Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Help with Aurora *.214 [CLOSED]


  • This topic is locked This topic is locked

#1
carld717

carld717

    New Member

  • Member
  • Pip
  • 2 posts
I've tried every trick, and can't get rid of this 214 spyware. Help! Log attached

Logfile of HijackThis v1.99.1
Scan saved at 7:21:34 PM, on 7/28/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\vidctrl\vidctrl.exe
C:\WINDOWS\System32\apisvc.exe
C:\WINDOWS\System32\anapnq.exe
C:\WINDOWS\System32\secserv.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\CMAPP\Client\cmappclient.exe
C:\WINDOWS\System32\secserv.exe
C:\Program Files\Handspring\Hotsync.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\rdso\eetu.exe
C:\Program Filehijack\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
O1 - Hosts: 66.180.173.39 www.google.ae
O1 - Hosts: 66.180.173.39 www.google.am
O1 - Hosts: 66.180.173.39 www.google.as
O1 - Hosts: 66.180.173.39 www.google.at
O1 - Hosts: 66.180.173.39 www.google.az
O1 - Hosts: 66.180.173.39 www.google.be
O1 - Hosts: 66.180.173.39 www.google.bi
O1 - Hosts: 66.180.173.39 www.google.ca
O1 - Hosts: 66.180.173.39 www.google.cd
O1 - Hosts: 66.180.173.39 www.google.cg
O1 - Hosts: 66.180.173.39 www.google.ch
O1 - Hosts: 66.180.173.39 www.google.ci
O1 - Hosts: 66.180.173.39 www.google.cl
O1 - Hosts: 66.180.173.39 www.google.co.cr
O1 - Hosts: 66.180.173.39 www.google.co.hu
O1 - Hosts: 66.180.173.39 www.google.co.il
O1 - Hosts: 66.180.173.39 www.google.co.in
O1 - Hosts: 66.180.173.39 www.google.co.je
O1 - Hosts: 66.180.173.39 www.google.co.jp
O1 - Hosts: 66.180.173.39 www.google.co.ke
O1 - Hosts: 66.180.173.39 www.google.co.kr
O1 - Hosts: 66.180.173.39 www.google.co.ls
O1 - Hosts: 66.180.173.39 www.google.co.nz
O1 - Hosts: 66.180.173.39 www.google.co.th
O1 - Hosts: 66.180.173.39 www.google.co.ug
O1 - Hosts: 66.180.173.39 www.google.co.uk
O1 - Hosts: 66.180.173.39 www.google.co.ve
O1 - Hosts: 66.180.173.39 www.google.com
O1 - Hosts: 66.180.173.39 www.google.com.ag
O1 - Hosts: 66.180.173.39 www.google.com.ar
O1 - Hosts: 66.180.173.39 www.google.com.au
O1 - Hosts: 66.180.173.39 www.google.com.br
O1 - Hosts: 66.180.173.39 www.google.com.co
O1 - Hosts: 66.180.173.39 www.google.com.cu
O1 - Hosts: 66.180.173.39 www.google.com.do
O1 - Hosts: 66.180.173.39 www.google.com.ec
O1 - Hosts: 66.180.173.39 www.google.com.fj
O1 - Hosts: 66.180.173.39 www.google.com.gi
O1 - Hosts: 66.180.173.39 www.google.com.gr
O1 - Hosts: 66.180.173.39 www.google.com.gt
O1 - Hosts: 66.180.173.39 www.google.com.hk
O1 - Hosts: 66.180.173.39 www.google.com.ly
O1 - Hosts: 66.180.173.39 www.google.com.mt
O1 - Hosts: 66.180.173.39 www.google.com.mx
O1 - Hosts: 66.180.173.39 www.google.com.my
O1 - Hosts: 66.180.173.39 www.google.com.na
O1 - Hosts: 66.180.173.39 www.google.com.nf
O1 - Hosts: 66.180.173.39 www.google.com.ni
O1 - Hosts: 66.180.173.39 www.google.com.np
O1 - Hosts: 66.180.173.39 www.google.com.pa
O1 - Hosts: 66.180.173.39 www.google.com.pe
O1 - Hosts: 66.180.173.39 www.google.com.ph
O1 - Hosts: 66.180.173.39 www.google.com.pk
O1 - Hosts: 66.180.173.39 www.google.com.pr
O1 - Hosts: 66.180.173.39 www.google.com.py
O1 - Hosts: 66.180.173.39 www.google.com.sa
