Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Over 100 Processes Running in Normal Mode [RESOLVED]

Started by MrP2 , Sep 26 2006 09:27 PM

  • This topic is locked This topic is locked

#1
MrP2
Posted 26 September 2006 - 09:27 PM

MrP2

    Member

  • Member
  • PipPip
  • 35 posts
My sis-in-law's PC is pretty sick. I have tried running the list of programs recommended by G2G; however, I had to run them in Safe Mode. When I try to boot up in Normal Mode, popups and processes are running havoc. I know SurfSideKick is one of them but there are plenty more. I have included the HJT log. Thanks in advance for your help.

Logfile of HijackThis v1.99.1
Scan saved at 10:04:54 PM, on 9/26/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\TrojanHunter 4.2\THGuard.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalo...asp?si=20073&k=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalo...asp?si=20073&k=
R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\System32\sedty.exe
F2 - REG:system.ini: UserInit=userinit.exe,dykxjvf.exe
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\ssqrp.dll
O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [STOPzilla] "C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [abu] abu.exe
O4 - HKLM\..\Run: [ankkta] C:\WINDOWS\System32\dnjzck.exe r
O4 - HKLM\..\Run: [cfxgjlm] C:\WINDOWS\System32\igsixnn.exe r
O4 - HKLM\..\Run: [ckpngf] c:\windows\system32\jcqodc.exe r
O4 - HKLM\..\Run: [dcefbr] C:\WINDOWS\System32\aholljo.exe r
O4 - HKLM\..\Run: [dfzbfu] c:\windows\system32\raozve.exe r
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [dxcnas] C:\WINDOWS\System32\blbrsel.exe r
O4 - HKLM\..\Run: [gmnaku] C:\WINDOWS\System32\lrjsyn.exe r
O4 - HKLM\..\Run: [hgebpqz] C:\WINDOWS\System32\eknzxdv.exe r
O4 - HKLM\..\Run: [koodgu] C:\WINDOWS\System32\upxhhz.exe r
O4 - HKLM\..\Run: [muiipb] C:\WINDOWS\System32\vvyceu.exe r
O4 - HKLM\..\Run: [pathddv] C:\WINDOWS\System32\ucehdns.exe r
O4 - HKLM\..\Run: [ProSiteFinder] C:\Program Files\ProSiteFinder\prositefinder.exe
O4 - HKLM\..\Run: [qisbvy] c:\windows\system32\yfsjgs.exe r
O4 - HKLM\..\Run: [qwubex] C:\WINDOWS\System32\bkxywz.exe r
O4 - HKLM\..\Run: [rlktuf] C:\WINDOWS\System32\lmavuge.exe r
O4 - HKLM\..\Run: [ttupt] C:\WINDOWS\ttupt.exe
O4 - HKLM\..\Run: [vfpopb] C:\WINDOWS\System32\panckza.exe r
O4 - HKLM\..\Run: [vwwkgx] c:\windows\system32\jopvag.exe r
O4 - HKLM\..\Run: [wwzoga] C:\WINDOWS\System32\fgxufu.exe r
O4 - HKLM\..\Run: [xlxllo] C:\WINDOWS\System32\ptttynn.exe r
O4 - HKLM\..\Run: [xsehqd] C:\WINDOWS\System32\cdqowl.exe r
O4 - HKLM\..\Run: [zqxvkx] C:\WINDOWS\System32\zthomuw.exe r
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [loaddr] C:\DOCUME~1\Dad\LOCALS~1\Temp\silver.exe
O4 - HKLM\..\Run: [pop06apelt] C:\WINDOWS\thiselt.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\CCZoop05.exe
O4 - HKLM\..\Run: [k6mmN5IOU] "C:\WINDOWS\System32\wfxqhv.exe"
O4 - HKLM\..\Run: [ad8rIU3s] C:\WINDOWS\System32\cvn0.exe
O4 - HKLM\..\Run: [win32074901689199] C:\WINDOWS\win32074901689199.exe
O4 - HKLM\..\Run: [epy9J] "C:\WINDOWS\System32\l3jdfs.exe"
O4 - HKLM\..\Run: [wGzyM6F48] C:\WINDOWS\System32\apbzk.exe
O4 - HKLM\..\Run: [sys016891994901] C:\WINDOWS\sys016891994901.exe
O4 - HKLM\..\Run: [win32089016891994] C:\WINDOWS\win32089016891994.exe
O4 - HKLM\..\Run: [ftexc] C:\WINDOWS\System32\mptft.exe
O4 - HKLM\..\Run: [ehlkhjcA] C:\WINDOWS\ehlkhjcA.exe
O4 - HKLM\..\Run: [olj65522] RUNDLL32.EXE w002f8be.dll,n 0026552000000003002f8be
O4 - HKLM\..\Run: [w0031f9f.dll] RUNDLL32.EXE w0031f9f.dll,I2 0026552000031f9f
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [ms039199490168] C:\WINDOWS\ms039199490168.exe
O4 - HKLM\..\Run: [ms059949016891] C:\WINDOWS\ms059949016891.exe
O4 - HKLM\..\Run: [win32090168919949] C:\WINDOWS\win32090168919949.exe
O4 - HKLM\..\Run: [sys101689199490] C:\WINDOWS\sys101689199490.exe
O4 - HKLM\..\Run: [septpop06apsept] C:\program files\popupwithcast\septpop06apsept.exe
O4 - HKLM\..\Run: [{F2-23-38-82-ZN}] C:\windows\system32\ondsregj.exe ELT001
O4 - HKLM\..\Run: [ms069490168919] C:\WINDOWS\ms069490168919.exe
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\System32\owinopes.exe ELT001
O4 - HKLM\..\Run: [sys039199490168] C:\WINDOWS\sys039199490168.exe
O4 - HKLM\..\Run: [whuwobn.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\whuwobn.dll,duyhkwc
O4 - HKLM\..\Run: [sachost] C:\WINDOWS\sachostx.exe
O4 - HKLM\..\Run: [ms041994901689] C:\WINDOWS\ms041994901689.exe
O4 - HKLM\..\Run: [trnkgahA] C:\WINDOWS\trnkgahA.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aida] "C:\WINDOWS\System32\RACLE~1\iexplore.exe" -vt yazb
O4 - HKCU\..\Run: [Ddvc] C:\WINDOWS\System32\?hkntfs.exe
O4 - HKCU\..\Run: [CAS2] "C:\Program Files\System Files\System.exe"
O4 - HKCU\..\Run: [PSHope] "C:\Program Files\PSHope\PSHope.exe"
O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00003.exe"
O4 - HKCU\..\Run: [PSDream] "C:\Program Files\PSDream\PSDream.exe"
O4 - HKCU\..\Run: [WinMedia] C:\DOCUME~1\Dad\LOCALS~1\Temp\stdrun162560.exe
O4 - HKCU\..\Run: [Winsvr] C:\DOCUME~1\Dad\LOCALS~1\Temp\stdrun165632.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O4 - Startup: Think-Adz.lnk = C:\WINDOWS\system32\owinopes.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office2000\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: officejet 6100.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O15 - Trusted Zone: *.elitemediagroup.net
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://hgtv1.view22....p/view22rte.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla...ller/dwnldr.cab
O20 - AppInit_DLLs: repairs303169590.dll
O20 - Winlogon Notify: ShellCompatibility - C:\WINDOWS\system32\t88u0il9e8q.dll
O20 - Winlogon Notify: ssqrp - C:\WINDOWS\SYSTEM32\ssqrp.dll
O20 - Winlogon Notify: winrwq32 - C:\WINDOWS\SYSTEM32\winrwq32.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: STOPzilla Local Service - International Software Systems Solutions - C:\Program Files\STOPzilla!\szntsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\trnkgah.exe
  • 0

Advertisements

#2
Ryan
Posted 26 September 2006 - 09:42 PM

Ryan

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,867 posts
Welcome to geekstogo. I'm Ryan, and I'll be helping you clean your computer.

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.


I would like to see an Uninstall list as well.

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)

Please post the contents of C:\vundofix.txt, the uninstall list, and a new HiJackThis log.

-Ryan

Edited by rmurphy, 26 September 2006 - 10:03 PM.

  • 0

#3
MrP2
Posted 27 September 2006 - 08:09 PM

MrP2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Hi Ryan,

I did as you requested but encountered a couple of unexpected results:

VundoFix.exe did encounter a file it could not remove. However, when the PC rebooted, VundoFix did not appear. Consequently, I re-ran the program. The vundofix.txt file is after the second run.

Also, when I ran HijackThis and selected Open Uninstall Manager and then selected Save List, nothing seemed to happen except HijackThis closed. I did a search and did not find a file called uninstall_list.txt.

The following are the logs that I was able to generate and capture...

VundoFix V6.1.6

Checking Java version...

Sun Java not detected
Scan started at 8:17:31 PM 9/27/2006

Listing files found while scanning....

C:\WINDOWS\system32\mljjhgh.dll
C:\WINDOWS\system32\ssqrp.dll
C:\Program Files\Common Files\{64AF2382-0952-1033-1022-020816020001}\services.dll
C:\Program Files\Common Files\{64AF2382-0952-1033-1022-020816020001}\Update.exe

Beginning removal...

Attempting to delete C:\WINDOWS\system32\mljjhgh.dll
C:\WINDOWS\system32\mljjhgh.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqrp.dll
C:\WINDOWS\system32\ssqrp.dll Could not be deleted.

Attempting to delete C:\Program Files\Common Files\{64AF2382-0952-1033-1022-020816020001}\services.dll
C:\Program Files\Common Files\{64AF2382-0952-1033-1022-020816020001}\services.dll Has been deleted!

Attempting to delete C:\Program Files\Common Files\{64AF2382-0952-1033-1022-020816020001}\Update.exe
C:\Program Files\Common Files\{64AF2382-0952-1033-1022-020816020001}\Update.exe Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.1.6

Checking Java version...

Sun Java not detected
Scan started at 8:27:26 PM 9/27/2006

Listing files found while scanning....

C:\WINDOWS\system32\ssqrp.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ssqrp.dll
C:\WINDOWS\system32\ssqrp.dll Has been deleted!

Performing Repairs to the registry.
Done!


