hjt log need help

dirtydz · Mar 17, 2006

I am getting way to many popups i have scanned for virus & scanned for spyware but am still getting popups like crazy ...here is the hijack this log

Logfile of HijackThis v1.99.1
Scan saved at 4:17:52 PM, on 3/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\msoevc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\windows\system32\qjdsregn.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\AOL\1126566416\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1126566416\ee\AOLServiceHost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\qwinkrag.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Spyware Doctor\unins000.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\_iu14D2N.tmp
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1126566416\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [RCScheduleCheck] C:\Program Files\VCOM\Recovery Commander\RCSCHED.EXE -CHECK
O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"
O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd8.exe
O4 - HKLM\..\Run: [0s0s0raw.dll] RUNDLL32.EXE 0s0s0raw.dll,b 622687
O4 - HKLM\..\Run: [susse] "C:\WINDOWS\system32\hpsw.exe"
O4 - HKLM\..\Run: [gimmygames] C:\windows\gimmygames.exe
O4 - HKLM\..\Run: [delqsrmA] C:\WINDOWS\delqsrmA.exe
O4 - HKLM\..\Run: [{8F-FA-A2-29-ZN}] C:\windows\system32\qjdsregn.exe CORN001
O4 - HKLM\..\Run: [Qyndy] C:\Program Files\Alhisf\Atdeptz.exe
O4 - HKLM\..\Run: [Windows Startup SVC] WINSVC32.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\qwinkrag.exe CORN001
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\qwinkrag.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxmk809DHUS
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O15 - Trusted Zone: http://download.windowsupdate.com
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{314EACA8-55E3-48DB-9020-E82E0878F749}: NameServer = 69.72.74.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{314EACA8-55E3-48DB-9020-E82E0878F749}: NameServer = 69.72.74.3
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - {2F6E85DC-8D2D-4896-8A4F-7DF8A7B1749D} - C:\PROGRA~1\Jalmp\jalmp.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: Internet Settings - C:\WINDOWS\system32\fbclient.dll (file missing)
O20 - Winlogon Notify: Nls - C:\WINDOWS\system32\i0lo0a33ed.dll (file missing)
O20 - Winlogon Notify: ShellServiceObjectDelayLoad - C:\WINDOWS\system32\q6nulg5916.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: OSdebug (Microsoft Regulator) - Unknown owner - C:\WINDOWS\msoevc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe

JaPK · Mar 17, 2006

Hi dirtydz.

Ok, you have a nice collection of infections on your computer
-> Cleaning instructions are quite long

You don't have a firewall on your computer. Donwload and install one firewall.

These are good (free) firewalls:
ZoneAlarm --> http://www.zonelabs.com
Kerio--> http://www.sunbelt-software.com/Kerio.cfm
Outpost-> http://www.agnitum.com

Download and install Ewido, UPDATE it, but do NOT run a scan yet. -> http://www.ewido.net/en/download/

Cleaning instructions: (Please follow carefully)

Donwload LSPFix -> http://www.cexx.org/lspfix.htm to yuor desktop.
Don't run this program yet. This program is used only if you lost your internet connection during the cleaning.

Go to Control Panel -> Add or remove programs -> Remove if found New.Net or NewDotNet

IF New.Net or NewDotNet ain't listed in add/or remove programs, do this

Un-plug your internet cable.

Disable your antispyware and antivirus

Download NNuninstall to your desktop http://www.new.net/support/NNuninstall.exe

Run NNuninstall.exe file.
->It asks if you want to remove New.Net
->Click Yes.
->When it is done click OK.
->Restart your computer

Restart your antivirus
Plug your internet cable back.

Empty the recycle bin.

(IF you lost your internet connection during the new.net removal, doubleclik LSPFix.exe. Check "I know what I'm doing" option.You see two panels; If something is listed in "Remove" panel on the right side, leave it there and press "Finish>>". Then restart your computer and the connection should work. If nothing is listed in "Remove" panel, DO NOTHING, close LSPFix. Go to some different machine to get help. (This is just a precaution. Usually the internet connection stays ok )

Then

Download Look2Me-Destroyer.exe to your desktop -> http://www.atribune.org/ccount/click.php?id=7
->Close all windows to continue.
->Run Look2Me-Destroyer.exe
->Check Run this program as a task.
->You'll get a message"Look2Me-Destroyer will close and re-open in approximately 1 minute". Click OK
->When it opens again, click Scan for L2M, shortcut will disappear but it is normal.
->When scanning is ready, Click Remove L2M.
->You'll get the meesage Done Scanning , clickOK.
->When you get this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
-> PC shutsdown.
->Restart it.

Run HijackThis and fix these entries (if found): (Do a system scan only, check entries, close all other windows, press Fix checked)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd8.exe
O4 - HKLM\..\Run: [0s0s0raw.dll] RUNDLL32.EXE 0s0s0raw.dll,b 622687
O4 - HKLM\..\Run: [susse] "C:\WINDOWS\system32\hpsw.exe"
O4 - HKLM\..\Run: [gimmygames] C:\windows\gimmygames.exe
O4 - HKLM\..\Run: [delqsrmA] C:\WINDOWS\delqsrmA.exe
O4 - HKLM\..\Run: [{8F-FA-A2-29-ZN}] C:\windows\system32\qjdsregn.exe CORN001
O4 - HKLM\..\Run: [Qyndy] C:\Program Files\Alhisf\Atdeptz.exe
O4 - HKLM\..\Run: [Windows Startup SVC] WINSVC32.EXE
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\qwinkrag.exe CORN001
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\qwinkrag.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxmk809DHUS
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCent...
O18 - Filter: text/html - {2F6E85DC-8D2D-4896-8A4F-7DF8A7B1749D} - C:\PROGRA~1\Jalmp\jalmp.dll
O23 - Service: OSdebug (Microsoft Regulator) - Unknown owner - C:\WINDOWS\msoevc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe

Then on the downright corner in HijackThis press config
->Misc Tools
->Delete NT service
->Copy this: Microsoft Regulator and paste it to the field
->Press OK

Again but
->Delete NT service
->Copy this: Network Monitor and paste it to the field
->Press OK

Restart your computer to the safe mode (Press F8 button when computer is starting and choose safe mode)

Make your hidden files visible:
->On the Tools menu in Windows Explorer, click Folder Options.
->Click the View tab.
->Under Hidden files and folders, click Show hidden files and folders.

Delete this folder if found:
C:\Program Files\-->Network Monitor
C:\Program Files\-->New.Net
C:\Program Files\-->NewDotNet
C:\PROGRA~1\-->Jalmp
C:\Program Files\-->Alhisf

Delete these files if found:
C:\windows\-->winsysupd8.exe
C:\WINDOWS\system32\-->hpsw.exe
C:\windows\-->gimmygames.exe
C:\WINDOWS\-->delqsrmA.exe
C:\windows\system32\-->qjdsregn.exe
C:\WINDOWS\system32\-->qwinkrag.exe
C:\WINDOWS\system32\-->dwdsregt.exe
C:\WINDOWS\-->msoevc.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\-->_iu14D2N.tmp

Use the Windows "search" function (make sure that you search from hidden files and folders and from system folders too)
Search for this and delete if found: 0s0s0raw.dll
Search for this and delete if found: WINSVC32.EXE

Empty the Recycle Bin

Make your hidden files invisible again:
->On the Tools menu in Windows Explorer, click Folder Options.
->Click the View tab.
->Under Hidden files and folders, click Do not show hidden files and folders.

Scan yor computer with Ewido and save the log file.

Restart your computer normally.

Post a fresh HijackThis log and Ewido's log and C:\Look2Me-Destroyer.txt to here so we can see if your computer is now clean.

-kemisti- · Mar 18, 2006

BFU is also needed

Download bfu http://www.merijn.org/files/bfu.zip
and unzip it on desktop.
Start bfu.exe and click "web" like image below

Copy this line to "Download script"-window :
http://metallica.geekstogo.com/alcanshorty.bfu

Start script by clicking Execute.

If you have problems, see link below
http://metallica.geekstogo.com/BFUinstructions.html

dirtydz · Mar 18, 2006

Hi, Hey thanks for the help!!! here is the ewido log

wido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 1:58:22 PM, 3/18/2006
+ Report-Checksum: EF137D69