O1 - Hosts: 66.180.173.39 www.google.com.sg
O1 - Hosts: 66.180.173.39 www.google.com.sv
O1 - Hosts: 66.180.173.39 www.google.com.tr
O1 - Hosts: 66.180.173.39 www.google.com.tw
O1 - Hosts: 66.180.173.39 www.google.com.ua
O1 - Hosts: 66.180.173.39 www.google.com.uy
O1 - Hosts: 66.180.173.39 www.google.com.vc
O1 - Hosts: 66.180.173.39 www.google.com.vn
O1 - Hosts: 66.180.173.39 www.google.de
O1 - Hosts: 66.180.173.39 www.google.dj
O1 - Hosts: 66.180.173.39 www.google.dk
O1 - Hosts: 66.180.173.39 www.google.es
O1 - Hosts: 66.180.173.39 www.google.fi
O1 - Hosts: 66.180.173.39 www.google.fm
O1 - Hosts: 66.180.173.39 www.google.fr
O1 - Hosts: 66.180.173.39 www.google.gg
O1 - Hosts: 66.180.173.39 www.google.gl
O1 - Hosts: 66.180.173.39 www.google.gm
O1 - Hosts: 66.180.173.39 www.google.hn
O1 - Hosts: 66.180.173.39 www.google.ie
O1 - Hosts: 66.180.173.39 www.google.it
O1 - Hosts: 66.180.173.39 www.google.kz
O1 - Hosts: 66.180.173.39 www.google.li
O1 - Hosts: 66.180.173.39 www.google.lt
O1 - Hosts: 66.180.173.39 www.google.lu
O1 - Hosts: 66.180.173.39 www.google.lv
O1 - Hosts: 66.180.173.39 www.google.mn
O1 - Hosts: 66.180.173.39 www.google.ms
O1 - Hosts: 66.180.173.39 www.google.mu
O1 - Hosts: 66.180.173.39 www.google.mw
O1 - Hosts: 66.180.173.39 www.google.nl
O1 - Hosts: 66.180.173.39 www.google.no
O1 - Hosts: 66.180.173.39 www.google.off.ai
O1 - Hosts: 66.180.173.39 www.google.pl
O1 - Hosts: 66.180.173.39 www.google.pn
O1 - Hosts: 66.180.173.39 www.google.pt
O1 - Hosts: 66.180.173.39 www.google.ro
O1 - Hosts: 66.180.173.39 www.google.ru
O1 - Hosts: 66.180.173.39 www.google.rw
O1 - Hosts: 66.180.173.39 www.google.se
O1 - Hosts: 66.180.173.39 www.google.sh
O1 - Hosts: 66.180.173.39 www.google.sk
O1 - Hosts: 66.180.173.39 www.google.sm
O1 - Hosts: 66.180.173.39 www.google.td
O1 - Hosts: 66.180.173.39 www.google.tm
O2 - BHO: (no name) - {5483427F-93B8-1470-5A89-E6B56484CDB2} - C:\DOCUME~1\brettk\LOCALS~1\Temp\kxezmpobuni.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [vidctrl] C:\WINDOWS\System32\vidctrl\vidctrl.exe
O4 - HKLM\..\Run: [apisvc.exe] C:\WINDOWS\System32\apisvc.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\System32\anapnq.exe reg_run
O4 - HKLM\..\Run: [secserv.exe] C:\WINDOWS\System32\secserv.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [CMAPP] "C:\Program Files\CMAPP\Client\cmappclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Handspring\Hotsync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Start spyware remover - {BF69DF00-2734-477F-8257-27CD04F88779} - C:\Program Files\WareOut\WareOut.exe (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Start spyware remover - {BF69DF00-2734-477F-8257-27CD04F88779} - C:\Program Files\WareOut\WareOut.exe (file missing) (HKCU)
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://tdserver.bits...om/tdserver.cab
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1121429669141
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4EF007AE-5E67-4D7B-B516-DE685A162CF9}: NameServer = 195.95.218.1,85.255.112.7
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: SharedDLLs - C:\WINDOWS\system32\FGNTEXT.DLL
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Edited by carld717, 28 July 2005 - 08:53 PM.

  • 0

Advertisements


#2
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Hi and welcome to GeeksToGo! My name is Sam and I will be helping you. :tazz:

Please download Ewido Security Suite it is a trial version of the program.
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • Launch ewido, there should be an icon on your desktop double-click it.
  • The program will now go to the main screen
You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Then click on Start Update
The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update ewido.
http://www.ewido.net...wnload/updates/

Once the updates are installed do the following:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • While the scan is in progress you will be prompted to clean files, click OK
  • When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop.
Now close ewido security suite.


Reboot your computer and post a new hijackthis log and the log from Ewido.
  • 0

#3
carld717

carld717

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
This is progress! Eiwido is awesome!

I had to get rid of cfgmgr52 references in the registry

I had to uninstall Norton Security and antivirus

I had to delete a "hosts" file

Here's the Scan report:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 9:17:26 AM, 7/29/2005
+ Report-Checksum: 61E9D249

+ Scan result:

HKLM\SOFTWARE\Classes\AppID\BookedSpace.DLL -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\{0DC5CD7C-F653-4417-AA43-D457BE3A9622} -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\BookedSpace.Extension -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\BookedSpace.Extension\CLSID -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\BookedSpace.Extension\CurVer -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9} -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{35E78239-811E-4c3f-B37D-F339AC16C2C0} -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{417386C3-8D4A-4611-9B91-E57E89D603AC} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{5483427F-93B8-1470-5A89-E6B56484CDB2} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{96DA5BEE-4ACC-476C-B3EC-54C6730C4293} -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{05080E6B-A88A-4CFD-8C3D-9B2557670B6E} -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{10D7DB96-56DC-4617-8EAB-EC506ABE6C7E} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{6CDC3337-01F7-4A79-A4AF-0B19303CC0BE} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{795398D0-DC2F-4118-A69C-592273BA9C2B} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{930A2B79-855E-4A18-80BB-4C0595B40798} -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{B288F21C-A144-4CA2-9B70-8AFA1FAE4B06} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{E61A0304-C605-441F-BD57-2833B65A69F1} -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\PopOops2.PopOops -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\PopOops2.PopOops\Clsid -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\SWLAD1.SWLAD -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\SWLAD1.SWLAD\Clsid -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{0DC5CD7C-F653-4417-AA43-D457BE3A9622} -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{D0C29A75-7146-4737-98EE-BC4D7CF44AF9} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{E0D3B292-A0B0-4640-975C-2F882E039F52} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\{12EE7A5E-0674-42f9-A76B-000000004D00} -> Spyware.BrowserAid : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9} -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DisplayUtility -> Spyware.Delfin : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Virtual Bouncer -> Spyware.VirtualBouncer : Cleaned with backup
HKLM\SOFTWARE\Mvu -> Spyware.Delfin : Cleaned with backup
HKLM\SOFTWARE\WareOut -> TrojanDownloader.Wareout : Cleaned with backup
HKU\S-1-5-21-3214521647-3881350573-532664589-1007\Software\Microsoft\Internet Explorer\Explorer Bars\{90C61707-C8F8-43DB-A25C-C1F4B18EE41E} -> Spyware.CometCursor : Cleaned with backup
HKU\S-1-5-21-3214521647-3881350573-532664589-1007\Software\Mvu -> Spyware.Delfin : Cleaned with backup
HKU\S-1-5-21-3214521647-3881350573-532664589-1007\Software\VB and VBA Program Settings\VBouncer -> Spyware.VirtualBouncer : Cleaned with backup
HKU\S-1-5-21-3214521647-3881350573-532664589-1007\Software\VB and VBA Program Settings\VBouncer\Settings -> Spyware.VirtualBouncer : Cleaned with backup
HKU\S-1-5-21-3214521647-3881350573-532664589-1007\Software\WareOut -> TrojanDownloader.Wareout : Cleaned with backup
HKU\S-1-5-21-3214521647-3881350573-532664589-1007\Software\WareOut\FirstRun -> TrojanDownloader.Wareout : Cleaned with backup
HKU\S-1-5-21-3214521647-3881350573-532664589-1007\Software\WareOut\Options -> TrojanDownloader.Wareout : Cleaned with backup
HKU\S-1-5-21-3214521647-3881350573-532664589-1007\Software\WareOut\Registration -> TrojanDownloader.Wareout : Cleaned with backup
HKU\S-1-5-21-3214521647-3881350573-532664589-1007\Software\{12EE7A5E-0674-42f9-A76B-000000004D00} -> Spyware.BrowserAid : Cleaned with backup
[664] C:\WINDOWS\system32\FGNTEXT.DLL -> Spyware.Look2Me : Error during cleaning