Logfile of HijackThis v1.99.1
Scan saved at 8:39:27 PM, on 9/27/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\TEMP\winA.tmp.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalo...asp?si=20073&k=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalo...asp?si=20073&k=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\System32\sedty.exe
F2 - REG:system.ini: UserInit=userinit.exe,dykxjvf.exe
O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll
O3 - Toolbar: &VSToolBar - {821F87FF-8245-4972-9E28-732E92EC2F51} - C:\Program Files\VSToolbar\VSToolBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [STOPzilla] "C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [abu] abu.exe
O4 - HKLM\..\Run: [ankkta] C:\WINDOWS\System32\dnjzck.exe r
O4 - HKLM\..\Run: [cfxgjlm] C:\WINDOWS\System32\igsixnn.exe r
O4 - HKLM\..\Run: [ckpngf] c:\windows\system32\jcqodc.exe r
O4 - HKLM\..\Run: [dcefbr] C:\WINDOWS\System32\aholljo.exe r
O4 - HKLM\..\Run: [dfzbfu] c:\windows\system32\raozve.exe r
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [dxcnas] C:\WINDOWS\System32\blbrsel.exe r
O4 - HKLM\..\Run: [gmnaku] C:\WINDOWS\System32\lrjsyn.exe r
O4 - HKLM\..\Run: [hgebpqz] C:\WINDOWS\System32\eknzxdv.exe r
O4 - HKLM\..\Run: [koodgu] C:\WINDOWS\System32\upxhhz.exe r
O4 - HKLM\..\Run: [muiipb] C:\WINDOWS\System32\vvyceu.exe r
O4 - HKLM\..\Run: [pathddv] C:\WINDOWS\System32\ucehdns.exe r
O4 - HKLM\..\Run: [ProSiteFinder] C:\Program Files\ProSiteFinder\prositefinder.exe
O4 - HKLM\..\Run: [qisbvy] c:\windows\system32\yfsjgs.exe r
O4 - HKLM\..\Run: [qwubex] C:\WINDOWS\System32\bkxywz.exe r
O4 - HKLM\..\Run: [rlktuf] C:\WINDOWS\System32\lmavuge.exe r
O4 - HKLM\..\Run: [ttupt] C:\WINDOWS\ttupt.exe
O4 - HKLM\..\Run: [vfpopb] C:\WINDOWS\System32\panckza.exe r
O4 - HKLM\..\Run: [vwwkgx] c:\windows\system32\jopvag.exe r
O4 - HKLM\..\Run: [wwzoga] C:\WINDOWS\System32\fgxufu.exe r
O4 - HKLM\..\Run: [xlxllo] C:\WINDOWS\System32\ptttynn.exe r
O4 - HKLM\..\Run: [xsehqd] C:\WINDOWS\System32\cdqowl.exe r
O4 - HKLM\..\Run: [zqxvkx] C:\WINDOWS\System32\zthomuw.exe r
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [loaddr] C:\DOCUME~1\Dad\LOCALS~1\Temp\silver.exe
O4 - HKLM\..\Run: [pop06apelt] C:\WINDOWS\thiselt.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\CCZoop05.exe
O4 - HKLM\..\Run: [k6mmN5IOU] "C:\WINDOWS\System32\wfxqhv.exe"
O4 - HKLM\..\Run: [ad8rIU3s] C:\WINDOWS\System32\cvn0.exe
O4 - HKLM\..\Run: [win32074901689199] C:\WINDOWS\win32074901689199.exe
O4 - HKLM\..\Run: [epy9J] "C:\WINDOWS\System32\l3jdfs.exe"
O4 - HKLM\..\Run: [wGzyM6F48] C:\WINDOWS\System32\apbzk.exe
O4 - HKLM\..\Run: [sys016891994901] C:\WINDOWS\sys016891994901.exe
O4 - HKLM\..\Run: [win32089016891994] C:\WINDOWS\win32089016891994.exe
O4 - HKLM\..\Run: [ftexc] C:\WINDOWS\System32\mptft.exe
O4 - HKLM\..\Run: [ehlkhjcA] C:\WINDOWS\ehlkhjcA.exe
O4 - HKLM\..\Run: [olj65522] RUNDLL32.EXE w002f8be.dll,n 0026552000000003002f8be
O4 - HKLM\..\Run: [w0031f9f.dll] RUNDLL32.EXE w0031f9f.dll,I2 0026552000031f9f
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [ms039199490168] C:\WINDOWS\ms039199490168.exe
O4 - HKLM\..\Run: [ms059949016891] C:\WINDOWS\ms059949016891.exe
O4 - HKLM\..\Run: [win32090168919949] C:\WINDOWS\win32090168919949.exe
O4 - HKLM\..\Run: [sys101689199490] C:\WINDOWS\sys101689199490.exe
O4 - HKLM\..\Run: [septpop06apsept] C:\program files\popupwithcast\septpop06apsept.exe
O4 - HKLM\..\Run: [{F2-23-38-82-ZN}] C:\windows\system32\ondsregj.exe ELT001
O4 - HKLM\..\Run: [ms069490168919] C:\WINDOWS\ms069490168919.exe
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\System32\owinopes.exe ELT001
O4 - HKLM\..\Run: [sys039199490168] C:\WINDOWS\sys039199490168.exe
O4 - HKLM\..\Run: [whuwobn.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\whuwobn.dll,duyhkwc
O4 - HKLM\..\Run: [sachost] C:\WINDOWS\sachostx.exe
O4 - HKLM\..\Run: [ms041994901689] C:\WINDOWS\ms041994901689.exe
O4 - HKLM\..\Run: [trnkgahA] C:\WINDOWS\trnkgahA.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aida] "C:\WINDOWS\System32\RACLE~1\iexplore.exe" -vt yazb
O4 - HKCU\..\Run: [Ddvc] C:\WINDOWS\System32\?hkntfs.exe
O4 - HKCU\..\Run: [CAS2] "C:\Program Files\System Files\System.exe"
O4 - HKCU\..\Run: [PSHope] "C:\Program Files\PSHope\PSHope.exe"
O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00003.exe"
O4 - HKCU\..\Run: [PSDream] "C:\Program Files\PSDream\PSDream.exe"
O4 - HKCU\..\Run: [WinMedia] C:\DOCUME~1\Dad\LOCALS~1\Temp\stdrun162560.exe
O4 - HKCU\..\Run: [Winsvr] C:\DOCUME~1\Dad\LOCALS~1\Temp\stdrun165632.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O4 - Startup: Think-Adz.lnk = C:\WINDOWS\system32\owinopes.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office2000\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: officejet 6100.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O15 - Trusted Zone: *.elitemediagroup.net
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} - http://85.255.114.166/1/rdgUS2404.exe
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://hgtv1.view22....p/view22rte.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla...ller/dwnldr.cab
O20 - AppInit_DLLs: repairs303169590.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: STOPzilla Local Service - International Software Systems Solutions - C:\Program Files\STOPzilla!\szntsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\trnkgah.exe
  • 0

#4
Ryan
Posted 27 September 2006 - 09:16 PM

Ryan

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,867 posts
Hi MrP2. It looks like Vundo is gone, so we'll start on SurfSideKick and a few others.

Please be aware that while it may look like not much is getting done at a time, youhave a few infections, and I want to tackle them one at a time to ensure that they are gone.

Please go to Add/Remove Programs in the Control Panel and remove the following programs:

MyToolbar
SurfSideKick
Toolbar888
Windows Overlay Components


Please download ComboFix and save it to your desktop.
Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log and a new HiJack This log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

-Ryan
  • 0

#5
MrP2
Posted 27 September 2006 - 09:49 PM

MrP2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Hi Ryan,

MyToolbar and SurfSideKick were not listed in Add/Remove Programs but the other two were.

Thanks,
Perry

Dad - 06-09-27 22:30:50.14 Service Pack 1
ComboFix 06.09.27 - Running from: "C:\Documents and Settings\Dad\Desktop"

((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))

REGISTRY ENTRIES REMOVED:

[HKEY_CLASSES_ROOT\CLSID\{09C36710-146C-4FE6-90F5-C918A39D1DFD}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{09C36710-146C-4FE6-90F5-C918A39D1DFD}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{09C36710-146C-4FE6-90F5-C918A39D1DFD}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{09C36710-146C-4FE6-90F5-C918A39D1DFD}\InprocServer32]
@="C:\\WINDOWS\\system32\\iprnonce.dll"
"ThreadingModel"="Apartment"

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


FILES REMOVED:

C:\WINDOWS\system32\f00olad31d0.dll
C:\WINDOWS\system32\fplq0335e.dll
C:\WINDOWS\system32\gp44l3hq1.dll
C:\WINDOWS\system32\gp8sl3l71.dll
C:\WINDOWS\system32\gpr8l39u1.dll
C:\WINDOWS\system32\hr4m05h1e.dll
C:\WINDOWS\system32\iprnonce.dll
C:\WINDOWS\system32\jt2407fqe.dll
C:\WINDOWS\system32\l8r00i9me8.dll
C:\WINDOWS\system32\meminst.dll
C:\WINDOWS\system32\mrdxmlc.dll
C:\WINDOWS\system32\mv40l9hm1.dll
C:\WINDOWS\system32\p26slcj71fo.dll
C:\WINDOWS\system32\q268lcju1fo8.dll
C:\WINDOWS\system32\q6nulg5916.dll
C:\WINDOWS\system32\r0r60a9sed.dll
C:\WINDOWS\system32\s2pulc791f.dll
C:\WINDOWS\system32\s488lelu1hq8.dll
C:\WINDOWS\system32\synike.dll
C:\WINDOWS\system32\guard.tmp


Granting sedebugprivilege to Administrators ... successful


((((((((((((((((((((((((((((((((((((((((((((( Qoologic's Log )))))))))))))))))))))))))))))))))))))))))))))))))))


* * * PRE-RUN - Filepaths extracted from the Registry * * * * * * * * * * * * * * * * * * * * * *


O4 - HKCU\...\Run C:\WINDOWS\system32\ctmpyq.exe
O4 - HKLM\...\Run C:\WINDOWS\System32\ctmpyq.exe
F2 -REG:system.ini: Shell C:\WINDOWS\System32\sedty.exe
F2 -REG:system.ini: UserInit C:\WINDOWS\system32\dykxjvf.exe


* * * PRE-RUN - Filepaths extracted by Memory Dump * * * * * * * * * * * * * * * * * * * * * *


C:\WINDOWS\system32\ctmpyq.exe
C:\WINDOWS\system32\ibmqpyq.dll
C:\WINDOWS\system32\dykxjvf.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\tcyqf.exe
C:\WINDOWS\aptwp.dll
C:\WINDOWS\system32\hrbtk.dat
C:\WINDOWS\system32\sedty.exe


* * * POST-RUN - Files in the Quarantine folder * * * * * * * * * * * * * * * * * * * * * * * * *


06-07-31 14:06 127488 ctmpyq.exe.qoo
06-07-31 14:06 127488 tcyqf.exe.qoo
06-09-26 20:16 127488 hrbtk.dat.qoo
06-09-26 21:13 73216 fdfvwrf.dll.qoo
06-07-31 14:06 51712 ibmqpyq.dll.qoo
06-07-31 14:06 28672 sedty.exe.qoo
06-07-31 14:06 23552 dykxjvf.exe.qoo
06-09-27 22:24 265 aptwp.dll.qoo
06-09-26 21:12 53 voweve.dat.qoo

DO NOT DELETE ANY FILES FROM THIS DIRECTORY UNLESS INSTRUCTED TO


((((((((((((((((((((((((((((((((((((((((((( E-Give / Ssk's Log )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\repairs303169590.dll
C:\Documents and Settings\Dad\Application Data\Sskcwrd.dll
C:\Documents and Settings\Dad\Application Data\Sskdmns.dll
C:\Documents and Settings\Dad\Application Data\Sskknwrd.dll
C:\Documents and Settings\Dad\Application Data\Sskuknwrd.dll
C:\WINDOWS\system32\bk.exe
C:\Program Files\surfsidekick 3\Ssk.exe
C:\Program Files\surfsidekick 3\SskBho.dll
C:\Program Files\surfsidekick 3\SskCore.dll
C:\WINDOWS\KIUJ0V.EXE


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


C:\WINDOWS\system32\repairs303169590.dll
C:\Program Files\surfsidekick 3\Ssk.exe
C:\Program Files\surfsidekick 3\SskBho.dll
C:\Program Files\surfsidekick 3\SskCore.dll
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\cfg32.exe
C:\WINDOWS\SYSC00.exe
C:\webnexmknew.exe
C:\Program Files\Common Files\elitemediagroupoinuninstaller.exe
C:\WINDOWS\system32\aaa00000.dll
C:\WINDOWS\system32\aaa00000.sys
C:\WINDOWS\system32\afdaqd3.exe
C:\WINDOWS\system32\apbzk.exe
C:\WINDOWS\system32\BattyRun.dll
C:\WINDOWS\system32\bez6n4r21.exe
C:\WINDOWS\system32\cvn0.exe
C:\WINDOWS\system32\cymmh.exe
C:\WINDOWS\system32\dexplore.dll
C:\WINDOWS\system32\dwdsregt.exe
C:\WINDOWS\system32\ftuninst.exe
C:\WINDOWS\system32\ghynf.exe
C:\WINDOWS\system32\ishost.exe
C:\WINDOWS\system32\ismini.exe
C:\WINDOWS\system32\kernels8.exe
C:\WINDOWS\system32\l3jdfs.exe
C:\WINDOWS\system32\mptft.exe
C:\WINDOWS\system32\n9nyb.exe
C:\WINDOWS\system32\redist.dll
C:\WINDOWS\system32\redistributor.exe
C:\WINDOWS\system32\scmt16.exe
C:\WINDOWS\system32\tfthot.exe
C:\WINDOWS\system32\tsuninst.exe
C:\WINDOWS\system32\vf1v62x.dll
C:\WINDOWS\system32\vp1i4.exe
C:\WINDOWS\system32\VSL05.exe
C:\WINDOWS\system32\wfxqhv.exe
C:\WINDOWS\system32\whcixm7.exe
C:\WINDOWS\system32\WinNB58.dll
C:\WINDOWS\system32\xeymi.dll
C:\WINDOWS\system32\y3aqsoepa.exe
C:\WINDOWS\system32\zqskw.exe
C:\visfx500new.exe
C:\WINDOWS\elpp100drop.exe
C:\WINDOWS\offun.exe
C:\WINDOWS\pf78.exe
C:\WINDOWS\ssqbn.exe
C:\WINDOWS\system32afdaqd3.exe
C:\WINDOWS\system32bez6n4r21.exe
C:\WINDOWS\system32cymmh.exe
C:\WINDOWS\system32ftuninst.exe
C:\WINDOWS\system32ghynf.exe
C:\WINDOWS\system32n9nyb.exe
C:\WINDOWS\System32tfthot.exe
C:\WINDOWS\system32y3aqsoepa.exe
C:\WINDOWS\thiselt.exe
C:\WINDOWS\uni_eh.exe
C:\WINDOWS\uni_ehhh.exe
C:\WINDOWS\unin101.exe
C:\WINDOWS\uninst104.exe
C:\WINDOWS\YOINSI.exe
C:\WINDOWS\MirarSetup_876075.exe
C:\WINDOWS\Eim03.exe
C:\WINDOWS\uni_ehhhh.exe
C:\Program Files\Common Files\Yazzle1438OinAdmin.exe
C:\Program Files\Common Files\Yazzle1438OinUninstaller.exe
C:\Program Files\Common Files\Yazzle1440OinAdmin.exe
C:\Program Files\Common Files\Yazzle1440OinUninstaller.exe
C:\Program Files\Common Files\Yazzle1452OinAdmin.exe
C:\Program Files\Common Files\Yazzle1452OinUninstaller.exe
C:\WINDOWS\uninstall_nmon.vbs
C:\WINDOWS\system32\w0017700.dll
C:\WINDOWS\system32\w00193ee.dll
C:\WINDOWS\system32\w001c09b.dll
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Program Files\Common Files\misc001
C:\Program Files\Common Files\simtest
C:\Program Files\Common Files\svchostsys
C:\Program Files\elticons
C:\Program Files\PSLister
C:\Program Files\Common Files\{64AF2382-0952-1033-1022-020816020001}

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Documents and Settings\Dad\Application Data\ICROSO~1
C:\QooBox\Purity\Documents and Settings\Dad\Application Data\ICROSO~1\nslookup.exe
C:\QooBox\Purity\Documents and Settings\Dad\Application Data\ICROSO~1\?icrosoft
C:\QooBox\Purity\Documents and Settings\Dad\My Documents\ICROSO~1.NET
C:\QooBox\Purity\WINDOWS\MANTEC~1
C:\QooBox\Purity\WINDOWS\SCURIT~1
C:\QooBox\Purity\WINDOWS\system32\RACLE~1
C:\QooBox\Purity\WINDOWS\system32\RACLE~1\iexplore.exe
C:\QooBox\Purity\WINDOWS\system32\RACLE~1\RACLE~1


((((((((((((((((((((((((((((((( Files Created from 2006-08-27 to 2006-09-27 ))))))))))))))))))))))))))))))))))


2006-09-27 20:18 830,553 ---hs---- C:\WINDOWS\system32\kjkmp.bak1
2006-09-27 20:18 577,588 ---hs---- C:\WINDOWS\system32\pmkjk.dll
2006-09-27 20:18 45,525 --a------ C:\WINDOWS\system32\bqrinpdd.dll
2006-09-27 20:18 143,380 --a------ C:\WINDOWS\system32\ieubrque.exe
2006-09-26 21:17 215,308 --a------ C:\WINDOWS\srvqygatrh.exe
2006-09-26 21:15 45,092 --a------ C:\WINDOWS\system32\ondsregj.exe
2006-09-26 21:14 4,786 --a------ C:\WINDOWS\system32\sachosts.exe
2006-09-26 21:13 93,696 --a------ C:\WINDOWS\system32\whuwobn.dll
2006-09-26 21:13 9,906 --a------ C:\WINDOWS\system32\sachostp.exe
2006-09-26 21:13 8,192 --a------ C:\yomhbmm.exe
2006-09-26 21:13 6,176 --a------ C:\WINDOWS\system32\z12.exe
2006-09-26 21:13 6,144 --a------ C:\WINDOWS\system32\msvcrl.dll
2006-09-26 21:13 5,332 --a------ C:\WINDOWS\system32\z13.exe
2006-09-26 21:13 5,298 --a------ C:\WINDOWS\system32\sachostc.exe
2006-09-26 21:13 32,768 --a------ C:\WINDOWS\system32\z11.exe
2006-09-26 21:13 26,152 --a------ C:\WINDOWS\sachostx.exe
2006-09-26 21:13 15 --a------ C:\WINDOWS\system32\dlh9jkdq8.exe
2006-09-26 21:13 131,072 --a------ C:\WINDOWS\system32\qftoxhm.dll
2006-09-26 21:12 892 --a------ C:\WINDOWS\system32\winpfg32.sys
2006-09-26 21:12 76,288 --a------ C:\bfdncc.exe
2006-09-26 21:12 547,824 -r-hs---- C:\WINDOWS\trnkgahA.exe
2006-09-26 21:12 53,120 --a------ C:\WINDOWS\srvjbibfen.exe
2006-09-26 21:12 518,784 -r-hs---- C:\WINDOWS\trnkgah.exe
2006-09-26 21:12 45,312 --a------ C:\WINDOWS\tct101.dll
2006-09-26 21:12 45,065 --a------ C:\WINDOWS\TIELT001.exe
2006-09-26 21:12 3,749 --a------ C:\WINDOWS\sysldr32.exe
2006-09-26 21:12 215,308 --a------ C:\WINDOWS\Setup90.exe
2006-09-26 21:12 183,476 --a------ C:\WINDOWS\srvmmcgxeg.exe
2006-09-26 21:12 168,062 --a------ C:\WINDOWS\system32\owinopes.exe
2006-09-26 21:12 15,872 --a------ C:\WINDOWS\system32\winrwq32.dll
2006-09-26 21:12 139,264 --a------ C:\WINDOWS\MirarSetup_876057.exe
2006-09-26 21:11 32,768 --a------ C:\WINDOWS\DXCecho.exe
2006-09-26 21:11 32,256 --a------ C:\WINDOWS\system32\dmonwv.dll
2006-09-26 21:11 268,581 --a------ C:\WINDOWS\popupwithcast.exe
2006-09-26 21:11 2,560 --a------ C:\WINDOWS\ac3_0018.exe
2006-09-26 21:11 2,560 --a------ C:\WINDOWS\ac3_0002.exe
2006-09-22 09:38 53,248 --a------ C:\WINDOWS\109uninst.exe
2006-09-22 09:36 53,248 --a------ C:\WINDOWS\uni_7eh.exe
2006-09-22 09:34 163,840 --a------ C:\WINDOWS\win32090168919949.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-09-27 22:31 -------- d-------- C:\Program Files\Common Files
2006-09-27 20:42 -------- d-------- C:\Program Files\Hijackthis
2006-09-27 20:18 -------- d-------- C:\Program Files\VSToolbar
2006-09-26 21:20 -------- d-------- C:\Program Files\STOPzilla!
2006-09-26 21:13 2 --a------ C:\WINDOWS\system32\wnstssv.exe
2006-09-26 21:13 0 --a------ C:\Program Files\Common Files\ntldr.sys
2006-09-26 21:12 -------- d--h----- C:\Program Files\BHO Plugin
2006-09-26 21:12 -------- d-------- C:\Program Files\PSDream
2006-09-26 21:12 -------- d-------- C:\Program Files\popupwithcast
2006-09-26 21:11 32768 --a------ C:\WINDOWS\unstall.exe
2006-09-26 21:11 163840 --a------ C:\WINDOWS\sys101689199490.exe
2006-08-23 22:40 -------- d-------- C:\Program Files\ProSiteFinder
2006-08-23 22:40 -------- d-------- C:\Program Files\Hszwex
2006-08-23 22:40 -------- d-------- C:\Program Files\DIGStream
2006-08-23 22:40 -------- d-------- C:\Program Files\Common Files\iqif
2006-08-23 22:40 -------- d-------- C:\Program Files\Batty
2006-08-23 22:40 -------- d-------- C:\Program Files\Axqbdkt
2006-08-23 20:09 5120 --a------ C:\WINDOWS\SYSHOST.DLL
2006-08-23 20:07 -------- d-------- C:\Program Files\CleanUp!
2006-08-21 17:41 159744 --a------ C:\WINDOWS\VapeG22.exe
2006-08-21 17:41 159744 --a------ C:\WINDOWS\ms069490168919.exe
2006-08-21 17:41 159744 --a------ C:\WINDOWS\ms059949016891.exe
2006-08-14 21:36 1167 --a------ C:\WINDOWS\system32\olj65522.sys
2006-08-14 19:52 78848 --a------ C:\WINDOWS\system32\nsb21.dll
2006-08-11 11:05 155648 --a------ C:\WINDOWS\sys039199490168.exe
2006-08-11 11:05 155648 --a------ C:\WINDOWS\ms041994901689.exe
2006-08-07 00:55 -------- d-------- C:\Program Files\Symantec
2006-08-07 00:48 -------- d-------- C:\Program Files\TrojanHunter 4.2
2006-08-06 18:59 183296 --a-s---- C:\WINDOWS\NDNuninstall7_22.exe
2006-08-06 18:46 8464 --a------ C:\WINDOWS\system32\sporder.dll
2006-08-06 18:46 25105 --a------ C:\WINDOWS\idlemg.exe
2006-08-06 18:46 -------- d-------- C:\Program Files\rdso
2006-08-06 18:45 61952 --a------ C:\WINDOWS\system32\olj65522.dll
2006-08-06 18:45 -------- d-------- C:\Program Files\Xnvy
2006-08-06 18:45 -------- d-------- C:\Program Files\PSHope
2006-08-06 00:00 -------- d-------- C:\Program Files\Yjwvf
2006-07-31 23:49 0 --a------ C:\Documents and Settings\Dad\Application Data\internaldb41.dat
2006-07-31 23:45 32443 --a------ C:\WINDOWS\system32\uninstIcn.exe
2006-07-31 23:43 69632 --a------ C:\WINDOWS\system32\nfilhomn.dll
2006-07-31 23:43 69632 --a------ C:\WINDOWS\system32\daidbdaa.dll
2006-07-31 23:43 235134 --a------ C:\WINDOWS\srvjdgmjyb.exe
2006-07-31 23:43 184829 --a------ C:\WINDOWS\srvmfirurl.exe
2006-07-31 23:42 96768 --------- C:\WINDOWS\system32\repairs303169590.dll
2006-07-31 23:42 93664 --ahs---- C:\Program Files\Common Files\Y1304OU.exe
2006-07-31 23:42 183887 --a------ C:\WINDOWS\YazzleBundle-1304.exe
2006-07-31 23:42 143360 --a------ C:\WINDOWS\win32089016891994.exe
2006-07-31 23:42 -------- d-a------ C:\Program Files\SurfSideKick 3
2006-07-31 23:41 57344 --a------ C:\WINDOWS\ddhb.exe
2006-07-31 23:41 234248 --a------ C:\WINDOWS\Tagasuarus2.exe
2006-07-31 14:11 143360 --a------ C:\WINDOWS\win32074901689199.exe
2006-07-31 14:06 53248 --a------ C:\xxqap.exe
2006-07-31 14:06 53248 --a------ C:\tyojb.exe
2006-07-31 14:06 53248 --a------ C:\pvhjfte.exe
2006-07-31 14:06 28672 --a------ C:\WINDOWS\system32\iqqr.exe
2006-07-31 14:06 143360 --a------ C:\WINDOWS\sys0168919949012006.exe
2006-07-31 14:05 6581 --a------ C:\WINDOWS\svchost.exe
2006-07-31 14:05 6581 --a------ C:\WINDOWS\24545243171.exe
2006-07-31 14:05 6289 --a------ C:\WINDOWS\r836l32p.exe
2006-07-31 14:05 6253 --a------ C:\WINDOWS\loadnew.exe
2006-07-31 14:05 4096 -rah----- C:\WINDOWS\system32\syst2.dll
2006-07-31 14:05 10217 -r-h----- C:\WINDOWS\system32\win_3y4.exe
2006-07-31 14:05 0 --a------ C:\WINDOWS\dc2g41d4.exe
2006-07-13 15:13 36864 --a------ C:\WINDOWS\system32\ahnciup.exe
2006-07-13 15:13 1163264 --a------ C:\WINDOWS\system32\fhsxc.exe
2006-07-13 09:38 389120 --a------ C:\WINDOWS\system32\nodeipproc.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Aida"="\"C:\\WINDOWS\\System32\\RACLE~1\\iexplore.exe\" -vt yazb"
"Ddvc"="C:\\WINDOWS\\System32\\?hkntfs.exe"
"PSHope"="\"C:\\Program Files\\PSHope\\PSHope.exe\""
"PSDream"="\"C:\\Program Files\\PSDream\\PSDream.exe\""
"Winsvr"="C:\\DOCUME~1\\Dad\\LOCALS~1\\Temp\\stdrun165632.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.EXE NvQTwk,NvCplDaemon initialize"
"diagent"="\"C:\\Program Files\\Creative\\SBLive\\Diagnostics\\diagent.exe\" startup"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"AdaptecDirectCD"="\"C:\\Program Files\\Roxio\\Easy CD Creator 5\\DirectCD\\DirectCD.exe\""
"MMTray"="C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mm_tray.exe"
"WorksFUD"="C:\\Program Files\\Microsoft Works\\wkfud.exe"
"Microsoft Works Portfolio"="C:\\Program Files\\Microsoft Works\\WksSb.exe /AllUsers"
"Microsoft Works Update Detection"="C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe"
"MoneyStartUp10.0"="\"C:\\Program Files\\Microsoft Money\\System\\Activation.exe\""
"NAV Agent"="C:\\PROGRA~1\\NORTON~1\\navapw32.exe"
"DIGStream"="C:\\Program Files\\DIGStream\\digstream.exe"
"STOPzilla"="\"C:\\Program Files\\STOPzilla!\\Stopzilla.exe\" /autorun"
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"SSC_UserPrompt"="C:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\UsrPrmpt.exe"
"Share-to-Web Namespace Daemon"="C:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe"
"abu"="abu.exe"
"ankkta"="C:\\WINDOWS\\System32\\dnjzck.exe r"
"cfxgjlm"="C:\\WINDOWS\\System32\\igsixnn.exe r"
"ckpngf"="c:\\windows\\system32\\jcqodc.exe r"
"dcefbr"="C:\\WINDOWS\\System32\\aholljo.exe r"
"dfzbfu"="c:\\windows\\system32\\raozve.exe r"
"Dinst"="C:\\WINDOWS\\dinst.exe"
"dxcnas"="C:\\WINDOWS\\System32\\blbrsel.exe r"
"gmnaku"="C:\\WINDOWS\\System32\\lrjsyn.exe r"
"hgebpqz"="C:\\WINDOWS\\System32\\eknzxdv.exe r"
"koodgu"="C:\\WINDOWS\\System32\\upxhhz.exe r"
"muiipb"="C:\\WINDOWS\\System32\\vvyceu.exe r"
"pathddv"="C:\\WINDOWS\\System32\\ucehdns.exe r"
"ProSiteFinder"="C:\\Program Files\\ProSiteFinder\\prositefinder.exe"
"qisbvy"="c:\\windows\\system32\\yfsjgs.exe r"
"qwubex"="C:\\WINDOWS\\System32\\bkxywz.exe r"
"rlktuf"="C:\\WINDOWS\\System32\\lmavuge.exe r"
"ttupt"="C:\\WINDOWS\\ttupt.exe"
"vfpopb"="C:\\WINDOWS\\System32\\panckza.exe r"
"vwwkgx"="c:\\windows\\system32\\jopvag.exe r"
"wwzoga"="C:\\WINDOWS\\System32\\fgxufu.exe r"
"xlxllo"="C:\\WINDOWS\\System32\\ptttynn.exe r"
"xsehqd"="C:\\WINDOWS\\System32\\cdqowl.exe r"
"zqxvkx"="C:\\WINDOWS\\System32\\zthomuw.exe r"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"loaddr"="C:\\DOCUME~1\\Dad\\LOCALS~1\\Temp\\silver.exe"
"k6mmN5IOU"="\"C:\\WINDOWS\\System32\\wfxqhv.exe\""
"ad8rIU3s"="C:\\WINDOWS\\System32\\cvn0.exe"
"win32074901689199"="C:\\WINDOWS\\win32074901689199.exe"
"epy9J"="\"C:\\WINDOWS\\System32\\l3jdfs.exe\""
"wGzyM6F48"="C:\\WINDOWS\\System32\\apbzk.exe"
"sys016891994901"="C:\\WINDOWS\\sys016891994901.exe"
"win32089016891994"="C:\\WINDOWS\\win32089016891994.exe"
"ftexc"="C:\\WINDOWS\\System32\\mptft.exe"
"ehlkhjcA"="C:\\WINDOWS\\ehlkhjcA.exe"
"olj65522"="RUNDLL32.EXE w002f8be.dll,n 0026552000000003002f8be"
"w0031f9f.dll"="RUNDLL32.EXE w0031f9f.dll,I2 0026552000031f9f"
"AUNPS2"="RUNDLL32 AUNPS2.DLL,_Run@16"
"cfgmgr52"="RunDLL32.EXE C:\\WINDOWS\\cfgmgr52.dll,DllRun"
"ms039199490168"="C:\\WINDOWS\\ms039199490168.exe"
"ms059949016891"="C:\\WINDOWS\\ms059949016891.exe"
"win32090168919949"="C:\\WINDOWS\\win32090168919949.exe"
"sys101689199490"="C:\\WINDOWS\\sys101689199490.exe"
"septpop06apsept"="C:\\program files\\popupwithcast\\septpop06apsept.exe"
"{F2-23-38-82-ZN}"="C:\\windows\\system32\\ondsregj.exe ELT001"
"ms069490168919"="C:\\WINDOWS\\ms069490168919.exe"
"sys039199490168"="C:\\WINDOWS\\sys039199490168.exe"
"whuwobn.dll"="C:\\WINDOWS\\System32\\rundll32.exe C:\\WINDOWS\\System32\\whuwobn.dll,duyhkwc"
"sachost"="C:\\WINDOWS\\sachostx.exe"
"ms041994901689"="C:\\WINDOWS\\ms041994901689.exe"
"trnkgahA"="C:\\WINDOWS\\trnkgahA.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce]
"AAW"=""
"VundoFix"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonceex]
@=""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=dword:40000004
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,f2,01,00,00,b9,00,00,00,7c,00,00,00,72,00,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="ewido shell guard"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoActiveDesktop"=dword:00000000
"ClassicShell"=dword:00000000
"ForceActiveDesktopOn"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
@=""
"NoDriveTypeAutoRun"=hex:5f,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmkjk
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winrwq32

