreadCreationTime : 6-6-2006 7:59:02 PM
BasePriority : Normal
FileVersion : 7.00.00.1954
ProductVersion : 7.00.00.1954
ProductName : Microsoft ® DRM
CompanyName : Microsoft Corporation
FileDescription : WMDM PMSP Service
InternalName : MSPMSPSV.EXE
LegalCopyright : Copyright © Microsoft Corp. 1981-2000
OriginalFilename : MSPMSPSV.EXE

#:36 [apcsystray.exe]
FilePath : C:\Program Files\APC\APC PowerChute Personal Edition\
ProcessID : 1952
ThreadCreationTime : 6-6-2006 7:59:04 PM
BasePriority : Normal
FileVersion : 1, 3, 0, 0
ProductVersion : 1, 3, 0, 0
ProductName : APC PowerChute Personal Edition
CompanyName : American Power Conversion Corporation
FileDescription : PowerChute system tray power icon
InternalName : PowerChute
LegalCopyright : Copyright © 2002
OriginalFilename : PowerChute
Comments : PowerChute system tray power icon

#:37 [ipodservice.exe]
FilePath : C:\Program Files\iPod\bin\
ProcessID : 2368
ThreadCreationTime : 6-6-2006 7:59:14 PM
BasePriority : Normal
FileVersion : 6.0.4.2
ProductVersion : 6.0.4.2
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2006 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe

#:38 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 1280
ThreadCreationTime : 6-6-2006 7:59:49 PM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:39 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1420
ThreadCreationTime : 6-6-2006 7:59:50 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:40 [wuauclt.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2468
ThreadCreationTime : 6-6-2006 7:59:56 PM
BasePriority : Normal
FileVersion : 5.8.0.2469 built by: lab01_n(wmbla)
ProductVersion : 5.8.0.2469
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 10


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 10


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 10


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@zedo[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:default@zedo.com/
Expires : 6-3-2016 12:51:06 AM
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@tribalfusion[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:default@tribalfusion.com/
Expires : 12-31-2037 8:00:00 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@2o7[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:13
Value : Cookie:default@2o7.net/
Expires : 6-5-2011 4:00:22 PM
LastSync : Hits:13
UseCount : 0
Hits : 13

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@mediaplex[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:default@mediaplex.com/
Expires : 6-21-2009 8:00:00 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@atdmt[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:default@atdmt.com/
Expires : 6-4-2011 8:00:00 PM
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@data.coremetrics[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:default@data.coremetrics.com/
Expires : 6-4-2021 10:01:32 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@ehg-dig.hitbox[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:default@ehg-dig.hitbox.com/
Expires : 6-6-2007 12:49:28 AM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@cgi-bin[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:default@imrworldwide.com/cgi-bin
Expires : 6-3-2016 12:51:06 AM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@advertising[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:15
Value : Cookie:default@advertising.com/
Expires : 6-5-2011 2:44:46 PM
LastSync : Hits:15
UseCount : 0
Hits : 15

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@doubleclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:6
Value : Cookie:default@doubleclick.net/
Expires : 6-5-2009 12:45:42 AM
LastSync : Hits:6
UseCount : 0
Hits : 6

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@hitbox[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:default@hitbox.com/
Expires : 6-6-2007 12:49:28 AM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 11
Objects found so far: 21



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

CmdServices Object Recognized!
Type : File
Data : installer[3].exe
TAC Rating : 4
Category : Adware
Comment :
Object : C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\3RJI0TKF\
FileVersion : 1.0.1
CompanyName :
FileDescription : Command Desktop Setup
LegalCopyright :
Comments : This installation was built with Inno Setup: http://www.innosetup.com


Win32.Trojan.Downloader Object Recognized!
Type : File
Data : WinUpdate.exe
TAC Rating : 10
Category : Malware
Comment :
Object : C:\Program Files\Windows\



Win32.Trojan.Downloader Object Recognized!
Type : File
Data : A0054284.exe
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP981\



CmdServices Object Recognized!
Type : File
Data : A0055583.dll
TAC Rating : 4
Category : Adware
Comment :
Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP985\



Targetsaver Object Recognized!
Type : File
Data : A0055713.exe
TAC Rating : 8
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP985\



Win32.Trojan.Downloader Object Recognized!
Type : File
Data : A0055859.exe
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP986\



Win32.Trojan.Downloader Object Recognized!
Type : File
Data : A0055863.exe
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP986\



Adware.Yazzle Object Recognized!
Type : File
Data : Trelew.exe
TAC Rating : 7
Category : Malware
Comment :
Object : C:\



Adware.Look2Me Object Recognized!
Type : File
Data : VSL02.exe
TAC Rating : 7
Category : Adware
Comment :
Object : C:\



Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 30


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 30




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

CmdServices Object Recognized!
Type : Regkey
Data :
TAC Rating : 4
Category : Adware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\controlset001\services\cmdservice

CmdServices Object Recognized!
Type : Regkey
Data :
TAC Rating : 4
Category : Adware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\services\cmdservice

Win32.Trojan.Downloader Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\drsmartload2

Win32.Trojan.Downloader Object Recognized!
Type : File
Data : drsmartload2.dat
TAC Rating : 10
Category : Malware
Comment :
Object : C:\WINDOWS\\



Win32.Trojan.Downloader Object Recognized!
Type : File
Data : teller2.chk
TAC Rating : 10
Category : Malware
Comment :
Object : C:\WINDOWS\



Win32.Trojan.Downloader Object Recognized!
Type : File
Data : drsmartload2.dat
TAC Rating : 10
Category : Malware
Comment :
Object : C:\WINDOWS\



Adware.Yazzle Object Recognized!
Type : Folder
TAC Rating : 7
Category : Malware
Comment : Adware.Yazzle
Object : C:\Program Files\Snowball Wars

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 7
Objects found so far: 37

4:22:12 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:21:23.78
Objects scanned:179783
Objects identified:27
Objects ignored:0
New critical objects:27
bers55
Jun 6 2006, 09:39 PM
Yay the ad-aware log was able to fit on one post.

Here's the hijack log

Logfile of HijackThis v1.99.1
Scan saved at 4:37:03 PM, on 6/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\SYMANT~1.1\vptray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\AOL\1103768149\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\America Online 9.0b\waol.exe
C:\PROGRA~1\SYMANT~1.1\DefWatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\SYMANT~1.1\Rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\America Online 9.0b\shellmon.exe
C:\WINDOWS\System32\cidaemon.exe
c:\program files\common files\aol\1103768149\ee\aolsoftware.exe
C:\HJT\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1.1\vptray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1103768149\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0b\AOL.EXE" -b
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Mah Jong Garden by pogo - http://mahjong2.pogo.com/applet-5.9.0.18/m...g-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://holdem2.pogo.com/applet-6.0.3.28/ho...m-ob-assets.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsc...72/mcinsctl.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundl...ArcadeRdxIE.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmg...,15/mcgdmgr.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1.1\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1.1\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Microsoft Performance WMI Adapter AddOn (WMIPervAddOn) - Unknown owner - C:\WINDOWS\wmiapsv.exe (file missing)
LS CalamityJane
Jun 6 2006, 11:26 PM
Good job! smile.gif

I missed one registry entry however. Open HijackThis and do a *scan only*. When it finishes, checkmark this entry and then press *fix checked*

O23 - Service: Microsoft Performance WMI Adapter AddOn (WMIPervAddOn) - Unknown owner - C:\WINDOWS\wmiapsv.exe (file missing)

Hopefully, everything looks good now on your end.

Now that your PC is clean, make sure all programs are running properly and then you'll need to reset your restore point in Windows XP.......why?

One of the best features of Windows ME or XP is the System Restore option, however if a malware infects a computer with this operating system it can be backed up in the System Restore folder. Therefore, clearing the restore points is necessary after malware removal.

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(winXP)

1. Turn off System Restore.
Go to Start and right-click on *My Computer*.
Click Properties.
Click the System Restore tab.
Put a Checkmark in the box next to "Turn off System Restore".
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
Go to Start and right-click on *My Computer*.
Click Properties.
Click the System Restore tab.
Remove the checkmark next to "Turn off System Restore".
Click Apply, and then click OK.

How to Turn On and Turn Off System Restore in Windows XP
http://support.microsoft.com/default.aspx?...kb;en-us;310405

Next, I highly recommend you get some extra protection to prevent future infections. Here are some things you can do and some free programs to help smile.gif.
How do I prevent Browser Hijacks and Spyware?
http://www.dslreports.com/faq/13620

I'm happy to see you have SP2 installed. That will address numerous security issues in your Operating System and IE
Make sure that you keep your Operating System and IE updated with the latest Critical Security Updates from Microsoft...they usually come out once a month, on the 2nd Tuesday of each month. This is the first step in malware prevention, as many nasties now take advantage of new exploits and if not patched, you are vulnerable!
Windows Update
http://update.microsoft.com/microsoftupdate/

And see this link for instructions on how to configure the enhanced security features in SP2:
http://www.microsoft.com/technet/security/...xp/iesecxp.mspx

I also highly recommend to get the free tool, Microsoft Baseline Security Analyzer (MBSA) from Microsoft to analyze your PC security for prevention purposes.

MBSA Version 2.0 will scan for common system misconfigurations on Windows 2000, Windows XP, and Windows Server 2003 systems. This program will identify the system security weaknesses in your browser and operating system and provides easy instructions to correct them. This includes any missing critical Windows security updates, system vulnerabilities and your IE Browser security settings. Get the download here:
Microsoft Baseline Security Analyzer
http://www.microsoft.com/technet/security/...s/mbsahome.mspx
Choose MBSAsetup-EN.msi = (English Version) or the language appropriate for you.
bers55
Jun 7 2006, 12:25 AM
Thanks so much! biggrin.gif

I might have had to buy a new computer if I didn't find this website. The computer seems fine now. Much better than when I had the virus. Hopefully it won't happen again and these new programs will stop it even more.

Thanks again.
LS CalamityJane
Jun 7 2006, 12:30 AM
You're welcome! Glad we could help biggrin.gif
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2010 Invision Power Services, Inc.