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{39C78B50-7E98-4aa0-B007-D83114EA6E0F} -> Adware.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C5AF2622-8C75-4dfb-9693-23AB7686A456} -> Adware.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{39C78B50-7E98-4AA0-B007-D83114EA6E0F} -> Adware.Generic : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39C78B50-7E98-4aa0-B007-D83114EA6E0F} -> Adware.Generic : Cleaned with backup
HKU\.DEFAULT\Software\Effective-i -> Adware.EffectiveBrandToolbar : Cleaned with backup
HKU\.DEFAULT\Software\Effective-i\TheSearchAccelerator -> Adware.EffectiveBrandToolbar : Cleaned with backup
HKU\.DEFAULT\Software\Effective-i\TheSearchAccelerator\IE5 -> Adware.EffectiveBrandToolbar : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{39C78B50-7E98-4AA0-B007-D83114EA6E0F} -> Adware.Generic : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5AF2622-8C75-4DFB-9693-23AB7686A456} -> Adware.Generic : Cleaned with backup
HKU\S-1-5-21-1078081533-602609370-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{39C78B50-7E98-4AA0-B007-D83114EA6E0F} -> Adware.Generic : Cleaned with backup
HKU\S-1-5-18\Software\Effective-i -> Adware.EffectiveBrandToolbar : Cleaned with backup
HKU\S-1-5-18\Software\Effective-i\TheSearchAccelerator -> Adware.EffectiveBrandToolbar : Cleaned with backup
HKU\S-1-5-18\Software\Effective-i\TheSearchAccelerator\IE5 -> Adware.EffectiveBrandToolbar : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{39C78B50-7E98-4AA0-B007-D83114EA6E0F} -> Adware.Generic : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5AF2622-8C75-4DFB-9693-23AB7686A456} -> Adware.Generic : Cleaned with backup
C:\2464.exe -> Downloader.Adload.t : Cleaned with backup
C:\34264.exe -> Backdoor.Wisdoor.ao : Cleaned with backup
C:\4634.exe -> Downloader.Adload.r : Cleaned with backup
C:\46x2.exe -> Downloader.Adload.t : Cleaned with backup
C:\adef.exe -> Downloader.Adload.j : Cleaned with backup
C:\cygwid.exe -> Downloader.Small.bmx : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\VCOM\Fix-It\Quarantine\624789.exe -> Downloader.Adload.o : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\VCOM\Fix-It\Quarantine\A0000002.exe -> Downloader.Adload.o : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\VCOM\Fix-It\Quarantine\A0000770.exe -> Downloader.Adload.o : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\VCOM\Fix-It\Quarantine\A0000810.exe -> Downloader.Adload.o : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\VCOM\Fix-It\Quarantine\A0000831.exe -> Downloader.Adload.o : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\VCOM\Fix-It\Quarantine\A0000843.exe -> Downloader.Adload.o : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\VCOM\Fix-It\Quarantine\A0001178.exe -> Downloader.VB.wr : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\VCOM\Fix-It\Quarantine\A0001192.exe -> Downloader.VB.wr : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\VCOM\Fix-It\Quarantine\A0001212.exe -> Downloader.VB.wr : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\VCOM\Fix-It\Quarantine\A0001232.exe -> Downloader.VB.wr : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\VCOM\Fix-It\Quarantine\A0002231.exe -> Downloader.VB.wr : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\VCOM\Fix-It\Quarantine\A0002242.exe -> Downloader.VB.wr : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\VCOM\Fix-It\Quarantine\A0002259.exe -> Downloader.VB.wr : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\VCOM\Fix-It\Quarantine\A0002281.exe -> Downloader.VB.wr : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\VCOM\Fix-It\Quarantine\A0003280.exe -> Downloader.VB.wr : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\VCOM\Fix-It\Quarantine\A0005279.exe -> Downloader.VB.wr : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\VCOM\Fix-It\Quarantine\asde5ycxafhj.exe -> Downloader.Adload.o : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\VCOM\Fix-It\Quarantine\docs.exe -> Downloader.Adload.o : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\VCOM\Fix-It\Quarantine\gimmygames.exe.QUAR00 -> Downloader.VB.wd : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\VCOM\Fix-It\Quarantine\gimmygames[1].exe -> Downloader.VB.wd : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\VCOM\Fix-It\Quarantine\vsslne.exe -> Logger.VB.eh : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\VCOM\Fix-It\Quarantine\winsysban8.exe -> Hijacker.VB.lg : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\VCOM\Fix-It\Quarantine\winsysban8[1].exe -> Hijacker.VB.lg : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\VCOM\Fix-It\Quarantine\winsysupd7.exe -> Downloader.VB.wg : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\VCOM\Fix-It\Quarantine\winsysupd7[1].exe -> Downloader.VB.wg : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\VCOM\Fix-It\Quarantine\winsysupd8.exe -> Hijacker.StartPage.ahg : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\VCOM\Fix-It\Quarantine\winsysupd8[1].exe -> Hijacker.StartPage.ahg : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@banners.searchingbooth[1].txt -> TrackingCookie.Searchingbooth : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@bfast[2].txt -> TrackingCookie.Bfast : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@c.goclick[2].txt -> TrackingCookie.Goclick : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@clickbank[2].txt -> TrackingCookie.Clickbank : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@counter.hitslink[2].txt -> TrackingCookie.Hitslink : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@data1.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@h.starware[2].txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@media.fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@qksrv[1].txt -> TrackingCookie.Qksrv : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@revenue[2].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@sel.as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@targetnet[1].txt -> TrackingCookie.Targetnet : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@www.epilot[1].txt -> TrackingCookie.Epilot : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CP2FSTIJ\eas[1].exe -> Downloader.Adload.t : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CP2FSTIJ\eas[2].exe -> Downloader.Adload.t : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CP2FSTIJ\k1s9q[1].jpg -> Downloader.Adload.t : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GHQRODYV\77pyha[1].jpg -> Backdoor.Wisdoor.ao : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GHQRODYV\actb2m[1].jpg -> Downloader.Adload.o : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GHUJ8XAZ\!update-3195[1].0000 -> Downloader.PurityScan.be : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GHUJ8XAZ\77p6ov[1].jpg -> Downloader.Adload.t : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GHUJ8XAZ\eas[1].exe -> Downloader.Adload.t : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GHUJ8XAZ\sjq3lg[1].jpg -> Downloader.Adload.r : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GHUJ8XAZ\sjq3lg[2].jpg -> Downloader.Adload.r : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\KPE3ODAZ\1ckwl[1].jpg -> Downloader.Adload.o : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\KPE3ODAZ\drsmartload[1].exe -> Downloader.VB.ya : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\KPE3ODAZ\sjq3lg[1].jpg -> Downloader.Adload.r : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@microsoftwga.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@paypopup[1].txt -> TrackingCookie.Paypopup : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@pro-market[2].txt -> TrackingCookie.Pro-market : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\backups\backup-20060317-234233-331.dll -> Adware.Suggestor : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@as-eu.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@as1.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@bfast[1].txt -> TrackingCookie.Bfast : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@citi.bridgetrack[1].txt -> TrackingCookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@clickbank[1].txt -> TrackingCookie.Clickbank : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@entrepreneur.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@media.fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@overture[2].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@pro-market[2].txt -> TrackingCookie.Pro-market : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@revenue[2].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@twci.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\05UR8T6N\AppWrap[1].exe -> Adware.AdURL : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\KFGZ8FI7\AppWrap[1].exe -> Adware.AdURL : Cleaned with backup
C:\dox.exe -> Downloader.Adload.j : Cleaned with backup
C:\NNSCAA638.EXE -> Adware.NewDotNet : Cleaned with backup
C:\Program Files\Yazzle Sudoku\Sudoku.exe -> Dropper.VB.kk : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP14\A0002278.exe -> Downloader.Adload.r : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP14\A0003279.exe -> Downloader.Adload.r : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP15\A0004270.exe -> Downloader.VB.tw : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP15\A0005278.exe -> Downloader.Adload.r : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP17\A0005317.exe -> Downloader.Adload.r : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP17\A0005318.exe -> Downloader.VB.xg : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP19\A0005326.exe -> Downloader.VB.tw : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP20\A0005337.exe -> Downloader.Adload.u : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP21\A0005358.exe -> Downloader.Adload.t : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP21\A0005359.exe -> Downloader.Adload.u : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP21\A0005375.exe -> Downloader.Adload.t : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP21\A0005376.exe -> Downloader.Adload.u : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP21\A0005377.exe -> Adware.AdURL : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP21\A0005389.exe -> Downloader.Adload.t : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP21\A0005390.exe -> Downloader.Adload.u : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP21\A0005402.exe -> Downloader.Adload.t : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP21\A0005403.exe -> Downloader.Adload.u : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP22\A0005422.exe -> Downloader.Adload.t : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP22\A0005423.exe -> Downloader.Adload.u : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP23\A0005437.exe -> Downloader.Adload.t : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP23\A0005438.exe -> Downloader.Adload.u : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP23\A0005453.exe -> Downloader.Adload.t : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP23\A0005454.exe -> Downloader.Adload.u : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP23\A0005467.exe -> Downloader.Adload.u : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP24\A0005472.exe -> Downloader.Adload.u : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP26\A0005484.exe -> Downloader.Adload.t : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP26\A0005485.exe -> Downloader.Adload.u : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP26\A0005499.exe -> Downloader.Adload.t : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP26\A0005500.exe -> Downloader.VB.ya : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP26\A0005513.exe -> Downloader.Adload.t : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP26\A0005516.exe -> Downloader.VB.ya : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP27\A0006515.exe -> Downloader.Adload.t : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP27\A0006516.exe -> Downloader.VB.ya : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP27\A0006528.exe -> Downloader.VB.ya : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP27\A0006541.exe -> Downloader.VB.ya : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP29\A0006628.exe -> Downloader.VB.ya : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP29\A0006650.exe -> Downloader.VB.ya : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP30\A0006700.exe -> Downloader.VB.ya : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP30\A0006737.exe -> Downloader.VB.ya : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP32\A0007503.EXE -> Backdoor.Wisdoor.ao : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP32\A0007504.exe -> Backdoor.Wisdoor.ao : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP32\A0007505.exe -> Downloader.Adload.t : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP32\A0007511.exe -> Downloader.Adload.t : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP32\A0007545.exe -> Downloader.VB.tw : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP34\A0007884.exe -> Downloader.VB.nw : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP34\A0007885.dll -> Adware.Ucmore : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP34\A0007888.dll -> Adware.Ucmore : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP34\A0007893.dll -> Adware.E2Give : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP34\A0007894.exe -> Downloader.PurityScan.be : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP36\A0008973.exe -> Downloader.Adload.j : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP36\A0011048.dll -> Adware.Suggestor : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP36\A0011132.dll -> Adware.Suggestor : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP36\A0011191.dll -> Adware.Suggestor : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP36\A0011213.exe -> Adware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP36\A0011214.exe -> Adware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP36\A0011217.dll -> Adware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP36\A0011268.exe -> Adware.ZenoSearch : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP36\A0011271.exe -> Adware.Suggestor : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP36\A0011272.exe -> Adware.ZenoSearch : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP36\A0011274.exe -> Adware.ZenoSearch : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP36\A0011277.exe -> Downloader.VB.tw : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP36\A0011278.EXE -> Backdoor.Wisdoor.ao : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP36\A0011279.exe -> Trojan.VB.tg : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP36\A0011280.exe -> Trojan.Runner.h : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP36\A0011283.dll -> Adware.Suggestor : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP36\A0011284.exe -> Adware.Suggestor : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP36\A0011285.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP37\A0011295.exe -> Backdoor.SdBot.xd : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP5\A0000915.exe -> Downloader.VB.wj : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP6\A0000955.exe -> Downloader.VB.wj : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP8\A0001143.exe -> Downloader.VB.wj : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP8\A0001156.exe -> Downloader.VB.wj : Cleaned with backup
C:\WINDOWS\NDNuninstall6_38.exe -> Adware.NewDotNet : Cleaned with backup
C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup
C:\WINDOWS\system32\irhbgyfu.dll -> Adware.PurityScan : Cleaned with backup
C:\WINDOWS\system32\owinosap.exe -> Adware.ZenoSearch : Cleaned with backup
C:\WINDOWS\system32\pi1_58.exe -> Downloader.Small.bue : Cleaned with backup
C:\WINDOWS\system32\rndsrego.exe -> Adware.ZenoSearch : Cleaned with backup
C:\WINDOWS\Temp\!update.exe -> Downloader.PurityScan.be : Cleaned with backup
C:\WINDOWS\Temp\Cookies\owner@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\WINDOWS\Temp\Cookies\owner@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\WINDOWS\Temp\Cookies\owner@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned with backup
C:\WINDOWS\Temp\Cookies\owner@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned with backup
C:\WINDOWS\Temp\Cookies\owner@ads.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : Cleaned with backup
C:\WINDOWS\Temp\Cookies\owner@ads1.revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\WINDOWS\Temp\Cookies\owner@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\WINDOWS\Temp\Cookies\owner@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\WINDOWS\Temp\Cookies\owner@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\WINDOWS\Temp\Cookies\owner@as1.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\WINDOWS\Temp\Cookies\owner@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\WINDOWS\Temp\Cookies\owner@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\WINDOWS\Temp\Cookies\owner@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup
C:\WINDOWS\Temp\Cookies\owner@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\WINDOWS\Temp\Cookies\owner@clickbank[1].txt -> TrackingCookie.Clickbank : Cleaned with backup
C:\WINDOWS\Temp\Cookies\owner@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\WINDOWS\Temp\Cookies\owner@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\WINDOWS\Temp\Cookies\owner@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned with backup
C:\WINDOWS\Temp\Cookies\owner@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\WINDOWS\Temp\Cookies\owner@hypertracker[1].txt -> TrackingCookie.Hypertracker : Cleaned with backup
C:\WINDOWS\Temp\Cookies\owner@media.fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\WINDOWS\Temp\Cookies\owner@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\WINDOWS\Temp\Cookies\owner@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\WINDOWS\Temp\Cookies\owner@paypopup[1].txt -> TrackingCookie.Paypopup : Cleaned with backup
C:\WINDOWS\Temp\Cookies\owner@qksrv[1].txt -> TrackingCookie.Qksrv : Cleaned with backup
C:\WINDOWS\Temp\Cookies\owner@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\WINDOWS\Temp\Cookies\owner@revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\WINDOWS\Temp\Cookies\owner@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\WINDOWS\Temp\Cookies\owner@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\WINDOWS\Temp\Cookies\owner@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned with backup
C:\WINDOWS\Temp\Cookies\owner@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\WINDOWS\Temp\Cookies\owner@targetnet[2].txt -> TrackingCookie.Targetnet : Cleaned with backup
C:\WINDOWS\Temp\Cookies\owner@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\WINDOWS\Temp\Cookies\owner@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\WINDOWS\Temp\Cookies\owner@valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned with backup
C:\WINDOWS\Temp\Cookies\owner@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\WINDOWS\Temp\Cookies\owner@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup
C:\WINDOWS\Temp\Cookies\owner@zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\WINDOWS\Temp\E1B2D.tmp/titno.exe -> Adware.MDH : Cleaned with backup
C:\WINDOWS\Temp\nein.exe -> Downloader.Small.bgl : Cleaned with backup
C:\WINDOWS\unin101.exe -> Trojan.VB.tg : Cleaned with backup
C:\WINDOWS\uni_eh.exe -> Trojan.VB.tg : Cleaned with backup
C:\WINDOWS\winsysban4.exe -> Hijacker.VB.kc : Cleaned with backup
C:\WINDOWS\winsysupd4.exe -> Hijacker.StartPage.ahg : Cleaned with backup
C:\ZICORN001.exe -> Adware.ZenoSearch : Cleaned with backup

::Report End

Hijack this log

Logfile of HijackThis v1.99.1
Scan saved at 1:58:55 PM, on 3/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Common Files\AOL\1126566416\ee\AOLHostManager.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Common Files\AOL\1126566416\ee\AOLServiceHost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1126566416\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://download.windowsupdate.com
O15 - Trusted Zone: http://*.windowsupdate.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{314EACA8-55E3-48DB-9020-E82E0878F749}: NameServer = 69.72.74.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{314EACA8-55E3-48DB-9020-E82E0878F749}: NameServer = 69.72.74.3
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: OSdebug (Microsoft Regulator) - Unknown owner - C:\WINDOWS\msoevc.exe (file missing)

JaPK · Mar 18, 2006

Ok very good, you are almost clean....

You don't have a firewall on your computer. Download and install one firewall.

These are good (free) firewalls:
ZoneAlarm --> http://www.zonelabs.com
Kerio--> http://www.sunbelt-software.com/Kerio.cfm
Outpost-> http://www.agnitum.com

Do this:
Fix this entry with HijackThis:

O23 - Service: OSdebug (Microsoft Regulator) - Unknown owner - C:\WINDOWS\msoevc.exe (file missing)

Then on the downright corner in HijackThis press config
->Misc Tools
->Delete NT service
->Copy this: OSdebug and paste it to the field
->Press OK

Restart your computer to the safe mode (Press F8 button when computer is starting and choose safe mode)

Make your hidden files visible:
->On the Tools menu in Windows Explorer, click Folder Options.
->Click the View tab.
->Under Hidden files and folders, click Show hidden files and folders.

Delete this file if found:
C:\WINDOWS\-->msoevc.exe

Empty the Recycle Bin

Make your hidden files invisible again:
->On the Tools menu in Windows Explorer, click Folder Options.
->Click the View tab.
->Under Hidden files and folders, click Do not show hidden files and folders.

Restart your computer normally.

Post a new HijackThis log.

Log in or Sign up

hjt log need help

dirtydz Guest

JaPK Regular member

-kemisti- Active member

dirtydz Guest

JaPK Regular member

Share This Page

Log in or Sign up

hjt log need help

dirtydz Guest

JaPK Regular member

-kemisti- Active member

dirtydz Guest

JaPK Regular member

Share This Page

Useful Searches