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp officejet 6100 series#1129011854.job
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: Wed 09/27/2006 22:34:45.29
ComboFix.txt


Logfile of HijackThis v1.99.1
Scan saved at 10:36:52 PM, on 9/27/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalo...asp?si=20073&k=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalo...asp?si=20073&k=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [STOPzilla] "C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [abu] abu.exe
O4 - HKLM\..\Run: [ankkta] C:\WINDOWS\System32\dnjzck.exe r
O4 - HKLM\..\Run: [cfxgjlm] C:\WINDOWS\System32\igsixnn.exe r
O4 - HKLM\..\Run: [ckpngf] c:\windows\system32\jcqodc.exe r
O4 - HKLM\..\Run: [dcefbr] C:\WINDOWS\System32\aholljo.exe r
O4 - HKLM\..\Run: [dfzbfu] c:\windows\system32\raozve.exe r
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [dxcnas] C:\WINDOWS\System32\blbrsel.exe r
O4 - HKLM\..\Run: [gmnaku] C:\WINDOWS\System32\lrjsyn.exe r
O4 - HKLM\..\Run: [hgebpqz] C:\WINDOWS\System32\eknzxdv.exe r
O4 - HKLM\..\Run: [koodgu] C:\WINDOWS\System32\upxhhz.exe r
O4 - HKLM\..\Run: [muiipb] C:\WINDOWS\System32\vvyceu.exe r
O4 - HKLM\..\Run: [pathddv] C:\WINDOWS\System32\ucehdns.exe r
O4 - HKLM\..\Run: [ProSiteFinder] C:\Program Files\ProSiteFinder\prositefinder.exe
O4 - HKLM\..\Run: [qisbvy] c:\windows\system32\yfsjgs.exe r
O4 - HKLM\..\Run: [qwubex] C:\WINDOWS\System32\bkxywz.exe r
O4 - HKLM\..\Run: [rlktuf] C:\WINDOWS\System32\lmavuge.exe r
O4 - HKLM\..\Run: [ttupt] C:\WINDOWS\ttupt.exe
O4 - HKLM\..\Run: [vfpopb] C:\WINDOWS\System32\panckza.exe r
O4 - HKLM\..\Run: [vwwkgx] c:\windows\system32\jopvag.exe r
O4 - HKLM\..\Run: [wwzoga] C:\WINDOWS\System32\fgxufu.exe r
O4 - HKLM\..\Run: [xlxllo] C:\WINDOWS\System32\ptttynn.exe r
O4 - HKLM\..\Run: [xsehqd] C:\WINDOWS\System32\cdqowl.exe r
O4 - HKLM\..\Run: [zqxvkx] C:\WINDOWS\System32\zthomuw.exe r
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [loaddr] C:\DOCUME~1\Dad\LOCALS~1\Temp\silver.exe
O4 - HKLM\..\Run: [k6mmN5IOU] "C:\WINDOWS\System32\wfxqhv.exe"
O4 - HKLM\..\Run: [ad8rIU3s] C:\WINDOWS\System32\cvn0.exe
O4 - HKLM\..\Run: [win32074901689199] C:\WINDOWS\win32074901689199.exe
O4 - HKLM\..\Run: [epy9J] "C:\WINDOWS\System32\l3jdfs.exe"
O4 - HKLM\..\Run: [wGzyM6F48] C:\WINDOWS\System32\apbzk.exe
O4 - HKLM\..\Run: [sys016891994901] C:\WINDOWS\sys016891994901.exe
O4 - HKLM\..\Run: [win32089016891994] C:\WINDOWS\win32089016891994.exe
O4 - HKLM\..\Run: [ftexc] C:\WINDOWS\System32\mptft.exe
O4 - HKLM\..\Run: [ehlkhjcA] C:\WINDOWS\ehlkhjcA.exe
O4 - HKLM\..\Run: [olj65522] RUNDLL32.EXE w002f8be.dll,n 0026552000000003002f8be
O4 - HKLM\..\Run: [w0031f9f.dll] RUNDLL32.EXE w0031f9f.dll,I2 0026552000031f9f
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [ms039199490168] C:\WINDOWS\ms039199490168.exe
O4 - HKLM\..\Run: [ms059949016891] C:\WINDOWS\ms059949016891.exe
O4 - HKLM\..\Run: [win32090168919949] C:\WINDOWS\win32090168919949.exe
O4 - HKLM\..\Run: [sys101689199490] C:\WINDOWS\sys101689199490.exe
O4 - HKLM\..\Run: [septpop06apsept] C:\program files\popupwithcast\septpop06apsept.exe
O4 - HKLM\..\Run: [{F2-23-38-82-ZN}] C:\windows\system32\ondsregj.exe ELT001
O4 - HKLM\..\Run: [ms069490168919] C:\WINDOWS\ms069490168919.exe
O4 - HKLM\..\Run: [sys039199490168] C:\WINDOWS\sys039199490168.exe
O4 - HKLM\..\Run: [whuwobn.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\whuwobn.dll,duyhkwc
O4 - HKLM\..\Run: [sachost] C:\WINDOWS\sachostx.exe
O4 - HKLM\..\Run: [ms041994901689] C:\WINDOWS\ms041994901689.exe
O4 - HKLM\..\Run: [trnkgahA] C:\WINDOWS\trnkgahA.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aida] "C:\WINDOWS\System32\RACLE~1\iexplore.exe" -vt yazb
O4 - HKCU\..\Run: [Ddvc] C:\WINDOWS\System32\?hkntfs.exe
O4 - HKCU\..\Run: [PSHope] "C:\Program Files\PSHope\PSHope.exe"
O4 - HKCU\..\Run: [PSDream] "C:\Program Files\PSDream\PSDream.exe"
O4 - HKCU\..\Run: [Winsvr] C:\DOCUME~1\Dad\LOCALS~1\Temp\stdrun165632.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O4 - Startup: Think-Adz.lnk = C:\WINDOWS\system32\owinopes.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office2000\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: officejet 6100.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O15 - Trusted Zone: *.elitemediagroup.net
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} - http://85.255.114.166/1/rdgUS2404.exe
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://hgtv1.view22....p/view22rte.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla...ller/dwnldr.cab
O20 - AppInit_DLLs: repairs303169590.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: STOPzilla Local Service - International Software Systems Solutions - C:\Program Files\STOPzilla!\szntsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\trnkgah.exe
  • 0

#6
Ryan
Posted 27 September 2006 - 10:29 PM

Ryan

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,867 posts
Hi MrP2. If you have any questions about the following instructions, please ask me before you start.


You will want to print out a copy of these instructions to follow while you complete this procedure, as you will not be able to access the internet later in the fix.

Open HiJack This and scan. When it finishes, put an X in the box next to these following item(s)


R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O4 - HKLM\..\Run: [ankkta] C:\WINDOWS\System32\dnjzck.exe r
O4 - HKLM\..\Run: [cfxgjlm] C:\WINDOWS\System32\igsixnn.exe r
O4 - HKLM\..\Run: [ckpngf] c:\windows\system32\jcqodc.exe r
O4 - HKLM\..\Run: [dcefbr] C:\WINDOWS\System32\aholljo.exe r
O4 - HKLM\..\Run: [dfzbfu] c:\windows\system32\raozve.exe r
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [dxcnas] C:\WINDOWS\System32\blbrsel.exe r
O4 - HKLM\..\Run: [gmnaku] C:\WINDOWS\System32\lrjsyn.exe r
O4 - HKLM\..\Run: [hgebpqz] C:\WINDOWS\System32\eknzxdv.exe r
O4 - HKLM\..\Run: [koodgu] C:\WINDOWS\System32\upxhhz.exe r
O4 - HKLM\..\Run: [muiipb] C:\WINDOWS\System32\vvyceu.exe r
O4 - HKLM\..\Run: [pathddv] C:\WINDOWS\System32\ucehdns.exe r
O4 - HKLM\..\Run: [qisbvy] c:\windows\system32\yfsjgs.exe r
O4 - HKLM\..\Run: [qwubex] C:\WINDOWS\System32\bkxywz.exe r
O4 - HKLM\..\Run: [rlktuf] C:\WINDOWS\System32\lmavuge.exe r
O4 - HKLM\..\Run: [ttupt] C:\WINDOWS\ttupt.exe
O4 - HKLM\..\Run: [vfpopb] C:\WINDOWS\System32\panckza.exe r
O4 - HKLM\..\Run: [vwwkgx] c:\windows\system32\jopvag.exe r
O4 - HKLM\..\Run: [wwzoga] C:\WINDOWS\System32\fgxufu.exe r
O4 - HKLM\..\Run: [xlxllo] C:\WINDOWS\System32\ptttynn.exe r
O4 - HKLM\..\Run: [xsehqd] C:\WINDOWS\System32\cdqowl.exe r
O4 - HKLM\..\Run: [zqxvkx] C:\WINDOWS\System32\zthomuw.exe r
O4 - HKLM\..\Run: [loaddr] C:\DOCUME~1\Dad\LOCALS~1\Temp\silver.exe
O4 - HKLM\..\Run: [k6mmN5IOU] "C:\WINDOWS\System32\wfxqhv.exe"
O4 - HKLM\..\Run: [ad8rIU3s] C:\WINDOWS\System32\cvn0.exe
O4 - HKLM\..\Run: [win32074901689199] C:\WINDOWS\win32074901689199.exe
O4 - HKLM\..\Run: [epy9J] "C:\WINDOWS\System32\l3jdfs.exe"
O4 - HKLM\..\Run: [wGzyM6F48] C:\WINDOWS\System32\apbzk.exe
O4 - HKLM\..\Run: [sys016891994901] C:\WINDOWS\sys016891994901.exe
O4 - HKLM\..\Run: [win32089016891994] C:\WINDOWS\win32089016891994.exe
O4 - HKLM\..\Run: [ftexc] C:\WINDOWS\System32\mptft.exe
O4 - HKLM\..\Run: [ehlkhjcA] C:\WINDOWS\ehlkhjcA.exe
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [ms039199490168] C:\WINDOWS\ms039199490168.exe
O4 - HKLM\..\Run: [{F2-23-38-82-ZN}] C:\windows\system32\ondsregj.exe ELT001
O4 - HKLM\..\Run: [ms069490168919] C:\WINDOWS\ms069490168919.exe
O4 - HKLM\..\Run: [sys039199490168] C:\WINDOWS\sys039199490168.exe
O4 - HKLM\..\Run: [whuwobn.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\whuwobn.dll,duyhkwc
O4 - HKLM\..\Run: [sachost] C:\WINDOWS\sachostx.exe
O4 - HKLM\..\Run: [ms041994901689] C:\WINDOWS\ms041994901689.exe
O4 - HKLM\..\Run: [trnkgahA] C:\WINDOWS\trnkgahA.exe
O4 - HKCU\..\Run: [Aida] "C:\WINDOWS\System32\RACLE~1\iexplore.exe" -vt yazb
O4 - HKCU\..\Run: [Ddvc] C:\WINDOWS\System32\?hkntfs.exe
O4 - HKCU\..\Run: [PSDream] "C:\Program Files\PSDream\PSDream.exe"
O4 - HKCU\..\Run: [Winsvr] C:\DOCUME~1\Dad\LOCALS~1\Temp\stdrun165632.exe
O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O4 - Startup: Think-Adz.lnk = C:\WINDOWS\system32\owinopes.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: officejet 6100.lnk = ?
O15 - Trusted Zone: *.elitemediagroup.net
O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} - http://85.255.114.166/1/rdgUS2404.exe
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://hgtv1.view22....p/view22rte.cab


Close all open windows except for HiJack This and click fix checked.



== Killbox ==

Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.
  • Save it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\System32\dnjzck.exe
C:\WINDOWS\System32\igsixnn.exe
c:\windows\system32\jcqodc.exe
C:\WINDOWS\System32\aholljo.exe
c:\windows\system32\raozve.exe
C:\WINDOWS\dinst.exe
C:\WINDOWS\System32\blbrsel.exe
C:\WINDOWS\System32\lrjsyn.exe
C:\WINDOWS\System32\eknzxdv.exe
C:\WINDOWS\System32\upxhhz.exe
c:\windows\system32\yfsjgs.exe
C:\WINDOWS\System32\bkxywz.exe
C:\WINDOWS\System32\lmavuge.exe
C:\WINDOWS\ttupt.exe
C:\WINDOWS\System32\panckza.exe
c:\windows\system32\jopvag.exe
C:\WINDOWS\System32\fgxufu.exe
C:\WINDOWS\System32\ptttynn.exe
C:\WINDOWS\System32\cdqowl.exe
C:\WINDOWS\System32\zthomuw.exe
C:\DOCUME~1\Dad\LOCALS~1\Temp\silver.exe
C:\WINDOWS\System32\wfxqhv.exe
C:\WINDOWS\System32\cvn0.exe
C:\WINDOWS\win32074901689199.exe
C:\WINDOWS\System32\l3jdfs.exe
C:\WINDOWS\System32\apbzk.exe
C:\WINDOWS\sys016891994901.exe
C:\WINDOWS\win32089016891994.exe
C:\WINDOWS\System32\mptft.exe
C:\WINDOWS\ehlkhjcA.exe
C:\WINDOWS\cfgmgr52.dll
C:\WINDOWS\ms039199490168.exe
C:\windows\system32\ondsregj.exe
C:\WINDOWS\ms069490168919.exe
C:\WINDOWS\sys039199490168.exe
C:\WINDOWS\System32\whuwobn.dll
C:\WINDOWS\sachostx.exe
C:\WINDOWS\ms041994901689.exe
C:\WINDOWS\trnkgahA.exe
C:\WINDOWS\System32\RACLE~1\iexplore.exe
C:\DOCUME~1\Dad\LOCALS~1\Temp\stdrun165632.exe
C:\WINDOWS\system32\dwdsregt.exe
C:\WINDOWS\system32\owinopes.exe
C:\WINDOWS\trnkgah.exe


  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.


After completing the above instructions, please try rebooting the computer into normal windows.

If you would please, rescan with HijackThis and post a fresh log in this same topic, and let us know how your system's working. :whistling:

-Ryan
  • 0

#7
MrP2
Posted 01 October 2006 - 12:23 PM

MrP2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Hi Ryan,

A significant improvement!!! Popups are not taking over the system. There are about 44 processes now running, which is a extremely better than before, but I think more cleanup can be done. Thanks again!

Logfile of HijackThis v1.99.1
Scan saved at 1:04:06 PM, on 10/1/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\STOPzilla!\szntsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\STOPzilla!\Stopzilla.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\win32090168919949.exe
C:\WINDOWS\sys101689199490.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\program files\popupwithcast\septpop06apsept.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\ms039199490168.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\CCZoop05.exe
C:\WINDOWS\CCZoop05.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalo...asp?si=20073&k=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalo...asp?si=20073&k=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [STOPzilla] "C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [abu] abu.exe
O4 - HKLM\..\Run: [ProSiteFinder] C:\Program Files\ProSiteFinder\prositefinder.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [olj65522] RUNDLL32.EXE w002f8be.dll,n 0026552000000003002f8be
O4 - HKLM\..\Run: [w0031f9f.dll] RUNDLL32.EXE w0031f9f.dll,I2 0026552000031f9f
O4 - HKLM\..\Run: [ms059949016891] C:\WINDOWS\ms059949016891.exe
O4 - HKLM\..\Run: [win32090168919949] C:\WINDOWS\win32090168919949.exe
O4 - HKLM\..\Run: [sys101689199490] C:\WINDOWS\sys101689199490.exe
O4 - HKLM\..\Run: [septpop06apsept] C:\program files\popupwithcast\septpop06apsept.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [ad8rIU3s] C:\WINDOWS\System32\cvn0.exe
O4 - HKLM\..\Run: [ankkta] C:\WINDOWS\System32\dnjzck.exe r
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [blqhyo] C:\WINDOWS\System32\ctmpyq.exe reg_run
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [cfxgjlm] C:\WINDOWS\System32\igsixnn.exe r
O4 - HKLM\..\Run: [ckpngf] c:\windows\system32\jcqodc.exe r
O4 - HKLM\..\Run: [dcefbr] C:\WINDOWS\System32\aholljo.exe r
O4 - HKLM\..\Run: [dfzbfu] c:\windows\system32\raozve.exe r
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [dxcnas] C:\WINDOWS\System32\blbrsel.exe r
O4 - HKLM\..\Run: [ehlkhjcA] C:\WINDOWS\ehlkhjcA.exe
O4 - HKLM\..\Run: [epy9J] "C:\WINDOWS\System32\l3jdfs.exe"
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\System32\owinopes.exe ELT001
O4 - HKLM\..\Run: [ftexc] C:\WINDOWS\System32\mptft.exe
O4 - HKLM\..\Run: [gmnaku] C:\WINDOWS\System32\lrjsyn.exe r
O4 - HKLM\..\Run: [hgebpqz] C:\WINDOWS\System32\eknzxdv.exe r
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [k6mmN5IOU] "C:\WINDOWS\System32\wfxqhv.exe"
O4 - HKLM\..\Run: [koodgu] C:\WINDOWS\System32\upxhhz.exe r
O4 - HKLM\..\Run: [loaddr] C:\DOCUME~1\Dad\LOCALS~1\Temp\silver.exe
O4 - HKLM\..\Run: [ms039199490168] C:\WINDOWS\ms039199490168.exe
O4 - HKLM\..\Run: [ms041994901689] C:\WINDOWS\ms041994901689.exe
O4 - HKLM\..\Run: [ms069490168919] C:\WINDOWS\ms069490168919.exe
O4 - HKLM\..\Run: [muiipb] C:\WINDOWS\System32\vvyceu.exe r
O4 - HKLM\..\Run: [pathddv] C:\WINDOWS\System32\ucehdns.exe r
O4 - HKLM\..\Run: [pop06apelt] C:\WINDOWS\thiselt.exe
O4 - HKLM\..\Run: [qisbvy] c:\windows\system32\yfsjgs.exe r
O4 - HKLM\..\Run: [qwubex] C:\WINDOWS\System32\bkxywz.exe r
O4 - HKLM\..\Run: [rlktuf] C:\WINDOWS\System32\lmavuge.exe r
O4 - HKLM\..\Run: [sachost] C:\WINDOWS\sachostx.exe
O4 - HKLM\..\Run: [sys016891994901] C:\WINDOWS\sys016891994901.exe
O4 - HKLM\..\Run: [sys039199490168] C:\WINDOWS\sys039199490168.exe
O4 - HKLM\..\Run: [System] C:\WINDOWS\System32\kernels8.exe
O4 - HKLM\..\Run: [SystemLoader] C:\WINDOWS\sysldr32.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\CCZoop05.exe
O4 - HKLM\..\Run: [trnkgahA] C:\WINDOWS\trnkgahA.exe
O4 - HKLM\..\Run: [ttupt] C:\WINDOWS\ttupt.exe
O4 - HKLM\..\Run: [vfpopb] C:\WINDOWS\System32\panckza.exe r
O4 - HKLM\..\Run: [vwwkgx] c:\windows\system32\jopvag.exe r
O4 - HKLM\..\Run: [wGzyM6F48] C:\WINDOWS\System32\apbzk.exe
O4 - HKLM\..\Run: [whuwobn.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\whuwobn.dll,duyhkwc
O4 - HKLM\..\Run: [win32074901689199] C:\WINDOWS\win32074901689199.exe
O4 - HKLM\..\Run: [win32089016891994] C:\WINDOWS\win32089016891994.exe
O4 - HKLM\..\Run: [wwzoga] C:\WINDOWS\System32\fgxufu.exe r
O4 - HKLM\..\Run: [xlxllo] C:\WINDOWS\System32\ptttynn.exe r
O4 - HKLM\..\Run: [xsehqd] C:\WINDOWS\System32\cdqowl.exe r
O4 - HKLM\..\Run: [zqxvkx] C:\WINDOWS\System32\zthomuw.exe r
O4 - HKLM\..\Run: [{F2-23-38-82-ZN}] c:\windows\system32\ondsregj.exe ELT001
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [Aida] "C:\WINDOWS\System32\RACLE~1\iexplore.exe" -vt yazb
O4 - HKCU\..\Run: [CAS2] "C:\Program Files\System Files\System.exe"
O4 - HKCU\..\Run: [Ddvc] C:\WINDOWS\System32\?hkntfs.exe
O4 - HKCU\..\Run: [PSDream] "C:\Program Files\PSDream\PSDream.exe"
O4 - HKCU\..\Run: [PSHope] "C:\Program Files\PSHope\PSHope.exe"
O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00003.exe"
O4 - HKCU\..\Run: [WinMedia] C:\DOCUME~1\Dad\LOCALS~1\Temp\stdrun162560.exe
O4 - HKCU\..\Run: [Winsvr] C:\DOCUME~1\Dad\LOCALS~1\Temp\stdrun165632.exe
O4 - HKCU\..\Run: [xixja] C:\WINDOWS\System32\ctmpyq.exe reg_run
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office2000\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla...ller/dwnldr.cab
O20 - AppInit_DLLs: repairs303169590.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: STOPzilla Local Service - International Software Systems Solutions - C:\Program Files\STOPzilla!\szntsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\trnkgah.exe (file missing)
  • 0

#8
Ryan
Posted 01 October 2006 - 02:24 PM

Ryan

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,867 posts
OK, I would like to try again to get an uninstall list.

Please rename HiJack This to anything you wish.

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)

Please post the list if it appears, otherwise, let me know.

-Ryan
  • 0

#9
MrP2
Posted 02 October 2006 - 06:53 PM

MrP2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Hi Ryan,

The system is now running very slow. The number of processes running is still around 45. There are about 6 RUNDLL messages that appear at startup. Also, when I try to run IE, it doesn't seem to respond. I therefore booted the system into Safe Mode and got the log you requested.

Thanks,
Perry


Ad-Aware SE Personal
Adobe Download Manager 1.2 (Remove Only)
Adobe Reader 6.0.1
BHO
CardRd81
CCHelp
CCScore
Classic PhoneTools
CleanUp!
Comprehensive Review for NCLEX-RN, 2e
CR2
Dell Picture Studio - Dell Image Expert
Dell ResourceCD
Easy CD Creator 5 Basic
ESPNMotion
ESSAdpt
ESSANUP
ESSBrwr
ESSCAM
ESSCDBK
ESScore
ESSCT
ESSEMAIL
ESSgui
ESShelp
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTUTOR
ESSvpaht
ESSvpot
ewido security suite
HESItest CD
Hijackthis 1.99.1
HijackThis 1.99.1
HLPCCTR
HLPIndex
HLPPDOCK
HLPSFO
hp instant support
hp officejet 6100 series
HP Photo and Imaging 1.0 - HP PSC - HP OfficeJet
HP Photo and Imaging 1.0 - HP PSC - HP OfficeJet
HP Photo and Imaging 1.0 - HP PSC - HP OfficeJet Drivers
Icons
Icons
Intel® PRO Ethernet Adapter and Software
iPod for Windows 2005-09-23
iTunes
Kaplan Question Trainer
Kodak EasyShare software
KSU
LiveReg (Symantec Corporation)
LiveUpdate 2.6 (Symantec Corporation)
MediaTickets by OIN
MediaTickets by OIN
MediaTickets by OIN
MediaTickets by OIN
Microsoft Encarta Encyclopedia Standard 2002
Microsoft Money 2002
Microsoft Money 2002 System Pack
Microsoft Office 2000 SR-1 Disc 2
Microsoft Office 2000 SR-1 Small Business
Microsoft Office Professional Edition 2003
Microsoft Picture It! Photo 2002
Microsoft Streets and Trips 2002
Microsoft Works 2002 Setup Launcher
Microsoft Works 6.0
Microsoft Works Suite Add-in for Microsoft Word
Modem User Guide
MUSICMATCH Jukebox
MyDVD
NCLEX Review 3000
Need for Speed Underground 2 Demo
Norton AntiVirus 2002
Norton WMI Update
Notifier
NVIDIA Windows 2000/XP Display Drivers
OfotoXMI
OTtBP
OTtBPSDK
Pacific Poker
Paint Shop Pro 7
PCDLNCH
PowerDVD
ProSiteFinder
QuickTime
Readiris 7.5
SFR
SFR2
Shockwave
Sound Blaster Live!
Spybot - Search & Destroy 1.4
STOPzilla!
Surf SideKick
Symantec Network Driver Update
TContext
VCAMCEN
VPRINTOL
VSToolbar for Internet Explorer
WinZip
Yazzle by OIN
  • 0

#10
Ryan
Posted 02 October 2006 - 07:25 PM

Ryan

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,867 posts
Please uninstall the following items (reboot only if the uninstaller does it itself, otherwise don't - i will post additional instructions soon):

BHO
Icons
Icons
MediaTickets by OIN
MediaTickets by OIN
MediaTickets by OIN
MediaTickets by OIN
Surf SideKick
VSToolbar for Internet Explorer
Yazzle by OIN



Open HiJack This and scan. When it finishes, put an X in the box next to these following item(s)


R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalo...asp?si=20073&k=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalo...asp?si=20073&k=
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O4 - HKLM\..\Run: [abu] abu.exe
O4 - HKLM\..\Run: [ProSiteFinder] C:\Program Files\ProSiteFinder\prositefinder.exe
O4 - HKLM\..\Run: [olj65522] RUNDLL32.EXE w002f8be.dll,n 0026552000000003002f8be
O4 - HKLM\..\Run: [w0031f9f.dll] RUNDLL32.EXE w0031f9f.dll,I2 0026552000031f9f
O4 - HKLM\..\Run: [ms059949016891] C:\WINDOWS\ms059949016891.exe
O4 - HKLM\..\Run: [win32090168919949] C:\WINDOWS\win32090168919949.exe
O4 - HKLM\..\Run: [sys101689199490] C:\WINDOWS\sys101689199490.exe
O4 - HKLM\..\Run: [septpop06apsept] C:\program files\popupwithcast\septpop06apsept.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [ad8rIU3s] C:\WINDOWS\System32\cvn0.exe
O4 - HKLM\..\Run: [ankkta] C:\WINDOWS\System32\dnjzck.exe r
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [blqhyo] C:\WINDOWS\System32\ctmpyq.exe reg_run
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [cfxgjlm] C:\WINDOWS\System32\igsixnn.exe r
O4 - HKLM\..\Run: [ckpngf] c:\windows\system32\jcqodc.exe r
O4 - HKLM\..\Run: [dcefbr] C:\WINDOWS\System32\aholljo.exe r
O4 - HKLM\..\Run: [dfzbfu] c:\windows\system32\raozve.exe r
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [dxcnas] C:\WINDOWS\System32\blbrsel.exe r
O4 - HKLM\..\Run: [ehlkhjcA] C:\WINDOWS\ehlkhjcA.exe
O4 - HKLM\..\Run: [epy9J] "C:\WINDOWS\System32\l3jdfs.exe"
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\System32\owinopes.exe ELT001
O4 - HKLM\..\Run: [ftexc] C:\WINDOWS\System32\mptft.exe
O4 - HKLM\..\Run: [gmnaku] C:\WINDOWS\System32\lrjsyn.exe r
O4 - HKLM\..\Run: [hgebpqz] C:\WINDOWS\System32\eknzxdv.exe r
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [k6mmN5IOU] "C:\WINDOWS\System32\wfxqhv.exe"
O4 - HKLM\..\Run: [koodgu] C:\WINDOWS\System32\upxhhz.exe r
O4 - HKLM\..\Run: [loaddr] C:\DOCUME~1\Dad\LOCALS~1\Temp\silver.exe
O4 - HKLM\..\Run: [ms039199490168] C:\WINDOWS\ms039199490168.exe
O4 - HKLM\..\Run: [ms041994901689] C:\WINDOWS\ms041994901689.exe
O4 - HKLM\..\Run: [ms069490168919] C:\WINDOWS\ms069490168919.exe
O4 - HKLM\..\Run: [muiipb] C:\WINDOWS\System32\vvyceu.exe r
O4 - HKLM\..\Run: [pathddv] C:\WINDOWS\System32\ucehdns.exe r
O4 - HKLM\..\Run: [pop06apelt] C:\WINDOWS\thiselt.exe
O4 - HKLM\..\Run: [qisbvy] c:\windows\system32\yfsjgs.exe r
O4 - HKLM\..\Run: [qwubex] C:\WINDOWS\System32\bkxywz.exe r
O4 - HKLM\..\Run: [rlktuf] C:\WINDOWS\System32\lmavuge.exe r
O4 - HKLM\..\Run: [sachost] C:\WINDOWS\sachostx.exe
O4 - HKLM\..\Run: [sys016891994901] C:\WINDOWS\sys016891994901.exe
O4 - HKLM\..\Run: [sys039199490168] C:\WINDOWS\sys039199490168.exe
O4 - HKLM\..\Run: [System] C:\WINDOWS\System32\kernels8.exe
O4 - HKLM\..\Run: [SystemLoader] C:\WINDOWS\sysldr32.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\CCZoop05.exe
O4 - HKLM\..\Run: [trnkgahA] C:\WINDOWS\trnkgahA.exe
O4 - HKLM\..\Run: [ttupt] C:\WINDOWS\ttupt.exe
O4 - HKLM\..\Run: [vfpopb] C:\WINDOWS\System32\panckza.exe r
O4 - HKLM\..\Run: [vwwkgx] c:\windows\system32\jopvag.exe r
O4 - HKLM\..\Run: [wGzyM6F48] C:\WINDOWS\System32\apbzk.exe
O4 - HKLM\..\Run: [whuwobn.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\whuwobn.dll,duyhkwc
O4 - HKLM\..\Run: [win32074901689199] C:\WINDOWS\win32074901689199.exe
O4 - HKLM\..\Run: [win32089016891994] C:\WINDOWS\win32089016891994.exe
O4 - HKLM\..\Run: [wwzoga] C:\WINDOWS\System32\fgxufu.exe r
O4 - HKLM\..\Run: [xlxllo] C:\WINDOWS\System32\ptttynn.exe r
O4 - HKLM\..\Run: [xsehqd] C:\WINDOWS\System32\cdqowl.exe r
O4 - HKLM\..\Run: [zqxvkx] C:\WINDOWS\System32\zthomuw.exe r
O4 - HKLM\..\Run: [{F2-23-38-82-ZN}] c:\windows\system32\ondsregj.exe ELT001
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [Aida] "C:\WINDOWS\System32\RACLE~1\iexplore.exe" -vt yazb
O4 - HKCU\..\Run: [CAS2] "C:\Program Files\System Files\System.exe"
O4 - HKCU\..\Run: [Ddvc] C:\WINDOWS\System32\?hkntfs.exe
O4 - HKCU\..\Run: [PSDream] "C:\Program Files\PSDream\PSDream.exe"
O4 - HKCU\..\Run: [PSHope] "C:\Program Files\PSHope\PSHope.exe"
O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00003.exe"
O4 - HKCU\..\Run: [WinMedia] C:\DOCUME~1\Dad\LOCALS~1\Temp\stdrun162560.exe
O4 - HKCU\..\Run: [Winsvr] C:\DOCUME~1\Dad\LOCALS~1\Temp\stdrun165632.exe
O4 - HKCU\..\Run: [xixja] C:\WINDOWS\System32\ctmpyq.exe reg_run
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com
O20 - AppInit_DLLs: repairs303169590.dll
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\trnkgah.exe (file missing)



Close all open windows except for HiJack This and click fix checked.


Please update ewido (let me know if you get an error while doing this).

DO NOT reboot the computer unless needed - I will be posting additional instructions tonight, but will need additional time to make sure that they are correct.

-Ryan
  • 0

Advertisements

#11
Ryan
Posted 02 October 2006 - 08:56 PM

Ryan

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,867 posts
Let's see how we do this time around; we should get most of the stuff. please do the following after completing the instructions above.

You will want to print out a copy of these instructions to follow while you complete this procedure, as you will not be able to access the internet later in the fix.


Please copy everything in the code box below to a clean notepad file:

del "C:\Program Files\SurfSideKick 3\"
del "C:\Program Files\ProSiteFinder\"
del C:\WINDOWS\ms059949016891.exe
del C:\WINDOWS\win32090168919949.exe
del C:\WINDOWS\sys101689199490.exe
del "C:\program files\popupwithcast\"
del C:\WINDOWS\System32\cvn0.exe
del C:\WINDOWS\System32\dnjzck.exe
del C:\WINDOWS\System32\ctmpyq.exe
del C:\WINDOWS\cfgmgr52.dll
del C:\WINDOWS\System32\igsixnn.exe
del c:\windows\system32\jcqodc.exe
del C:\WINDOWS\System32\aholljo.exe
del c:\windows\system32\raozve.exe
del C:\WINDOWS\dinst.exe
del C:\WINDOWS\System32\blbrsel.exe
del C:\WINDOWS\ehlkhjcA.exe
del C:\WINDOWS\System32\l3jdfs.exe
del C:\WINDOWS\System32\owinopes.exe
del C:\WINDOWS\System32\mptft.exe
del C:\WINDOWS\System32\lrjsyn.exe
del C:\WINDOWS\System32\eknzxdv.exe
del "C:\Program Files\Internet Optimizer\"
del C:\WINDOWS\System32\wfxqhv.exe
del C:\WINDOWS\System32\upxhhz.exe
del C:\DOCUME~1\Dad\LOCALS~1\Temp\silver.exe
del C:\WINDOWS\ms039199490168.exe
del C:\WINDOWS\ms041994901689.exe
del C:\WINDOWS\ms069490168919.exe
del C:\WINDOWS\System32\vvyceu.exe
del C:\WINDOWS\System32\ucehdns.exe
del C:\WINDOWS\thiselt.exe
del c:\windows\system32\yfsjgs.exe
del C:\WINDOWS\System32\bkxywz.exe
del C:\WINDOWS\System32\lmavuge.exe
del C:\WINDOWS\sachostx.exe
del C:\WINDOWS\sys016891994901.exe
del C:\WINDOWS\sys039199490168.exe
del C:\WINDOWS\System32\kernels8.exe
del C:\WINDOWS\sysldr32.exe
del C:\WINDOWS\CCZoop05.exe
del C:\WINDOWS\trnkgahA.exe
del C:\WINDOWS\ttupt.exe
del C:\WINDOWS\System32\panckza.exe
del c:\windows\system32\jopvag.exe
del C:\WINDOWS\System32\apbzk.exe
del C:\WINDOWS\System32\whuwobn.dll
del C:\WINDOWS\win32074901689199.exe
del C:\WINDOWS\win32089016891994.exe
del C:\WINDOWS\System32\fgxufu.exe
del C:\WINDOWS\System32\ptttynn.exe
del C:\WINDOWS\System32\cdqowl.exe
del C:\WINDOWS\System32\zthomuw.exe
del c:\windows\system32\ondsregj.exe
del C:\WINDOWS\System32\RACLE~1\
del "C:\Program Files\System Files\"
del "C:\Program Files\PSDream\"
del "C:\Program Files\PSHope\"
del "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00003.exe"
del C:\DOCUME~1\Dad\LOCALS~1\Temp\stdrun162560.exe
del C:\DOCUME~1\Dad\LOCALS~1\Temp\stdrun165632.exe
del C:\WINDOWS\System32\ctmpyq.exe
sc stop "Windows Overlay Components"
sc delete "Windows Overlay Components"
del C:\WINDOWS\trnkgah.exe

Save the file to your desktop as "cleanme.bat" (include the quotation marks).



If you have not already done so, please update ewido.
  • On the main screen select the icon "Update" then select the "Update now" link.
  • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


Please reboot the computer into regular safe mode, it is important that it is not connected to the internet in the next steps.


After you have logged in the computer, please run the cleanme.bat file that you created earlier. A black window will appear; this is normal.

After the window has closed, please find the following files and delete them manually:

abu.exe
w002f8be.dll
w0031f9f.dll
AUNPS2.DLL
repairs303169590.dll


IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess:
  • Launch ewido-anti-spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • ewido will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close ewido and reboot your system back into Normal Mode and post the results of the ewido report scan and a new HiJack This log.
-Ryan
  • 0

#12
MrP2
Posted 03 October 2006 - 07:15 PM

MrP2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Ryan,

The system seems to be behaving better. There are now 36 processes running. I hope I followed your instructions. Here are the logs you requested:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 8:05:04 PM 10/3/2006

+ Scan result:



C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0052970.exe -> Adware.AdURL : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0058165.exe -> Adware.Agent : Cleaned with backup (quarantined).
C:\WINDOWS\system32\daidbdaa.dll -> Adware.Agent : Cleaned with backup (quarantined).
C:\WINDOWS\system32\nfilhomn.dll -> Adware.Agent : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\AutoSearch.dll -> Adware.AutoSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0061389.dll -> Adware.BHO : Cleaned with backup (quarantined).
C:\Program Files\Batty\Batty.dll -> Adware.CASClient : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0034621.dll -> Adware.CASClient : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0052859.dll -> Adware.CASClient : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0053003.exe -> Adware.CASClient : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0053016.DLL -> Adware.ClearSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0053017.DLL -> Adware.ClearSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0053018.DLL -> Adware.ClearSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0053019.DLL -> Adware.ClearSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0053054.exe -> Adware.ClickSpring : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0034604.dll -> Adware.IEHelper : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{00000001-C003-4A2F-9142-7CB1D78DE6C1} -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0038656.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0038661.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0040667.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0041668.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0042666.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0043666.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0044819.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0044821.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0044822.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0044823.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0044824.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0044825.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0044826.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0044829.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0044830.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0044832.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0044833.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0044836.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0047842.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0048840.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0049840.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0050840.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0052840.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0052969.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0053023.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0053030.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0053034.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0053039.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0054051.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0055040.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0055042.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0055053.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0056052.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0057053.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0058045.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0058060.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0058069.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0058076.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0058077.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0058087.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0058095.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0058104.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0058105.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0058289.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0058290.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0058291.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0058292.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0058293.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0058294.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0058295.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0058296.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0058297.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0058298.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0058299.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0058300.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0058301.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0058302.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0058303.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0058304.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0058305.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0058306.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0058307.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0034555.ocx -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0034609.ocx -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0034611.ocx -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0034612.exe -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0052934.ocx -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0053045.ocx -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0053048.exe -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0054059.ocx -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\WINDOWS\amm06.ocx -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\WINDOWS\em.ocx -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\WINDOWS\unstall.exe -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0058148.dll -> Adware.Mirar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0036596.dll -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0044816.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0052936.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0052937.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0053015.dll -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0034607.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0052860.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0053013.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0053020.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0058128.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\system32\qftoxhm.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0058171.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\WINDOWS\MirarSetup_876057.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0058122.exe -> Adware.SearchAssistant : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0058123.exe -> Adware.SearchAssistant : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0058125.exe -> Adware.SearchAssistant : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0058126.exe -> Adware.SearchAssistant : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0058127.exe -> Adware.SearchAssistant : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0058130.exe -> Adware.SearchAssistant : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0058131.exe -> Adware.SearchAssistant : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0058136.exe -> Adware.SearchAssistant : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0058141.exe -> Adware.SearchAssistant : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0058157.exe -> Adware.SearchAssistant : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0058158.exe -> Adware.SearchAssistant : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0058159.exe -> Adware.SearchAssistant : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0058160.exe -> Adware.SearchAssistant : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0058161.exe -> Adware.SearchAssistant : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0058163.exe -> Adware.SearchAssistant : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0058114.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0044803.exe -> Adware.Spysheriff : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0052871.exe -> Adware.Spysheriff : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0058135.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0058137.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0058143.dll -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0058144.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0058146.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0058147.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0058149.dll -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0058150.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0058151.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0058162.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0058164.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ahnciup.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\fhsxc.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\iqqr.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0061391.dll -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0061392.dll -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0061393.exe -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0061395.dll -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\WINDOWS\DXCecho.exe -> Adware.SurfSide : Cleaned with backup (quarantined).
HKLM\SOFTWARE\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup (quarantined).
HKLM\SOFTWARE\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup (quarantined).
HKU\S-1-5-21-1960408961-1364589140-725345543-1004\Software\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup (quarantined).
HKU\S-1-5-21-1960408961-1364589140-725345543-1004\Software\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0058084.dll -> Adware.Virtumionde : Cleaned with backup (quarantined).
C:\VundoFix Backups\mljjhgh.dll.bad -> Adware.Virtumionde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0058094.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\ssqrp.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0044807.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0044811.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0044812.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\!KillBox\ondsregj.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\!KillBox\owinopes.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0058129.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0058357.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0058364.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\WINDOWS\TIELT001.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0052923.exe -> Downloader.Adload.cy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0034547.exe -> Downloader.Adload.di : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0034613.exe -> Downloader.Adload.di : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0034617.exe -> Downloader.Adload.di : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0039672.exe -> Downloader.Adload.di : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0052954.exe -> Downloader.Adload.di : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0052998.exe -> Downloader.Adload.dj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0053001.exe -> Downloader.Adload.dj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0052991.exe -> Downloader.Adload.dl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0052939.exe -> Downloader.Adload.ds : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0052940.exe -> Downloader.Adload.ds : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0052944.exe -> Downloader.Adload.ds : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0052945.exe -> Downloader.Adload.ds : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0052949.exe -> Downloader.Adload.ds : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0052950.exe -> Downloader.Adload.ds : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0052951.exe -> Downloader.Adload.ds : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0052992.exe -> Downloader.Adload.dv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0052995.exe -> Downloader.Adload.dv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0053000.exe -> Downloader.Adload.eb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0052993.exe -> Downloader.Adload.ec : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0052994.exe -> Downloader.Adload.ed : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0052938.exe -> Downloader.Adload.ee : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0052943.exe -> Downloader.Adload.ee : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0052948.exe -> Downloader.Adload.ee : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0052955.exe -> Downloader.Adload.ef : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0034619.exe -> Downloader.Agent.aaf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0052922.exe -> Downloader.Agent.aaf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0052986.exe -> Downloader.Agent.aaf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0052962.dll -> Downloader.Agent.agw : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dmonwv.dll -> Downloader.Agent.agw : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dmonwv.dll_tobedeleted -> Downloader.Agent.agw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0052959.dll -> Downloader.Agent.ahv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0034561.exe -> Downloader.Agent.ala : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0052989.exe -> Downloader.Agent.ala : Cleaned with backup (quarantined).
C:\WINDOWS\ddhb.exe -> Downloader.Agent.ala : Cleaned with backup (quarantined).
C:\pvhjfte.exe -> Downloader.Agent.aqx : Cleaned with backup (quarantined).
C:\tyojb.exe -> Downloader.Agent.aqx : Cleaned with backup (quarantined).
C:\xxqap.exe -> Downloader.Agent.aqx : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0058120.dll -> Downloader.Agent.awb : Cleaned with backup (quarantined).
C:\WINDOWS\tct101.dll -> Downloader.Dyfuca.eg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0044786.exe -> Downloader.Dyfuca.ey : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0052930.exe -> Downloader.Dyfuca.ey : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0058049.exe -> Downloader.Dyfuca.ey : Cleaned with backup (quarantined).
C:\WINDOWS\srvjbibfen.exe -> Downloader.Dyfuca.ey : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0053011.exe -> Downloader.PurityScan.cq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0034624.exe -> Downloader.PurityScan.cu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0034559.exe -> Downloader.Qoologic.at : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0034578.exe -> Downloader.Qoologic.at : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0034582.exe -> Downloader.Qoologic.at : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0035595.exe -> Downloader.Qoologic.at : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0036595.exe -> Downloader.Qoologic.at : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0037650.exe -> Downloader.Qoologic.at : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0052990.exe -> Downloader.Qoologic.at : Cleaned with backup (quarantined).
C:\QooBox\ctmpyq.exe.qoo -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\QooBox\dykxjvf.exe.qoo -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\QooBox\hrbtk.dat.qoo -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\QooBox\ibmqpyq.dll.qoo -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\QooBox\sedty.exe.qoo -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\QooBox\tcyqf.exe.qoo -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0058277.exe -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0058278.dll -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0058279.exe -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0058280.exe -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0058281.exe -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0052925.exe -> Downloader.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0052926.dll -> Downloader.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0052927.dll -> Downloader.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0052928.dll -> Downloader.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0053043.dll -> Downloader.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0053053.exe -> Downloader.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0058181.dll -> Downloader.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0058182.dll -> Downloader.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0058183.dll -> Downloader.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\olj65522.dll -> Downloader.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0058284.exe -> Downloader.Small.afi : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0032537.exe -> Downloader.Small.ajc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0034568.exe -> Downloader.Small.ajc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0034571.exe -> Downloader.Small.ajc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0034572.exe -> Downloader.Small.ajc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0034573.exe -> Downloader.Small.ajc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0034628.exe -> Downloader.Small.ajc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0052979.exe -> Downloader.Small.ajc : Cleaned with backup (quarantined).
C:\WINDOWS\lt.exe -> Downloader.Small.ajc : Cleaned with backup (quarantined).
C:\WINDOWS\stipchee.dll -> Downloader.Small.ajc : Cleaned with backup (quarantined).
C:\Documents and Settings\Dad\Desktop\sdfff -> Downloader.Small.awa : Cleaned with backup (quarantined).
C:\Documents and Settings\Dad\sdfff -> Downloader.Small.awa : Cleaned with backup (quarantined).
C:\WINDOWS\system32\z12.exe -> Downloader.Small.awa : Cleaned with backup (quarantined).
C:\WINDOWS\idlemg.exe -> Downloader.Small.buy : Cleaned with backup (quarantined).
C:\VSL.dl_ -> Downloader.Small.ctp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0052978.exe -> Downloader.Small.cyh : Cleaned with backup (quarantined).
C:\WINDOWS\ac3_0002.exe -> Downloader.Small.cyh : Cleaned with backup (quarantined).
C:\WINDOWS\ac3_0018.exe -> Downloader.Small.cyh : Cleaned with backup (quarantined).
C:\WINDOWS\system32\syst2.dll -> Downloader.Small.cyn : Cleaned with backup (quarantined).
C:\WINDOWS\system32\win_3y4.exe -> Downloader.Small.cyn : Cleaned with backup (quarantined).
C:\Documents and Settings\Dad\zxczxc -> Downloader.Small.dkt : Cleaned with backup (quarantined).
C:\WINDOWS\system32\z13.exe -> Downloader.Small.dkt : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0054056.exe -> Downloader.Tibs.id : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0055057.exe -> Downloader.Tibs.id : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0056057.exe -> Downloader.Tibs.id : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0057058.exe -> Downloader.Tibs.id : Cleaned with backup (quarantined).
C:\WINDOWS\system32\sachostc.exe -> Downloader.Tibs.id : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0058134.exe -> Downloader.Tibs.if : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0053007.exe -> Downloader.TSUpdate.f : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0053004.exe -> Downloader.TSUpdate.l : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0053006.exe -> Downloader.TSUpdate.n : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0053005.exe -> Downloader.TSUpdate.r : Cleaned with backup (quarantined).
C:\!KillBox\win32074901689199.exe -> Downloader.VB.aga : Cleaned with backup (quarantined).
C:\!KillBox\win32089016891994.exe -> Downloader.VB.aga : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0033532.exe -> Downloader.VB.aga : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0034565.exe -> Downloader.VB.aga : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0034581.exe -> Downloader.VB.aga : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0053040.exe -> Downloader.VB.aga : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0058354.exe -> Downloader.VB.aga : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0058355.exe -> Downloader.VB.aga : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0058390.exe -> Downloader.VB.aga : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0040672.exe -> Downloader.VB.agk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0041674.exe -> Downloader.VB.agk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0052941.exe -> Downloader.VB.aiw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0052942.exe -> Downloader.VB.aiw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0052946.exe -> Downloader.VB.aiw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0052947.exe -> Downloader.VB.aiw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0052952.exe -> Downloader.VB.aiw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0052953.exe -> Downloader.VB.aiw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0052999.exe -> Downloader.VB.aiy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0054035.exe -> Downloader.VB.anl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0054069.exe -> Downloader.VB.anl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0055035.exe -> Downloader.VB.anl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0058379.exe -> Downloader.VB.anl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0059378.exe -> Downloader.VB.anl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0062402.exe -> Downloader.VB.anl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0062406.exe -> Downloader.VB.anl : Cleaned with backup (quarantined).
C:\WINDOWS\sys0168919949012006.exe -> Downloader.VB.anl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0062414.exe -> Downloader.VB.nw : Cleaned with backup (quarantined).
C:\!KillBox\ms041994901689.exe -> Downloader.VB.tw : Cleaned with backup (quarantined).
C:\!KillBox\sys039199490168.exe -> Downloader.VB.tw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0033531.exe -> Downloader.VB.tw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0034562.exe -> Downloader.VB.tw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0034564.exe -> Downloader.VB.tw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0034579.exe -> Downloader.VB.tw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0034580.exe -> Downloader.VB.tw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0035596.exe -> Downloader.VB.tw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0035597.exe -> Downloader.VB.tw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0041661.exe -> Downloader.VB.tw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0054034.exe -> Downloader.VB.tw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0054038.exe -> Downloader.VB.tw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0055034.exe -> Downloader.VB.tw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0058168.exe -> Downloader.VB.tw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0058359.exe -> Downloader.VB.tw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0058362.exe -> Downloader.VB.tw : Cleaned with backup (quarantined).
C:\WINDOWS\pms111x.exe -> Downloader.VB.tw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0058152.exe -> Dropper.Agent.aie : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0052997.exe -> Dropper.Agent.hl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0058118.exe -> Dropper.Agent.hl : Cleaned with backup (quarantined).
C:\!KillBox\trnkgah.exe -> Dropper.Agent.mu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0052977.exe -> Dropper.Agent.mu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0054072.exe -> Dropper.Agent.mu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0058365.exe -> Dropper.Agent.mu : Cleaned with backup (quarantined).
C:\Documents and Settings\Dad\Desktop\TagASaurus.exe -> Hijacker.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0034566.exe -> Hijacker.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0034627.exe -> Hijacker.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0040669.exe -> Hijacker.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0052987.exe -> Hijacker.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0054068.exe -> Hijacker.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0032532.DLL -> Hijacker.Small.kj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0033535.DLL -> Hijacker.Small.kj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0034532.DLL -> Hijacker.Small.kj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0034586.DLL -> Hijacker.Small.kj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0034599.DLL -> Hijacker.Small.kj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0035601.DLL -> Hijacker.Small.kj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0036600.DLL -> Hijacker.Small.kj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0037598.DLL -> Hijacker.Small.kj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0037655.DLL -> Hijacker.Small.kj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0038653.DLL -> Hijacker.Small.kj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0038665.DLL -> Hijacker.Small.kj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0039664.DLL -> Hijacker.Small.kj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0040664.DLL -> Hijacker.Small.kj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0041665.DLL -> Hijacker.Small.kj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0042664.DLL -> Hijacker.Small.kj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0043664.DLL -> Hijacker.Small.kj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0044662.DLL -> Hijacker.Small.kj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0044840.DLL -> Hijacker.Small.kj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0045839.DLL -> Hijacker.Small.kj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0046839.DLL -> Hijacker.Small.kj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0047839.DLL -> Hijacker.Small.kj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0048839.DLL -> Hijacker.Small.kj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0049839.DLL -> Hijacker.Small.kj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0050839.DLL -> Hijacker.Small.kj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0051839.DLL -> Hijacker.Small.kj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0052839.DLL -> Hijacker.Small.kj : Cleaned with backup (quarantined).
C:\WINDOWS\24545243171.exe -> Hijacker.Small.kj : Cleaned with backup (quarantined).
C:\WINDOWS\SYSHOST.DLL -> Hijacker.Small.kj : Cleaned with backup (quarantined).
C:\WINDOWS\svchost.exe -> Hijacker.Small.kj : Cleaned with backup (quarantined).
C:\WINDOWS\ehlkhjc.exe -> Hijacker.VB.ij : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0052980.exe -> Hijacker.VB.ly : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0052981.exe -> Hijacker.VB.ly : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0052983.exe -> Hijacker.VB.ly : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0052984.exe -> Hijacker.VB.ly : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0052985.exe -> Hijacker.VB.ly : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0052982.exe -> Hijacker.VB.or : Cleaned with backup (quarantined).
C:\WINDOWS\system32\bqrinpdd.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0053012.exe -> Not-A-Virus.Downloader.Win32.DigStream.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Dad\fdsf -> Not-A-Virus.Hoax.Win32.Renos.fc : Cleaned with backup (quarantined).
C:\WINDOWS\system32\z11.exe -> Not-A-Virus.Hoax.Win32.Renos.fc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0052996.exe -> Not-A-Virus.SpamTool.Win32.Mailbot.bc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0058138.dll -> Trojan.Agent.sx : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0058139.exe -> Trojan.Agent.sx : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0044820.exe -> Trojan.Pakes : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0034560.exe -> Trojan.Qoologic : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0034614.exe -> Trojan.Qoologic : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0035610.exe -> Trojan.Qoologic : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0037607.exe -> Trojan.Qoologic : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0052961.exe -> Trojan.Qoologic : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0058203.exe -> Trojan.Qoologic : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0052956.exe -> Trojan.Sinowal.ae : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0052957.exe -> Trojan.Sinowal.ae : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0052958.exe -> Trojan.Sinowal.ae : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0053008.dll -> Trojan.Sinowal.ae : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0053009.dll -> Trojan.Sinowal.ae : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0053010.dll -> Trojan.Sinowal.ae : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0052960.exe -> Trojan.Sinowal.ai : Cleaned with backup (quarantined).
C:\bfdncc.exe -> Trojan.Sinowal.az : Cleaned with backup (quarantined).
C:\Program Files\Xnvy\Qwgwar.exe -> Trojan.Small.cy : Cleaned with backup (quarantined).
C:\Program Files\Yjwvf\Afeears.exe -> Trojan.Small.cy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0034605.exe -> Trojan.Small.cy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0037604.exe -> Trojan.Small.cy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0044789.exe -> Trojan.Small.cy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0053002.exe -> Trojan.Small.cy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED0F-42D6-4899-8E73-BE4F591B54CD}\RP163\A0053014.exe -> Trojan.Small.cy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6BC7ED
  • 0

#13
Ryan
Posted 03 October 2006 - 07:20 PM

Ryan

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,867 posts
Can you post a new HiJack This log for me?

-Ryan
  • 0

#14
MrP2
Posted 03 October 2006 - 07:28 PM

MrP2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Attached File  Report_Scan_20061003_200504.txt   115.58KB   139 downloadsSorry...it looks like both logs were not completely pasted. I will paste the HijackThis log and attach the Ewido log.

Logfile of HijackThis v1.99.1
Scan saved at 8:09:16 PM, on 10/3/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\STOPzilla!\szntsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\STOPzilla!\Stopzilla.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Hijackthis\ZapIt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\imapi.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
O2 - BHO: (no name) - {B7672BAF-E9A3-49B6-86B2-C81719A18A4C} - C:\WINDOWS\System32\pkwwkiwd.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\WINDOWS\System32\SZIEBHO.dll
O2 - BHO: (no name) - {EA96E82E-F569-4EA2-B5C8-E0539449D951} - C:\WINDOWS\System32\pmkjk.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [STOPzilla] "C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office2000\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla...ller/dwnldr.cab
O20 - Winlogon Notify: pmkjk - C:\WINDOWS\System32\pmkjk.dll
O20 - Winlogon Notify: winrwq32 - C:\WINDOWS\SYSTEM32\winrwq32.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: STOPzilla Local Service - International Software Systems Solutions - C:\Program Files\STOPzilla!\szntsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

#15
Ryan
Posted 03 October 2006 - 08:22 PM

Ryan

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,867 posts
The HiJack This log is much better, and ewido took care of some small things, mostly left in the system restore folder.


== Vundo Fix ==

You still have signs of Vundo, so I would like to rerun the fix. Please delete the VundoFix.exe file that you already have; it has probably been updated since you downloaded it, and these changes are important.

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.


== HiJack This Entries ==

Open HiJack This and scan. When it finishes, put an X in the box next to these following item(s):


R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
O2 - BHO: (no name) - {B7672BAF-E9A3-49B6-86B2-C81719A18A4C} - C:\WINDOWS\System32\pkwwkiwd.dll
O2 - BHO: (no name) - {EA96E82E-F569-4EA2-B5C8-E0539449D951} - C:\WINDOWS\System32\pmkjk.dll
O20 - Winlogon Notify: pmkjk - C:\WINDOWS\System32\pmkjk.dll
O20 - Winlogon Notify: winrwq32 - C:\WINDOWS\SYSTEM32\winrwq32.dll


Close all open windows except for HiJack This and click fix checked.

Reboot your PC.


== Delete Files ==

Once you have logged in, remove the following files (if found):

C:\WINDOWS\System32\pkwwkiwd.dll
C:\WINDOWS\System32\pmkjk.dll
C:\WINDOWS\SYSTEM32\winrwq32.dll


== Request Logs ==

Please post the contents of C:\vundofix.txt and a new HiJackThis log in this same topic, and let us know how your system's working. :whistling:

-Ryan
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP