1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

hjt log need help

Discussion in 'Windows - Virus and spyware problems' started by dirtydz, Mar 17, 2006.

  1. dirtydz

    dirtydz Guest

    I am getting way to many popups i have scanned for virus & scanned for spyware but am still getting popups like crazy ...here is the hijack this log


    Logfile of HijackThis v1.99.1
    Scan saved at 4:17:52 PM, on 3/17/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\msoevc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Network Monitor\netmon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\windows\system32\qjdsregn.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Common Files\AOL\1126566416\ee\AOLHostManager.exe
    C:\Program Files\Common Files\AOL\1126566416\ee\AOLServiceHost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\qwinkrag.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Spyware Doctor\unins000.exe
    C:\DOCUME~1\Owner\LOCALS~1\Temp\_iu14D2N.tmp
    C:\Program Files\Spyware Doctor\swdoctor.exe
    C:\Documents and Settings\Owner\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1126566416\ee\AOLHostManager.exe
    O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [RCScheduleCheck] C:\Program Files\VCOM\Recovery Commander\RCSCHED.EXE -CHECK
    O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"
    O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd8.exe
    O4 - HKLM\..\Run: [0s0s0raw.dll] RUNDLL32.EXE 0s0s0raw.dll,b 622687
    O4 - HKLM\..\Run: [susse] "C:\WINDOWS\system32\hpsw.exe"
    O4 - HKLM\..\Run: [gimmygames] C:\windows\gimmygames.exe
    O4 - HKLM\..\Run: [delqsrmA] C:\WINDOWS\delqsrmA.exe
    O4 - HKLM\..\Run: [{8F-FA-A2-29-ZN}] C:\windows\system32\qjdsregn.exe CORN001
    O4 - HKLM\..\Run: [Qyndy] C:\Program Files\Alhisf\Atdeptz.exe
    O4 - HKLM\..\Run: [Windows Startup SVC] WINSVC32.EXE
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
    O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\qwinkrag.exe CORN001
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\qwinkrag.exe
    O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxmk809DHUS
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O15 - Trusted Zone: http://download.windowsupdate.com
    O15 - Trusted Zone: http://*.windowsupdate.com
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{314EACA8-55E3-48DB-9020-E82E0878F749}: NameServer = 69.72.74.3
    O17 - HKLM\System\CS1\Services\Tcpip\..\{314EACA8-55E3-48DB-9020-E82E0878F749}: NameServer = 69.72.74.3
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Filter: text/html - {2F6E85DC-8D2D-4896-8A4F-7DF8A7B1749D} - C:\PROGRA~1\Jalmp\jalmp.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: Internet Settings - C:\WINDOWS\system32\fbclient.dll (file missing)
    O20 - Winlogon Notify: Nls - C:\WINDOWS\system32\i0lo0a33ed.dll (file missing)
    O20 - Winlogon Notify: ShellServiceObjectDelayLoad - C:\WINDOWS\system32\q6nulg5916.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: OSdebug (Microsoft Regulator) - Unknown owner - C:\WINDOWS\msoevc.exe
    O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
     
  2. JaPK

    JaPK Regular member

    Joined:
    Feb 23, 2006
    Messages:
    1,269
    Likes Received:
    0
    Trophy Points:
    46
    Hi dirtydz.

    Ok, you have a nice collection of infections on your computer
    -> Cleaning instructions are quite long :)


    You don't have a firewall on your computer. Donwload and install one firewall.

    These are good (free) firewalls:
    ZoneAlarm --> http://www.zonelabs.com
    Kerio--> http://www.sunbelt-software.com/Kerio.cfm
    Outpost-> http://www.agnitum.com

    Download and install Ewido, UPDATE it, but do NOT run a scan yet. -> http://www.ewido.net/en/download/

    Cleaning instructions: (Please follow carefully)

    Donwload LSPFix -> http://www.cexx.org/lspfix.htm to yuor desktop.
    Don't run this program yet. This program is used only if you lost your internet connection during the cleaning.

    Go to Control Panel -> Add or remove programs -> Remove if found New.Net or NewDotNet


    IF New.Net or NewDotNet ain't listed in add/or remove programs, do this

    Un-plug your internet cable.

    Disable your antispyware and antivirus

    Download NNuninstall to your desktop http://www.new.net/support/NNuninstall.exe

    Run NNuninstall.exe file.
    ->It asks if you want to remove New.Net
    ->Click Yes.
    ->When it is done click OK.
    ->Restart your computer

    Restart your antivirus
    Plug your internet cable back.

    Empty the recycle bin.

    (IF you lost your internet connection during the new.net removal, doubleclik LSPFix.exe. Check "I know what I'm doing" option.You see two panels; If something is listed in "Remove" panel on the right side, leave it there and press "Finish>>". Then restart your computer and the connection should work. If nothing is listed in "Remove" panel, DO NOTHING, close LSPFix. Go to some different machine to get help. (This is just a precaution. Usually the internet connection stays ok ;) )



    Then

    Download Look2Me-Destroyer.exe to your desktop -> http://www.atribune.org/ccount/click.php?id=7
    ->Close all windows to continue.
    ->Run Look2Me-Destroyer.exe
    ->Check Run this program as a task.
    ->You'll get a message"Look2Me-Destroyer will close and re-open in approximately 1 minute". Click OK
    ->When it opens again, click Scan for L2M, shortcut will disappear but it is normal.
    ->When scanning is ready, Click Remove L2M.
    ->You'll get the meesage Done Scanning , clickOK.
    ->When you get this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
    -> PC shutsdown.
    ->Restart it.



    Run HijackThis and fix these entries (if found): (Do a system scan only, check entries, close all other windows, press Fix checked)

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
    O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd8.exe
    O4 - HKLM\..\Run: [0s0s0raw.dll] RUNDLL32.EXE 0s0s0raw.dll,b 622687
    O4 - HKLM\..\Run: [susse] "C:\WINDOWS\system32\hpsw.exe"
    O4 - HKLM\..\Run: [gimmygames] C:\windows\gimmygames.exe
    O4 - HKLM\..\Run: [delqsrmA] C:\WINDOWS\delqsrmA.exe
    O4 - HKLM\..\Run: [{8F-FA-A2-29-ZN}] C:\windows\system32\qjdsregn.exe CORN001
    O4 - HKLM\..\Run: [Qyndy] C:\Program Files\Alhisf\Atdeptz.exe
    O4 - HKLM\..\Run: [Windows Startup SVC] WINSVC32.EXE
    O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
    O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\qwinkrag.exe CORN001
    O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\qwinkrag.exe
    O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxmk809DHUS
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCent...
    O18 - Filter: text/html - {2F6E85DC-8D2D-4896-8A4F-7DF8A7B1749D} - C:\PROGRA~1\Jalmp\jalmp.dll
    O23 - Service: OSdebug (Microsoft Regulator) - Unknown owner - C:\WINDOWS\msoevc.exe
    O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe


    Then on the downright corner in HijackThis press config
    ->Misc Tools
    ->Delete NT service
    ->Copy this: Microsoft Regulator and paste it to the field
    ->Press OK

    Again but
    ->Delete NT service
    ->Copy this: Network Monitor and paste it to the field
    ->Press OK


    Restart your computer to the safe mode (Press F8 button when computer is starting and choose safe mode)

    Make your hidden files visible:
    ->On the Tools menu in Windows Explorer, click Folder Options.
    ->Click the View tab.
    ->Under Hidden files and folders, click Show hidden files and folders.

    Delete this folder if found:
    C:\Program Files\-->Network Monitor
    C:\Program Files\-->New.Net
    C:\Program Files\-->NewDotNet
    C:\PROGRA~1\-->Jalmp
    C:\Program Files\-->Alhisf

    Delete these files if found:
    C:\windows\-->winsysupd8.exe
    C:\WINDOWS\system32\-->hpsw.exe
    C:\windows\-->gimmygames.exe
    C:\WINDOWS\-->delqsrmA.exe
    C:\windows\system32\-->qjdsregn.exe
    C:\WINDOWS\system32\-->qwinkrag.exe
    C:\WINDOWS\system32\-->dwdsregt.exe
    C:\WINDOWS\-->msoevc.exe
    C:\DOCUME~1\Owner\LOCALS~1\Temp\-->_iu14D2N.tmp


    Use the Windows "search" function (make sure that you search from hidden files and folders and from system folders too)
    Search for this and delete if found: 0s0s0raw.dll
    Search for this and delete if found: WINSVC32.EXE


    Empty the Recycle Bin

    Make your hidden files invisible again:
    ->On the Tools menu in Windows Explorer, click Folder Options.
    ->Click the View tab.
    ->Under Hidden files and folders, click Do not show hidden files and folders.

    Scan yor computer with Ewido and save the log file.

    Restart your computer normally.

    Post a fresh HijackThis log and Ewido's log and C:\Look2Me-Destroyer.txt to here so we can see if your computer is now clean.

     
    Last edited: Mar 17, 2006
  3. -kemisti-

    -kemisti- Active member

    Joined:
    Jun 6, 2005
    Messages:
    6,305
    Likes Received:
    0
    Trophy Points:
    96
  4. dirtydz

    dirtydz Guest

    Hi, Hey thanks for the help!!! here is the ewido log


    wido anti-malware - Scan report
    ---------------------------------------------------------

    + Created on: 1:58:22 PM, 3/18/2006
    + Report-Checksum: EF137D69

    + Scan result:

    HKLM\SOFTWARE\Classes\CLSID\{39C78B50-7E98-4aa0-B007-D83114EA6E0F} -> Adware.Generic : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{C5AF2622-8C75-4dfb-9693-23AB7686A456} -> Adware.Generic : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{39C78B50-7E98-4AA0-B007-D83114EA6E0F} -> Adware.Generic : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39C78B50-7E98-4aa0-B007-D83114EA6E0F} -> Adware.Generic : Cleaned with backup
    HKU\.DEFAULT\Software\Effective-i -> Adware.EffectiveBrandToolbar : Cleaned with backup
    HKU\.DEFAULT\Software\Effective-i\TheSearchAccelerator -> Adware.EffectiveBrandToolbar : Cleaned with backup
    HKU\.DEFAULT\Software\Effective-i\TheSearchAccelerator\IE5 -> Adware.EffectiveBrandToolbar : Cleaned with backup
    HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{39C78B50-7E98-4AA0-B007-D83114EA6E0F} -> Adware.Generic : Cleaned with backup
    HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5AF2622-8C75-4DFB-9693-23AB7686A456} -> Adware.Generic : Cleaned with backup
    HKU\S-1-5-21-1078081533-602609370-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{39C78B50-7E98-4AA0-B007-D83114EA6E0F} -> Adware.Generic : Cleaned with backup
    HKU\S-1-5-18\Software\Effective-i -> Adware.EffectiveBrandToolbar : Cleaned with backup
    HKU\S-1-5-18\Software\Effective-i\TheSearchAccelerator -> Adware.EffectiveBrandToolbar : Cleaned with backup
    HKU\S-1-5-18\Software\Effective-i\TheSearchAccelerator\IE5 -> Adware.EffectiveBrandToolbar : Cleaned with backup
    HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{39C78B50-7E98-4AA0-B007-D83114EA6E0F} -> Adware.Generic : Cleaned with backup
    HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5AF2622-8C75-4DFB-9693-23AB7686A456} -> Adware.Generic : Cleaned with backup
    C:\2464.exe -> Downloader.Adload.t : Cleaned with backup
    C:\34264.exe -> Backdoor.Wisdoor.ao : Cleaned with backup
    C:\4634.exe -> Downloader.Adload.r : Cleaned with backup
    C:\46x2.exe -> Downloader.Adload.t : Cleaned with backup
    C:\adef.exe -> Downloader.Adload.j : Cleaned with backup
    C:\cygwid.exe -> Downloader.Small.bmx : Cleaned with backup
    C:\Documents and Settings\LocalService\Application Data\VCOM\Fix-It\Quarantine\624789.exe -> Downloader.Adload.o : Cleaned with backup
    C:\Documents and Settings\LocalService\Application Data\VCOM\Fix-It\Quarantine\A0000002.exe -> Downloader.Adload.o : Cleaned with backup
    C:\Documents and Settings\LocalService\Application Data\VCOM\Fix-It\Quarantine\A0000770.exe -> Downloader.Adload.o : Cleaned with backup
    C:\Documents and Settings\LocalService\Application Data\VCOM\Fix-It\Quarantine\A0000810.exe -> Downloader.Adload.o : Cleaned with backup
    C:\Documents and Settings\LocalService\Application Data\VCOM\Fix-It\Quarantine\A0000831.exe -> Downloader.Adload.o : Cleaned with backup
    C:\Documents and Settings\LocalService\Application Data\VCOM\Fix-It\Quarantine\A0000843.exe -> Downloader.Adload.o : Cleaned with backup
    C:\Documents and Settings\LocalService\Application Data\VCOM\Fix-It\Quarantine\A0001178.exe -> Downloader.VB.wr : Cleaned with backup
    C:\Documents and Settings\LocalService\Application Data\VCOM\Fix-It\Quarantine\A0001192.exe -> Downloader.VB.wr : Cleaned with backup
    C:\Documents and Settings\LocalService\Application Data\VCOM\Fix-It\Quarantine\A0001212.exe -> Downloader.VB.wr : Cleaned with backup
    C:\Documents and Settings\LocalService\Application Data\VCOM\Fix-It\Quarantine\A0001232.exe -> Downloader.VB.wr : Cleaned with backup
    C:\Documents and Settings\LocalService\Application Data\VCOM\Fix-It\Quarantine\A0002231.exe -> Downloader.VB.wr : Cleaned with backup
    C:\Documents and Settings\LocalService\Application Data\VCOM\Fix-It\Quarantine\A0002242.exe -> Downloader.VB.wr : Cleaned with backup
    C:\Documents and Settings\LocalService\Application Data\VCOM\Fix-It\Quarantine\A0002259.exe -> Downloader.VB.wr : Cleaned with backup
    C:\Documents and Settings\LocalService\Application Data\VCOM\Fix-It\Quarantine\A0002281.exe -> Downloader.VB.wr : Cleaned with backup
    C:\Documents and Settings\LocalService\Application Data\VCOM\Fix-It\Quarantine\A0003280.exe -> Downloader.VB.wr : Cleaned with backup
    C:\Documents and Settings\LocalService\Application Data\VCOM\Fix-It\Quarantine\A0005279.exe -> Downloader.VB.wr : Cleaned with backup
    C:\Documents and Settings\LocalService\Application Data\VCOM\Fix-It\Quarantine\asde5ycxafhj.exe -> Downloader.Adload.o : Cleaned with backup
    C:\Documents and Settings\LocalService\Application Data\VCOM\Fix-It\Quarantine\docs.exe -> Downloader.Adload.o : Cleaned with backup
    C:\Documents and Settings\LocalService\Application Data\VCOM\Fix-It\Quarantine\gimmygames.exe.QUAR00 -> Downloader.VB.wd : Cleaned with backup
    C:\Documents and Settings\LocalService\Application Data\VCOM\Fix-It\Quarantine\gimmygames[1].exe -> Downloader.VB.wd : Cleaned with backup
    C:\Documents and Settings\LocalService\Application Data\VCOM\Fix-It\Quarantine\vsslne.exe -> Logger.VB.eh : Cleaned with backup
    C:\Documents and Settings\LocalService\Application Data\VCOM\Fix-It\Quarantine\winsysban8.exe -> Hijacker.VB.lg : Cleaned with backup
    C:\Documents and Settings\LocalService\Application Data\VCOM\Fix-It\Quarantine\winsysban8[1].exe -> Hijacker.VB.lg : Cleaned with backup
    C:\Documents and Settings\LocalService\Application Data\VCOM\Fix-It\Quarantine\winsysupd7.exe -> Downloader.VB.wg : Cleaned with backup
    C:\Documents and Settings\LocalService\Application Data\VCOM\Fix-It\Quarantine\winsysupd7[1].exe -> Downloader.VB.wg : Cleaned with backup
    C:\Documents and Settings\LocalService\Application Data\VCOM\Fix-It\Quarantine\winsysupd8.exe -> Hijacker.StartPage.ahg : Cleaned with backup
    C:\Documents and Settings\LocalService\Application Data\VCOM\Fix-It\Quarantine\winsysupd8[1].exe -> Hijacker.StartPage.ahg : Cleaned with backup
    C:\Documents and Settings\LocalService\Cookies\system@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\LocalService\Cookies\system@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\LocalService\Cookies\system@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup
    C:\Documents and Settings\LocalService\Cookies\system@adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned with backup
    C:\Documents and Settings\LocalService\Cookies\system@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned with backup
    C:\Documents and Settings\LocalService\Cookies\system@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup
    C:\Documents and Settings\LocalService\Cookies\system@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup
    C:\Documents and Settings\LocalService\Cookies\system@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
    C:\Documents and Settings\LocalService\Cookies\system@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
    C:\Documents and Settings\LocalService\Cookies\system@banners.searchingbooth[1].txt -> TrackingCookie.Searchingbooth : Cleaned with backup
    C:\Documents and Settings\LocalService\Cookies\system@bfast[2].txt -> TrackingCookie.Bfast : Cleaned with backup
    C:\Documents and Settings\LocalService\Cookies\system@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup
    C:\Documents and Settings\LocalService\Cookies\system@c.goclick[2].txt -> TrackingCookie.Goclick : Cleaned with backup
    C:\Documents and Settings\LocalService\Cookies\system@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup
    C:\Documents and Settings\LocalService\Cookies\system@clickbank[2].txt -> TrackingCookie.Clickbank : Cleaned with backup
    C:\Documents and Settings\LocalService\Cookies\system@counter.hitslink[2].txt -> TrackingCookie.Hitslink : Cleaned with backup
    C:\Documents and Settings\LocalService\Cookies\system@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
    C:\Documents and Settings\LocalService\Cookies\system@data1.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
    C:\Documents and Settings\LocalService\Cookies\system@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
    C:\Documents and Settings\LocalService\Cookies\system@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup
    C:\Documents and Settings\LocalService\Cookies\system@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned with backup
    C:\Documents and Settings\LocalService\Cookies\system@h.starware[2].txt -> TrackingCookie.Starware : Cleaned with backup
    C:\Documents and Settings\LocalService\Cookies\system@media.fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup
    C:\Documents and Settings\LocalService\Cookies\system@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
    C:\Documents and Settings\LocalService\Cookies\system@overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
    C:\Documents and Settings\LocalService\Cookies\system@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
    C:\Documents and Settings\LocalService\Cookies\system@qksrv[1].txt -> TrackingCookie.Qksrv : Cleaned with backup
    C:\Documents and Settings\LocalService\Cookies\system@revenue[2].txt -> TrackingCookie.Revenue : Cleaned with backup
    C:\Documents and Settings\LocalService\Cookies\system@sel.as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
    C:\Documents and Settings\LocalService\Cookies\system@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup
    C:\Documents and Settings\LocalService\Cookies\system@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned with backup
    C:\Documents and Settings\LocalService\Cookies\system@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup
    C:\Documents and Settings\LocalService\Cookies\system@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Cleaned with backup
    C:\Documents and Settings\LocalService\Cookies\system@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
    C:\Documents and Settings\LocalService\Cookies\system@targetnet[1].txt -> TrackingCookie.Targetnet : Cleaned with backup
    C:\Documents and Settings\LocalService\Cookies\system@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup
    C:\Documents and Settings\LocalService\Cookies\system@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
    C:\Documents and Settings\LocalService\Cookies\system@valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned with backup
    C:\Documents and Settings\LocalService\Cookies\system@www.epilot[1].txt -> TrackingCookie.Epilot : Cleaned with backup
    C:\Documents and Settings\LocalService\Cookies\system@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\LocalService\Cookies\system@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup
    C:\Documents and Settings\LocalService\Cookies\system@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CP2FSTIJ\eas[1].exe -> Downloader.Adload.t : Cleaned with backup
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CP2FSTIJ\eas[2].exe -> Downloader.Adload.t : Cleaned with backup
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CP2FSTIJ\k1s9q[1].jpg -> Downloader.Adload.t : Cleaned with backup
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GHQRODYV\77pyha[1].jpg -> Backdoor.Wisdoor.ao : Cleaned with backup
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GHQRODYV\actb2m[1].jpg -> Downloader.Adload.o : Cleaned with backup
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GHUJ8XAZ\!update-3195[1].0000 -> Downloader.PurityScan.be : Cleaned with backup
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GHUJ8XAZ\77p6ov[1].jpg -> Downloader.Adload.t : Cleaned with backup
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GHUJ8XAZ\eas[1].exe -> Downloader.Adload.t : Cleaned with backup
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GHUJ8XAZ\sjq3lg[1].jpg -> Downloader.Adload.r : Cleaned with backup
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GHUJ8XAZ\sjq3lg[2].jpg -> Downloader.Adload.r : Cleaned with backup
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\KPE3ODAZ\1ckwl[1].jpg -> Downloader.Adload.o : Cleaned with backup
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\KPE3ODAZ\drsmartload[1].exe -> Downloader.VB.ya : Cleaned with backup
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\KPE3ODAZ\sjq3lg[1].jpg -> Downloader.Adload.r : Cleaned with backup
    C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\Owner\Cookies\owner@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned with backup
    C:\Documents and Settings\Owner\Cookies\owner@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
    C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
    C:\Documents and Settings\Owner\Cookies\owner@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned with backup
    C:\Documents and Settings\Owner\Cookies\owner@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned with backup
    C:\Documents and Settings\Owner\Cookies\owner@microsoftwga.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Owner\Cookies\owner@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Owner\Cookies\owner@paypopup[1].txt -> TrackingCookie.Paypopup : Cleaned with backup
    C:\Documents and Settings\Owner\Cookies\owner@pro-market[2].txt -> TrackingCookie.Pro-market : Cleaned with backup
    C:\Documents and Settings\Owner\Cookies\owner@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup
    C:\Documents and Settings\Owner\Cookies\owner@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
    C:\Documents and Settings\Owner\Cookies\owner@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup
    C:\Documents and Settings\Owner\Desktop\backups\backup-20060317-234233-331.dll -> Adware.Suggestor : Cleaned with backup
    C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned with backup
    C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup
    C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned with backup
    C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned with backup
    C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup
    C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@as-eu.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
    C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
    C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@as1.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
    C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
    C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@bfast[1].txt -> TrackingCookie.Bfast : Cleaned with backup
    C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup
    C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup
    C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup
    C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@citi.bridgetrack[1].txt -> TrackingCookie.Bridgetrack : Cleaned with backup
    C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@clickbank[1].txt -> TrackingCookie.Clickbank : Cleaned with backup
    C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@com[1].txt -> TrackingCookie.Com : Cleaned with backup
    C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
    C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
    C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned with backup
    C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@entrepreneur.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup
    C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned with backup
    C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@media.fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup
    C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned with backup
    C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@overture[2].txt -> TrackingCookie.Overture : Cleaned with backup
    C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
    C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@pro-market[2].txt -> TrackingCookie.Pro-market : Cleaned with backup
    C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned with backup
    C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup
    C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@revenue[2].txt -> TrackingCookie.Revenue : Cleaned with backup
    C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned with backup
    C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup
    C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
    C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup
    C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
    C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@twci.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned with backup
    C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned with backup
    C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup
    C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\05UR8T6N\AppWrap[1].exe -> Adware.AdURL : Cleaned with backup
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\KFGZ8FI7\AppWrap[1].exe -> Adware.AdURL : Cleaned with backup
    C:\dox.exe -> Downloader.Adload.j : Cleaned with backup
    C:\NNSCAA638.EXE -> Adware.NewDotNet : Cleaned with backup
    C:\Program Files\Yazzle Sudoku\Sudoku.exe -> Dropper.VB.kk : Cleaned with backup
    C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP14\A0002278.exe -> Downloader.Adload.r : Cleaned with backup
    C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP14\A0003279.exe -> Downloader.Adload.r : Cleaned with backup
    C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP15\A0004270.exe -> Downloader.VB.tw : Cleaned with backup
    C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP15\A0005278.exe -> Downloader.Adload.r : Cleaned with backup
    C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP17\A0005317.exe -> Downloader.Adload.r : Cleaned with backup
    C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP17\A0005318.exe -> Downloader.VB.xg : Cleaned with backup
    C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP19\A0005326.exe -> Downloader.VB.tw : Cleaned with backup
    C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP20\A0005337.exe -> Downloader.Adload.u : Cleaned with backup
    C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP21\A0005358.exe -> Downloader.Adload.t : Cleaned with backup
    C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP21\A0005359.exe -> Downloader.Adload.u : Cleaned with backup
    C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP21\A0005375.exe -> Downloader.Adload.t : Cleaned with backup
    C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP21\A0005376.exe -> Downloader.Adload.u : Cleaned with backup
    C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP21\A0005377.exe -> Adware.AdURL : Cleaned with backup
    C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP21\A0005389.exe -> Downloader.Adload.t : Cleaned with backup
    C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP21\A0005390.exe -> Downloader.Adload.u : Cleaned with backup
    C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP21\A0005402.exe -> Downloader.Adload.t : Cleaned with backup
    C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP21\A0005403.exe -> Downloader.Adload.u : Cleaned with backup
    C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP22\A0005422.exe -> Downloader.Adload.t : Cleaned with backup
    C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP22\A0005423.exe -> Downloader.Adload.u : Cleaned with backup
    C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP23\A0005437.exe -> Downloader.Adload.t : Cleaned with backup
    C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP23\A0005438.exe -> Downloader.Adload.u : Cleaned with backup
    C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP23\A0005453.exe -> Downloader.Adload.t : Cleaned with backup
    C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP23\A0005454.exe -> Downloader.Adload.u : Cleaned with backup
    C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP23\A0005467.exe -> Downloader.Adload.u : Cleaned with backup
    C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP24\A0005472.exe -> Downloader.Adload.u : Cleaned with backup
    C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP26\A0005484.exe -> Downloader.Adload.t : Cleaned with backup
    C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP26\A0005485.exe -> Downloader.Adload.u : Cleaned with backup
    C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP26\A0005499.exe -> Downloader.Adload.t : Cleaned with backup
    C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP26\A0005500.exe -> Downloader.VB.ya : Cleaned with backup
    C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP26\A0005513.exe -> Downloader.Adload.t : Cleaned with backup
    C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP26\A0005516.exe -> Downloader.VB.ya : Cleaned with backup
    C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP27\A0006515.exe -> Downloader.Adload.t : Cleaned with backup
    C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP27\A0006516.exe -> Downloader.VB.ya : Cleaned with backup
    C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP27\A0006528.exe -> Downloader.VB.ya : Cleaned with backup
    C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP27\A0006541.exe -> Downloader.VB.ya : Cleaned with backup
    C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP29\A0006628.exe -> Downloader.VB.ya : Cleaned with backup
    C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP29\A0006650.exe -> Downloader.VB.ya : Cleaned with backup
    C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP30\A0006700.exe -> Downloader.VB.ya : Cleaned with backup
    C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP30\A0006737.exe -> Downloader.VB.ya : Cleaned with backup
    C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP32\A0007503.EXE -> Backdoor.Wisdoor.ao : Cleaned with backup
    C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP32\A0007504.exe -> Backdoor.Wisdoor.ao : Cleaned with backup
    C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP32\A0007505.exe -> Downloader.Adload.t : Cleaned with backup
    C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP32\A0007511.exe -> Downloader.Adload.t : Cleaned with backup
    C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP32\A0007545.exe -> Downloader.VB.tw : Cleaned with backup
    C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP34\A0007884.exe -> Downloader.VB.nw : Cleaned with backup
    C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP34\A0007885.dll -> Adware.Ucmore : Cleaned with backup
    C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP34\A0007888.dll -> Adware.Ucmore : Cleaned with backup
    C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP34\A0007893.dll -> Adware.E2Give : Cleaned with backup
    C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP34\A0007894.exe -> Downloader.PurityScan.be : Cleaned with backup
    C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP36\A0008973.exe -> Downloader.Adload.j : Cleaned with backup
    C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP36\A0011048.dll -> Adware.Suggestor : Cleaned with backup
    C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP36\A0011132.dll -> Adware.Suggestor : Cleaned with backup
    C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP36\A0011191.dll -> Adware.Suggestor : Cleaned with backup
    C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP36\A0011213.exe -> Adware.NewDotNet : Cleaned with backup
    C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP36\A0011214.exe -> Adware.NewDotNet : Cleaned with backup
    C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP36\A0011217.dll -> Adware.NewDotNet : Cleaned with backup
    C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP36\A0011268.exe -> Adware.ZenoSearch : Cleaned with backup
    C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP36\A0011271.exe -> Adware.Suggestor : Cleaned with backup
    C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP36\A0011272.exe -> Adware.ZenoSearch : Cleaned with backup
    C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP36\A0011274.exe -> Adware.ZenoSearch : Cleaned with backup
    C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP36\A0011277.exe -> Downloader.VB.tw : Cleaned with backup
    C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP36\A0011278.EXE -> Backdoor.Wisdoor.ao : Cleaned with backup
    C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP36\A0011279.exe -> Trojan.VB.tg : Cleaned with backup
    C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP36\A0011280.exe -> Trojan.Runner.h : Cleaned with backup
    C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP36\A0011283.dll -> Adware.Suggestor : Cleaned with backup
    C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP36\A0011284.exe -> Adware.Suggestor : Cleaned with backup
    C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP36\A0011285.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Cleaned with backup
    C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP37\A0011295.exe -> Backdoor.SdBot.xd : Cleaned with backup
    C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP5\A0000915.exe -> Downloader.VB.wj : Cleaned with backup
    C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP6\A0000955.exe -> Downloader.VB.wj : Cleaned with backup
    C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP8\A0001143.exe -> Downloader.VB.wj : Cleaned with backup
    C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP8\A0001156.exe -> Downloader.VB.wj : Cleaned with backup
    C:\WINDOWS\NDNuninstall6_38.exe -> Adware.NewDotNet : Cleaned with backup
    C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup
    C:\WINDOWS\system32\irhbgyfu.dll -> Adware.PurityScan : Cleaned with backup
    C:\WINDOWS\system32\owinosap.exe -> Adware.ZenoSearch : Cleaned with backup
    C:\WINDOWS\system32\pi1_58.exe -> Downloader.Small.bue : Cleaned with backup
    C:\WINDOWS\system32\rndsrego.exe -> Adware.ZenoSearch : Cleaned with backup
    C:\WINDOWS\Temp\!update.exe -> Downloader.PurityScan.be : Cleaned with backup
    C:\WINDOWS\Temp\Cookies\owner@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    C:\WINDOWS\Temp\Cookies\owner@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup
    C:\WINDOWS\Temp\Cookies\owner@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned with backup
    C:\WINDOWS\Temp\Cookies\owner@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned with backup
    C:\WINDOWS\Temp\Cookies\owner@ads.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : Cleaned with backup
    C:\WINDOWS\Temp\Cookies\owner@ads1.revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup
    C:\WINDOWS\Temp\Cookies\owner@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup
    C:\WINDOWS\Temp\Cookies\owner@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
    C:\WINDOWS\Temp\Cookies\owner@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
    C:\WINDOWS\Temp\Cookies\owner@as1.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
    C:\WINDOWS\Temp\Cookies\owner@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned with backup
    C:\WINDOWS\Temp\Cookies\owner@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup
    C:\WINDOWS\Temp\Cookies\owner@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup
    C:\WINDOWS\Temp\Cookies\owner@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup
    C:\WINDOWS\Temp\Cookies\owner@clickbank[1].txt -> TrackingCookie.Clickbank : Cleaned with backup
    C:\WINDOWS\Temp\Cookies\owner@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
    C:\WINDOWS\Temp\Cookies\owner@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
    C:\WINDOWS\Temp\Cookies\owner@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned with backup
    C:\WINDOWS\Temp\Cookies\owner@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup
    C:\WINDOWS\Temp\Cookies\owner@hypertracker[1].txt -> TrackingCookie.Hypertracker : Cleaned with backup
    C:\WINDOWS\Temp\Cookies\owner@media.fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup
    C:\WINDOWS\Temp\Cookies\owner@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
    C:\WINDOWS\Temp\Cookies\owner@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\WINDOWS\Temp\Cookies\owner@paypopup[1].txt -> TrackingCookie.Paypopup : Cleaned with backup
    C:\WINDOWS\Temp\Cookies\owner@qksrv[1].txt -> TrackingCookie.Qksrv : Cleaned with backup
    C:\WINDOWS\Temp\Cookies\owner@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup
    C:\WINDOWS\Temp\Cookies\owner@revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup
    C:\WINDOWS\Temp\Cookies\owner@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned with backup
    C:\WINDOWS\Temp\Cookies\owner@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup
    C:\WINDOWS\Temp\Cookies\owner@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned with backup
    C:\WINDOWS\Temp\Cookies\owner@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
    C:\WINDOWS\Temp\Cookies\owner@targetnet[2].txt -> TrackingCookie.Targetnet : Cleaned with backup
    C:\WINDOWS\Temp\Cookies\owner@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned with backup
    C:\WINDOWS\Temp\Cookies\owner@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
    C:\WINDOWS\Temp\Cookies\owner@valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned with backup
    C:\WINDOWS\Temp\Cookies\owner@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    C:\WINDOWS\Temp\Cookies\owner@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup
    C:\WINDOWS\Temp\Cookies\owner@zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup
    C:\WINDOWS\Temp\E1B2D.tmp/titno.exe -> Adware.MDH : Cleaned with backup
    C:\WINDOWS\Temp\nein.exe -> Downloader.Small.bgl : Cleaned with backup
    C:\WINDOWS\unin101.exe -> Trojan.VB.tg : Cleaned with backup
    C:\WINDOWS\uni_eh.exe -> Trojan.VB.tg : Cleaned with backup
    C:\WINDOWS\winsysban4.exe -> Hijacker.VB.kc : Cleaned with backup
    C:\WINDOWS\winsysupd4.exe -> Hijacker.StartPage.ahg : Cleaned with backup
    C:\ZICORN001.exe -> Adware.ZenoSearch : Cleaned with backup


    ::Report End


    Hijack this log

    Logfile of HijackThis v1.99.1
    Scan saved at 1:58:55 PM, on 3/18/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    C:\Program Files\Common Files\AOL\1126566416\ee\AOLHostManager.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Common Files\AOL\1126566416\ee\AOLServiceHost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\ewido anti-malware\ewidoguard.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Documents and Settings\Owner\Desktop\HijackThis.exe

    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1126566416\ee\AOLHostManager.exe
    O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://download.windowsupdate.com
    O15 - Trusted Zone: http://*.windowsupdate.com
    O17 - HKLM\System\CCS\Services\Tcpip\..\{314EACA8-55E3-48DB-9020-E82E0878F749}: NameServer = 69.72.74.3
    O17 - HKLM\System\CS1\Services\Tcpip\..\{314EACA8-55E3-48DB-9020-E82E0878F749}: NameServer = 69.72.74.3
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
    O23 - Service: OSdebug (Microsoft Regulator) - Unknown owner - C:\WINDOWS\msoevc.exe (file missing)


     
  5. JaPK

    JaPK Regular member

    Joined:
    Feb 23, 2006
    Messages:
    1,269
    Likes Received:
    0
    Trophy Points:
    46
    Ok very good, you are almost clean....

    You don't have a firewall on your computer. Download and install one firewall.

    These are good (free) firewalls:
    ZoneAlarm --> http://www.zonelabs.com
    Kerio--> http://www.sunbelt-software.com/Kerio.cfm
    Outpost-> http://www.agnitum.com


    Do this:
    Fix this entry with HijackThis:

    O23 - Service: OSdebug (Microsoft Regulator) - Unknown owner - C:\WINDOWS\msoevc.exe (file missing)


    Then on the downright corner in HijackThis press config
    ->Misc Tools
    ->Delete NT service
    ->Copy this: OSdebug and paste it to the field
    ->Press OK

    Restart your computer to the safe mode (Press F8 button when computer is starting and choose safe mode)

    Make your hidden files visible:
    ->On the Tools menu in Windows Explorer, click Folder Options.
    ->Click the View tab.
    ->Under Hidden files and folders, click Show hidden files and folders.

    Delete this file if found:
    C:\WINDOWS\-->msoevc.exe


    Empty the Recycle Bin

    Make your hidden files invisible again:
    ->On the Tools menu in Windows Explorer, click Folder Options.
    ->Click the View tab.
    ->Under Hidden files and folders, click Do not show hidden files and folders.

    Restart your computer normally.

    Post a new HijackThis log.
     
    Last edited: Mar 18, 2006

Share This Page