|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
02-23-2006, 07:38 PM
|
#1 (permalink) |
|
Registered User
Join Date: Jul 2005
Posts: 38
OS: xp pro
|
Help with spyware.
Trying to clean up my sister-in-laws pc. Follwed all steps to this point. I could'nt run online scans though as the internet was way too outta control. I have toned it down abit though. Ran to seperate antivirus (defender pro and avg) Caught over 100 threats on the first scan and then several more with avg. Anyway, I have gone about as far as I know how myself. So here is a log . Thanks in advance for any and all help!
Logfile of HijackThis v1.99.1 Scan saved at 8:00:22 PM, on 2/23/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\system32\RUNDLL32.exe C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe C:\WINDOWS\system32\hpsw.exe C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\owinosai.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Dell Support\DSAgnt.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Lori Deaton\Desktop\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file) O2 - BHO: Trecker Class - {39C78B50-7E98-4aa0-B007-D83114EA6E0F} - C:\PROGRA~1\Jalmp\jalmp.dll O2 - BHO: IE PopUp-Killer ; Neikeisoft - {49E0E0F0-5C30-11D4-945D-000000000003} - C:\PROGRA~1\DEFEND~1\DEFEND~1\PopUp.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: ADOUsefulNet Object - {EFF1B7BE-A875-450E-AD69-E93457DCEE6A} - C:\WINDOWS\system32\ddcca.dll O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe" O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20002\services.exe O4 - HKLM\..\Run: [susse] "C:\WINDOWS\system32\hpsw.exe" O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [sys101952222850] C:\WINDOWS\sys101952222850.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\owinosai.exe CORN001 O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\owinosai.exe O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache...p1.0.0.8-2.cab O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/Yazzl...cab?refid=1123 O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab O18 - Filter: text/html - {2F6E85DC-8D2D-4896-8A4F-7DF8A7B1749D} - C:\PROGRA~1\Jalmp\jalmp.dll O20 - Winlogon Notify: ddcca - C:\WINDOWS\system32\ddcca.dll O20 - Winlogon Notify: Run - C:\WINDOWS\system32\guard.tmp (file missing) O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} - C:\WINDOWS\system32\dcom_14.dll (file missing) O21 - SSODL: WnncoyzcFx - {745C8E83-DEF6-2429-08CB-ED7683C44A13} - C:\WINDOWS\system32\bscb.dll (file missing) O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\czccdlo.exe (file missing) |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
02-23-2006, 08:45 PM
|
#2 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,444
OS: 2000 Pro; XP Pro; XP Home
|
Can you please search for this file on your system, copy it to a compressed folder (zip file) and attach it to your next reply. It will help the author of one of the tools we will run. Do this before running the fix, please.
C:\WINDOWS\system32\ddcca.dll Next...settle in, because this machine is fairly infected still. This will take some time. Please download VundoFix.exe to your desktop.
Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below. Download Ewido Security Suite
If you are having problems with the updater, you can use this link to manually update Ewido When you have finished updating, EXIT Ewido. The Temp folders should be cleaned out periodically as installation programs and hijack programs leave a lot of junk there. Download CleanUp! (Alternate Link if main link doesn't work) and install it. *NOTE* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp! If you have a 64 bit Operating System do NOT run Cleanup and let me know as we will use another utility. Run Cleanup! using the following configuration: 1. Click Options... 2. Set the slider to Standard CleanUp! 3. Uncheck the following:
5. Press the CleanUp! button to start the program. Reboot/logoff when prompted. * CleanUp! will not create any backups!! Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Make sure to close any open browsers. Click Start->Run - type SERVICES.MSC & then click on the OK button
Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist: SurfSideKick 3 WildTangent or WildTangentDriver<<<<WildTangent - This is an online gaming package that is installed by a number of third party applications and even OEMs, ISPs and AIM. The games aspect of this is really rather cool. The being installed without you asking for it isn't cool at all. They collect information about you and your usage. We recommend uninstalling it. Run Ewido with it's updated definitions:(...it's important that all windows must be closed)
** Ewido scan would require at least an hour. Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any): R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file) O2 - BHO: Trecker Class - {39C78B50-7E98-4aa0-B007-D83114EA6E0F} - C:\PROGRA~1\Jalmp\jalmp.dll O2 - BHO: ADOUsefulNet Object - {EFF1B7BE-A875-450E-AD69-E93457DCEE6A} - C:\WINDOWS\system32\ddcca.dll O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaE ngineMain O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20002\services.exe O4 - HKLM\..\Run: [susse] "C:\WINDOWS\system32\hpsw.exe" O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe O4 - HKLM\..\Run: [sys101952222850] C:\WINDOWS\sys101952222850.exe O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\owinosai.exe CORN001 O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\owinosai.exe O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache...p1.0.0.8-2.cab O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/Yazzl...cab?refid=1123 O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab O18 - Filter: text/html - {2F6E85DC-8D2D-4896-8A4F-7DF8A7B1749D} - C:\PROGRA~1\Jalmp\jalmp.dll O20 - Winlogon Notify: ddcca - C:\WINDOWS\system32\ddcca.dll O20 - Winlogon Notify: Run - C:\WINDOWS\system32\guard.tmp (file missing) O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} - C:\WINDOWS\system32\dcom_14.dll (file missing) O21 - SSODL: WnncoyzcFx - {745C8E83-DEF6-2429-08CB-ED7683C44A13} - C:\WINDOWS\system32\bscb.dll (file missing) O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\czccdlo.exe (file missing) Go to My Computer->Tools->Folder Options->View tab: * Under the Hidden files and folders heading, select Show hidden files and folders. * Uncheck the Hide protected operating system files (recommended) option. * Also make sure there is no checkmark beside Hide file extensions for known file types * Click Yes to confirm and then click OK. Delete the following Files/Folders if they exist: c:\secure32.html C:\Program Files\Jalmp C:\Program Files\WildTangent C:\WINDOWS\inet20002 C:\WINDOWS\system32\hpsw.exe C:\Program Files\SurfSideKick 3 C:\WINDOWS\sys101952222850.exe C:\WINDOWS\system32\owinosai.exe C:\WINDOWS\system32\dcom_14.dll C:\WINDOWS\system32\bscb.dll C:\WINDOWS\czccdlo.exe Restart in normal mode. Perform an online scan with Internet Explorer with Panda ActiveScan Click on the "Free To Use ActiveScan" located on the top right hand corner
Restart and run a new HijackThis scan. Save the log file and post it here. Please return with logs from: vundofix Ewido Panda HJT
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you.  Microsoft MVP - Consumer Security 2009
|
|
|
|
|
02-24-2006, 04:23 PM
|
#3 (permalink) |
|
Registered User
Join Date: Jul 2005
Posts: 38
OS: xp pro
|
Tried several times to locate file c:\windows\system32\ddcca.dll but pc could not find it. Although the vundo fix program seemed to find it. Here are the results. Will post back after I have finished the rest of the process.
|
|
|
|
|
02-24-2006, 04:24 PM
|
#4 (permalink) |
|
Registered User
Join Date: Jul 2005
Posts: 38
OS: xp pro
|
Sorry forgot to post results.
VundoFix V4.2.27 Scan started at 6:14:08 PM 2/24/2006 Listing files found while scanning.... C:\WINDOWS\system32\ddcca.dll C:\WINDOWS\system32\accdd.ini Attempting to delete C:\WINDOWS\system32\ddcca.dll C:\WINDOWS\system32\ddcca.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\accdd.ini C:\WINDOWS\system32\accdd.ini Has been deleted! Performing Repairs to the registry. Done! |
|
|
|
|
02-24-2006, 05:21 PM
|
#5 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,444
OS: 2000 Pro; XP Pro; XP Home
|
Oh well...thanks for trying.
Please carry on with the rest of the posted fix.
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Microsoft MVP - Consumer Security 2009
|
|
|
|
|
02-24-2006, 06:32 PM
|
#6 (permalink) |
|
Registered User
Join Date: Jul 2005
Posts: 38
OS: xp pro
|
OK all done. you have the vundo log. here are the rest.
--------------------------------------------------------- ewido anti-malware - Scan report --------------------------------------------------------- + Created on: 7:25:41 PM, 2/24/2006 + Report-Checksum: 11B0AB8A + Scan result: HKLM\SOFTWARE\Classes\CLSID\{01EB5130-FC0C-4d75-B9CE-4801B1B854F5} -> Adware.Begin2Search : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{2178F3FB-2560-458f-BDEE-631E2FE0DFE4} -> Adware.WinAntiVirus : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{39C78B50-7E98-4aa0-B007-D83114EA6E0F} -> Adware.Generic : Cleaned with backup HKLM\SOFTWARE\Classes\Interface\{39C78B50-7E98-4AA0-B007-D83114EA6E0F} -> Adware.Generic : Cleaned with backup HKLM\SOFTWARE\Classes\WhIeHelperObj.WhIeHelperObj -> Adware.WebHancer : Error during cleaning HKLM\SOFTWARE\Classes\WhIeHelperObj.WhIeHelperObj.1 -> Adware.WebHancer : Error during cleaning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39C78B50-7E98-4aa0-B007-D83114EA6E0F} -> Adware.Generic : Cleaned with backup HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01EB5130-FC0C-4D75-B9CE-4801B1B854F5} -> Adware.Begin2Search : Cleaned with backup HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{39C78B50-7E98-4AA0-B007-D83114EA6E0F} -> Adware.Generic : Cleaned with backup HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8B6DA27E-7F64-4694-8F8F-DC87AB8C6B22} -> Adware.LinkMaker : Cleaned with backup HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ADE0443-2AB2-4B23-A3F8-AC520773DE12} -> Adware.Begin2Search : Cleaned with backup HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5AF2622-8C75-4DFB-9693-23AB7686A456} -> Adware.Generic : Cleaned with backup HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01EB5130-FC0C-4D75-B9CE-4801B1B854F5} -> Adware.Begin2Search : Cleaned with backup HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{39C78B50-7E98-4AA0-B007-D83114EA6E0F} -> Adware.Generic : Cleaned with backup HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8B6DA27E-7F64-4694-8F8F-DC87AB8C6B22} -> Adware.LinkMaker : Cleaned with backup HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ADE0443-2AB2-4B23-A3F8-AC520773DE12} -> Adware.Begin2Search : Cleaned with backup HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5AF2622-8C75-4DFB-9693-23AB7686A456} -> Adware.Generic : Cleaned with backup C:\Documents and Settings\Matthew Deaton\Start Menu\Programs\SpySheriff -> Adware.SpySheriff : Cleaned with backup C:\Documents and Settings\Matthew Deaton\Start Menu\Programs\SpySheriff\SpySheriff.lnk -> Adware.SpySheriff : Cleaned with backup C:\fran-forever.exe -> Adware.EZula : Cleaned with backup C:\NNSCAA638.EXE -> Adware.NewDotNet : Cleaned with backup C:\Program Files\Jalmp\jalmp.dll -> Adware.Suggestor : Cleaned with backup C:\Program Files\Jalmp\uninstall.exe -> Adware.Suggestor : Cleaned with backup C:\Program Files\Network\ipnetwork.exe -> Adware.Maxifiles : Cleaned with backup C:\Program Files\Network Monitor\netmon.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Cleaned with backup C:\WINDOWS\mtuninst.exe -> Adware.MediaTickets : Cleaned with backup C:\WINDOWS\NDNuninstall6_38.exe -> Adware.NewDotNet : Cleaned with backup C:\WINDOWS\NDNuninstall7_14.exe -> Adware.NewDotNet : Cleaned with backup C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup C:\WINDOWS\system32\azamlil118q.dll -> Adware.Look2Me : Cleaned with backup C:\WINDOWS\system32\blowk.dll -> Adware.PurityScan : Cleaned with backup C:\WINDOWS\system32\ccetcfg.dll -> Adware.Look2Me : Cleaned with backup C:\WINDOWS\system32\cymuid.dll -> Adware.Look2Me : Cleaned with backup C:\WINDOWS\system32\d2j00c1mef.dll -> Adware.Look2Me : Cleaned with backup C:\WINDOWS\system32\dmsenh.dll -> Adware.Look2Me : Cleaned with backup C:\WINDOWS\system32\dn2401fqe.dll -> Adware.Look2Me : Cleaned with backup C:\WINDOWS\system32\dn2u01f9e.dll -> Adware.Look2Me : Cleaned with backup C:\WINDOWS\system32\dqcprop.dll -> Adware.Look2Me : Cleaned with backup C:\WINDOWS\system32\dtdskres.dll -> Adware.Look2Me : Cleaned with backup C:\WINDOWS\system32\dwdsregt.exe -> Adware.ZenoSearch : Cleaned with backup C:\WINDOWS\system32\dzspex.dll -> Adware.Look2Me : Cleaned with backup C:\WINDOWS\system32\e0202afmgd2a2.dll -> Adware.Look2Me : Cleaned with backup C:\WINDOWS\system32\e0jmla111d.dll -> Adware.Look2Me : Cleaned with backup C:\WINDOWS\system32\eg68l1ju1.dll -> Adware.Look2Me : Cleaned with backup C:\WINDOWS\system32\en68l1ju1.dll -> Adware.Look2Me : Cleaned with backup C:\WINDOWS\system32\enp8l17u1.dll -> Adware.Look2Me : Cleaned with backup C:\WINDOWS\system32\fpp0037me.dll -> Adware.Look2Me : Cleaned with backup C:\WINDOWS\system32\g4400ehmeh4a0.dll -> Adware.Look2Me : Cleaned with backup C:\WINDOWS\system32\g640lghm164a.dll -> Adware.Look2Me : Cleaned with backup C:\WINDOWS\system32\gp2ol3f31.dll -> Adware.Look2Me : Cleaned with backup C:\WINDOWS\system32\gp80l3lm1.dll -> Adware.Look2Me : Cleaned with backup C:\WINDOWS\system32\gpr0l39m1.dll -> Adware.Look2Me : Cleaned with backup C:\WINDOWS\system32\h4l2le3o1h.dll -> Adware.Look2Me : Cleaned with backup C:\WINDOWS\system32\h82o0if3e82.dll -> Adware.Look2Me : Cleaned with backup C:\WINDOWS\system32\hpsw.exe -> Adware.Suggestor : Cleaned with backup C:\WINDOWS\system32\hr2205foe.dll -> Adware.Look2Me : Cleaned with backup C:\WINDOWS\system32\hr6s05j7e.dll -> Adware.Look2Me : Cleaned with backup C:\WINDOWS\system32\hrl2053oe.dll -> Adware.Look2Me : Cleaned with backup C:\WINDOWS\system32\hrps0577e.dll -> Adware.Look2Me : Cleaned with backup C:\WINDOWS\system32\hrr2059oe.dll -> Adware.Look2Me : Cleaned with backup C:\WINDOWS\system32\ietelmoh.dll -> Adware.Look2Me : Cleaned with backup C:\WINDOWS\system32\ijrnonce.dll -> Adware.Look2Me : Cleaned with backup C:\WINDOWS\system32\inrtprio.dll -> Adware.Look2Me : Cleaned with backup C:\WINDOWS\system32\ipagehlp.dll -> Adware.Look2Me : Cleaned with backup C:\WINDOWS\system32\ipfxdgps.dll -> Adware.Look2Me : Cleaned with backup C:\WINDOWS\system32\ir28l5fu1.dll -> Adware.Look2Me : Cleaned with backup C:\WINDOWS\system32\ir64l5jq1.dll -> Adware.Look2Me : Cleaned with backup C:\WINDOWS\system32\ir8ul5l91.dll -> Adware.Look2Me : Cleaned with backup C:\WINDOWS\system32\irismon.dll -> Adware.SafeSurfing : Cleaned with backup C:\WINDOWS\system32\irj0l51m1.dll -> Adware.Look2Me : Cleaned with backup C:\WINDOWS\system32\irlsl5371.dll -> Adware.Look2Me : Cleaned with backup C:\WINDOWS\system32\irn6l55s1.dll -> Adware.Look2Me : Cleaned with backup C:\WINDOWS\system32\irnml5511.dll -> Adware.Look2Me : Cleaned with backup C:\WINDOWS\system32\irr0l59m1.dll -> Adware.Look2Me : Cleaned with backup C:\WINDOWS\system32\irssyncd.exe -> Adware.SafeSurfing : Cleaned with backup C:\WINDOWS\system32\j6l4lg3q16.dll -> Adware.Look2Me : Cleaned with backup C:\WINDOWS\system32\jkhfc.dll -> Adware.Virtumonde : Cleaned with backup C:\WINDOWS\system32\jtno0753e.dll -> Adware.Look2Me : Cleaned with backup C:\WINDOWS\system32\kodur.dll -> Adware.Look2Me : Cleaned with backup C:\WINDOWS\system32\kt22l7fo1.dll -> Adware.Look2Me : Cleaned with backup C:\WINDOWS\system32\kt4sl7h71.dll -> Adware.Look2Me : Cleaned with backup C:\WINDOWS\system32\kt86l7ls1.dll -> Adware.Look2Me : Cleaned with backup C:\WINDOWS\system32\ktjsl7171.dll -> Adware.Look2Me : Cleaned with backup C:\WINDOWS\system32\l0j80a1ued.dll -> Adware.Look2Me : Cleaned with backup C:\WINDOWS\system32\l88mlil118q.dll -> Adware.Look2Me : Cleaned with backup C:\WINDOWS\system32\lv8q09l5e.dll -> Adware.Look2Me : Cleaned with backup C:\WINDOWS\system32\lvju0919e.dll -> Adware.Look2Me : Cleaned with backup C:\WINDOWS\system32\lvp6097se.dll -> Adware.Look2Me : Cleaned with backup C:\WINDOWS\system32\lx32.dll -> Adware.Look2Me : Cleaned with backup C:\WINDOWS\system32\m4po0e73eh.dll -> Adware.Look2Me : Cleaned with backup C:\WINDOWS\system32\m4pole731h.dll -> Adware.Look2Me : Cleaned with backup C:\WINDOWS\system32\m664lgjq16oe.dll -> Adware.Look2Me : Cleaned with backup C:\WINDOWS\system32\m8640ijqe8oe0.dll -> Adware.Look2Me : Cleaned with backup C:\WINDOWS\system32\m8ju0i19e8.dll -> Adware.Look2Me : Cleaned with backup C:\WINDOWS\system32\mac71u.dll -> Adware.Look2Me : Cleaned with backup C:\WINDOWS\system32\MJCTFP.dll -> Adware.Look2Me : Cleaned with backup C:\WINDOWS\system32\mutime.dll -> Adware.Look2Me : Cleaned with backup C:\WINDOWS\system32\mv04l9dq1.dll -> Adware.Look2Me : Cleaned with backup C:\WINDOWS\system32\mv40l9hm1.dll -> Adware.Look2Me : Cleaned with backup C:\WINDOWS\system32\mv42l9ho1.dll -> Adware.Look2Me : Cleaned with backup C:\WINDOWS\system32\n02ulaf91d2.dll -> Adware.Look2Me : Cleaned with backup C:\WINDOWS\system32\n46q0ej5eho.dll -> Adware.Look2Me : Cleaned with backup C:\WINDOWS\system32\n64s0gh7e64.dll -> Adware.Look2Me : Cleaned with backup C:\WINDOWS\system32\nsg3177.dll -> Adware.EZula : Cleaned with backup C:\WINDOWS\system32\nsi3128.dll -> Adware.EZula : Cleaned with backup C:\WINDOWS\system32\o6pq0g75e6.dll -> Adware.Look2Me : Cleaned with backup C:\WINDOWS\system32\o8pqli7518.dll -> Adware.Look2Me : Cleaned with backup C:\WINDOWS\system32\oIpqli7518.dll -> Adware.Look2Me : Cleaned with backup C:\WINDOWS\system32\onbcp32r.dll -> Adware.Look2Me : Cleaned with backup C:\WINDOWS\system32\owinosap.exe -> Adware.ZenoSearch : Cleaned with backup C:\WINDOWS\system32\p26slcj71fo.dll -> Adware.Look2Me : Cleaned with backup C:\WINDOWS\system32\p8r40i9qe8.dll -> Adware.Look2Me : Cleaned with backup C:\WINDOWS\system32\putorsvc.dll -> Adware.Look2Me : Cleaned with backup C:\WINDOWS\system32\pxotowiz.dll -> Adware.Look2Me : Cleaned with backup C:\WINDOWS\system32\rndsregk.exe -> Adware.ZenoSearch : Cleaned with backup C:\WINDOWS\system32\scdll.dll -> Adware.Look2Me : Cleaned with backup C:\WINDOWS\system32\skndmail.dll -> Adware.Look2Me : Cleaned with backup C:\WINDOWS\system32\sulgntfy.dll -> Adware.Look2Me : Cleaned with backup C:\WINDOWS\system32\wcasf.dll -> Adware.Look2Me : Cleaned with backup C:\WINDOWS\system32\whCC-CLICK.exe/whAgent.exe -> Adware.WebHancer : Cleaned with backup C:\WINDOWS\system32\wradefui.dll -> Adware.Look2Me : Cleaned with backup C:\WINDOWS\system32\wTvemsp.dll -> Adware.Look2Me : Cleaned with backup C:\WINDOWS\system32\WZDMPS.dll -> Adware.Look2Me : Cleaned with backup C:\WINDOWS\system32\xwsp3res.dll -> Adware.Look2Me : Cleaned with backup C:\WINDOWS\system32\ѕνchost.exe -> Adware.PurityScan : Cleaned with backup C:\ZICORN001.exe -> Adware.ZenoSearch : Cleaned with backup ::Report End Incident Status Location Spyware:spyware/surfsidekick Not disinfected C:\Documents and Settings\Lori Deaton\Application Data\Sskcwrd.dll Adware:adware/cws.yexe Not disinfected C:\messanger.ini Adware:adware/dollarrevenue Not disinfected C:\WINDOWS\drsmartload.dat Adware:adware/commad Not disinfected C:\WINDOWS\uninstall_nmon.vbs Adware:adware/cws.searchmeup Not disinfected C:\WINDOWS\uniq Potentially unwanted tool:application/funweb Not disinfected C:\PROGRAM FILES\FunWebProducts Potentially unwanted tool:application/mywebsearch Not disinfected C:\PROGRAM FILES\MyWebSearch Potentially unwanted tool:application/regclean32 Not disinfected C:\PROGRAM FILES\Registry Cleaner Trial Potentially unwanted tool:application/winantivirus2006 Not disinfected C:\PROGRAM FILES\WinAntiVirus Pro 2006 Adware:adware/mediatickets Not disinfected Windows Registry Potentially unwanted tool:application/myway Not disinfected HKEY_CLASSES_ROOT\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179} Adware:adware/spysheriff Not disinfected Windows Registry Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Dustin Brown\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-29d43e43-40ec3f00.zip[Gummy.class] Potentially unwanted tool:Application/FunWeb Not disinfected C:\Documents and Settings\Lori Deaton\Desktop\hijackthis\backups\backup-20060224-193610-696.inf Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\Program Files\Common Files\Companion Wizard\compwiz.exe Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\Program Files\Common Files\Companion Wizard\WapCHK.dll Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\Program Files\Common Files\WinAntiVirus Pro 2006\WapCHK.dll Adware:Adware/PurityScan Not disinfected C:\Program Files\Yazzle Sudoku\uninstaller.exe Adware:Adware/SearchAid Not disinfected C:\WINDOWS\uninstall_nmon.vbs Logfile of HijackThis v1.99.1 Scan saved at 8:23:34 PM, on 2/24/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Dell Support\DSAgnt.exe C:\Documents and Settings\Lori Deaton\Desktop\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file) O2 - BHO: IE PopUp-Killer ; Neikeisoft - {49E0E0F0-5C30-11D4-945D-000000000003} - C:\PROGRA~1\DEFEND~1\DEFEND~1\PopUp.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe" O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\owinosai.exe O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe Thanks again for the help. |
|
|
|
|
02-24-2006, 08:45 PM
|
#7 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,444
OS: 2000 Pro; XP Pro; XP Home
|
We're making progress, but this machine has been seriously infected.
Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below. ------------------------------------------ See this page for instructions on how to clear java's cache. ------------------------------------------ I have attached a file to this post - sskplus.zip Download this file to your desktop. Double click on the zip folder, then double click on the reg file within. Click yes to allow it to merge into your registry. ------------------------------------------ Download smitRem.exe and save the file to your desktop. Double click on the file to extract it to it's own folder on the desktop. We'll use it later. *Note* Alternet download sites for smitrem... http://www.downloads.subratam.org/smitRem.exe http://www.bleepingcomputer.com/file...ar/smitRem.exe ------------------------------------------ Download L2mfix from one of these two locations: http://www.downloads.subratam.org/l2mfix.exe http://www.atribune.org/downloads/l2mfix.exe Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Close any programs you have open since this step requires a reboot. From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter. It will process then start. Do NOT depress any keys on your keyboard until the tool requests you to "press any key to reboot" Your desktop and icons will disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, it will be ready for a reboot. Press any key to reboot. After the reboot notepad will open with a log. Copy the contents of that log and paste it back into this thread. IMPORTANT: Do NOT run any other files in the l2mfix folder unless you are asked to do so! If after the reboot the log.txt does not open double click on it in the l2mfix folder and post that log. ------------------------------------------ Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you check the last one: R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file) O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\owinosai.exe ------------------------------------------ Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Make sure to close any open browsers. ------------------------------------------ Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if found: MyWay MyWebSearch SurfSideKick 3 ------------------------------------------ Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen. Wait for the tool to complete and disk cleanup to finish. The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply. ------------------------------------------ Go to My Computer->Tools->Folder Options->View tab: * Under the Hidden files and folders heading, select Show hidden files and folders. * Uncheck the Hide protected operating system files (recommended) option. * Also make sure there is no checkmark beside Hide file extensions for known file types * Click Yes to confirm and then click OK. ------------------------------------------ Delete these files/folders if present: C:\Documents and Settings\Lori Deaton\Application Data\Sskcwrd.dll C:\messanger.ini C:\WINDOWS\drsmartload.dat C:\WINDOWS\uninstall_nmon.vbs C:\WINDOWS\uniq C:\PROGRAM FILES\FunWebProducts C:\PROGRAM FILES\MyWebSearch C:\PROGRAM FILES\WinAntiVirus Pro 2006 C:\Program Files\Common Files\Companion Wizard C:\Program Files\Yazzle Sudoku C:\Program Files\SurfSideKick 3 C:\WINDOWS\system32\owinosai.exe ------------------------------------------ Reboot into normal mode. ------------------------------------------ Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner Answer Yes, when prompted to install an ActiveX component.
------------------------------------------ Run a new scan with HJT, save the log and post it here. ------------------------------------------ How is the system behaving now, please? ------------------------------------------ Please return with results from: L2Mfix smitfiles.txt Kaspersky online scan HJT
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Microsoft MVP - Consumer Security 2009
Last edited by tetonbob; 05-21-2006 at 05:49 PM. |
|
|
|
|
02-25-2006, 04:44 PM
|
#8 (permalink) |
|
Registered User
Join Date: Jul 2005
Posts: 38
OS: xp pro
|
[quote=tetonbob]
------------------------------------------ See this page for instructions on how to clear java's cache. I dont think this machine has java loaded. I cant find it anywhere. Tried some java apps also and they would not work. Should I continue with the rest of the fixes?? |
|
|
|
|
02-25-2006, 06:31 PM
|
#9 (permalink) | |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,444
OS: 2000 Pro; XP Pro; XP Home
|
Java should be present in the Control Panel.
Quote:
Delete this file: C:\Documents and Settings\Dustin Brown\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ jar .jar-29d43e43-40ec3f00.zip This is a minor part of the fix, don't dwell on it....yes, please carry on with the rest of the fix.
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Microsoft MVP - Consumer Security 2009
|
|
|
|
|
|
02-25-2006, 08:43 PM
|
#10 (permalink) |
|
Registered User
Join Date: Jul 2005
Posts: 38
OS: xp pro
|
[quote=tetonbob]
------------------------------------------ Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if found: MyWay MyWebSearch SurfSideKick 3 ------------------------------------------ I have a program called my way search assistant....but there is no remove button associated with it in the add\remove panel. --------------------------------------------- l2mfix: L2mfix 010406 Creating Account. The command completed successfully. Adding Administrative privleges. The command completed successfully. Checking for L2MFix account(0=no 1=yes): 1 Granting SeDebugPrivilege to L2MFIX ... successful Running From: C:\WINDOWS\system32 Killing Processes! Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 580 'smss.exe' Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 668 'winlogon.exe' Killing PID 668 'winlogon.exe' Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 1680 'explorer.exe' Killing PID 1680 'explorer.exe' Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Error, Cannot find a process with an image name of rundll32.exe Restoring Sedebugprivilege: Granting SeDebugPrivilege to Administrators ... successful Scanning First Pass. Please Wait! First Pass Completed Second Pass Scanning Second pass Completed! Restoring Windows Update Certificates.: The following Is the Current Export of the Winlogon notify key: **************************************************************************** Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 The following are the files found: **************************************************************************** Registry Entries that were Deleted: Please verify that the listing looks ok. If there was something deleted wrongly there are backups in the backreg folder. **************************************************************************** Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{CB046819-63D7-48E0-83D1-0AC750C42B39}] @="" [HKEY_CLASSES_ROOT\CLSID\{CB046819-63D7-48E0-83D1-0AC750C42B39}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{CB046819-63D7-48E0-83D1-0AC750C42B39}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{CB046819-63D7-48E0-83D1-0AC750C42B39}\InprocServer32] @="C:\\WINDOWS\\system32\\ixfxpph.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{F2329DD9-764A-43AB-893B-2685CD1DA3D6}] @="" [HKEY_CLASSES_ROOT\CLSID\{F2329DD9-764A-43AB-893B-2685CD1DA3D6}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{F2329DD9-764A-43AB-893B-2685CD1DA3D6}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{F2329DD9-764A-43AB-893B-2685CD1DA3D6}\InprocServer32] @="C:\\WINDOWS\\system32\\dzspex.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{46B5B32A-C723-4E2C-85B2-D4540331DF4E}] @="" [HKEY_CLASSES_ROOT\CLSID\{46B5B32A-C723-4E2C-85B2-D4540331DF4E}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{46B5B32A-C723-4E2C-85B2-D4540331DF4E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{46B5B32A-C723-4E2C-85B2-D4540331DF4E}\InprocServer32] @="C:\\WINDOWS\\system32\\ietelmoh.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{53AB09BC-8615-4BFC-81C6-4AAADFD75DE2}] @="" [HKEY_CLASSES_ROOT\CLSID\{53AB09BC-8615-4BFC-81C6-4AAADFD75DE2}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{53AB09BC-8615-4BFC-81C6-4AAADFD75DE2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{53AB09BC-8615-4BFC-81C6-4AAADFD75DE2}\InprocServer32] @="C:\\WINDOWS\\system32\\gbtuname.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{BE8FE741-CD9C-4075-88C5-A565DA214AB4}] @="" [HKEY_CLASSES_ROOT\CLSID\{BE8FE741-CD9C-4075-88C5-A565DA214AB4}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{BE8FE741-CD9C-4075-88C5-A565DA214AB4}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{BE8FE741-CD9C-4075-88C5-A565DA214AB4}\InprocServer32] @="C:\\WINDOWS\\system32\\lx32.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{445DD4DB-3B75-48A5-B87C-2795717A0C1E}] @="" [HKEY_CLASSES_ROOT\CLSID\{445DD4DB-3B75-48A5-B87C-2795717A0C1E}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{445DD4DB-3B75-48A5-B87C-2795717A0C1E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{445DD4DB-3B75-48A5-B87C-2795717A0C1E}\InprocServer32] @="C:\\WINDOWS\\system32\\sulgntfy.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{F8CE4E7F-F6DA-4D35-8B3E-A8723059CC72}] @="" [HKEY_CLASSES_ROOT\CLSID\{F8CE4E7F-F6DA-4D35-8B3E-A8723059CC72}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{F8CE4E7F-F6DA-4D35-8B3E-A8723059CC72}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{F8CE4E7F-F6DA-4D35-8B3E-A8723059CC72}\InprocServer32] @="C:\\WINDOWS\\system32\\ccetcfg.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{2EFCA923-2BAF-44BC-B5CC-5505655C4198}] @="" [HKEY_CLASSES_ROOT\CLSID\{2EFCA923-2BAF-44BC-B5CC-5505655C4198}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{2EFCA923-2BAF-44BC-B5CC-5505655C4198}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{2EFCA923-2BAF-44BC-B5CC-5505655C4198}\InprocServer32] @="C:\\WINDOWS\\system32\\MJCTFP.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{639DAB03-A362-4067-8454-89BEEC2E4F02}] @="" [HKEY_CLASSES_ROOT\CLSID\{639DAB03-A362-4067-8454-89BEEC2E4F02}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{639DAB03-A362-4067-8454-89BEEC2E4F02}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{639DAB03-A362-4067-8454-89BEEC2E4F02}\InprocServer32] @="C:\\WINDOWS\\system32\\pxotowiz.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{CC3EBB9F-3EA2-4695-9DD3-217BF6AB82BE}] @="" [HKEY_CLASSES_ROOT\CLSID\{CC3EBB9F-3EA2-4695-9DD3-217BF6AB82BE}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{CC3EBB9F-3EA2-4695-9DD3-217BF6AB82BE}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{CC3EBB9F-3EA2-4695-9DD3-217BF6AB82BE}\InprocServer32] @="C:\\WINDOWS\\system32\\wradefui.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{EC096B74-E13B-4AAC-A201-EAC5507E0BFF}] @="" [HKEY_CLASSES_ROOT\CLSID\{EC096B74-E13B-4AAC-A201-EAC5507E0BFF}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{EC096B74-E13B-4AAC-A201-EAC5507E0BFF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{EC096B74-E13B-4AAC-A201-EAC5507E0BFF}\InprocServer32] @="C:\\WINDOWS\\system32\\guard.tmp" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{2B1D8F52-680F-45C0-B318-735161BE2908}] @="" [HKEY_CLASSES_ROOT\CLSID\{2B1D8F52-680F-45C0-B318-735161BE2908}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{2B1D8F52-680F-45C0-B318-735161BE2908}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{2B1D8F52-680F-45C0-B318-735161BE2908}\InprocServer32] @="C:\\WINDOWS\\system32\\skndmail.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{A4E6DECD-E603-4854-8589-511FA0FEEA40}] @="" [HKEY_CLASSES_ROOT\CLSID\{A4E6DECD-E603-4854-8589-511FA0FEEA40}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{A4E6DECD-E603-4854-8589-511FA0FEEA40}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{A4E6DECD-E603-4854-8589-511FA0FEEA40}\InprocServer32] @="C:\\WINDOWS\\system32\\guard.tmp" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{57A4CB48-6356-44B8-9DDB-13582E73FF42}] @="" [HKEY_CLASSES_ROOT\CLSID\{57A4CB48-6356-44B8-9DDB-13582E73FF42}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{57A4CB48-6356-44B8-9DDB-13582E73FF42}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{57A4CB48-6356-44B8-9DDB-13582E73FF42}\InprocServer32] @="C:\\WINDOWS\\system32\\guard.tmp" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{F97AC02C-2F57-4ADD-929E-8EB10B225C7B}] @="" [HKEY_CLASSES_ROOT\CLSID\{F97AC02C-2F57-4ADD-929E-8EB10B225C7B}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{F97AC02C-2F57-4ADD-929E-8EB10B225C7B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{F97AC02C-2F57-4ADD-929E-8EB10B225C7B}\InprocServer32] @="C:\\WINDOWS\\system32\\guard.tmp" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{9C5A8B7B-991F-42C0-9317-E63C754DF91A}] @="" [HKEY_CLASSES_ROOT\CLSID\{9C5A8B7B-991F-42C0-9317-E63C754DF91A}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{9C5A8B7B-991F-42C0-9317-E63C754DF91A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{9C5A8B7B-991F-42C0-9317-E63C754DF91A}\InprocServer32] @="C:\\WINDOWS\\system32\\guard.tmp" "ThreadingModel"="Apartment" REGEDIT4 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{CB046819-63D7-48E0-83D1-0AC750C42B39}"=- "{91694F22-E211-436C-BAAC-10A4524134AB}"=- "{370ED96E-2776-4E33-ABCF-9C07B0F6E0C0}"=- "{F2329DD9-764A-43AB-893B-2685CD1DA3D6}"=- "{46B5B32A-C723-4E2C-85B2-D4540331DF4E}"=- "{53AB09BC-8615-4BFC-81C6-4AAADFD75DE2}"=- "{BE8FE741-CD9C-4075-88C5-A565DA214AB4}"=- "{445DD4DB-3B75-48A5-B87C-2795717A0C1E}"=- "{F8CE4E7F-F6DA-4D35-8B3E-A8723059CC72}"=- "{2EFCA923-2BAF-44BC-B5CC-5505655C4198}"=- "{639DAB03-A362-4067-8454-89BEEC2E4F02}"=- "{CC3EBB9F-3EA2-4695-9DD3-217BF6AB82BE}"=- "{EC096B74-E13B-4AAC-A201-EAC5507E0BFF}"=- "{2B1D8F52-680F-45C0-B318-735161BE2908}"=- "{A4E6DECD-E603-4854-8589-511FA0FEEA40}"=- "{57A4CB48-6356-44B8-9DDB-13582E73FF42}"=- "{F97AC02C-2F57-4ADD-929E-8EB10B225C7B}"=- "{9C5A8B7B-991F-42C0-9317-E63C754DF91A}"=- [-HKEY_CLASSES_ROOT\CLSID\{CB046819-63D7-48E0-83D1-0AC750C42B39}] [-HKEY_CLASSES_ROOT\CLSID\{91694F22-E211-436C-BAAC-10A4524134AB}] [-HKEY_CLASSES_ROOT\CLSID\{370ED96E-2776-4E33-ABCF-9C07B0F6E0C0}] [-HKEY_CLASSES_ROOT\CLSID\{F2329DD9-764A-43AB-893B-2685CD1DA3D6}] [-HKEY_CLASSES_ROOT\CLSID\{46B5B32A-C723-4E2C-85B2-D4540331DF4E}] [-HKEY_CLASSES_ROOT\CLSID\{53AB09BC-8615-4BFC-81C6-4AAADFD75DE2}] [-HKEY_CLASSES_ROOT\CLSID\{BE8FE741-CD9C-4075-88C5-A565DA214AB4}] [-HKEY_CLASSES_ROOT\CLSID\{445DD4DB-3B75-48A5-B87C-2795717A0C1E}] [-HKEY_CLASSES_ROOT\CLSID\{F8CE4E7F-F6DA-4D35-8B3E-A8723059CC72}] [-HKEY_CLASSES_ROOT\CLSID\{2EFCA923-2BAF-44BC-B5CC-5505655C4198}] [-HKEY_CLASSES_ROOT\CLSID\{639DAB03-A362-4067-8454-89BEEC2E4F02}] [-HKEY_CLASSES_ROOT\CLSID\{CC3EBB9F-3EA2-4695-9DD3-217BF6AB82BE}] [-HKEY_CLASSES_ROOT\CLSID\{EC096B74-E13B-4AAC-A201-EAC5507E0BFF}] [-HKEY_CLASSES_ROOT\CLSID\{2B1D8F52-680F-45C0-B318-735161BE2908}] [-HKEY_CLASSES_ROOT\CLSID\{A4E6DECD-E603-4854-8589-511FA0FEEA40}] [-HKEY_CLASSES_ROOT\CLSID\{57A4CB48-6356-44B8-9DDB-13582E73FF42}] [-HKEY_CLASSES_ROOT\CLSID\{F97AC02C-2F57-4ADD-929E-8EB10B225C7B}] [-HKEY_CLASSES_ROOT\CLSID\{9C5A8B7B-991F-42C0-9317-E63C754DF91A}] REGEDIT4 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "SV1"="" **************************************************************************** Desktop.ini Contents: **************************************************************************** **************************************************************************** Checking for L2MFix account(0=no 1=yes): 0 Zipping up files for submission: zip warning: name not matched: dlls\*.* zip error: Nothing to do! (backup.zip) adding: backregs/2B1D8F52-680F-45C0-B318-735161BE2908.reg (188 bytes security) (deflated 70%) adding: backregs/2EFCA923-2BAF-44BC-B5CC-5505655C4198.reg (188 bytes security) (deflated 70%) adding: backregs/445DD4DB-3B75-48A5-B87C-2795717A0C1E.reg (188 bytes security) (deflated 70%) adding: backregs/46B5B32A-C723-4E2C-85B2-D4540331DF4E.reg (188 bytes security) (deflated 70%) adding: backregs/53AB09BC-8615-4BFC-81C6-4AAADFD75DE2.reg (188 bytes security) (deflated 70%) adding: backregs/57A4CB48-6356-44B8-9DDB-13582E73FF42.reg (188 bytes security) (deflated 70%) adding: backregs/639DAB03-A362-4067-8454-89BEEC2E4F02.reg (188 bytes security) (deflated 70%) adding: backregs/9C5A8B7B-991F-42C0-9317-E63C754DF91A.reg (188 bytes security) (deflated 70%) adding: backregs/A4E6DECD-E603-4854-8589-511FA0FEEA40.reg (188 bytes security) (deflated 70%) adding: backregs/BE8FE741-CD9C-4075-88C5-A565DA214AB4.reg (188 bytes security) (deflated 70%) adding: backregs/CB046819-63D7-48E0-83D1-0AC750C42B39.reg (188 bytes security) (deflated 70%) adding: backregs/CC3EBB9F-3EA2-4695-9DD3-217BF6AB82BE.reg (188 bytes security) (deflated 70%) adding: backregs/EC096B74-E13B-4AAC-A201-EAC5507E0BFF.reg (188 bytes security) (deflated 70%) adding: backregs/F2329DD9-764A-43AB-893B-2685CD1DA3D6.reg (188 bytes security) (deflated 70%) adding: backregs/F8CE4E7F-F6DA-4D35-8B3E-A8723059CC72.reg (188 bytes security) (deflated 70%) adding: backregs/F97AC02C-2F57-4ADD-929E-8EB10B225C7B.reg (188 bytes security) (deflated 70%) adding: backregs/notibac.reg (164 bytes security) (deflated 54%) adding: backregs/shell.reg (164 bytes security) (deflated 73%) ---------------------------------------------- smitfiles: smitRem © log file version 2.8 by noahdfear Microsoft Windows XP [Version 5.1.2600] The current date is: Sat 02/25/2006 The current time is: 21:22:28.75 Running from C:\Documents and Settings\Lori Deaton\Desktop\smitRem ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Pre-run SharedTask Export (GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler) Copyright(C) 2006 BleepingComputer.com Registry Pseudo-Format Mode (Not a valid reg file): [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" "{4F141CBA-1457-6CCA-03A7-7AA21B61EA0F}"="OutPost FireWall" "{2C1CD3D7-86AC-4068-93BC-A02304BB8C34}"="DCOM Server" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32] @="%SystemRoot%\system32\browseui.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32] @="%SystemRoot%\system32\browseui.dll" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ checking for ShudderLTD key ShudderLTD key not present! checking for PSGuard.com key PSGuard.com key not present! checking for WinHound.com key WinHound.com key not present! spyaxe uninstaller NOT present Winhound uninstaller NOT present SpywareStrike uninstaller NOT present ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Existing Pre-run Files ~~~ Program Files ~~~ ~~~ Shortcuts ~~~ ~~~ Favorites ~~~ ~~~ system32 folder ~~~ ~~~ Icons in System32 ~~~ ~~~ Windows directory ~~~ ~~~ Drive root ~~~ ~~~ Miscellaneous Files/folders ~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 720 'explorer.exe' Killing PID 720 'explorer.exe' Starting registry repairs Registry repairs complete ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SharedTask Export after registry fix (GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler) Copyright(C) 2006 BleepingComputer.com Registry Pseudo-Format Mode (Not a valid reg file): [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" "{4F141CBA-1457-6CCA-03A7-7AA21B61EA0F}"="OutPost FireWall" "{2C1CD3D7-86AC-4068-93BC-A02304BB8C34}"="DCOM Server" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32] @="%SystemRoot%\system32\browseui.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32] @="%SystemRoot%\system32\browseui.dll" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Deleting files ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Remaining Post-run Files ~~~ Program Files ~~~ ~~~ Shortcuts ~~~ ~~~ Favorites ~~~ ~~~ system32 folder ~~~ ~~~ Icons in System32 ~~~ ~~~ Windows directory ~~~ ~~~ Drive root ~~~ ~~~ Miscellaneous Files/folders ~~~ ~~~ Wininet.dll ~~~ CLEAN! :) ------------------------------------------------ kaspersky scan: ------------------------------------------------------------------------------- KASPERSKY ON-LINE SCANNER REPORT Saturday, February 25, 2006 22:33:42 Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version: 5.0.67.0 Kaspersky Anti-Virus database last update: 26/02/2006 Kaspersky Anti-Virus database records: 178689 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ D:\ Scan Statistics: Total number of scanned objects: 62044 Number of viruses found: 41 Number of infected objects: 378 Number of suspicious objects: 0 Duration of the scan process: 2815 sec Infected Object Name - Virus Name C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP270\A0053464.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP274\A0061466.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP274\A0062464.dll Infected: not-a-virus:AdWare.Win32.Ihbo.gen C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP274\A0062465.dll Infected: not-a-virus:AdWare.Win32.Sud.a C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP274\A0062472.dll Infected: not-a-virus:AdWare.Win32.Sud.a C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP282\A0064678.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP282\A0064681.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP282\A0064682.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP283\A0067678.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP284\A0069690.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP284\A0070684.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP286\A0073695.exe Infected: not-a-virus:AdWare.Win32.AdURL.c C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP288\A0074700.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP288\A0074705.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP295\A0076746.dll Infected: not-a-virus:AdWare.Win32.Sud.d C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP298\A0077730.dll Infected: not-a-virus:AdWare.Win32.NewDotNet C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP298\A0077741.exe/InpB/SskBho.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ai C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP298\A0077741.exe/InpB/SskCore.dll Infected: not-a-virus:AdWare.Win32.SurfSide.aa C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP298\A0077741.exe/InpB/Ssk.exe Infected: not-a-virus:AdWare.Win32.SurfSide.ai C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP298\A0077741.exe/InpB/Ssk3RepairInstall.exe Infected: not-a-virus:AdWare.Win32.SurfSide.aa C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP298\A0077741.exe/InpB Infected: not-a-virus:AdWare.Win32.SurfSide.aa C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP298\A0077741.exe Infected: not-a-virus:AdWare.Win32.SurfSide.aa C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP298\A0078730.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ai C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP298\A0078731.dll Infected: not-a-virus:AdWare.Win32.SurfSide.aa C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP298\A0078732.exe Infected: not-a-virus:AdWare.Win32.SurfSide.ai C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP298\A0078733.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ai C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP298\A0079744.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP300\A0079765.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP300\A0080730.dll Infected: not-a-virus:AdWare.Win32.NewDotNet.h C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP300\A0080745.exe Infected: not-a-virus:AdWare.Win32.AdURL.c C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP300\A0081736.exe Infected: not-a-virus:AdWare.Win32.AdURL.c C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP306\A0084790.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP306\A0084809.exe Infected: Trojan-Dropper.Win32.PurityScan.ad C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP306\A0084810.exe Infected: not-a-virus:AdWare.Win32.MediaTickets.u C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP312\A0090883.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP312\A0090888.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP312\A0095943.exe Infected: Trojan-Dropper.Win32.PurityScan.ad C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP312\A0095947.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP312\A0095948.exe Infected: not-a-virus:AdWare.Win32.PurityScan.a C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP312\A0097970.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP312\A0098967.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP312\A0098971.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP312\A0098989.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP312\A0098990.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP313\A0100989.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP313\A0101012.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP313\A0101017.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP313\A0102017.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP313\A0102037.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP314\A0103037.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0109113.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0109140.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0109141.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0109142.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0109143.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0109208.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0109209.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0109210.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0109213.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0109214.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0109218.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.m C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0109220.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0109221.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0109222.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0109225.exe Infected: not-a-virus:AdWare.Win32.PurityScan.a C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0109226.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0109228.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.l C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0109229.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.m C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0109231.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.m C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0109234.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0109235.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0109236.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0109237.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0109238.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0109239.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0109294.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0109295.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0109296.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0109297.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0109298.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0109299.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0109300.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0109301.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0109325.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.y C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0109326.exe Infected: not-a-virus:AdWare.Win32.MediaTickets.w C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0109329.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.an C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0109358.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0109359.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0109360.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0109361.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0109362.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0109363.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0109364.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0109365.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0109366.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0109367.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0109368.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0109370.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0109371.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0109372.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0109373.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0109375.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0109379.exe Infected: not-a-virus:AdWare.Win32.SafeSurfing.y C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0109381.dll Infected: not-a-virus:AdWare.Win32.SafeSurfing.a C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0109394.dll Infected: not-a-virus:AdWare.Win32.EZula.cc C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0109411.dll Infected: not-a-virus:AdWare.Win32.EZula.cc C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0109412.exe Infected: not-a-virus:AdWare.Win32.EZula.bn C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0109414.exe/data0006 Infected: Trojan-Dropper.Win32.VB.kk C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0109414.exe Infected: Trojan-Dropper.Win32.VB.kk C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0109422.exe/data0002 Infected: Trojan-Downloader.Win32.VB.tw C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0109422.exe/data0003 Infected: Trojan.Win32.VB.tg C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0109422.exe/data0006 Infected: Trojan.Win32.VB.tg C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0109422.exe/data0007 Infected: Trojan.Win32.VB.tg C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0109422.exe Infected: Trojan.Win32.VB.tg C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0109548.exe Infected: not-a-virus:AdWare.Win32.MediaTickets.u C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0109551.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0109552.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0109553.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0109554.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0110052.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0110053.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0110394.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0110395.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0110399.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0110400.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0110401.exe Infected: not-a-virus:AdWare.Win32.SurfSide.ai C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0110402.dll Infected: not-a-virus:AdWare.Win32.SurfSide.aa C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0110403.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ai C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0110410.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0110412.exe Infected: not-a-virus:AdWare.Win32.NewDotNet C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0110413.exe Infected: not-a-virus:AdWare.Win32.NewDotNet C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0110414.EXE Infected: not-a-virus:AdWare.Win32.NewDotNet C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0110421.exe/data0002/data0006 Infected: Trojan-Dropper.Win32.VB.kk C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0110421.exe/data0002 Infected: Trojan-Dropper.Win32.VB.kk C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0110421.exe Infected: Trojan-Dropper.Win32.VB.kk C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0110431.exe Infected: not-a-virus:AdWare.Win32.Suggestor.o C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0110432.dll Infected: not-a-virus:AdWare.Win32.Suggestor.o C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0110435.exe Infected: not-a-virus:AdWare.Win32.Suggestor.o C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0110437.exe/data0001 Infected: Trojan-Clicker.Win32.Small.jf C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0110437.exe Infected: Trojan-Clicker.Win32.Small.jf C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0110439.exe/data0002 Infected: Trojan-Clicker.Win32.Small.jf C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0110439.exe Infected: Trojan-Clicker.Win32.Small.jf C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0110451.exe Infected: not-a-virus:AdWare.Win32.WebHancer.381 C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0110452.exe Infected: not-a-virus:AdWare.Win32.WebHancer.381 C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0110453.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381 C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0110454.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0110457.exe/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0110457.exe/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer.381 C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0110457.exe/data.rar/whSurvey.exe Infected: not-a-virus:AdWare.Win32.WebHancer.381 C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0110457.exe/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381 C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0110457.exe/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381 C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0110457.exe/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer.381 C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0110457.exe Infected: not-a-virus:AdWare.Win32.WebHancer.381 C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0110460.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0110461.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0110462.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0110463.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0110464.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0110517.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0110518.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0110523.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0110524.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0110525.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0110526.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0110527.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0110528.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0110529.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0110530.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0110531.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0110532.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0110533.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0110534.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0110541.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0110542.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0110544.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0110545.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0110546.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0110547.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0110548.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0110549.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0110553.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP321\A0110556.exe Infected: not-a-virus:AdWare.Win32.MediaTickets.w C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP322\A0114656.dll Infected: not-a-virus:AdWare.Win32.Suggestor.o C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP322\A0114661.dll Infected: not-a-virus:AdWare.Win32.Suggestor.o C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP322\A0114882.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP322\A0114883.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381 C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP322\A0114884.exe Infected: not-a-virus:AdWare.Win32.WebHancer.381 C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP322\A0114888.exe Infected: not-a-virus:AdWare.Win32.NewDotNet C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP322\A0114889.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0114961.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381 C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0114962.exe Infected: not-a-virus:AdWare.Win32.WebHancer.381 C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0114963.dll Infected: not-a-virus:AdWare.Win32.NewDotNet.i C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0115296.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.am C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0115518.dll Infected: not-a-virus:AdWare.Win32.Suggestor.o C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0115519.exe Infected: not-a-virus:AdWare.Win32.Suggestor.o C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0115717.exe Infected: not-a-virus:Monitor.Win32.NetMon.a C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0115725.exe Infected: not-a-virus:AdWare.Win32.SurfSide.ai C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0115727.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ai C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0115730.dll Infected: not-a-virus:AdWare.Win32.SurfSide.aa C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0115901.exe Infected: not-a-virus:AdWare.Win32.Suggestor.o C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0116054.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.l C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0116056.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.m C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0116156.exe/data0002/data0006 Infected: Trojan-Dropper.Win32.VB.kk C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0116156.exe/data0002 Infected: Trojan-Dropper.Win32.VB.kk C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0116156.exe Infected: Trojan-Dropper.Win32.VB.kk C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0116177.exe/data0006 Infected: Trojan-Dropper.Win32.VB.kk C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0116177.exe Infected: Trojan-Dropper.Win32.VB.kk C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0118620.exe/data0001 Infected: Trojan-Clicker.Win32.Small.jf C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0118620.exe Infected: Trojan-Clicker.Win32.Small.jf C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0118628.exe/data0002 Infected: Trojan-Downloader.Win32.VB.tw C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0118628.exe/data0003 Infected: Trojan.Win32.VB.tg C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0118628.exe/data0006 Infected: Trojan.Win32.VB.tg C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0118628.exe/data0007 Infected: Trojan.Win32.VB.tg C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0118628.exe Infected: Trojan.Win32.VB.tg C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0118753.exe/data0002 Infected: Trojan-Clicker.Win32.Small.jf C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0118753.exe Infected: Trojan-Clicker.Win32.Small.jf C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0118772.exe Infected: Trojan-Dropper.Win32.PurityScan.ad C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0127067.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.am C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0127155.exe Infected: not-a-virus:Monitor.Win32.NetMon.a C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0127163.exe Infected: not-a-virus:AdWare.Win32.SurfSide.ai C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0127533.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ai C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0127553.exe Infected: not-a-virus:AdWare.Win32.Suggestor.o C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0127767.exe Infected: not-a-virus:AdWare.Win32.Suggestor.o C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0127816.dll Infected: not-a-virus:AdWare.Win32.EZula.cc C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0127970.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0128274.exe Infected: not-a-virus:AdWare.Win32.SafeSurfing.y C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0130539.EXE Infected: not-a-virus:AdWare.Win32.NewDotNet C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0131072.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.y C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0131272.exe/unknown2.bin Infected: not-a-virus:AdWare.Win32.Ucmore.e C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0131272.exe/UCMTSAIE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore.a C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0131272.exe/IUCMORE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0131272.exe Infected: not-a-virus:AdWare.Win32.Ucmore C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0131563.exe Infected: not-a-virus:AdWare.Win32.Zestyfind C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0131677.exe Infected: not-a-virus:AdWare.Win32.MediaTickets.u C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0131678.exe Infected: not-a-virus:AdWare.Win32.NewDotNet C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0131679.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0131680.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0132141.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0132145.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0132262.dll Infected: not-a-virus:AdWare.Win32.SafeSurfing.a C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0132267.vxd Infected: not-a-virus:AdWare.Win32.BargainBuddy.q C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0132445.srg Infected: not-a-virus:AdWare.Win32.BargainBuddy.q C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0132524.dll Infected: not-a-virus:AdWare.Win32.HotSearchBar.i C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0132525.dll Infected: not-a-virus:AdWare.Win32.EZula.cc C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0132527.dll Infected: not-a-virus:AdWare.Win32.HotSearchBar.i C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0133035.dll Infected: not-a-virus:AdWare.Win32.SurfSide.aa C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0133089.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0133090.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0133091.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0133092.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0133093.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0133094.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0133095.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0133218.dll Infected: not-a-virus:AdWare.Win32.CommAd.a C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0133219.exe Infected: not-a-virus:AdWare.Win32.CommAd.a C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0133220.dll Infected: not-a-virus:AdWare.Win32.Sud.a C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0133228.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.am C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0133518.exe Infected: not-a-virus:Monitor.Win32.NetMon.a C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0133610.exe Infected: not-a-virus:AdWare.Win32.NewDotNet C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0133611.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0133612.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0133634.exe Infected: not-a-virus:AdWare.Win32.Suggestor.o C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0134976.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.am C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135067.exe Infected: not-a-virus:AdWare.Win32.EZula.bn C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135068.EXE Infected: not-a-virus:AdWare.Win32.NewDotNet C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135069.dll Infected: not-a-virus:AdWare.Win32.Suggestor.o C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135070.exe Infected: not-a-virus:AdWare.Win32.Suggestor.o C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135071.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.y C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135072.exe Infected: not-a-virus:Monitor.Win32.NetMon.a C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135073.exe Infected: not-a-virus:AdWare.Win32.MediaTickets.u C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135074.exe Infected: not-a-virus:AdWare.Win32.NewDotNet C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135075.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135076.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135077.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135078.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135079.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135080.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135081.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135082.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135083.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135084.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135085.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135086.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135087.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.m C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135088.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135089.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135090.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135091.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135092.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135093.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135094.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135095.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135096.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135097.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135098.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135099.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135100.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135101.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135102.exe Infected: not-a-virus:AdWare.Win32.Suggestor.o C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135103.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135104.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135105.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135106.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135107.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135108.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135109.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135110.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135111.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135112.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135113.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135114.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135115.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135116.dll Infected: not-a-virus:AdWare.Win32.SafeSurfing.a C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135117.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135118.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135119.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135120.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135121.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135122.exe Infected: not-a-virus:AdWare.Win32.SafeSurfing.y C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135123.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135124.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.an C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135125.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135126.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135127.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135128.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135129.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135130.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135131.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135132.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135133.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135134.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135135.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135136.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135137.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135138.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135139.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135140.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135141.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135142.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135143.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135144.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135145.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135146.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135147.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135148.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135149.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135150.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135151.dll Infected: not-a-virus:AdWare.Win32.EZula.cc C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135152.dll Infected: not-a-virus:AdWare.Win32.EZula.cc C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135153.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135154.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135155.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135156.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135157.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.l C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135158.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135159.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135160.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135161.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135162.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.m C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135163.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135164.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135165.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135166.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135167.exe/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135167.exe/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer.381 C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135167.exe/data.rar/whSurvey.exe Infected: not-a-virus:AdWare.Win32.WebHancer.381 C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135167.exe/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381 C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135167.exe/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381 C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135167.exe/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer.381 C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135167.exe Infected: not-a-virus:AdWare.Win32.WebHancer.381 C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135168.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135169.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135170.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135171.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135172.exe Infected: not-a-virus:AdWare.Win32.PurityScan.a C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0135173.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.m C:\WINDOWS\system32\aagkdk.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak C:\WINDOWS\system32\ѕνchost.exe Infected: not-a-virus:AdWare.Win32.PurityScan.dq Scan process completed. ------------------------------------------------ hjt: Logfile of HijackThis v1.99.1 Scan saved at 10:34:04 PM, on 2/25/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Dell Support\DSAgnt.exe C:\Documents and Settings\Lori Deaton\Desktop\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com O2 - BHO: (no name) - {365F3B7A-88B9-A33E-C1DA-F38AD8D6F398} - C:\WINDOWS\system32\aagkdk.dll O2 - BHO: IE PopUp-Killer ; Neikeisoft - {49E0E0F0-5C30-11D4-945D-000000000003} - C:\PROGRA~1\DEFEND~1\DEFEND~1\PopUp.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe" O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe ------------------------------------------------ This thing is 110% better even after the first run of fixes. Not really noticing any ill affects at this time. And thanks again for your help. |
|
|
|
|
02-25-2006, 09:59 PM
|
#12 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,444
OS: 2000 Pro; XP Pro; XP Home
|
No worries about the extra post. I've removed it to unclutter the thread.
That's looking a lot better. Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you check the last one: O2 - BHO: (no name) - {365F3B7A-88B9-A33E-C1DA-F38AD8D6F398} - C:\WINDOWS\system32\aagkdk.dll Locate the following Files/Folders and delete them if they exist (if no location given, just do a search for them): C:\WINDOWS\system32\ aagkdk.dll If it resists deletion, boot to safe mode and delete it from there. -------------------------------------------- Launch Notepad, and copy/paste the box below into a new text file. Save it as "FindFile.bat" (include the quotes) and save it on your Desktop. Code:
dir C:\WINDOWS\system32\ѕνchost.exe /a h > files.txt notepad files.txt Locate FindFile.bat on your Desktop and double-click on it. It will open Notepad with some text in it. Please post the text here.
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Microsoft MVP - Consumer Security 2009
|
|
|
|
|
02-25-2006, 10:14 PM
|
#13 (permalink) |
|
Registered User
Join Date: Jul 2005
Posts: 38
OS: xp pro
|
Ok here is the info you wanted.
Volume in drive C has no label. Volume Serial Number is 745C-8E82 Directory of C:\WINDOWS\system32 08/04/2004 06:00 AM 14,336 svchost.exe 02/14/2006 02:08 PM 405,504 ??chost.exe 2 File(s) 419,840 bytes Directory of C:\Documents and Settings\Lori Deaton\Desktop |
|
|
|
|
02-25-2006, 10:37 PM
|
#14 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,444
OS: 2000 Pro; XP Pro; XP Home
|
OK, great.
Delete the file C:\WINDOWS\system32\??chost.exe with the creation date of 02/14/2006 02:08 PM and size of 405,504 bytes To check, navigate to the file, right click and select properties. DO NOT delete the file if it is from Microsoft. ------------------------------ * Click Start- Run * Type or copy/paste MsiExec.exe /X{78d944d7-a97b-4004-ab0a-b5ad06839940} * Click OK * Follow the prompts to remove MyWay ------------------------------ CLEAR & RESET SYSTEM RESTORE'S CACHE Go to Start >> Run - type or copy/paste control sysdm.cpl,,4 & press Enter * Tick on the checkbox - Turn off System Restore on all drives * Click Apply Turn it back 'On' by unticking the same checkbox & click Apply, and then OK. ------------------------------ Run one more scan with Kaspersky, to ensure we got it all. ------------------------------ Post a new HJT Log. ------------------------------ Let me know if any files resist deletion, or if you have any problems.
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Microsoft MVP - Consumer Security 2009
|
|
|
|
|
02-26-2006, 08:58 AM
|
#15 (permalink) |
|
Registered User
Join Date: Jul 2005
Posts: 38
OS: xp pro
|
[quote=tetonbob]OK, great.
Delete the file C:\WINDOWS\system32\??chost.exe with the creation date of 02/14/2006 02:08 PM and size of 405,504 bytes To check, navigate to the file, right click and select properties. DO NOT delete the file if it is from Microsoft. ------------------------------ This file I could not find. Copied and pasted in search and came up with one but it did not have the same date and size. ------------------------------------------------------------------------------- KASPERSKY ON-LINE SCANNER REPORT Sunday, February 26, 2006 10:51:56 Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version: 5.0.67.0 Kaspersky Anti-Virus database last update: 26/02/2006 Kaspersky Anti-Virus database records: 178698 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ D:\ Scan Statistics: Total number of scanned objects: 33421 Number of viruses found: 2 Number of infected objects: 2 Number of suspicious objects: 0 Duration of the scan process: 1625 sec Infected Object Name - Virus Name C:\Documents and Settings\Lori Deaton\Desktop\hijackthis\backups\backup-20060226-000708-582.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak C:\WINDOWS\system32\ѕνchost.exe Infected: not-a-virus:AdWare.Win32.PurityScan.dq Scan process completed. Logfile of HijackThis v1.99.1 Scan saved at 10:52:46 AM, on 2/26/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe C:\WINDOWS\system32\hkcmd.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Dell Support\DSAgnt.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\Documents and Settings\Lori Deaton\Desktop\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com O2 - BHO: IE PopUp-Killer ; Neikeisoft - {49E0E0F0-5C30-11D4-945D-000000000003} - C:\PROGRA~1\DEFEND~1\DEFEND~1\PopUp.dll O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe" O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe |
|
|
|
|
02-26-2006, 09:42 AM
|
#17 (permalink) |
|
Registered User
Join Date: Jul 2005
Posts: 38
OS: xp pro
|
I have one more question. In search boxes on the internet...ie yahoo search or google search.....the search box stores all of the searches kinda like the address bar does if you type an address in. Well I have run cleanup, manually cleared hiostory, manually deleted all temp files and cookies, and these old searches are still showing up. Any ideas on how to het rid of them? I appreciate all of your help!
|
|
|
|
|
02-26-2006, 11:05 AM
|
#18 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,444
OS: 2000 Pro; XP Pro; XP Home
|
Yes, uninstall Windows Overlay Program.
I have attached a file to this post - Puritydel.zip Download this file to your desktop. Double click on the zip folder, then double click on the bat file within. Post the resulting text file here. Then run the findfile.bat again. Oh, yeah.... The search history that displays in the search box on the Google homepage is stored by your browser, not by Google. To disable this feature on Microsoft Internet Explorer (IE) versions 5.0 and higher: 1. Go to the 'Tools' menu. 2. Select 'Internet Options.' 3. Select the 'Content' tab. 4. Within the 'Personal Information' area, select 'AutoComplete.' 5. Click on 'Clear Forms'. You can also uncheck the 'Forms' box in this same window to keep this information from being stored in the future.
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Microsoft MVP - Consumer Security 2009
Last edited by tetonbob; 09-19-2006 at 01:55 PM. |
|
|
|
|
02-26-2006, 11:19 AM
|
#19 (permalink) |
|
Registered User
Join Date: Jul 2005
Posts: 38
OS: xp pro
|
Ahhh thanks for the info. Here are the 2 logs you requested.
Volume in drive C has no label. Volume Serial Number is 745C-8E82 Directory of c:\windows\system32 08/04/2004 06:00 AM 14,336 svchost.exe 1 File(s) 14,336 bytes 0 Dir(s) 65,604,087,808 bytes free ------------------------------------------------------------------- Volume in drive C has no label. Volume Serial Number is 745C-8E82 Directory of C:\WINDOWS\system32 08/04/2004 06:00 AM 14,336 svchost.exe 1 File(s) 14,336 bytes Directory of C:\Documents and Settings\Lori Deaton\Desktop |
|
|
|
|
02-26-2006, 01:20 PM
|
#20 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,444
OS: 2000 Pro; XP Pro; XP Home
|
Good job.....that should do it.
Your logs are clean. Any more issues? If not you should be good to go. We still have a few items to address. Reset hidden/system files and folders
Create a new System Restore point
Enable Windows Auto Update
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:
If you do not have a firewall, here are 4 free ones available for personal use: In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Microsoft MVP - Consumer Security 2009
|
|
|
|
| Thread Tools | |
|
|