[1404] C:\WINDOWS\system32\wlninet.dll -> Spyware.Look2Me : Error during cleaning
[2016] C:\DOCUME~1\brettk\LOCALS~1\Temp\gfkvchcnulq.dll -> Spyware.Hijacker.Generic : Cleaned with backup
[3484] C:\Program Files\rdso\eetu.exe -> Spyware.MediaTickets : Cleaned with backup
[3920] C:\WINDOWS\system32\AUNPS2.DLL -> Spyware.Hijacker.Generic : Cleaned with backup
[3868] C:\WINDOWS\System32\wintask.exe -> TrojanDownloader.Small.abd : Cleaned with backup
[3244] C:\PROGRA~1\VBouncer\VIRTUA~1.EXE -> Spyware.VirtualBouncer : Cleaned with backup
[1184] C:\PROGRA~1\ADDEST~1\ADDEST~1.EXE -> Spyware.VirtualBouncer : Cleaned with backup
[3816] C:\WINDOWS\cfgmgr52.dll -> Spyware.BookedSpace : Cleaned with backup
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\dadr.exe -> TrojanDownloader.Qoologic.n : Cleaned with backup
:mozilla.16:C:\Documents and Settings\brettk\Application Data\Mozilla\Firefox\Profiles\b77xnrld.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
C:\Documents and Settings\brettk\Cookies\brettk@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\brettk\Cookies\brettk@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\brettk\Cookies\brettk@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\brettk\Local Settings\Temp\gfkvchcnulq.dll -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Documents and Settings\brettk\Local Settings\Temp\ixuxsjupwlq.dll -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Documents and Settings\brettk\Local Settings\Temporary Internet Files\Content.IE5\01K3UHYZ\AppWrap[1].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\brettk\Local Settings\Temporary Internet Files\Content.IE5\LPNYYDRW\AppWrap[1].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\brettk\Local Settings\Temporary Internet Files\Content.IE5\MTSDM5OF\AppWrap[1].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Program Files\AdDestroyer\AdDestroyer.exe -> Spyware.VirtualBouncer : Cleaned with backup
C:\Program Files\Common Files\Uninstall Information\RemoveDisplayUtility.exe -> Spyware.Delfin : Cleaned with backup
C:\Program Files\hijack\backups\backup-20050728-225255-432.dll -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Program Files\hijack\backups\backup-20050729-000836-681.dll -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\0911B72A-254B-42EB-B94D-0B1094\D9E26531-5C86-4654-A8C8-C7FA7B -> Spyware.WeirWeb : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\0E13315B-E3CD-46F1-B6A1-842D47\FF94E1D1-CC3B-4D5C-8FC2-527A26 -> TrojanDownloader.Agent.ex : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\120A6306-5FBD-422F-BCA4-97C5CE\47BD22A2-EDCE-47FC-8021-9E85BC -> TrojanDownloader.Qoologic.p : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\33F56536-C829-4B57-8B6F-24E628\82BB3C95-59D5-47F3-9DED-E2B47E -> Spyware.Delfin : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\402845DF-BADB-4963-AE22-CCC813\B7B1A9AC-63CE-452D-8A4A-F3F61E/VVSN.exe -> Adware.SaveNow : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\4D86FA43-4541-4754-9622-49A622\292C0D58-3047-44DD-BA8F-71E734 -> TrojanDropper.Small.qn : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\4D86FA43-4541-4754-9622-49A622\975B61C2-007A-47AE-BAE4-4F6EE0 -> TrojanDropper.Agent.hl : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\76C877AF-FC44-4413-B09B-D15864\819FFB9B-BFBE-4C13-B30A-BED5D8 -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\7F1FB2A9-6DED-4515-B232-74159F\7E84BE01-1BDC-43C9-BCB1-62BE99 -> TrojanDownloader.Qoologic.n : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\7F1FB2A9-6DED-4515-B232-74159F\A9FF2727-604D-4EC4-B9A0-F99339 -> TrojanDownloader.Qoologic.n : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\7F1FB2A9-6DED-4515-B232-74159F\D4F0ABD9-582A-4CA9-971D-D0C7E4 -> TrojanDownloader.Qoologic.n : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\808D0434-CB28-4422-AA55-BC8943\6592D78D-42E5-4AC6-BFA5-1EF4DF -> TrojanDownloader.Qoologic.n : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\808D0434-CB28-4422-AA55-BC8943\C1DF6164-3284-424D-89D2-690334 -> TrojanDownloader.Qoologic.n : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\808D0434-CB28-4422-AA55-BC8943\CB2F3789-452C-4EB4-B8AE-91CD4F -> TrojanDownloader.Qoologic.n : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\808D0434-CB28-4422-AA55-BC8943\DACD05EB-CD79-4022-8A11-FB5185 -> TrojanDownloader.Qoologic.x : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\808D0434-CB28-4422-AA55-BC8943\E676B2F9-E4F9-41B2-B334-93D453 -> TrojanDownloader.Qoologic.n : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\808D0434-CB28-4422-AA55-BC8943\EAEA664A-9D28-432C-A5D8-75EE22 -> TrojanDownloader.Qoologic.n : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\ABC8BC94-59BF-4868-AEDD-F6C40F\254975A9-0BE5-45D3-8727-CA3528 -> TrojanDropper.Small.qn : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\BFB56415-CEE5-4890-BA2F-644707\6C8C0998-19AA-4D9F-98CC-B82685 -> Adware.BetterInternet : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\CA508993-C8FD-4940-B387-5E5F6C\D0A270AA-1B01-41B4-9A78-C64614 -> Spyware.UCmore : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\EB87D329-E1EF-4136-BD4F-7C97D5\13E33AD9-DDE1-46CB-98F0-4A42DD -> Spyware.180Solutions : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\EB87D329-E1EF-4136-BD4F-7C97D5\27BA1D9B-4837-4212-AB2B-1E3A98 -> Spyware.180Solutions : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\F6529193-D5D4-4FFA-B9EB-E8AC45\8E67CB47-4A64-41C6-BDFA-FADDAF -> TrojanDownloader.Agent.ex : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\FD7BC22A-1DF5-49D8-95EA-79DB5A\B63C921C-B5CF-4683-BB0D-7F541A -> Spyware.VirtualBouncer : Cleaned with backup
C:\Program Files\rdso\eetu.exe -> Spyware.MediaTickets : Cleaned with backup
C:\Program Files\SurfSideKick 3\Ssk.exe -> Spyware.SurfSide : Cleaned with backup
C:\Program Files\SurfSideKick 3\SskBho.dll -> Spyware.SurfSide : Cleaned with backup
C:\Program Files\SurfSideKick 3\SskCore.dll -> Spyware.SurfSide : Cleaned with backup
C:\Program Files\VBouncer\VirtualBouncer.exe -> Spyware.VirtualBouncer : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP416\A0016629.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP416\A0016673.cpl -> TrojanDownloader.Qoologic.p : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP416\A0016674.dll -> TrojanDownloader.Qoologic.n : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP416\A0016676.dll -> TrojanDownloader.Qoologic.n : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP416\A0016726.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP416\A0016728.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP416\A0016731.exe -> TrojanDropper.Agent.qb : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP416\A0016736.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP416\A0016737.exe -> Spyware.MediaTickets : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP416\A0016749.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP416\A0016757.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP416\A0016761.exe -> TrojanDropper.Agent.qb : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP416\A0016762.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP416\A0016764.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP416\A0016770.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP416\A0016786.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP416\A0016790.exe -> TrojanDropper.Agent.qb : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP416\A0016792.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP416\A0016798.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP416\A0016809.exe -> Spyware.Pacer : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP416\A0017787.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP416\A0017792.exe -> TrojanDropper.Agent.qb : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP416\A0017795.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP416\A0017799.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP416\A0017802.exe -> Spyware.Downloadware : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP416\A0017809.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP416\A0017813.exe -> TrojanDropper.Agent.qb : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP416\A0017814.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP416\A0017816.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP416\A0017817.exe -> Spyware.MediaTickets : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP416\A0017825.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP416\A0017827.exe -> TrojanDropper.Agent.qb : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP416\A0017829.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP416\A0017830.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP416\A0017843.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP416\A0017845.exe -> Backdoor.Lamebot.b : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP416\A0017846.exe -> Trojan.Qhost.qr : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP416\A0017848.exe -> Spyware.Msnagent : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP416\A0017852.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP416\A0017855.dll -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP416\A0017864.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP416\A0017869.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP416\A0017870.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP416\A0017871.exe -> Spyware.MediaTickets : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP416\A0017892.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP416\A0017897.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP416\A0017898.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP416\A0017902.cpl -> TrojanDownloader.Qoologic.p : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP416\A0017903.cpl -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP416\A0017907.exe -> Spyware.AlexaBar : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP416\A0017908.exe -> Spyware.AlexaBar : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP416\A0017923.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP416\A0017929.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP416\A0017930.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP416\A0017942.exe -> Spyware.Downloadware : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP416\A0017954.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP416\A0017961.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP416\A0017963.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP416\A0017969.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP416\A0017976.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP416\A0017983.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP416\A0017984.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP416\A0019982.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP416\A0019987.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP416\A0019989.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP416\A0019990.exe -> Spyware.MediaTickets : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP416\A0020995.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP416\A0020998.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP416\A0021008.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP416\A0021014.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP416\A0021015.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP416\A0021016.exe -> Spyware.MediaTickets : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP416\A0021022.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP416\A0021025.exe -> TrojanDropper.Agent.qb : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP416\A0021027.exe -> Spyware.Msnagent : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP416\A0021045.dll -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP416\A0021057.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP416\A0021058.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP416\A0021060.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP416\A0021062.cpl -> TrojanDownloader.Qoologic.p : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP416\A0021076.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP416\A0021081.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP416\A0021082.exe -> Spyware.MediaTickets : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP417\A0021088.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP418\A0021090.dll -> Spyware.Delfin : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP418\A0021094.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP418\A0021096.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP418\A0021097.exe -> TrojanDownloader.Apropo.ae : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP418\A0021102.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP418\A0021107.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP418\A0021112.dll -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP418\A0021113.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP418\A0021121.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP418\A0021125.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP418\A0021126.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP418\A0021134.dll -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP418\A0021135.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP418\A0021137.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP418\A0021138.dll -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP418\A0021139.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP419\A0021208.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP419\A0021209.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP419\A0021334.exe -> Spyware.Downloadware : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP419\A0021335.exe -> Spyware.Downloadware : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP419\A0021346.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP419\A0021347.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP419\A0021348.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP419\A0021349.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP419\A0021350.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP419\A0021351.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP419\A0021352.exe -> Trojan.Qhost.qr : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP419\A0021353.dll -> TrojanDownloader.Qoologic.n : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP419\A0021354.cpl -> TrojanDownloader.Qoologic.p : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP419\A0021355.exe -> TrojanDownloader.Qoologic.n : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP419\A0021356.exe -> TrojanDownloader.Qoologic.n : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP419\A0021357.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP419\A0021358.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP419\A0021359.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP419\A0021361.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP419\A0021362.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP419\A0021363.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP419\A0021364.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP419\A0021366.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP419\A0021367.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP419\A0021368.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP419\A0021369.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP419\A0021370.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP419\A0021375.exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP419\A0021379.exe -> Backdoor.Lamebot.b : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP419\A0021386.exe -> Backdoor.Lamebot.b : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP419\A0021390.exe -> Spyware.Pacer : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP419\A0021391.exe -> Spyware.Pacer : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP419\A0021392.exe -> TrojanDropper.Agent.qb : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP419\A0021400.exe -> TrojanDropper.Agent.qb : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP419\A0021402.exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP419\A0021403.exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP419\A0021412.exe -> Spyware.Pacer : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP419\A0021419.exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP419\A0021420.exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP419\A0021424.exe -> TrojanDropper.Agent.qb : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP419\A0021438.exe -> Spyware.AlexaBar : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP419\A0021440.exe -> Spyware.Pacer : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP419\A0021441.exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP419\A0021442.exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP419\A0021445.exe -> Spyware.Downloadware : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP419\A0021448.exe -> Spyware.Pacer : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP419\A0021457.exe -> Spyware.Downloadware : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP419\A0021459.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP419\A0021463.exe -> Spyware.Downloadware : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP419\A0021465.exe -> Spyware.Pacer : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP419\A0021469.exe -> Spyware.Pacer : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP419\A0021470.exe -> Spyware.Pacer : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP419\A0021471.exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP419\A0021472.exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP419\A0021481.exe -> Spyware.Downloadware : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP419\A0021483.exe -> Spyware.AlexaBar : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP419\A0021493.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP419\A0021495.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP419\A0021509.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP419\A0021510.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP419\A0021511.exe -> Spyware.MediaTickets : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP419\A0021520.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP419\A0021521.exe -> Spyware.PurityScan : Cleaned with backup
C:\WINDOWS\cfgmgr52.dll -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\iqxgesjo.exe -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\pss\dadr.exeCommon Startup -> TrojanDownloader.Qoologic.n : Cleaned with backup
C:\WINDOWS\ru.exe -> Spyware.PurityScan : Cleaned with backup
C:\WINDOWS\SYSTEM32\anapnq.exe -> TrojanDownloader.Qoologic.n : Cleaned with backup
C:\WINDOWS\SYSTEM32\apisvc.exe -> Backdoor.Lamebot.b : Cleaned with backup
C:\WINDOWS\SYSTEM32\AUNPS2.dll -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\cacdaxn.exe -> TrojanDownloader.Qoologic.n : Cleaned with backup
C:\WINDOWS\SYSTEM32\cxtpls_loader.exe -> TrojanDownloader.Apropo.ae : Cleaned with backup
C:\WINDOWS\SYSTEM32\datadx.dll -> TrojanDownloader.Qoologic.p : Cleaned with backup
C:\WINDOWS\SYSTEM32\fsfksag.dll -> TrojanDownloader.Qoologic.n : Cleaned with backup
C:\WINDOWS\SYSTEM32\InstallAPS.exe -> TrojanDropper.Agent.lu : Cleaned with backup
C:\WINDOWS\SYSTEM32\MDOERT2.DLL -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\miyuv.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\PopOops.dll -> Spyware.VirtualBouncer : Cleaned with backup
C:\WINDOWS\SYSTEM32\PopOops2.dll -> Spyware.VirtualBouncer : Cleaned with backup
C:\WINDOWS\SYSTEM32\SSK39.exe -> TrojanDropper.Small.qn : Cleaned with backup
C:\WINDOWS\SYSTEM32\SWLAD1.dll -> Spyware.VirtualBouncer : Cleaned with backup
C:\WINDOWS\SYSTEM32\SWLAD2.dll -> Spyware.VirtualBouncer : Cleaned with backup
C:\WINDOWS\SYSTEM32\thin-144-1-2-2.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\SYSTEM32\VB3.exe -> TrojanDropper.Agent.hl : Cleaned with backup
C:\WINDOWS\SYSTEM32\vidctrl\vidctrl.exe -> Spyware.DelphinMediaViewer : Cleaned with backup
C:\WINDOWS\SYSTEM32\wintask.exe -> TrojanDownloader.Small.abd : Cleaned with backup
C:\WINDOWS\Temp\!update.exe -> Spyware.MediaTickets : Cleaned with backup
C:\WINDOWS\Temp\b.com -> TrojanDropper.Agent.pb : Cleaned with backup
C:\WINDOWS\visfxun.exe -> TrojanDownloader.VB.kd : Cleaned with backup


::Report End


Here's the new hijack file:

Logfile of HijackThis v1.99.1
Scan saved at 10:15:33 AM, on 7/29/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\AdDestroyer\__delete_on_reboot__ADDEST~1.EXE
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O2 - BHO: SearchToolbarBHOObject - {12EE7A5E-0674-42f9-A76A-000000004D00} - C:\WINDOWS\System32\stlb2.dll
O3 - Toolbar: Search - {12EE7A5E-0674-42f9-A76B-000000004D00} - C:\WINDOWS\System32\stlb2.dll
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [{12EE7A5E-0674-42f9-A76B-000000004D00}] rundll32.exe stlb2.dll,DllRunMain
O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: AdDestroyer.lnk = C:\Program Files\AdDestroyer\__delete_on_reboot__ADDEST~1.EXE
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://tdserver.bits...om/tdserver.cab
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1121429669141
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O20 - Winlogon Notify: SharedDLLs - C:\WINDOWS\system32\FGNTEXT.DLL
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

------

Expect a donation from me, but I think there's still a few things to go
  • 0

#4
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
You're right. You're not quite clean yet.

Please make sure that you can VIEW ALL HIDDEN FILES.

Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O2 - BHO: SearchToolbarBHOObject - {12EE7A5E-0674-42f9-A76A-000000004D00} - C:\WINDOWS\System32\stlb2.dll
O3 - Toolbar: Search - {12EE7A5E-0674-42f9-A76B-000000004D00} - C:\WINDOWS\System32\stlb2.dll
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [{12EE7A5E-0674-42f9-A76B-000000004D00}] rundll32.exe stlb2.dll,DllRunMain
O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Startup: AdDestroyer.lnk = C:\Program Files\AdDestroyer\__delete_on_reboot__ADDEST~1.EXE
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O20 - Winlogon Notify: SharedDLLs - C:\WINDOWS\system32\FGNTEXT.DLL



Please reboot your computer in SafeMode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
* if you have trouble getting into Safe mode go here for more info.

Once in Safe mode, delete these files or directories (Do not be concerned if they do not exist):

c:\counter.cab
C:\WINDOWS\system32\FGNTEXT.DLL
C:\WINDOWS\System32\stlb2.dll
C:\WINDOWS\System32\E6F1873B.DLL
C:\Program Files\AdDestroyer
C:\Program Files\SurfSideKick 3



Reboot your computer to go back to normal mode.


=========


Now I need to see a different log from your computer.

Download L2mfix from one of these two locations:

http://www.atribune....oads/l2mfix.exe
http://www.downloads....org/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!


Post a new hijackthis log as well as the log from l2mfix.
  • 0

#5
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP