Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Can't remove pop-ups!

Started by smawpaws , Aug 20 2006 04:54 AM

  • Please log in to reply

#1
smawpaws
Posted 20 August 2006 - 04:54 AM

smawpaws

    Member

  • Member
  • PipPip
  • 38 posts
Hello all! My name is Julie, and my hubby downloaded something nasty today. I hope you can help. I have tried all of your suggestions in the sticky above and still can't be rid of it. Here is my hijack this log.


Logfile of HijackThis v1.99.1
Scan saved at 4:42:50 AM, on 8/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.fin...siteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalo.../search.asp?si=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalo.../search.asp?si=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://202.67.220.23...p;aid=md2_ewido
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\inkqv.exe
F2 - REG:system.ini: UserInit=userinit.exe,tirugkc.exe
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: Run BBDTMngr.exe.lnk = C:\Program Files\Bright Bug Software\Shared\Screen Savers\BBDTMngr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\BJ\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} (mm06ocx.mm06ocxf) - http://cabs.elitemed...s/mediaview.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120340141859
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredim...er/imloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{05BDD6F5-E35A-4274-B552-9ADB92CC57B3}: NameServer = 85.255.115.4,85.255.112.14
O17 - HKLM\System\CCS\Services\Tcpip\..\{82CD4EC1-2E5F-4ED9-84C0-0DC75C0CA10B}: NameServer = 85.255.115.4,85.255.112.14
O17 - HKLM\System\CS2\Services\Tcpip\..\{05BDD6F5-E35A-4274-B552-9ADB92CC57B3}: NameServer = 85.255.115.4,85.255.112.14
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: repairs303169590.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: Internet Settings - C:\WINDOWS\system32\irpsl5771.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\QmlsbHkgJiBKdWxpZSBTaGVkZA\command.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
  • 0

Advertisements

#2
Rawe
Posted 20 August 2006 - 06:01 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Welcome aboard, Julie. :whistling:

Download Combofix to your desktop:
  • Double-click combofix.exe & follow the prompts.
  • When finished, it shall produce a log for you. Post that log in your next reply.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  • 0

#3
smawpaws
Posted 20 August 2006 - 06:18 AM

smawpaws

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Here it is. May I ask what it is? Or, can I use it frequently? Thanks.




Owner - 06-08-20 6:01:47.65
ComboFix 06.08.18 - Running from: C:\Documents and Settings\Owner\Desktop

((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))

REGISTRY ENTRIES REMOVED:

[HKEY_CLASSES_ROOT\CLSID\{3A9D91EF-D903-47C0-AC40-58837B2F48B6}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3A9D91EF-D903-47C0-AC40-58837B2F48B6}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3A9D91EF-D903-47C0-AC40-58837B2F48B6}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3A9D91EF-D903-47C0-AC40-58837B2F48B6}\InprocServer32]
@="C:\\WINDOWS\\system32\\midsrv32.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{5D7201CF-E6C1-40A7-9B47-E4A89C5BF216}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5D7201CF-E6C1-40A7-9B47-E4A89C5BF216}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5D7201CF-E6C1-40A7-9B47-E4A89C5BF216}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5D7201CF-E6C1-40A7-9B47-E4A89C5BF216}\InprocServer32]
@="C:\\WINDOWS\\system32\\kqdlt1.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{8B5900CF-1353-4039-B8F9-B2A244230D3F}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8B5900CF-1353-4039-B8F9-B2A244230D3F}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8B5900CF-1353-4039-B8F9-B2A244230D3F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8B5900CF-1353-4039-B8F9-B2A244230D3F}\InprocServer32]
@="C:\\WINDOWS\\system32\\iIlmdnt5.dll"
"ThreadingModel"="Apartment"

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


FILES REMOVED:

C:\WINDOWS\system32\iIlmdnt5.dll
C:\WINDOWS\system32\ir22l5fo1.dll
C:\WINDOWS\system32\kqdlt1.dll
C:\WINDOWS\system32\ktlql7351.dll
C:\WINDOWS\system32\midsrv32.dll
C:\WINDOWS\system32\nhdsapi.dll
C:\WINDOWS\system32\oje2disp.dll
C:\WINDOWS\system32\p84ulih9184.dll
C:\WINDOWS\system32\q286lcls1fq6.dll


Granting sedebugprivilege to Administrators ... successful


((((((((((((((((((((((((((((((((((((((((((((( Qoologic's Log )))))))))))))))))))))))))))))))))))))))))))))))))))


* * * PRE-RUN - Filepaths extracted from the Registry * * * * * * * * * * * * * * * * * * * * * *


O4 - HKEY_CURRENT_USER\...\Run C:\WINDOWS\system32\retmve.exe
O4 - HKEY_LOCAL_MACHINE\...\Run C:\WINDOWS\system32\retmve.exe
F2 -REG:system.ini: Shell C:\WINDOWS\system32\inkqv.exe
F2 -REG:system.ini: UserInit C:\WINDOWS\system32\tirugkc.exe


* * * PRE-RUN - Filepaths from Locate * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


2006-08-20 04:46 234272 -r--s---- C:\WINDOWS\system32\kqdlt1.dll
2006-08-19 17:24 52 --a------ C:\WINDOWS\vpwvbl.dat
2006-08-19 17:24 51712 --a------ C:\WINDOWS\system32\xlsmmnn.dll
2006-08-19 17:24 28672 --a------ C:\WINDOWS\system32\inkqv.exe
2006-08-19 17:24 23552 --a------ C:\WINDOWS\system32\tirugkc.exe
2006-08-19 17:24 127488 --a------ C:\WINDOWS\system32\xbiph.dat
2006-08-19 17:24 127488 --a------ C:\WINDOWS\system32\retmve.exe
2006-08-19 17:24 127488 --a------ C:\Documents and Settings\All Users\Start Menu\Programs\Startup\klfnc.exe
2006-08-19 17:23 234272 -r--s---- C:\WINDOWS\system32\nhdsapi.dll
2006-08-19 17:15 45056 --a------ C:\WINDOWS\system32\ghynf.exe
2006-08-19 17:15 36864 --a------ C:\WINDOWS\system32\n9nyb.exe
2006-08-19 17:15 32768 --a------ C:\WINDOWS\system32\WinDmy.dll
2006-08-19 17:15 303104 --a------ C:\WINDOWS\system32\WinNB57.dll
2006-08-14 18:52 78848 --a------ C:\WINDOWS\system32\nsf86.dll
2006-07-20 16:31 36864 --a------ C:\WINDOWS\system32\zqskw.exe
2006-07-20 16:31 1163264 --a------ C:\WINDOWS\system32\wfxqhv.exe


* * * PRE-RUN - Filepaths extracted by Memory Dump * * * * * * * * * * * * * * * * * * * * * *


2006-08-19 17:24 127488 C:\WINDOWS\system32\retmve.exe
2006-08-19 17:24 51712 C:\WINDOWS\system32\xlsmmnn.dll
2006-08-19 17:24 23552 C:\WINDOWS\system32\tirugkc.exe
2006-08-19 17:24 127488 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\klfnc.exe
2006-08-20 05:57 494 C:\WINDOWS\qyatm.dll
2006-08-19 17:24 127488 C:\WINDOWS\system32\xbiph.dat
2006-08-19 17:24 28672 C:\WINDOWS\system32\inkqv.exe


* * * POST-RUN - Files in the Quarantine folder * * * * * * * * * * * * * * * * * * * * * * * * *


06-08-19 17:24 127488 klfnc.exe.qoo
06-08-19 17:24 127488 retmve.exe.qoo
06-08-19 17:24 127488 xbiph.dat.qoo
06-08-19 17:24 51712 xlsmmnn.dll.qoo
06-08-19 17:24 28672 inkqv.exe.qoo
06-08-19 17:24 23552 tirugkc.exe.qoo
06-08-19 17:24 52 vpwvbl.dat.qoo

DO NOT DELETE ANY FILES FROM THIS DIRECTORY UNLESS INSTRUCTED TO


((((((((((((((((((((((((((((((((((((((((((( E-Give / Ssk's Log )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\repairs303169590.dll
C:\Documents and Settings\Administrator\Application Data\Sskknwrd.dll
C:\Documents and Settings\Administrator\Application Data\Sskuknwrd.dll
C:\Documents and Settings\BJ\Application Data\Sskdmns.dll
C:\Documents and Settings\BJ\Application Data\Sskknwrd.dll
C:\Documents and Settings\Owner\Application Data\Sskdmns.dll
C:\Documents and Settings\Owner\Application Data\Sskknwrd.dll
C:\Documents and Settings\Owner\Application Data\Sskuknwrd.dll
C:\WINDOWS\system32\bk.exe
C:\Program Files\surfsidekick 3\Ssk.exe
C:\Program Files\surfsidekick 3\SskBho.dll
C:\Program Files\surfsidekick 3\SskCore.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\drsmartload2.dat
C:\WINDOWS\keyboard1.dat
C:\WINDOWS\newname.dat
C:\WINDOWS\teller2.chk
C:\dfndrff_11a.exe
C:\drsmartload.exe
C:\drsmartload1.exe
C:\drsmartload45a999.exe
C:\drsmartload46a999.exe
C:\drsmartload849a999.exe
C:\kybrdff_11a.exe
C:\MTE3NDI6ODoxNg.exe
C:\MTE3NDI6ODoxNgnew.exe
C:\nwnmff_11.exe
C:\stub_113_4_0_4_0newer.exe
C:\warebundlenewer.exe
C:\WINDOWS\system32\cmd.com
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\ping.com
C:\WINDOWS\system32\regedit.com
C:\WINDOWS\system32\taskkill.com
C:\WINDOWS\system32\tasklist.com
C:\WINDOWS\system32\tracert.com
C:\WINDOWS\system32\tsuninst.exe
C:\WINDOWS\system32\xeymi.dll
C:\deskbar.exe
C:\Installer3.exe
C:\mte3ndi6odoxng.exe
C:\ucmoreiex.exe
C:\WINDOWS\uninstall_nmon.vbs
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\Documents and Settings\NetworkService\Application Data\NetMon
C:\Program Files\Deskbar
C:\Program Files\outlook
C:\Program Files\TheSearchAccelerator
C:\Program Files\network monitor
C:\WINDOWS\QmlsbHkgJiBKdWxpZSBTaGVkZA
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Program Files\Common Files\SSTEM~1
C:\QooBox\Purity\Program Files\Common Files\YSTEM3~1
C:\QooBox\Purity\Program Files\Common Files\SSTEM~1\??chost.exe
C:\QooBox\Purity\Program Files\Common Files\YSTEM3~1\YSTEM3~1
C:\QooBox\Purity\WINDOWS\MANTEC~1
C:\QooBox\Purity\WINDOWS\PPATCH~1
C:\QooBox\Purity\WINDOWS\SKS~1


((((((((((((((((((((((((((((((( Files Created from 2006-07-20 to 2006-08-20 ))))))))))))))))))))))))))))))))))


2006-08-19 17:25 61,952 C:\WINDOWS\system32\yru3e83d.dll
2006-08-19 17:25 1,167 C:\WINDOWS\system32\yru3e83d.sys
2006-08-19 17:24 494 C:\WINDOWS\qyatm.dll
2006-08-19 17:24 29,696 C:\WINDOWS\system32\wc75bf41.dll
2006-08-19 17:24 284,816 C:\WINDOWS\ykwbmdtA.exe
2006-08-19 17:24 214,752 C:\Setup100.exe
2006-08-19 17:24 21,504 C:\WINDOWS\offun.exe
2006-08-19 17:24 186,223 C:\WINDOWS\srvlzakvwy.exe
2006-08-19 17:24 1,063,728 C:\WINDOWS\ykwbmdt.exe
2006-08-19 17:23 30,208 C:\SS1001newer.exe
2006-08-19 17:23 14,617 C:\WINDOWS\xload.exe
2006-08-19 17:16 110,592 C:\WINDOWS\v1201.exe
2006-08-19 17:15 57,344 C:\fym9bvo.exe
2006-08-19 17:15 53,120 C:\WINDOWS\optimize.exe
2006-08-19 17:15 48,190 C:\WINDOWS\RDFX4.exe
2006-08-19 17:15 45,056 C:\WINDOWS\system32ghynf.exe
2006-08-19 17:15 45,056 C:\WINDOWS\system32\ghynf.exe
2006-08-19 17:15 42,944 C:\WINDOWS\pop06ap2.exe
2006-08-19 17:15 40,960 C:\WINDOWS\webhdll.dll
2006-08-19 17:15 36,864 C:\WINDOWS\system32n9nyb.exe
2006-08-19 17:15 36,864 C:\WINDOWS\system32\zqskw.exe
2006-08-19 17:15 36,864 C:\WINDOWS\system32\n9nyb.exe
2006-08-19 17:15 36,608 C:\WINDOWS\nem220.dll
2006-08-19 17:15 32,768 C:\WINDOWS\whInstaller.exe
2006-08-19 17:15 32,768 C:\WINDOWS\unstall.exe
2006-08-19 17:15 32,768 C:\WINDOWS\system32\WinDmy.dll
2006-08-19 17:15 303,104 C:\WINDOWS\system32\WinNB57.dll
2006-08-19 17:15 28,672 C:\WINDOWS\system32bez6n4r21.exe
2006-08-19 17:15 28,672 C:\WINDOWS\system32\iqqr.exe
2006-08-19 17:15 28,672 C:\WINDOWS\system32\bez6n4r21.exe
2006-08-19 17:15 226,536 C:\WINDOWS\whCC-GIANT.exe
2006-08-19 17:15 159,744 C:\WINDOWS\system32\cvn0.exe
2006-08-19 17:15 139,264 C:\WINDOWS\MirarSetup_876075.exe
2006-08-19 17:15 115,160 C:\WINDOWS\Eim03.exe
2006-08-19 17:15 1,163,264 C:\WINDOWS\system32\wfxqhv.exe
2006-08-14 18:52 78,848 C:\WINDOWS\system32\nsf86.dll
2006-08-13 04:45 2 C:\WINDOWS\system32\wnsapisv.exe
2006-08-13 04:44 310,482 C:\WINDOWS\run2.exe
2006-08-11 10:05 155,648 C:\WINDOWS\sys101481255494.exe
2006-08-08 04:27 30,720 C:\WINDOWS\system32\ffJmpWeb.dll
2006-08-08 04:27 1,460,736 C:\WINDOWS\Hoover.scr
2006-08-08 04:21 38,400 C:\WINDOWS\DWUninst.exe
2006-08-08 04:21 258,016 C:\WINDOWS\system32\bouncy_pumpkins.scr
2006-08-08 04:17 850,432 C:\WINDOWS\Amazing Bubbles 3D.scr
2006-08-08 04:17 30,720 C:\WINDOWS\instbubl.exe
2006-08-08 04:11 993,360 C:\WINDOWS\Don't Touch My Computer 2.scr
2006-08-08 04:11 45,056 C:\WINDOWS\NCUNINST.EXe
2006-08-08 04:11 40,960 C:\WINDOWS\NCLAUNCH.EXe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-08-20 06:03 -------- d-a------ C:\Program Files\Common Files
2006-08-20 05:57 494 --a------ C:\WINDOWS\qyatm.dll
2006-08-20 05:05 25600 --ahs---- C:\Program Files\Thumbs.db
2006-08-20 04:47 -------- d-------- C:\Program Files\Calenz
2006-08-19 19:32 1167 --a------ C:\WINDOWS\system32\yru3e83d.sys
2006-08-19 17:25 61952 --a------ C:\WINDOWS\system32\yru3e83d.dll
2006-08-19 17:24 29696 --a------ C:\WINDOWS\system32\wc75bf41.dll
2006-08-19 17:24 214752 --a------ C:\Setup100.exe
2006-08-19 17:24 186223 --a------ C:\WINDOWS\srvlzakvwy.exe
2006-08-19 17:23 30208 --a------ C:\SS1001newer.exe
2006-08-19 17:23 14617 --a------ C:\WINDOWS\xload.exe
2006-08-19 17:19 -------- d-------- C:\Program Files\Common Files\kqiq
2006-08-19 17:16 2 --a------ C:\WINDOWS\system32\wnsapisv.exe
2006-08-19 17:16 110592 --a------ C:\WINDOWS\v1201.exe
2006-08-19 17:16 -------- d-------- C:\Program Files\Internet Explorer
2006-08-19 17:16 -------- d-------- C:\Program Files\Cowabanga
2006-08-19 17:15 57344 --a------ C:\fym9bvo.exe
2006-08-19 17:15 53120 --a------ C:\WINDOWS\optimize.exe
2006-08-19 17:15 48190 --a------ C:\WINDOWS\RDFX4.exe
2006-08-19 17:15 45056 --a------ C:\WINDOWS\system32ghynf.exe
2006-08-19 17:15 45056 --a------ C:\WINDOWS\system32\ghynf.exe
2006-08-19 17:15 42944 --a------ C:\WINDOWS\pop06ap2.exe
2006-08-19 17:15 36864 --a------ C:\WINDOWS\system32n9nyb.exe
2006-08-19 17:15 36864 --a------ C:\WINDOWS\system32\n9nyb.exe
2006-08-19 17:15 36608 --a------ C:\WINDOWS\nem220.dll
2006-08-19 17:15 32768 --a------ C:\WINDOWS\unstall.exe
2006-08-19 17:15 32768 --a------ C:\WINDOWS\system32\WinDmy.dll
2006-08-19 17:15 303104 --a------ C:\WINDOWS\system32\WinNB57.dll
2006-08-19 17:15 28672 --a------ C:\WINDOWS\system32bez6n4r21.exe
2006-08-19 17:15 28672 --a------ C:\WINDOWS\system32\iqqr.exe
2006-08-19 17:15 28672 --a------ C:\WINDOWS\system32\bez6n4r21.exe
2006-08-19 17:15 226536 --a------ C:\WINDOWS\whCC-GIANT.exe
2006-08-19 17:15 139264 --a------ C:\WINDOWS\MirarSetup_876075.exe
2006-08-19 17:15 115160 --a------ C:\WINDOWS\Eim03.exe
2006-08-19 17:15 -------- d-------- C:\Program Files\whInstall
2006-08-19 17:15 -------- d-------- C:\Program Files\MSN Gaming Zone
2006-08-19 17:15 -------- d-------- C:\Program Files\MSN
2006-08-19 17:15 -------- d-------- C:\Program Files\Internet Optimizer
2006-08-14 18:52 78848 --a------ C:\WINDOWS\system32\nsf86.dll
2006-08-13 04:49 -------- d-------- C:\Program Files\XemiComputers
2006-08-13 04:44 310482 --a------ C:\WINDOWS\run2.exe
2006-08-11 10:05 155648 --a------ C:\WINDOWS\sys101481255494.exe
2006-08-08 04:27 -------- d-------- C:\Program Files\Hoover
2006-08-08 04:27 -------- d-------- C:\Program Files\Free Offers from RI Soft Systems
2006-08-08 04:12 -------- d-------- C:\Program Files\Common Files\SWF Studio
2006-08-08 04:11 993360 --a------ C:\WINDOWS\Don't Touch My Computer 2.scr
2006-08-08 04:11 45056 --a------ C:\WINDOWS\NCUNINST.EXe
2006-08-08 04:11 40960 --a------ C:\WINDOWS\NCLAUNCH.EXe
2006-08-08 04:11 -------- d-------- C:\Program Files\NCBuy
2006-08-05 16:53 -------- d-------- C:\Documents and Settings\Owner\Application Data\Google
2006-07-28 20:32 -------- d-------- C:\Documents and Settings\Owner\Application Data\FrostWire
2006-07-28 20:18 -------- d-------- C:\Program Files\FrostWire
2006-07-28 20:13 -------- d-------- C:\Documents and Settings\Owner\Application Data\LimeWire
2006-07-28 00:50 -------- d-------- C:\Documents and Settings\Owner\Application Data\Macromedia
2006-07-26 15:49 159744 --a------ C:\WINDOWS\system32\cvn0.exe
2006-07-20 16:31 36864 --a------ C:\WINDOWS\system32\zqskw.exe
2006-07-20 16:31 1163264 --a------ C:\WINDOWS\system32\wfxqhv.exe
2006-07-02 01:04 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-07-02 01:04 -------- d-------- C:\Program Files\Google
2006-06-20 17:50 -------- d-------- C:\Program Files\Common Files\Roxio Shared
2006-06-20 17:35 -------- d-------- C:\Program Files\Roxio
2006-06-19 12:38 53248 --a------ C:\WINDOWS\uni_ehhhh.exe
2006-06-19 12:38 49152 --a------ C:\WINDOWS\uninst104.exe
2006-06-12 14:41 850432 --a------ C:\WINDOWS\Amazing Bubbles 3D.scr


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\\WINDOWS\\System32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"
"PE2CKFNT SE"="C:\\Program Files\\Ulead Systems\\Ulead Photo Express 2 SE\\ChkFont.exe"
"LVCOMS"="C:\\Program Files\\Common Files\\Logitech\\QCDriver2\\LVCOMS.EXE"
"LogitechGalleryRepair"="C:\\Program Files\\Logitech\\ImageStudio\\ISStart.exe"
"LogitechImageStudioTray"="C:\\Program Files\\Logitech\\ImageStudio\\LogiTray.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"WinPatrol"="C:\\PROGRA~1\\BILLPS~1\\WINPAT~1\\winpatrol.exe"
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\\Program Files\\Google\\Gmail Notifier\\gnotify.exe"
"MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\""
"Amazing3DAquariumWallpaper"=""
"HP Software Update"="\"C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe\""
"RoxioDragToDisc"="\"C:\\Program Files\\Roxio\\Easy Media Creator 7\\Drag to Disc\\DrgToDsc.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="C:\\PROGRA~1\\INCRED~1\\bin\\IncMail.exe /c"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"DW4"="\"C:\\Program Files\\The Weather Channel FW\\Desktop Weather\\DesktopWeather.exe\""
"MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus1.exe\" /WinStart"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"NCLaunch"="C:\\WINDOWS\\NCLAUNCH.EXe"
"Active Desktop Calendar"="C:\\Program Files\\XemiComputers\\Active Desktop Calendar\\ADC.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonceex]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000004

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="ewido shell guard"



Completion time: Sun 08/20/2006 6:12:15.90
ComboFix.txt

Edited by smawpaws, 20 August 2006 - 06:18 AM.

  • 0

#4
Rawe
Posted 20 August 2006 - 08:56 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
You should only use it if asked in situations like this :blink:

It's made specifically for a few infections, and to help the analysis but shouldn't be used by anyone that doesn't know what the log tells.

Sure does look better. Please uninstall your current Ewido Security Suite as it is an old version of the program. (IF you have the subscription payed and still active, you should easily be able to upgrade to the latest)

Then lets continue.

---

Please print these instructions out, or write them down, as you can't read them during the fix.

1. Please download Ewido Anti-spyware and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded Ewido Anti-spyware, locate the icon on the desktop and double-click it to launch the setup program.
  • Once the setup is complete you will need run Ewido and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
    • If you aren't able to finish the update within Ewido for a reason or another, you can install the manual updates here.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-select "Only if threats were found"
Close Ewido Anti-spyware, DO NOT run a scan just yet, we will shortly.

==

2. Please download Brute Force Uninstaller to your desktop.
  • Right-click the BFU folder on your desktop, and choose Extract All
  • Click "Next"
  • In the box to choose where to extract the files to,
  • Click "Browse"
  • Click on the + sign next to "My Computer"
  • Click on "Local Disk (C:) or whatever your primary drive is
  • Click "Make New Folder"
  • Type in BFU
  • Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
3. RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.
Save it in the same folder you made earlier (c:\BFU).

Do not do anything with these yet!

==

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

==

4. IMPORTANT: Do not open any other windows or programs while Ewido is scanning, it may interfere with the scanning process:
  • Lauch Ewido Anti-spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • Ewido will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close Ewido.
==

5. Then, please go to Start > My Computer and navigate to the C:\BFU folder.
  • Start the Brute Force Uninstaller by double-clicking BFU.exe
  • Behind the scriptline to execute field click the folder icon Posted Image and select alcanshorty.bfu
  • Press Execute and let it do it’s job. (You ought to see a progress bar if you did this correctly.)
  • Wait for the Complete script execution box to pop up and hit OK.
  • Press Exit to terminate the BFU program.
Reboot into normal Windows and post the contents of Ewido log that you saved along with a fresh HiJackThis log. :whistling:
  • 0

#5
smawpaws
Posted 21 August 2006 - 04:39 AM

smawpaws

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Alrighty..here they are. I was hoping everything would be cleaned, but I know that the psguard is still there. Ah well, how does it look?


---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 6:39:29 PM 8/20/2006

+ Scan result:



C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KXKB8TKR\AppWrap[1].exe -> Adware.AdURL : No action taken.
C:\Program Files\BraveSentry -> Adware.Bravesentry : No action taken.
C:\Program Files\BraveSentry\BraveSentry.exe -> Adware.Bravesentry : No action taken.
C:\Program Files\BraveSentry\BraveSentry.lic -> Adware.Bravesentry : No action taken.
C:\Program Files\BraveSentry\BraveSentry0.bs -> Adware.Bravesentry : No action taken.
C:\Program Files\BraveSentry\BraveSentry0.dll -> Adware.Bravesentry : No action taken.
C:\Program Files\BraveSentry\BraveSentry1.bs -> Adware.Bravesentry : No action taken.
C:\Program Files\BraveSentry\BraveSentry1.dll -> Adware.Bravesentry : No action taken.
C:\Program Files\BraveSentry\BraveSentry2.dll -> Adware.Bravesentry : No action taken.
C:\Program Files\BraveSentry\BraveSentry3.dll -> Adware.Bravesentry : No action taken.
C:\Program Files\BraveSentry\Uninstall.exe -> Adware.Bravesentry : No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BraveSentry -> Adware.Bravesentry : No action taken.
C:\Program Files\Internet Optimizer -> Adware.InternetOptimizer : No action taken.
C:\Program Files\Internet Optimizer\optimize.exe -> Adware.InternetOptimizer : No action taken.
C:\WINDOWS\amm06.ocx -> Adware.MediaMotor : No action taken.
C:\WINDOWS\pop06ap2.exe -> Adware.MediaMotor : No action taken.
C:\WINDOWS\unstall.exe -> Adware.MediaMotor : No action taken.
C:\Documents and Settings\Owner\Desktop\backups\backup-20060820-044110-920.dll -> Adware.Mirar : No action taken.
C:\WINDOWS\system32\WinDmy.dll -> Adware.Mirar : No action taken.
C:\WINDOWS\system32\WinNB57.dll -> Adware.Mirar : No action taken.
HKLM\SOFTWARE\PSGuard.com -> Adware.PSGuard : No action taken.
HKLM\SOFTWARE\PSGuard.com\PSGuard -> Adware.PSGuard : No action taken.
HKLM\SOFTWARE\PSGuard.com\PSGuard\P.S.Guard -> Adware.PSGuard : No action taken.
HKLM\SOFTWARE\PSGuard.com\PSGuard\P.S.Guard\License -> Adware.PSGuard : No action taken.
C:\WINDOWS\MirarSetup_876075.exe -> Adware.SaveNow : No action taken.
C:\WINDOWS\system32\bez6n4r21.exe -> Adware.SearchAssistant : No action taken.
C:\WINDOWS\system32\cvn0.exe -> Adware.SearchAssistant : No action taken.
C:\WINDOWS\system32\ghynf.exe -> Adware.SearchAssistant : No action taken.
C:\WINDOWS\system32bez6n4r21.exe -> Adware.SearchAssistant : No action taken.
C:\WINDOWS\system32ghynf.exe -> Adware.SearchAssistant : No action taken.
C:\WINDOWS\system32\iqqr.exe -> Adware.Suggestor : No action taken.
C:\WINDOWS\system32\n9nyb.exe -> Adware.Suggestor : No action taken.
C:\WINDOWS\system32\wfxqhv.exe -> Adware.Suggestor : No action taken.
C:\WINDOWS\system32\zqskw.exe -> Adware.Suggestor : No action taken.
C:\WINDOWS\system32n9nyb.exe -> Adware.Suggestor : No action taken.
HKU\S-1-5-21-854245398-1078081533-725345543-500\Software\SurfSideKick3 -> Adware.SurfSide : No action taken.
HKU\S-1-5-21-854245398-1078081533-725345543-500\Software\SurfSideKick3\Internet Explorer -> Adware.SurfSide : No action taken.
C:\Program Files\Common Files\kqiq\kqiqd\kqiqc.dll -> Adware.TargetServer : No action taken.
C:\Program Files\whInstall -> Adware.Webhancer : No action taken.
C:\Program Files\whInstall\Sporder.dll -> Adware.Webhancer : No action taken.
C:\Program Files\whInstall\Webhdll.dll -> Adware.Webhancer : No action taken.
C:\Program Files\whInstall\WhAgent.exe -> Adware.Webhancer : No action taken.
C:\Program Files\whInstall\WhSurvey.exe -> Adware.Webhancer : No action taken.
C:\Program Files\whInstall\license.txt -> Adware.Webhancer : No action taken.
C:\Program Files\whInstall\readme.txt -> Adware.Webhancer : No action taken.
C:\Program Files\whInstall\whAgent.inf -> Adware.Webhancer : No action taken.
C:\Program Files\whInstall\whAgent.ini -> Adware.Webhancer : No action taken.
C:\Program Files\whInstall\whInstaller.exe -> Adware.Webhancer : No action taken.
C:\Program Files\whInstall\whInstaller.ini -> Adware.Webhancer : No action taken.
C:\Program Files\whInstall\whiehlpr.dll -> Adware.Webhancer : No action taken.
C:\WINDOWS\webhdll.dll -> Adware.WebHancer : No action taken.
C:\WINDOWS\whAgent.inf -> Adware.Webhancer : No action taken.
C:\WINDOWS\whCC-GIANT.exe/WhAgent.exe -> Adware.WebHancer : No action taken.
C:\WINDOWS\whInstaller.exe -> Adware.WebHancer : No action taken.
C:\WINDOWS\whInstaller.ini -> Adware.Webhancer : No action taken.
C:\Documents and Settings\BJ\Local Settings\Temp\gfrzrxzz.exe -> Backdoor.Agent.adr : No action taken.
C:\fym9bvo.exe -> Downloader.Agent.ala : No action taken.
C:\Documents and Settings\BJ\Local Settings\Temp\13.tmp -> Downloader.Agent.aox : No action taken.
C:\Documents and Settings\BJ\Local Settings\Temp\15.tmp -> Downloader.Agent.aox : No action taken.
C:\WINDOWS\nem220.dll -> Downloader.Dyfuca : No action taken.
C:\WINDOWS\optimize.exe -> Downloader.Dyfuca.ey : No action taken.
C:\QooBox\Purity\Documents and Settings\BJ\Application Data\MBOLS~1\msconfig.exe -> Downloader.PurityScan.da : No action taken.
C:\QooBox\inkqv.exe.qoo -> Downloader.Qoologic.bj : No action taken.
C:\QooBox\klfnc.exe.qoo -> Downloader.Qoologic.bj : No action taken.
C:\QooBox\retmve.exe.qoo -> Downloader.Qoologic.bj : No action taken.
C:\QooBox\tirugkc.exe.qoo -> Downloader.Qoologic.bj : No action taken.
C:\QooBox\xbiph.dat.qoo -> Downloader.Qoologic.bj : No action taken.
C:\QooBox\xlsmmnn.dll.qoo -> Downloader.Qoologic.bj : No action taken.
C:\Documents and Settings\BJ\Local Settings\Temp\1.dlb -> Downloader.Small : No action taken.
C:\WINDOWS\system32\dlh9jkdq1.exe -> Downloader.Small : No action taken.
C:\WINDOWS\system32\wc75bf41.dll -> Downloader.Small : No action taken.
C:\Program Files\Internet Explorer\meboti.dll -> Downloader.Small.ctp : No action taken.
C:\Documents and Settings\BJ\Local Settings\Temp\vxt3.game -> Downloader.Small.cyb : No action taken.
C:\WINDOWS\system32\testtestt.exe -> Downloader.Small.cyb : No action taken.
C:\WINDOWS\system32\vxgamet3.exe -> Downloader.Small.cyb : No action taken.
C:\Documents and Settings\BJ\Local Settings\Temp\F.tmp3072.exe -> Downloader.Small.dcj : No action taken.
C:\Documents and Settings\BJ\Local Settings\Temp\5.dlb -> Downloader.Small.dgk : No action taken.
C:\WINDOWS\system32\dlh9jkdq5.exe -> Downloader.Small.dgk : No action taken.
C:\Documents and Settings\BJ\Local Settings\Temp\vxt1.game -> Downloader.Small.dht : No action taken.
C:\WINDOWS\system32\vxgamet1.exe -> Downloader.Small.dht : No action taken.
C:\Documents and Settings\BJ\Local Settings\Temp\vxt2.game -> Downloader.Small.dkt : No action taken.
C:\WINDOWS\system32\vxgamet2.exe -> Downloader.Small.dkt : No action taken.
C:\Documents and Settings\BJ\Local Settings\Temp\6.dlb -> Downloader.Small.dnk : No action taken.
C:\Documents and Settings\BJ\Local Settings\Temp\7.dlb -> Downloader.Small.dnk : No action taken.
C:\WINDOWS\system32\dlh9jkdq6.exe -> Downloader.Small.dnk : No action taken.
C:\WINDOWS\system32\dlh9jkdq7.exe -> Downloader.Small.dnk : No action taken.
C:\WINDOWS\system32\kernels8.exe -> Downloader.Tibs.hh : No action taken.
C:\t.inx -> Downloader.Tibs.hh : No action taken.
C:\Documents and Settings\BJ\Local Settings\Temp\vx2.game -> Downloader.Tiny.ap : No action taken.
C:\Documents and Settings\BJ\Local Settings\Temp\10.tmp -> Downloader.Tiny.bo : No action taken.
C:\Documents and Settings\BJ\Local Settings\Temp\F.tmp -> Downloader.Tiny.bo : No action taken.
C:\Program Files\Common Files\kqiq\kqiqp.exe -> Downloader.TSUpdate.f : No action taken.
C:\Program Files\Common Files\kqiq\kqiqa.exe -> Downloader.TSUpdate.l : No action taken.
C:\Program Files\Common Files\kqiq\kqiqm.exe -> Downloader.TSUpdate.n : No action taken.
C:\Program Files\Common Files\kqiq\kqiql.exe -> Downloader.TSUpdate.r : No action taken.
C:\WINDOWS\offun.exe -> Downloader.VB.nw : No action taken.
C:\WINDOWS\sys101481255494.exe -> Downloader.VB.tw : No action taken.
C:\WINDOWS\xload.exe -> Downloader.VB.wz : No action taken.
C:\SS1001newer.exe -> Dropper.Small.qn : No action taken.
C:\Program Files\Cowabanga\Cowabanga.exe -> Dropper.VB.nn : No action taken.
C:\Documents and Settings\BJ\Local Settings\Temporary Internet Files\Content.IE5\CL23SHIR\popup[1].htm -> Hijacker.Agent.a : No action taken.
C:\Documents and Settings\BJ\Local Settings\Temporary Internet Files\Content.IE5\QGM0NUFK\popup[1].htm -> Hijacker.Agent.a : No action taken.
C:\WINDOWS\v1201.exe -> Hijacker.Small : No action taken.
C:\Documents and Settings\BJ\Application Data\Microsoft\Internet Explorer\Desktop.htt -> Hijacker.Small.jf : No action taken.
C:\Program Files\MSN Gaming Zone\pojo.html -> Hijacker.Small.jf : No action taken.
C:\Program Files\MSN\megefu.html -> Hijacker.Small.jf : No action taken.
C:\WINDOWS\ykwbmdt.exe -> Hijacker.VB.ij : No action taken.
C:\WINDOWS\Downloaded Program Files\USDR6_0001_D18M2707NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : No action taken.
C:\WINDOWS\desktop.html -> Not-A-Virus.Hoax.Win32.Renos.cy : No action taken.
C:\Documents and Settings\BJ\Local Settings\Temp\2.dlb -> Not-A-Virus.Hoax.Win32.Renos.dz : No action taken.
C:\WINDOWS\system32\dlh9jkdq2.exe -> Not-A-Virus.Hoax.Win32.Renos.dz : No action taken.
C:\WINDOWS\xpupdate.exe -> Not-A-Virus.Hoax.Win32.Renos.dz : No action taken.
C:\WINDOWS\system32\wcz.dll -> Proxy.Agent.df : No action taken.
C:\WINDOWS\system32\taskdir.dll -> Proxy.Lager.aq : No action taken.
C:\Documents and Settings\BJ\Local Settings\Temp\vx6.game -> Proxy.Small.bo : No action taken.
C:\WINDOWS\system32\TheMatrixHasYou.exe -> Proxy.Small.bo : No action taken.
C:\WINDOWS\system32\stonedrv.exe -> Proxy.Small.bo : No action taken.
C:\Documents and Settings\BJ\Local Settings\Temp\art82D0.tmp -> Proxy.Xorpix.ai : No action taken.
C:\Documents and Settings\BJ\Local Settings\Temp\artB91E.tmp -> Proxy.Xorpix.ai : No action taken.
C:\Documents and Settings\BJ\Local Settings\Temp\vx1.game -> Proxy.Xorpix.ai : No action taken.
C:\WINDOWS\system32\vxgame1.exe -> Proxy.Xorpix.ai : No action taken.
C:\Documents and Settings\BJ\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\BJ\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\BJ\Cookies\[email protected][2].txt -> TrackingCookie.Addynamix : No action taken.
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Addynamix : No action taken.
C:\Documents and Settings\Skyler\Cookies\[email protected][2].txt -> TrackingCookie.Addynamix : No action taken.
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Adrevolver : No action taken.
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Adserver : No action taken.
C:\Documents and Settings\BJ\Cookies\bj@advertising[2].txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\BJ\Cookies\bj@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\BJ\Cookies\[email protected][1].txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\BJ\Cookies\bj@casalemedia[2].txt -> TrackingCookie.Casalemedia : No action taken.
C:\Documents and Settings\BJ\Cookies\bj@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : No action taken.
C:\Documents and Settings\BJ\Cookies\bj@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Skyler\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Skyler\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Skyler\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Skyler\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Skyler\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Skyler\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Skyler\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Skyler\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Skyler\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Skyler\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Skyler\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Skyler\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\BJ\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : No action taken.
C:\Documents and Settings\BJ\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : No action taken.
C:\Documents and Settings\BJ\Cookies\bj@fastclick[1].txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\BJ\Cookies\[email protected][2].txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\BJ\Cookies\bj@findwhat[1].txt -> TrackingCookie.Findwhat : No action taken.
C:\Documents and Settings\BJ\Cookies\[email protected][2].txt -> TrackingCookie.Goldenpalace : No action taken.
C:\Documents and Settings\BJ\Cookies\bj@goldenpalace[1].txt -> TrackingCookie.Goldenpalace : No action taken.
C:\Documents and Settings\BJ\Cookies\[email protected][1].txt -> TrackingCookie.Goldenpalace : No action taken.
C:\Documents and Settings\BJ\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\BJ\Cookies\bj@hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\BJ\Cookies\[email protected][1].txt -> TrackingCookie.Liveperson : No action taken.
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Liveperson : No action taken.
C:\Documents and Settings\BJ\Cookies\bj@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\BJ\Cookies\bj@overture[2].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\BJ\Cookies\bj@questionmarket[2].txt -> TrackingCookie.Questionmarket : No action taken.
C:\Documents and Settings\BJ\Cookies\bj@revenue[2].txt -> TrackingCookie.Revenue : No action taken.
C:\Documents and Settings\BJ\Cookies\[email protected][2].txt -> TrackingCookie.Ru4 : No action taken.
C:\Documents and Settings\BJ\Cookies\[email protected][2].txt -> TrackingCookie.Specificclick : No action taken.
C:\Documents and Settings\BJ\Cookies\[email protected][1].txt -> TrackingCookie.Starware : No action taken.
C:\Documents and Settings\BJ\Cookies\[email protected][1].txt -> TrackingCookie.Starware : No action taken.
C:\Documents and Settings\BJ\Cookies\[email protected][2].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\BJ\Cookies\bj@tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\BJ\Cookies\bj@targetnet[1].txt -> TrackingCookie.Targetnet : No action taken.
C:\Documents and Settings\BJ\Cookies\bj@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\BJ\Cookies\[email protected][1].txt -> TrackingCookie.Valuead : No action taken.
C:\Documents and Settings\BJ\Cookies\[email protected][2].txt -> TrackingCookie.Wegcash : No action taken.
C:\Documents and Settings\BJ\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\BJ\Cookies\[email protected][2].txt -> TrackingCookie.Zedo : No action taken.
C:\Documents and Settings\BJ\Cookies\bj@zedo[1].txt -> TrackingCookie.Zedo : No action taken.
C:\WINDOWS\system32\2236_28.dll -> Trojan.Agent.pk : No action taken.
C:\Documents and Settings\BJ\Local Settings\Temp\maxdd1.game -> Trojan.Dialer.pw : No action taken.
C:\WINDOWS\system32\maxd641.exe -> Trojan.Dialer.pw : No action taken.
C:\Documents and Settings\BJ\Local Settings\Temp\rsysinit.exe -> Trojan.ExitWin.z : No action taken.
C:\Documents and Settings\BJ\Local Settings\Temp\qvxt2.game -> Trojan.Small : No action taken.
C:\Documents and Settings\BJ\Local Settings\Temp\qvxt3.game -> Trojan.Small : No action taken.
C:\Documents and Settings\BJ\Local Settings\Temp\vxt4.game -> Trojan.Small : No action taken.
C:\WINDOWS\system32\qvxgamet2.exe -> Trojan.Small : No action taken.
C:\WINDOWS\system32\qvxgamet3.exe -> Trojan.Small : No action taken.
C:\WINDOWS\system32\vxgamet4.exe -> Trojan.Small : No action taken.
HKU\S-1-5-21-854245398-1078081533-725345543-500\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{44240BB5-BD7D-4D49-A1AA-8AB0F3D3CB44} -> Trojan.Small.anm : No action taken.
C:\WINDOWS\uni_ehhhh.exe -> Trojan.VB.tg : No action taken.
C:\WINDOWS\uninst104.exe -> Trojan.VB.tg : No action taken.


::Report end




Logfile of HijackThis v1.99.1
Scan saved at 4:34:50 AM, on 8/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Bright Bug Software\Shared\Screen Savers\BBDTMngr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Calenz\Calenz.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mlparena....php?name=Forums
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.fin...siteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalo.../search.asp?si=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalo.../search.asp?si=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - <default> - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus1.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - Startup: Calenz Startup.lnk = C:\Program Files\Calenz\Calenz.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: Run BBDTMngr.exe.lnk = C:\Program Files\Bright Bug Software\Shared\Screen Savers\BBDTMngr.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\BJ\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.sxload.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} (mm06ocx.mm06ocxf) - http://cabs.elitemed...s/mediaview.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120340141859
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredim...er/imloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{05BDD6F5-E35A-4274-B552-9ADB92CC57B3}: NameServer = 85.255.115.4,85.255.112.14
O17 - HKLM\System\CCS\Services\Tcpip\..\{82CD4EC1-2E5F-4ED9-84C0-0DC75C0CA10B}: NameServer = 85.255.115.4,85.255.112.14
O17 - HKLM\System\CS2\Services\Tcpip\..\{05BDD6F5-E35A-4274-B552-9ADB92CC57B3}: NameServer = 85.255.115.4,85.255.112.14
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: DCOM Server 2236 - {2C1CD3D7-86AC-4068-93BC-A02304BB2236} - C:\WINDOWS\system32\2236_28.dll (file missing)
O21 - SSODL: XaDbVQlOG - {584A2A47-F2E0-80ED-05C5-3C3E75BB17F5} - C:\WINDOWS\system32\wcz.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
  • 0

#6
Rawe
Posted 21 August 2006 - 05:08 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Could you please redo the Ewido part only, since this seems like no action was taken on the infections -- are you sure you did it correctly to make Ewido quarantine all the findings? :whistling:

Go ahead and delete Alcanshorty.bfu along with Brute Force Uninstaller but don't delete Combofix quite yet as the log is useful and I'd love to see an fresh one after we do some further cleaning (helps to determine if there's something left after some scanning).

Especially this part:
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
Then once scanned.. Hit Apply all actions.. etc

Lets redo it and make Ewido do something :blink:

----

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.
  • IMPORTANT: Do not open any other windows or programs while Ewido is scanning, it may interfere with the scanning proccess:
  • Lauch Ewido Anti-spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • Ewido will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
    IMPORTANT: Don't click "Save Scan Report" before you click "Apply All Actions"
  • Make sure that Set all elements to: Shows Quarantine (1), if not, click the link and choose Quarantine from the pull-menu.
  • If you have any infections you will prompted, then select "Apply all actions"
    Posted Image
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close Ewido and reboot your system back into Normal Mode and post back with the Ewido results.

  • 0

#7
smawpaws
Posted 21 August 2006 - 05:14 AM

smawpaws

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
I will get right on it. One question, when I am in safe mode, ewido is blown up so big when I pull it up, I didn't see the "apply all actions" at the bottom, so I think it was my error, not ewidos. How can I shrink it down? I can't move the edges, or see the "x" in the corner.
Thanks.
  • 0

#8
Rawe
Posted 21 August 2006 - 05:34 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Hmm....

Maybe try changing in your display properties? In safe mode.. By making your desktop settings smaller?

Or if you have buttons on your actual PC screen so that you can change the sizes by pushing them try it -- depending on the screen of course. Not really sure. But by changing display settings it should be fine. :whistling:

Edited by Rawe, 21 August 2006 - 05:35 AM.

  • 0

#9
smawpaws
Posted 21 August 2006 - 02:43 PM

smawpaws

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Didn't work, but I thinnk I managed to get it. How's this?


Logfile of HijackThis v1.99.1
Scan saved at 2:33:29 PM, on 8/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Bright Bug Software\Shared\Screen Savers\BBDTMngr.exe
C:\Program Files\Calenz\Calenz.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mlparena....php?name=Forums
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.fin...siteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalo.../search.asp?si=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalo.../search.asp?si=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - <default> - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus1.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - Startup: Calenz Startup.lnk = C:\Program Files\Calenz\Calenz.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: Run BBDTMngr.exe.lnk = C:\Program Files\Bright Bug Software\Shared\Screen Savers\BBDTMngr.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\BJ\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.sxload.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} (mm06ocx.mm06ocxf) - http://cabs.elitemed...s/mediaview.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120340141859
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredim...er/imloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{05BDD6F5-E35A-4274-B552-9ADB92CC57B3}: NameServer = 85.255.115.4,85.255.112.14
O17 - HKLM\System\CCS\Services\Tcpip\..\{82CD4EC1-2E5F-4ED9-84C0-0DC75C0CA10B}: NameServer = 85.255.115.4,85.255.112.14
O17 - HKLM\System\CS2\Services\Tcpip\..\{05BDD6F5-E35A-4274-B552-9ADB92CC57B3}: NameServer = 85.255.115.4,85.255.112.14
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: DCOM Server 2236 - {2C1CD3D7-86AC-4068-93BC-A02304BB2236} - C:\WINDOWS\system32\2236_28.dll (file missing)
O21 - SSODL: XaDbVQlOG - {584A2A47-F2E0-80ED-05C5-3C3E75BB17F5} - C:\WINDOWS\system32\wcz.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)





---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 2:27:14 PM 8/21/2006

+ Scan result:



C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KXKB8TKR\AppWrap[1].exe -> Adware.AdURL : Cleaned with backup (quarantined).
C:\Program Files\BraveSentry -> Adware.Bravesentry : Cleaned with backup (quarantined).
C:\Program Files\BraveSentry\BraveSentry.exe -> Adware.Bravesentry : Cleaned with backup (quarantined).
C:\Program Files\BraveSentry\BraveSentry.lic -> Adware.Bravesentry : Cleaned with backup (quarantined).
C:\Program Files\BraveSentry\BraveSentry0.bs -> Adware.Bravesentry : Cleaned with backup (quarantined).
C:\Program Files\BraveSentry\BraveSentry0.dll -> Adware.Bravesentry : Cleaned with backup (quarantined).
C:\Program Files\BraveSentry\BraveSentry1.bs -> Adware.Bravesentry : Cleaned with backup (quarantined).
C:\Program Files\BraveSentry\BraveSentry1.dll -> Adware.Bravesentry : Cleaned with backup (quarantined).
C:\Program Files\BraveSentry\BraveSentry2.dll -> Adware.Bravesentry : Cleaned with backup (quarantined).
C:\Program Files\BraveSentry\BraveSentry3.dll -> Adware.Bravesentry : Cleaned with backup (quarantined).
C:\Program Files\BraveSentry\Uninstall.exe -> Adware.Bravesentry : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BraveSentry -> Adware.Bravesentry : Cleaned with backup (quarantined).
C:\Program Files\Internet Optimizer -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
C:\Program Files\Internet Optimizer\optimize.exe -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
C:\WINDOWS\amm06.ocx -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\WINDOWS\pop06ap2.exe -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\WINDOWS\unstall.exe -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Desktop\backups\backup-20060820-044110-920.dll -> Adware.Mirar : Cleaned with backup (quarantined).
C:\WINDOWS\system32\WinDmy.dll -> Adware.Mirar : Cleaned with backup (quarantined).
C:\WINDOWS\system32\WinNB57.dll -> Adware.Mirar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\PSGuard.com -> Adware.PSGuard : Error during cleaning.
HKLM\SOFTWARE\PSGuard.com\PSGuard -> Adware.PSGuard : Error during cleaning.
HKLM\SOFTWARE\PSGuard.com\PSGuard\P.S.Guard -> Adware.PSGuard : Error during cleaning.
HKLM\SOFTWARE\PSGuard.com\PSGuard\P.S.Guard\License -> Adware.PSGuard : Cleaned with backup (quarantined).
C:\WINDOWS\MirarSetup_876075.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\WINDOWS\system32\bez6n4r21.exe -> Adware.SearchAssistant : Cleaned with backup (quarantined).
C:\WINDOWS\system32\cvn0.exe -> Adware.SearchAssistant : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ghynf.exe -> Adware.SearchAssistant : Cleaned with backup (quarantined).
C:\WINDOWS\system32bez6n4r21.exe -> Adware.SearchAssistant : Cleaned with backup (quarantined).
C:\WINDOWS\system32ghynf.exe -> Adware.SearchAssistant : Cleaned with backup (quarantined).
C:\WINDOWS\system32\iqqr.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\n9nyb.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\wfxqhv.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\zqskw.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\WINDOWS\system32n9nyb.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
HKU\S-1-5-21-854245398-1078081533-725345543-500\Software\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup (quarantined).
HKU\S-1-5-21-854245398-1078081533-725345543-500\Software\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\Program Files\Common Files\kqiq\kqiqd\kqiqc.dll -> Adware.TargetServer : Cleaned with backup (quarantined).
C:\Program Files\whInstall -> Adware.Webhancer : Cleaned with backup (quarantined).
C:\Program Files\whInstall\Sporder.dll -> Adware.Webhancer : Cleaned with backup (quarantined).
C:\Program Files\whInstall\Webhdll.dll -> Adware.Webhancer : Cleaned with backup (quarantined).
C:\Program Files\whInstall\WhAgent.exe -> Adware.Webhancer : Cleaned with backup (quarantined).
C:\Program Files\whInstall\WhSurvey.exe -> Adware.Webhancer : Cleaned with backup (quarantined).
C:\Program Files\whInstall\license.txt -> Adware.Webhancer : Cleaned with backup (quarantined).
C:\Program Files\whInstall\readme.txt -> Adware.Webhancer : Cleaned with backup (quarantined).
C:\Program Files\whInstall\whAgent.inf -> Adware.Webhancer : Cleaned with backup (quarantined).
C:\Program Files\whInstall\whAgent.ini -> Adware.Webhancer : Cleaned with backup (quarantined).
C:\Program Files\whInstall\whInstaller.exe -> Adware.Webhancer : Cleaned with backup (quarantined).
C:\Program Files\whInstall\whInstaller.ini -> Adware.Webhancer : Cleaned with backup (quarantined).
C:\Program Files\whInstall\whiehlpr.dll -> Adware.Webhancer : Cleaned with backup (quarantined).
C:\WINDOWS\webhdll.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\WINDOWS\whAgent.inf -> Adware.Webhancer : Cleaned with backup (quarantined).
C:\WINDOWS\whCC-GIANT.exe/WhAgent.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\WINDOWS\whInstaller.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\WINDOWS\whInstaller.ini -> Adware.Webhancer : Cleaned with backup (quarantined).
C:\Documents and Settings\BJ\Local Settings\Temp\gfrzrxzz.exe -> Backdoor.Agent.adr : Cleaned with backup (quarantined).
C:\WINDOWS\system32\mscdaux.dll -> Backdoor.Delf.aml : Cleaned with backup (quarantined).
C:\fym9bvo.exe -> Downloader.Agent.ala : Cleaned with backup (quarantined).
C:\Documents and Settings\BJ\Local Settings\Temp\13.tmp -> Downloader.Agent.aox : Cleaned with backup (quarantined).
C:\Documents and Settings\BJ\Local Settings\Temp\15.tmp -> Downloader.Agent.aox : Cleaned with backup (quarantined).
C:\WINDOWS\nem220.dll -> Downloader.Dyfuca : Cleaned with backup (quarantined).
C:\WINDOWS\optimize.exe -> Downloader.Dyfuca.ey : Cleaned with backup (quarantined).
C:\QooBox\Purity\Documents and Settings\BJ\Application Data\MBOLS~1\msconfig.exe -> Downloader.PurityScan.da : Cleaned with backup (quarantined).
C:\QooBox\inkqv.exe.qoo -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\QooBox\klfnc.exe.qoo -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\QooBox\retmve.exe.qoo -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\QooBox\tirugkc.exe.qoo -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\QooBox\xbiph.dat.qoo -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\QooBox\xlsmmnn.dll.qoo -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\Documents and Settings\BJ\Local Settings\Temp\1.dlb -> Downloader.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dlh9jkdq1.exe -> Downloader.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\wc75bf41.dll -> Downloader.Small : Cleaned with backup (quarantined).
C:\Program Files\Internet Explorer\meboti.dll -> Downloader.Small.ctp : Cleaned with backup (quarantined).
C:\Documents and Settings\BJ\Local Settings\Temp\vxt3.game -> Downloader.Small.cyb : Cleaned with backup (quarantined).
C:\WINDOWS\system32\testtestt.exe -> Downloader.Small.cyb : Cleaned with backup (quarantined).
C:\WINDOWS\system32\vxgamet3.exe -> Downloader.Small.cyb : Cleaned with backup (quarantined).
C:\Documents and Settings\BJ\Local Settings\Temp\F.tmp3072.exe -> Downloader.Small.dcj : Cleaned with backup (quarantined).
C:\Documents and Settings\BJ\Local Settings\Temp\5.dlb -> Downloader.Small.dgk : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dlh9jkdq5.exe -> Downloader.Small.dgk : Cleaned with backup (quarantined).
C:\Documents and Settings\BJ\Local Settings\Temp\vxt1.game -> Downloader.Small.dht : Cleaned with backup (quarantined).
C:\WINDOWS\system32\vxgamet1.exe -> Downloader.Small.dht : Cleaned with backup (quarantined).
C:\Documents and Settings\BJ\Local Settings\Temp\vxt2.game -> Downloader.Small.dkt : Cleaned with backup (quarantined).
C:\WINDOWS\system32\vxgamet2.exe -> Downloader.Small.dkt : Cleaned with backup (quarantined).
C:\Documents and Settings\BJ\Local Settings\Temp\6.dlb -> Downloader.Small.dnk : Cleaned with backup (quarantined).
C:\Documents and Settings\BJ\Local Settings\Temp\7.dlb -> Downloader.Small.dnk : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dlh9jkdq6.exe -> Downloader.Small.dnk : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dlh9jkdq7.exe -> Downloader.Small.dnk : Cleaned with backup (quarantined).
C:\WINDOWS\system32\kernels8.exe -> Downloader.Tibs.hh : Cleaned with backup (quarantined).
C:\t.inx -> Downloader.Tibs.hh : Cleaned with backup (quarantined).
C:\Documents and Settings\BJ\Local Settings\Temp\vx2.game -> Downloader.Tiny.ap : Cleaned with backup (quarantined).
C:\Documents and Settings\BJ\Local Settings\Temp\10.tmp -> Downloader.Tiny.bo : Cleaned with backup (quarantined).
C:\Documents and Settings\BJ\Local Settings\Temp\F.tmp -> Downloader.Tiny.bo : Cleaned with backup (quarantined).
C:\Program Files\Common Files\kqiq\kqiqp.exe -> Downloader.TSUpdate.f : Cleaned with backup (quarantined).
C:\Program Files\Common Files\kqiq\kqiqa.exe -> Downloader.TSUpdate.l : Cleaned with backup (quarantined).
C:\Program Files\Common Files\kqiq\kqiqm.exe -> Downloader.TSUpdate.n : Cleaned with backup (quarantined).
C:\Program Files\Common Files\kqiq\kqiql.exe -> Downloader.TSUpdate.r : Cleaned with backup (quarantined).
C:\WINDOWS\offun.exe -> Downloader.VB.nw : Cleaned with backup (quarantined).
C:\WINDOWS\sys101481255494.exe -> Downloader.VB.tw : Cleaned with backup (quarantined).
C:\WINDOWS\xload.exe -> Downloader.VB.wz : Cleaned with backup (quarantined).
C:\SS1001newer.exe -> Dropper.Small.qn : Cleaned with backup (quarantined).
C:\Program Files\Cowabanga\Cowabanga.exe -> Dropper.VB.nn : Cleaned with backup (quarantined).
C:\Documents and Settings\BJ\Local Settings\Temporary Internet Files\Content.IE5\CL23SHIR\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\Documents and Settings\BJ\Local Settings\Temporary Internet Files\Content.IE5\QGM0NUFK\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).
C:\WINDOWS\v1201.exe -> Hijacker.Small : Cleaned with backup (quarantined).
C:\Documents and Settings\BJ\Application Data\Microsoft\Internet Explorer\Desktop.htt -> Hijacker.Small.jf : Cleaned with backup (quarantined).
C:\Program Files\MSN Gaming Zone\pojo.html -> Hijacker.Small.jf : Cleaned with backup (quarantined).
C:\Program Files\MSN\megefu.html -> Hijacker.Small.jf : Cleaned with backup (quarantined).
C:\WINDOWS\ykwbmdt.exe -> Hijacker.VB.ij : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\USDR6_0001_D18M2707NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Cleaned with backup (quarantined).
C:\WINDOWS\desktop.html -> Not-A-Virus.Hoax.Win32.Renos.cy : Cleaned with backup (quarantined).
C:\Documents and Settings\BJ\Local Settings\Temp\2.dlb -> Not-A-Virus.Hoax.Win32.Renos.dz : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dlh9jkdq2.exe -> Not-A-Virus.Hoax.Win32.Renos.dz : Cleaned with backup (quarantined).
C:\WINDOWS\xpupdate.exe -> Not-A-Virus.Hoax.Win32.Renos.dz : Cleaned with backup (quarantined).
C:\WINDOWS\system32\wcz.dll -> Proxy.Agent.df : Cleaned with backup (quarantined).
C:\WINDOWS\system32\taskdir.dll -> Proxy.Lager.aq : Cleaned with backup (quarantined).
C:\Documents and Settings\BJ\Local Settings\Temp\vx6.game -> Proxy.Small.bo : Cleaned with backup (quarantined).
C:\WINDOWS\system32\TheMatrixHasYou.exe -> Proxy.Small.bo : Cleaned with backup (quarantined).
C:\WINDOWS\system32\stonedrv.exe -> Proxy.Small.bo : Cleaned with backup (quarantined).
C:\Documents and Settings\BJ\Local Settings\Temp\art82D0.tmp -> Proxy.Xorpix.ai : Cleaned with backup (quarantined).
C:\Documents and Settings\BJ\Local Settings\Temp\artB91E.tmp -> Proxy.Xorpix.ai : Cleaned with backup (quarantined).
C:\Documents and Settings\BJ\Local Settings\Temp\vx1.game -> Proxy.Xorpix.ai : Cleaned with backup (quarantined).
C:\WINDOWS\system32\vxgame1.exe -> Proxy.Xorpix.ai : Cleaned with backup (quarantined).
C:\Documents and Settings\BJ\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\BJ\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\BJ\Cookies\[email protected][2].txt -> TrackingCookie.Addynamix : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Addynamix : Cleaned with backup (quarantined).
C:\Documents and Settings\Skyler\Cookies\[email protected][2].txt -> TrackingCookie.Addynamix : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
C:\Documents and Settings\BJ\Cookies\bj@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Documents and Settings\BJ\Cookies\bj@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\BJ\Cookies\[email protected][1].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
C:\Documents and Settings\BJ\Cookies\bj@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Coremetrics : Cleaned with backup (quarantined).
C:\Documents and Settings\BJ\Cookies\bj@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
C:\Documents and Settings\BJ\Cookies\bj@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Skyler\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Skyler\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Skyler\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Skyler\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Skyler\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Skyler\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Skyler\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Skyler\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Skyler\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Skyler\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Skyler\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\Skyler\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
C:\Documents and Settings\BJ\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
C:\Documents and Settings\BJ\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
C:\Documents and Settings\BJ\Cookies\bj@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Documents and Settings\BJ\Cookies\[email protected][2].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Documents and Settings\BJ\Cookies\bj@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned with backup (quarantined).
C:\Documents and Settings\BJ\Cookies\[email protected][2].txt -> TrackingCookie.Goldenpalace : Cleaned with backup (quarantined).
C:\Documents and Settings\BJ\Cookies\bj@goldenpalace[1].txt -> TrackingCookie.Goldenpalace : Cleaned with backup (quarantined).
C:\Documents and Settings\BJ\Cookies\[email protected][1].txt -> TrackingCookie.Goldenpalace : Cleaned with backup (quarantined).
C:\Documents and Settings\BJ\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\BJ\Cookies\bj@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\BJ\Cookies\[email protected][1].txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
C:\Documents and Settings\BJ\Cookies\bj@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
C:\Documents and Settings\BJ\Cookies\bj@overture[2].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
C:\Documents and Settings\BJ\Cookies\bj@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
C:\Documents and Settings\BJ\Cookies\bj@revenue[2].txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
C:\Documents and Settings\BJ\Cookies\[email protected][2].txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
C:\Documents and Settings\BJ\Cookies\[email protected][2].txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
C:\Documents and Settings\BJ\Cookies\[email protected][1].txt -> TrackingCookie.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\BJ\Cookies\[email protected][1].txt -> TrackingCookie.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\BJ\Cookies\[email protected][2].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\BJ\Cookies\bj@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\BJ\Cookies\bj@targetnet[1].txt -> TrackingCookie.Targetnet : Cleaned with backup (quarantined).
C:\Documents and Settings\BJ\Cookies\bj@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
C:\Documents and Settings\BJ\Cookies\[email protected][1].txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).
C:\Documents and Settings\BJ\Cookies\[email protected][2].txt -> TrackingCookie.Wegcash : Cleaned with backup (quarantined).
C:\Documents and Settings\BJ\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\Documents and Settings\BJ\Cookies\[email protected][2].txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
C:\Documents and Settings\BJ\Cookies\bj@zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
C:\WINDOWS\system32\2236_28.dll -> Trojan.Agent.pk : Cleaned with backup (quarantined).
C:\WINDOWS\system32\__delete_on_reboot__2_2_3_6___2_8_._d_l_l_ -> Trojan.Agent.pk : Cleaned with backup (quarantined).
C:\Documents and Settings\BJ\Local Settings\Temp\maxdd1.game -> Trojan.Dialer.pw : Cleaned with backup (quarantined).
C:\WINDOWS\system32\maxd641.exe -> Trojan.Dialer.pw : Cleaned with backup (quarantined).
C:\Documents and Settings\BJ\Local Settings\Temp\rsysinit.exe -> Trojan.ExitWin.z : Cleaned with backup (quarantined).
C:\Documents and Settings\BJ\Local Settings\Temp\qvxt2.game -> Trojan.Small : Cleaned with backup (quarantined).
C:\Documents and Settings\BJ\Local Settings\Temp\qvxt3.game -> Trojan.Small : Cleaned with backup (quarantined).
C:\Documents and Settings\BJ\Local Settings\Temp\vxt4.game -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\qvxgamet2.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\qvxgamet3.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\vxgamet4.exe -> Trojan.Small : Cleaned with backup (quarantined).
HKU\S-1-5-21-854245398-1078081533-725345543-500\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{44240BB5-BD7D-4D49-A1AA-8AB0F3D3CB44} -> Trojan.Small.anm : Cleaned with backup (quarantined).
C:\WINDOWS\uni_ehhhh.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
C:\WINDOWS\uninst104.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).


::Report end
  • 0

#10
Rawe
Posted 22 August 2006 - 05:14 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Ok then :whistling:

Please run a scan with HijackThis and check the following objects for removal:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.fin...siteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalo.../search.asp?si=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalo.../search.asp?si=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - <default> - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O15 - Trusted Zone: *.sxload.com
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} (mm06ocx.mm06ocxf) - http://cabs.elitemed...s/mediaview.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{05BDD6F5-E35A-4274-B552-9ADB92CC57B3}: NameServer = 85.255.115.4,85.255.112.14
O17 - HKLM\System\CCS\Services\Tcpip\..\{82CD4EC1-2E5F-4ED9-84C0-0DC75C0CA10B}: NameServer = 85.255.115.4,85.255.112.14
O17 - HKLM\System\CS2\Services\Tcpip\..\{05BDD6F5-E35A-4274-B552-9ADB92CC57B3}: NameServer = 85.255.115.4,85.255.112.14
O21 - SSODL: DCOM Server 2236 - {2C1CD3D7-86AC-4068-93BC-A02304BB2236} - C:\WINDOWS\system32\2236_28.dll (file missing)
O21 - SSODL: XaDbVQlOG - {584A2A47-F2E0-80ED-05C5-3C3E75BB17F5} - C:\WINDOWS\system32\wcz.dll (file missing)

Now close ALL other open windows except for HijackThis and hit FIX CHECKED. Exit HijackThis and reboot.

----

Is this an program that you recognize or need for anything?

O4 - Startup: Calenz Startup.lnk = C:\Program Files\Calenz\Calenz.exe

Let me know.

----

Download GMER:
  • Unzip it and double-click GMER.exe
  • Click the rootkit-tab and click scan.
  • Once done, click Copy.
  • This will copy the results to clipboard.
  • Paste the results in your next reply and also REscan with ComboFix with the same instructions as earlier, paste those results here along with the Gmer log. :blink:

  • 0

Advertisements

#11
smawpaws
Posted 22 August 2006 - 02:21 PM

smawpaws

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Calenz is my desktop calender.

Ok, whatever you had me check caused me to loose my internet connection and my desktop weather. I had to do a system restore to be able to get back here to post. I made sure I only checked what was posted.
  • 0

#12
Rawe
Posted 23 August 2006 - 02:57 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
I don't see an reason why your desktop weather would go, unless it's related to the bad entries fixed...

But I can see the internet issue.

Fix the entries from HijackThis, and after that do the following:
  • Go to Start > Control Panel and double-click on Network Connections
  • Then right click on your Default Connection
    • Usually Local Area Connection for Cable and DSL
  • Left click on Properties.
  • Click the Networking tab.
  • Double-click on the Internet Protocol (TCP/IP) item.
  • Select the radio dial that says Obtain DNS Servers Automatically.
  • Press OK twice to get out of the properties screen and reboot if it asks.
Make sure to reboot and post back with the logs requested earlier if your net works :whistling:

Edited by Rawe, 23 August 2006 - 02:58 AM.

  • 0

#13
smawpaws
Posted 24 August 2006 - 07:52 PM

smawpaws

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
*sigh*
Had to do system restore again. Still lost my connection.
When I followed your instructions, I got a box that said something like did not assign a network address to the computer, and after I clicked repair, it came up and said it could not repair, reason was "renewing your IP".
  • 0

#14
Rawe
Posted 25 August 2006 - 03:00 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Then simply fix these objects in HijackThis (not the O17 ones) with all open windows closed except for HJT etc:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.fin...siteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalo.../search.asp?si=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalo.../search.asp?si=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - <default> - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O15 - Trusted Zone: *.sxload.com
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} (mm06ocx.mm06ocxf) - http://cabs.elitemed...s/mediaview.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O21 - SSODL: DCOM Server 2236 - {2C1CD3D7-86AC-4068-93BC-A02304BB2236} - C:\WINDOWS\system32\2236_28.dll (file missing)
O21 - SSODL: XaDbVQlOG - {584A2A47-F2E0-80ED-05C5-3C3E75BB17F5} - C:\WINDOWS\system32\wcz.dll (file missing)

---

Then reboot and run Gmer along with ComboFix and post both of the logs here :whistling:
  • 0

#15
smawpaws
Posted 27 August 2006 - 05:23 AM

smawpaws

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
GMER 1.0.10.10122 - http://www.gmer.net
Rootkit 2006-08-27 05:17:28
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.10 ----

SSDT \??\C:\Program Files\ewido anti-spyware 4.0\guard.sys ZwOpenProcess
SSDT \??\C:\Program Files\ewido anti-spyware 4.0\guard.sys ZwTerminateProcess

---- Registry - GMER 1.0.10 ----

Reg \Registry\MACHINE\SOFTWARE\PSGuard.com\PSGuard\P.S.Guard\License@Data InstallTime=1c5d706:bd1b5d70 LastRunTime=1c600db:254dc790

---- Files - GMER 1.0.10 ----

File C:\System Volume Information\MountPointManagerRemoteDatabase
File C:\System Volume Information\tracking.log
File C:\System Volume Information\_restore{7210B513-499C-4448-A137-70DDFBA845DE}
File C:\WINDOWS\system32\msvcrt64.dll

---- EOF - GMER 1.0.10 ----



Owner - 06-08-27 5:19:57.15
ComboFix 06.08.18 - Running from: C:\Documents and Settings\Owner\Desktop

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Documents and Settings\BJ\Application Data\MBOLS~1
C:\QooBox\Purity\Documents and Settings\BJ\Application Data\MBOLS~1\MBOLS~1
C:\QooBox\Purity\Program Files\Common Files\SSTEM~1
C:\QooBox\Purity\Program Files\Common Files\YSTEM3~1
C:\QooBox\Purity\Program Files\Common Files\SSTEM~1\??chost.exe
C:\QooBox\Purity\Program Files\Common Files\YSTEM3~1\YSTEM3~1
C:\QooBox\Purity\WINDOWS\MANTEC~1
C:\QooBox\Purity\WINDOWS\PPATCH~1
C:\QooBox\Purity\WINDOWS\SKS~1


((((((((((((((((((((((((((((((( Files Created from 2006-07-27 to 2006-08-27 ))))))))))))))))))))))))))))))))))


2006-08-20 09:46 46,592 C:\WINDOWS\system32\zlbw.dll
2006-08-20 09:45 8,945 C:\WINDOWS\system32\taskdir~.exe
2006-08-20 09:45 63,277 C:\WINDOWS\system32\taskdir.exe
2006-08-20 09:44 63,277 C:\WINDOWS\system32\ipod.raw.exe
2006-08-20 09:44 57,344 C:\WINDOWS\system32\senssrv.dll
2006-08-20 09:44 53,248 C:\WINDOWS\system32\qvxgamet4.exe
2006-08-20 09:40 20,992 C:\WINDOWS\system32\ab602395.exe
2006-08-20 09:38 15 C:\WINDOWS\system32\dlh9jkdq8.exe
2006-08-19 17:25 61,952 C:\WINDOWS\system32\yru3e83d.dll
2006-08-19 17:25 1,167 C:\WINDOWS\system32\yru3e83d.sys
2006-08-19 17:24 494 C:\WINDOWS\qyatm.dll
2006-08-19 17:24 214,752 C:\Setup100.exe
2006-08-19 17:24 186,223 C:\WINDOWS\srvlzakvwy.exe
2006-08-19 17:15 48,190 C:\WINDOWS\RDFX4.exe
2006-08-19 17:15 115,160 C:\WINDOWS\Eim03.exe
2006-08-14 18:52 78,848 C:\WINDOWS\system32\nsf86.dll
2006-08-13 04:45 2 C:\WINDOWS\system32\wnsapisv.exe
2006-08-13 04:44 310,482 C:\WINDOWS\run2.exe
2006-08-08 04:27 30,720 C:\WINDOWS\system32\ffJmpWeb.dll
2006-08-08 04:27 1,460,736 C:\WINDOWS\Hoover.scr
2006-08-08 04:21 38,400 C:\WINDOWS\DWUninst.exe
2006-08-08 04:21 258,016 C:\WINDOWS\system32\bouncy_pumpkins.scr
2006-08-08 04:17 850,432 C:\WINDOWS\Amazing Bubbles 3D.scr
2006-08-08 04:17 30,720 C:\WINDOWS\instbubl.exe
2006-08-08 04:11 993,360 C:\WINDOWS\Don't Touch My Computer 2.scr
2006-08-08 04:11 45,056 C:\WINDOWS\NCUNINST.EXe
2006-08-08 04:11 40,960 C:\WINDOWS\NCLAUNCH.EXe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-08-27 04:59 -------- d-------- C:\Program Files\Calenz
2006-08-22 20:22 -------- d-------- C:\Program Files\MySpace
2006-08-22 20:22 -------- d-------- C:\Documents and Settings\Owner\Application Data\MySpace
2006-08-22 20:12 -------- d---s---- C:\Documents and Settings\Owner\Application Data\Microsoft
2006-08-21 14:26 -------- d-------- C:\Program Files\MSN Gaming Zone
2006-08-21 14:26 -------- d-------- C:\Program Files\Internet Explorer
2006-08-21 12:34 -------- d-------- C:\Program Files\MSN
2006-08-21 12:34 -------- d-------- C:\Program Files\Cowabanga
2006-08-21 12:34 -------- d-------- C:\Program Files\Common Files\kqiq
2006-08-21 05:41 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2006-08-20 15:50 25600 --ahs---- C:\Program Files\Thumbs.db
2006-08-20 09:46 46592 --a------ C:\WINDOWS\system32\zlbw.dll
2006-08-20 09:45 8945 --a------ C:\WINDOWS\system32\taskdir~.exe
2006-08-20 09:44 63277 --a------ C:\WINDOWS\system32\taskdir.exe
2006-08-20 09:44 63277 --a------ C:\WINDOWS\system32\ipod.raw.exe
2006-08-20 09:44 57344 --a------ C:\WINDOWS\system32\senssrv.dll
2006-08-20 09:44 53248 --a------ C:\WINDOWS\system32\qvxgamet4.exe
2006-08-20 09:40 20992 --a------ C:\WINDOWS\system32\ab602395.exe
2006-08-20 09:38 15 --a------ C:\WINDOWS\system32\dlh9jkdq8.exe
2006-08-20 06:03 -------- d-a------ C:\Program Files\Common Files
2006-08-20 05:57 494 --a------ C:\WINDOWS\qyatm.dll
2006-08-19 19:32 1167 --a------ C:\WINDOWS\system32\yru3e83d.sys
2006-08-19 17:25 61952 --a------ C:\WINDOWS\system32\yru3e83d.dll
2006-08-19 17:24 214752 --a------ C:\Setup100.exe
2006-08-19 17:24 186223 --a------ C:\WINDOWS\srvlzakvwy.exe
2006-08-19 17:16 2 --a------ C:\WINDOWS\system32\wnsapisv.exe
2006-08-19 17:15 48190 --a------ C:\WINDOWS\RDFX4.exe
2006-08-19 17:15 115160 --a------ C:\WINDOWS\Eim03.exe
2006-08-14 18:52 78848 --a------ C:\WINDOWS\system32\nsf86.dll
2006-08-13 04:49 -------- d-------- C:\Program Files\XemiComputers
2006-08-13 04:44 310482 --a------ C:\WINDOWS\run2.exe
2006-08-08 04:27 -------- d-------- C:\Program Files\Hoover
2006-08-08 04:27 -------- d-------- C:\Program Files\Free Offers from RI Soft Systems
2006-08-08 04:12 -------- d-------- C:\Program Files\Common Files\SWF Studio
2006-08-08 04:11 993360 --a------ C:\WINDOWS\Don't Touch My Computer 2.scr
2006-08-08 04:11 45056 --a------ C:\WINDOWS\NCUNINST.EXe
2006-08-08 04:11 40960 --a------ C:\WINDOWS\NCLAUNCH.EXe
2006-08-08 04:11 -------- d-------- C:\Program Files\NCBuy
2006-08-05 16:53 -------- d-------- C:\Documents and Settings\Owner\Application Data\Google
2006-07-28 20:32 -------- d-------- C:\Documents and Settings\Owner\Application Data\FrostWire
2006-07-28 20:18 -------- d-------- C:\Program Files\FrostWire
2006-07-28 20:13 -------- d-------- C:\Documents and Settings\Owner\Application Data\LimeWire
2006-07-28 00:50 -------- d-------- C:\Documents and Settings\Owner\Application Data\Macromedia
2006-07-02 01:04 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-07-02 01:04 -------- d-------- C:\Program Files\Google
2006-06-12 14:41 850432 --a------ C:\WINDOWS\Amazing Bubbles 3D.scr


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\\WINDOWS\\System32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"
"PE2CKFNT SE"="C:\\Program Files\\Ulead Systems\\Ulead Photo Express 2 SE\\ChkFont.exe"
"LVCOMS"="C:\\Program Files\\Common Files\\Logitech\\QCDriver2\\LVCOMS.EXE"
"LogitechGalleryRepair"="C:\\Program Files\\Logitech\\ImageStudio\\ISStart.exe"
"LogitechImageStudioTray"="C:\\Program Files\\Logitech\\ImageStudio\\LogiTray.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"WinPatrol"="C:\\PROGRA~1\\BILLPS~1\\WINPAT~1\\winpatrol.exe"
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\\Program Files\\Google\\Gmail Notifier\\gnotify.exe"
"MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\""
"Amazing3DAquariumWallpaper"=""
"HP Software Update"="\"C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe\""
"RoxioDragToDisc"="\"C:\\Program Files\\Roxio\\Easy Media Creator 7\\Drag to Disc\\DrgToDsc.exe\""
"!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="C:\\PROGRA~1\\INCRED~1\\bin\\IncMail.exe /c"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"DW4"="\"C:\\Program Files\\The Weather Channel FW\\Desktop Weather\\DesktopWeather.exe\""
"MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\" /WinStart"
"NCLaunch"="C:\\WINDOWS\\NCLAUNCH.EXe"
"Active Desktop Calendar"="C:\\Program Files\\XemiComputers\\Active Desktop Calendar\\ADC.exe"
"MySpaceIM"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonceex]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000004

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=dword:40000004
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,12,02,00,00,23,00,00,00,dc,00,00,00,d2,00,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{2C1CD3D7-86AC-4068-93BC-A02304BB2236}"="DCOM Server 2236"
"{3F143C3A-1457-6CCA-03A7-7AA23B61E40F}"="OLE Automation Module"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"



Completion time: Sun 08/27/2006 5:20:19.87
ComboFix.txt
ComboFix2.txt
ComboFix3.txt
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP