Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93101 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Please please please help


  • This topic is locked This topic is locked
26 replies to this topic

#1 kiddiekarpets

kiddiekarpets

    New Member

  • Authentic Member
  • Pip
  • 15 posts

Posted 01 February 2006 - 08:28 PM

whenever I go to any website, I am constantly being redirected. Even when I am not on line ( I use Mozilla), is just signs on, and goes to a redirected website. This is becoming a real problem. I've ran my spyware, to no avail.
I am relative competent on computers.. but spyware and problems are a different issue.


Here is my hijack this log:


Logfile of HijackThis v1.99.1
Scan saved at 8:04:35 PM, on 2/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\iTunes\iTunesHelper.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\avifile4.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\ati2dvaa.exe
C:\WINDOWS\system32\lxamsp32.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\wt\updater\wcmdmgr.exe
C:\windows\winsysban4.exe
c:\windows\system32\palsp.exe
C:\Program Files\BellSouth Internet Tools\blsloader.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\system32\w?wexec.exe
C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe
C:\Program Files\LexmarkX63\ACMonitor_X63.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\Network Monitor\netmon.exe
C:\Program Files\InterMute\PopSubtract\PopSub.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\!update.exe
C:\Program Files\apsi\wtta.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...lion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.fin...siteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.fin...siteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.fin...siteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.fin...siteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...lion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.fin...siteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {6AC33931-D2AB-F002-8E5E-DD7F166AD6C2} - C:\WINDOWS\system32\qjgkv.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Real Internet Player] REAIPLAY.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [gzwt] C:\WINDOWS\gzwt.exe
O4 - HKLM\..\Run: [heFHB7M] C:\documents and settings\owner\local settings\temp\heFHB7M.exe
O4 - HKLM\..\Run: [Zr] C:\documents and settings\owner\local settings\temp\Zr.exe
O4 - HKLM\..\Run: [87a26efc39df] C:\WINDOWS\System32\avifile4.exe
O4 - HKLM\..\Run: [bKr192e] C:\documents and settings\owner\local settings\temp\bKr192e.exe
O4 - HKLM\..\Run: [s] C:\documents and settings\owner\local settings\temp\s.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [1VPxZK7] C:\documents and settings\owner\local settings\temp\1VPxZK7.exe
O4 - HKLM\..\Run: [K5xB1] C:\documents and settings\owner\local settings\temp\K5xB1.exe
O4 - HKLM\..\Run: [XKA] C:\documents and settings\owner\local settings\temp\XKA.exe
O4 - HKLM\..\Run: [sbY3U27] C:\documents and settings\owner\local settings\temp\sbY3U27.exe
O4 - HKLM\..\Run: [C5TZYZ8] c:\documents and settings\owner\local settings\temp\C5TZYZ8.exe
O4 - HKLM\..\Run: [sWL] c:\documents and settings\owner\local settings\temp\sWL.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [7a2ca25130b7] C:\WINDOWS\system32\ati2dvaa.exe
O4 - HKLM\..\Run: [lxamsp32.exe] lxamsp32.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [fresxstyle] lockbar.exe
O4 - HKLM\..\Run: [LonPS2] c:\windows\system32\repcale.exe c:\windows\system32\palsp.exe
O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd4.exe
O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban4.exe
O4 - HKLM\..\Run: [gimmygames] C:\\gimmygames.exe
O4 - HKLM\..\Run: [blspcloader] "C:\Program Files\BellSouth Internet Tools\blsloader.exe"
O4 - HKLM\..\RunServices: [fresxstyle] lockbar.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Kmbol] C:\WINDOWS\system32\w?wexec.exe
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [fresxstyle] lockbar.exe
O4 - HKCU\..\Run: [Notn] "C:\Program Files\apsi\wtta.exe" -vt rbnd
O4 - Startup: IMStart.lnk = C:\Program Files\InterMute\IMStart.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: SpamSubtract.lnk = C:\Program Files\InterMute\SpamSubtract\SpamSub.exe
O4 - Global Startup: AcBtnMgr_X63.exe.lnk = C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe
O4 - Global Startup: ACMonitor_X63.exe.lnk = C:\Program Files\LexmarkX63\ACMonitor_X63.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PopSubtract.lnk = C:\Program Files\InterMute\PopSubtract\PopSub.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-12.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: MediaContentIndex - C:\WINDOWS\system32\mv04l9dq1.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

    Advertisements

Register to Remove


#2 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 01 February 2006 - 09:12 PM

This will take a few steps as you have a lot of spyware and viruses on there.

Download L2mfix from one of these two locations:

http://www.atribune....oads/l2mfix.exe
http://www.downloads....org/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so! This Fix must NOT be run in safe mode for it to work.

if you receive, while running option #1, an error similar like: ''C:\windows\system32\cmd.exe
C:\windows\system32\autoexec.nt the system file is not suitable for running ms-dos and microsoft windows applications. choose close to terminate the application.."...then please use option 5 or the web page link in the l2mfix folder to solve this error condition. do not run the fix portion without fixing this first.

#3 kiddiekarpets

kiddiekarpets

    New Member

  • Authentic Member
  • Pip
  • 15 posts

Posted 02 February 2006 - 07:19 AM

Thanks for the info! I did what you said, and here is the log from l2mfix: It did give me that errror, but still printed a log. Here is the log, I am confused on how to correct the error. L2MFIX find log 010406 These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] @="" "DLLName"="igfxsrvc.dll" "Asynchronous"=dword:00000001 "Impersonate"=dword:00000001 "Unlock"="WinlogonUnlockEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\MediaContentIndex] "Asynchronous"=dword:00000000 "DllName"="C:\\WINDOWS\\system32\\mv04l9dq1.dll" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "{C33A4CC9-1629-C688-09AB-67CECCD2F678}"="" ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet" "{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management" "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page" "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page" "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing" "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension" "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension" "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension" "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension" "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page" "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page" "{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler" "{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension" "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects" "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management" "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management" "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression" "{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension" "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI" "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu" "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase" "{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext" "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts" "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile" "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page" "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing" "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension" "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension" "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension" "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections" "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections" "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras" "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras" "{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras" "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras" "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras" "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension" "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension" "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host" "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link" "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler" "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension" "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks" "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu" "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search" "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support" "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support" "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..." "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet" "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail" "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts" "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools" "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler" "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler" "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler" "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler" "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler" "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor" "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar" "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status" "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder" "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2" "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy" "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand" "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band" "{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band" "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search" "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search" "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility" "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address" "{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox" "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete" "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor" "{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List" "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List" "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible" "{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar" "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser" "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List" "{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List" "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container" "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu" "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp" "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar" "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite" "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist" "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings" "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band" "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service" "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer" "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture" "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut" "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service" "{FF393560-C2A7-11CF-BFF4-444553540000}"="History" "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook" "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen" "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook" "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC" "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC" "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet" "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space" "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band" "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder" "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck" "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr" "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder" "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler" "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent" "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent" "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent" "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent" "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent" "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler" "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager" "{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator" "{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher" "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs" "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory" "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor" "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)" "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor" "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler" "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard" "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web" "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object" "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard" "{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts" "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler" "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target" "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File" "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut" "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object" "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu" "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties" "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview" "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext" "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control" "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control" "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control" "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control" "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control" "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI" "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object" "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find" "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find" "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI" "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs" "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook" "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target" "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties" "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu" "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options" "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder" "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler" "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell" "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%" "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler" "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer" "{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..." "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler" "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler" "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler" "{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache" "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player" "{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders" "{7F67036B-66F1-411A-AD85-759FB9C5B0DB}"="SampleView" "{DEE12703-6333-4D4E-8F34-738C4DCC2E04}"="RecordNow! SendToExt" "{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices" "{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu" "{59850401-6664-101B-B21C-00AA004BA90B}"="Microsoft Office Binder Unbind" "{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler" "{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults" "{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page" "{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions" "{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder" "{03A80B1D-5C6A-42c2-9DFB-81B6005D8023}"="Trend Micro Anti-Spyware Shell Extension" "{acb4a560-3606-11d3-aef4-00104bd0f92d}"="KodakShellExtension" "{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band" "{A9426784-5325-4E68-BF96-71B328D74A19}"="" ********************************************************************************** HKEY ROOT CLASSIDS: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{A9426784-5325-4E68-BF96-71B328D74A19}] @="" [HKEY_CLASSES_ROOT\CLSID\{A9426784-5325-4E68-BF96-71B328D74A19}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{A9426784-5325-4E68-BF96-71B328D74A19}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{A9426784-5325-4E68-BF96-71B328D74A19}\InprocServer32] @="C:\\WINDOWS\\system32\\wn2_32.dll" "ThreadingModel"="Apartment" ********************************************************************************** Files Found are not all bad files: Locate .tmp files: ********************************************************************************** Directory Listing of system files: Volume in drive C is HP_PAVILION Volume Serial Number is 4040-8BFC Directory of C:\WINDOWS\System32 02/01/2006 07:53 PM 234,272 wn2_32.dll 02/01/2006 07:35 PM 235,681 nglsapi.dll 02/01/2006 07:35 PM 234,157 l8j8li1u18.dll 02/01/2006 01:32 PM 234,272 i0nm0a51ed.dll 02/01/2006 12:39 PM 234,272 lsimg11n.dll 02/01/2006 12:39 PM 235,681 mv04l9dq1.dll 01/30/2006 09:17 AM 405,504 w?wexec.exe 01/29/2006 05:01 PM 234,774 h20q0cd5ef0.dll 01/29/2006 03:48 PM 234,272 stbrccsp.dll 01/29/2006 03:40 PM <DIR> dllcache 09/08/2005 08:58 AM 846 BnxLS.46s 09/02/2005 07:57 AM 846 LsxI52.eg8 02/13/2005 03:09 AM 512 UbgrYPnp.exd 02/12/2005 04:18 AM 846 MtyJ62F.h8p 01/23/2005 08:07 AM 846 VchsZQoq.fye 01/16/2005 04:39 AM 846 Rydo84km.bua 01/16/2005 03:08 AM 512 KrwH5f.117 01/15/2005 04:29 PM 512 TafqX5mo.dvc 01/15/2005 03:12 PM 846 OnkdA03.a23 01/08/2005 11:10 AM 846 Rydo84k.lat 01/07/2005 03:43 PM 846 VchsZRoq.fye 12/26/2004 03:04 AM 512 KrwH5f.127 12/12/2004 10:34 PM 512 Cjo9g.x88 11/13/2004 03:23 PM 512 IpuFmd.017 11/12/2004 07:35 PM 512 Wlsb9SH.z92 10/16/2004 04:08 PM 512 GmsCj.b90 09/25/2004 01:56 AM 512 Xej7.b76 08/04/2004 02:56 AM 43,520 lockbar.exe 04/01/2004 01:58 AM <DIR> Microsoft 27 File(s) 2,337,781 bytes 2 Dir(s) 133,342,351,360 bytes free I hope you can help!! :o)

Edited by kiddiekarpets, 02 February 2006 - 07:44 AM.


#4 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 02 February 2006 - 12:17 PM

Close any programs you have open since this step requires a reboot. From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter. It will process then start. Your desktop and icons will disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, it will be ready for a reboot. Press any key to reboot. After the reboot notepad will open with a log. Copy the contents of that log and paste it back into this thread, along with a new hijackthis log. IMPORTANT: Do NOT run any other files in the l2mfix folder unless you are asked to do so! Do Not run in safe mode!! If after the reboot the log does not open double click on it in the l2mfix folder

#5 kiddiekarpets

kiddiekarpets

    New Member

  • Authentic Member
  • Pip
  • 15 posts

Posted 02 February 2006 - 02:27 PM

Here is the very short log from l2mfix:


L2mfix 010406
Creating Account.
The command completed successfully.

Adding Administrative privleges.
The command completed successfully.
Checking for L2MFix account(0=no 1=yes):
1
Granting SeDebugPrivilege to L2MFIX ... successful
Checking for L2MFix account(0=no 1=yes):
0
Zipping up files for submission:
zip warning: name not matched: dlls\*.*

zip error: Nothing to do! (backup.zip)
adding: backregs/A9426784-5325-4E68-BF96-71B328D74A19.reg (188 bytes security) (deflated 70%)
adding: backregs/notibac.reg (188 bytes security) (deflated 87%)
adding: backregs/shell.reg (188 bytes security) (deflated 73%)

This is the hijack this log after running l2mfix:


Logfile of HijackThis v1.99.1
Scan saved at 3:25:21 PM, on 2/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\wanmpsvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\avifile4.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\ati2dvaa.exe
C:\WINDOWS\system32\lxamsp32.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\wt\updater\wcmdmgr.exe
C:\windows\winsysban4.exe
c:\windows\system32\palsp.exe
C:\Program Files\BellSouth Internet Tools\blsloader.exe
C:\WINDOWS\system32\qwinqsap.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\system32\w?wexec.exe
C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe
C:\Program Files\LexmarkX63\ACMonitor_X63.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\InterMute\PopSubtract\PopSub.exe
c:\windows\system32\rpdsregq.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Files\InterMute\SpamSubtract\SpamSub.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\windows\winsysban5.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\My Documents\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...lion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.fin...siteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.fin...siteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.fin...siteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.fin...siteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.fin...siteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {02BC709B-C600-BAAE-7901-CDCE6DCDE2C7} - C:\WINDOWS\system32\fgae.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB57.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Real Internet Player] REAIPLAY.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [gzwt] C:\WINDOWS\gzwt.exe
O4 - HKLM\..\Run: [heFHB7M] C:\documents and settings\owner\local settings\temp\heFHB7M.exe
O4 - HKLM\..\Run: [Zr] C:\documents and settings\owner\local settings\temp\Zr.exe
O4 - HKLM\..\Run: [87a26efc39df] C:\WINDOWS\System32\avifile4.exe
O4 - HKLM\..\Run: [bKr192e] C:\documents and settings\owner\local settings\temp\bKr192e.exe
O4 - HKLM\..\Run: [s] C:\documents and settings\owner\local settings\temp\s.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [1VPxZK7] C:\documents and settings\owner\local settings\temp\1VPxZK7.exe
O4 - HKLM\..\Run: [K5xB1] C:\documents and settings\owner\local settings\temp\K5xB1.exe
O4 - HKLM\..\Run: [XKA] C:\documents and settings\owner\local settings\temp\XKA.exe
O4 - HKLM\..\Run: [sbY3U27] C:\documents and settings\owner\local settings\temp\sbY3U27.exe
O4 - HKLM\..\Run: [C5TZYZ8] c:\documents and settings\owner\local settings\temp\C5TZYZ8.exe
O4 - HKLM\..\Run: [sWL] c:\documents and settings\owner\local settings\temp\sWL.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [7a2ca25130b7] C:\WINDOWS\system32\ati2dvaa.exe
O4 - HKLM\..\Run: [lxamsp32.exe] lxamsp32.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [fresxstyle] lockbar.exe
O4 - HKLM\..\Run: [LonPS2] c:\windows\system32\repcale.exe c:\windows\system32\palsp.exe
O4 - HKLM\..\Run: [winsysupd] c:\windows\winsysupd5.exe
O4 - HKLM\..\Run: [winsysban] c:\windows\winsysban5.exe
O4 - HKLM\..\Run: [gimmygames] C:\\gimmygames.exe
O4 - HKLM\..\Run: [blspcloader] "C:\Program Files\BellSouth Internet Tools\blsloader.exe"
O4 - HKLM\..\Run: [{08-8B-BF-FC-ZN}] c:\windows\system32\rpdsregq.exe FI002
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\qwinqsap.exe FI002
O4 - HKLM\..\RunServices: [fresxstyle] lockbar.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Kmbol] C:\WINDOWS\system32\w?wexec.exe
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [fresxstyle] lockbar.exe
O4 - HKCU\..\Run: [Notn] "C:\Program Files\apsi\wtta.exe" -vt rbnd
O4 - HKCU\..\Run: [irssyncd] C:\WINDOWS\system32\irssyncd.exe
O4 - Startup: IMStart.lnk = C:\Program Files\InterMute\IMStart.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: SpamSubtract.lnk = C:\Program Files\InterMute\SpamSubtract\SpamSub.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\qwinqsap.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O4 - Global Startup: AcBtnMgr_X63.exe.lnk = C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe
O4 - Global Startup: ACMonitor_X63.exe.lnk = C:\Program Files\LexmarkX63\ACMonitor_X63.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PopSubtract.lnk = C:\Program Files\InterMute\PopSubtract\PopSub.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-12.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} (elitectl.DemoCtl) - http://cabs.elitemed...s/mediaview.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: ModuleUsage - C:\WINDOWS\system32\mv04l9dq1.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

#6 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 02 February 2006 - 03:03 PM

Lets try this to see if it will clean some of the garbage. If not we will need to do some manual cleaning.

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/

Install it, and update the definitions to the newest files.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

Then please run Ewido, and run a full scan. Save the logfile from the scan.

Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.

#7 kiddiekarpets

kiddiekarpets

    New Member

  • Authentic Member
  • Pip
  • 15 posts

Posted 02 February 2006 - 05:39 PM

HERE IS THE EWIDO SCAN: BELOW IT IS THE NEW HIJACK THIS LOG. MY COMPUTER SEEMS TO BE RUNNING SLOW NOW. ewido anti-malware - Scan report --------------------------------------------------------- + Created on: 6:15:53 PM, 2/2/2006 + Report-Checksum: 2766DE38 + Scan result: HKLM\SOFTWARE\Classes\CLSID\{8A0DCBDA-6E20-489C-9041-C1E8A0352E75} -> Spyware.NetNucleus : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} -> Spyware.Mirar : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} -> Spyware.NetNucleus : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{9F95F736-0F62-4214-A4B4-CAA6738D4C07} -> Spyware.SaveNow : Cleaned with backup HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} -> Spyware.Mirar : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{120E090D-9136-4b78-8258-F0B44B4BD2AC} -> Spyware.Maxspeed : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{8A0DCBDA-6E20-489C-9041-C1E8A0352E75} -> Spyware.NetNucleus : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8A0DCBDA-6E20-489C-9041-C1E8A0352E75} -> Spyware.NetNucleus : Cleaned with backup HKU\S-1-5-21-566854973-1618620410-2854812708-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} -> Spyware.Mirar : Cleaned with backup HKU\S-1-5-21-566854973-1618620410-2854812708-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} -> Spyware.NetNucleus : Cleaned with backup [816] C:\WINDOWS\system32\jat500.dll -> Spyware.Look2Me : Error during cleaning [952] C:\WINDOWS\system32\jat500.dll -> Spyware.Look2Me : Error during cleaning :mozilla.6:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\e1fav95z.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup :mozilla.7:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\e1fav95z.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup :mozilla.8:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\e1fav95z.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup :mozilla.9:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\e1fav95z.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup :mozilla.10:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\e1fav95z.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup :mozilla.11:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\e1fav95z.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup :mozilla.12:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\e1fav95z.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup :mozilla.13:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\e1fav95z.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup :mozilla.14:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\e1fav95z.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup :mozilla.15:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\e1fav95z.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup :mozilla.16:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\e1fav95z.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup :mozilla.75:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9gs5yvrq.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup :mozilla.88:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9gs5yvrq.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup :mozilla.107:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9gs5yvrq.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup :mozilla.114:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9gs5yvrq.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup :mozilla.163:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9gs5yvrq.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup :mozilla.164:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9gs5yvrq.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup :mozilla.165:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9gs5yvrq.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup :mozilla.166:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9gs5yvrq.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup C:\Documents and Settings\Owner\Complete\1Click DVD Copy 4.2.1.3.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\2 Flash Games.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\214 Msn Winks.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\2Pac - Loyal to the.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\30 Flash Template.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\3D MP3 Sound Recorder 3.8.12.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\500 Albums In MP3 Format.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\A History of Violence.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\A Static Lullaby - Faso Latido.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\ABBYY ScanTo Office 1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\ACDSee 8.0.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\ACID Pro 5.0c.345.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\Acronis True Image 9.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Ad Killer 5.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Adobe Acrobat Reader 7.0.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\Adobe Audition 1.5.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\Adobe Photoshop CS Classroom In A Book.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\Adobe Photoshop CS2 9.0.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\Adobe Premiere 6 Bible.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\Advanced Security Administrator 10.1.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\Age of Empires III - Reloaded (3CD).zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Age Of Empires III.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Agnitum Outpost Firewall Pro 2.7.493.416.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Ahead DVD Ripper 1.3.5 Pro.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Ahead Nero 7.0 Premium.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Album Rammstein - Mein Teil.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\All Media Extractor 1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Alternative to Real Player.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Amazon DVD Shrinker 2.4.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Amigo Easy Video Converter 4.29.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Amy Grant - Hearts in Motion.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Animals 1600 High Resolution Photogra.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Antenna Web Design Studio 2.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\AP The Most Extreme.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Apollo Audio DVD Creator 1.1.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Arles Image Web Page Creator 6.17.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Ashampoo PowerUp XP Platinum 2 2.20.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Atrise Everyfind 6.0.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Audio Converter 5.5.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Audioslave - Audioslave.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Auto.Power.on.and.Shut.down 1.52.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Autodesk Architectural Desktop 2006.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\AutoShutdown Pro 4.7.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\AV4 Customer Management System Professional 5.7.14.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\avast! Professional Edition 4.6.691.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\Axialis IconWorkshop 5.1.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\Bandwith Monitor 2.8b605.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\Barbra Streisand - Guilty Pleasures.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Baygenie 1.1.0.2 for EBay.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\Beginner's Guide to Creating Webpage.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Best Of BB King.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\BitTornado 0.3.9a.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Black &amp; White 2.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\Black and Gray Icons.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\Black And White 2.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\BMP ICO Converter 1.0.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\Bob Marley and the Wailers - Legend.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\BPS Spyware &amp; Adware Remover 9.2.0.9.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Bride And Prejudice.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Brothers In Arms Earned In Blood.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\BSPlayer Professional 1.36.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\BubbleDiff 2.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\CAD2Shape 2.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Caligula.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Casino Island To Go.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\CCleaner 1.24.180.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\CDMenuPro 4.00.09.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Cerberus FTP Server 2.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Chameleon Clock 3.5.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\Cheetah CD Burner 3.29.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Chris RockNever Scared.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Christina Aguilera- Christina Aguilera.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Cindy Lauper - A Night To Remember.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Clipboard Box 2.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Clipboard Rover 1.0.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Clock Tray Skins.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\CloneDVD 2.4.5.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\CodeWork Browse Control 2.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Colin McRae Rally 2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Cool MP3 Converter 1.86.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\CopyToDVD 3.0.34.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\Corel Designer 10.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Corel Paint Shop Pro 10.01.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Cry Wolf (2005).zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\CyberLink PowerDVD 6.0.0.2022.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Daft Punk - Technologic.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Dance eJay 7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Dark Blue World.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Dbpoweramp 11.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\De-Phazz - Death By Chocolate.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\DEL MP3 Karaoke 4.6.4604.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\DFX Audio Enhancer 7.5.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\Dictionary Of Net.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\DirectX 9.0c Redistributable.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\DivX Pro 6.09 Bundle.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\DivXToDVD 1.99.14.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\DivXToDVD 1.99.20.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\DJ HipHop.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Dream Match Tennis 1.02.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\DVDInfoPro 4.32.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\Dynamic Submission Enterprise 7.2.23.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\EA Sports Madden 2006.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\EARTH 2160.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Easy Autorun Creator 2.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Easy DVD Clone 3.0.7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Easy FlashMaker 1.2.384.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Easy Resume Creator Pro 4.11.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\Easy WaterMark 3.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\EasyFile Sharing Web Server 3.0.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\Elecard MPEG Player 4.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Eminem 14 Videoclips.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Encyclopaedia Britannica 2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Equilibrium.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Error Doctor 2006.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Essential Fonts for Designers.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\EUROPE - The Final Countdown.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\EximiousSoft GIF Creator 1.36.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Fahrenheit - Indigo Prophecy (Game).zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Fahrenheit 911.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\FairStars Audio Converter 1.52.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\FantasyDVD Player Professional 8.30.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Fast Defrag Professional 2.25.96 SP2.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\Fate 1.21.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\FIFA '06.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\FIFA 06.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Fifa 2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\FIFA 2006.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\FileMerlin 5.0.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\Final Fantasy VII.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Flash Decompiler 2.0.0.231.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\Flash Studio Pro 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Flash Web Design The Art Of Motion Gr.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Ford Racing 3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Fresh UI 7.42.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\FXPansion Guru VSTi DXi RTAS 1.025.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Game Development with ActionScript.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\GerbTool 14.2.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\GetRight 5.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Gizmo Project 1.1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\GMail Add-ons.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Gold PACK.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Goldfish Aquarium Screensaver.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Google Earth Pro 3.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Great List Of Flash Books.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Hacker 2005 - The Broken Link.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Harry Potter and the Prisoner of Azkaban.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\HDDLife Pro 2.5.74.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Hide IP Platinum 1.75.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\Hide-IP.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\High Impact Email Pro 3.2.212.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\HippiePro 4.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Honestech Video Editor 7.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\HTTPWatch 3.2.0.63.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\IE Doctor 3.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\IE FTP Enhancer 1.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\IncrediMail Xe Premium 4.00.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Internet Explorer 7 Beta 1.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\Internet ScreenSaver Builder 5.10.040901.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\Into the Blue.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Ionworx SerialShield SDK 1.15.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\IpInterceptor 2.1.9.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\IProtectYou Pro 7.03 - Network.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\ISO Commander 1.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\ISS BlackICE PC Protection 3.6 cnu.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Jasc Virtual Painter 4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\JetAudio 6.1.3.6224.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\K-Lite Mega Codec Pack 1.38.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Kanye West - The College Dropout.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Kaspersky Anti-Virus Personal 2006.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\Kaspersky Anti-Virus Personal 5.0.153.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\Kenny G - Greatest Hits.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Kerio Personal Firewall 4.2.1.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\Kingdia DVD Ripper Professional 2.4.7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\KingDome Of Heaven.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\KL Codec Pack 2.47.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Land of the Dead.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Lavasoft Ad-Aware Pro 1.06.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\Learn Microsoft Visual C++ 6.0 Now.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\Legally Blonde 2 Special.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\LightWave 3D 8.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\LimeWire Pro 4.6.0.1.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\LimeWire Pro 4.9.19.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\LimeWire Pro 4.9.30.1.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\LinkLines 1.18.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\LiteMail 2.41.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Live Billiards Deluxe 1.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Live For Speed S2 Alpha.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Live8 London.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Lock-On Modern Air Combat.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Lokas Artistic Effects 1.8 for Adobe Photoshop.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Lord of War.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\Macromedia.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\Magic Recovery Pro 3.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Magic Utilities 2005 3.60.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\MagicTweak 3.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\Make Easy Money with Google Using the.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\McAfee AntiSpyware 2006 Premium.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\McAfee AntiSpyware 2006.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\McAfee ePolicy Orchestrator 3.5.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\McAfee Internet Security Suite 2006.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\MedianSoft Joiner-Converter 2.7.1.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\Metallica - Master of puppets.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\Metallica - St. Anger.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Microsoft Office Pro 2003 (5in1).zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\Microsoft Plus Digital Media.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\Microsoft Windows Vista Beta 1 - 22082.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\Microsoft Windows XP Tools 2005.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\Midi for Mobiles.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\Mind Technologies Visual Mind 7.0.1.16.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\MindSoft Utilities XP 8.11.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\mIRC 6.16.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\Mobile Ringtone Converter 2.3.4.32.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\MOBILedit! 1.98.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Modest Mouse - Live, 2000.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\MonitorIT 7.0.21.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\Monster In Law.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Motorhead - Hammered.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Movie DVD Maker 1.3.2.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\Mozilla Firefox 1.5 Beta 2.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\MP3 Splitter and Joiner 2.95.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\MP3Producer 2.44.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\MS Graphing Calculator 2006.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\MS Office FrontPage 2003.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\My Drivers 3.11.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\NBA Live '06.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\NBA Live 2006.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Nero 6.6.0.16 Reloaded.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\Nero 7 Premium.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\Nero 7 Ultra Edition (Origional one).zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\Nero 7.0 Ultra.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\NetCaptor 7.5.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\News Rover 11.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Newsbin 5.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Newsleecher 2.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Nirvana - 8 Albums.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\No1 DVD Audio Ripper 1.0.47.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\Nokia 6230 - 72 Games.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\Norton AntiVirus 2006.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\Norton Ghost 2005.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\Norton internet security 2005.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\Norton PartitionMagic 8.05.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\Object Desktop Suite 2005.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\OffsiteSync 3.0.1.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\One Click CD DVD Writer 1.1.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\Open Dir - 9 Albums.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\Opera 8.50.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\Panda Antivirus Platinum 7.07.01 + Update Virus Base.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\Panda Antivirus Platinum 7.07.01.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\Panda Titanium Antivirus 2006.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\Paragon Disk Wiper Professional 5.5.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\PC Adrenalin 1.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\PC Auto Shutdown 1.6.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\PC Repair v 2.0.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\PC Security Suite 4.02.8.30.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\PCSentinel Software Busted Instant Message Monitor 1.2.1.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\PCSentinel Software Red Handed Instant Message Monitor 1.2.1.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\PCSentinel Software Smoking Gun Keylogger 1.2.1.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\PDF Tools.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\Perfect Keylogger 1.6.0.1.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\Photodex ProShow Producer Version 2.51.1.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\PhotoDVD 2.013.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\Photoshop Restoration &amp; Retouching.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\Pink-Don't Let Me Get Me.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Pit Fighter.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Pop-Up Stopper Companion 4.0.1000.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Popup Ad Stopper 9.80.01.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\PowerArchiver 2004 9.02.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\Practical Software Testing.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Premium Clock 2.30.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\Privacy Shield 3.0.12.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\Quick View Plus 8.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\RAM Saver Pro 4.5.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\Real Spy Monitor 2.39.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\RealPlayer 10.5 Gold.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\Reasonable Software House NoC.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Recover My Files 3.6.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\Reggae - Alpha Blondy 17 Songs.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Registry Help Pro 1.11.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\Registry Mechanic 3.0.3.44.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\Revenant.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\Rise of Nations.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Robots (2005).zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Roger Waters - Flickering Flame.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Rome Total War - Barbarian Invasion.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Roxio Photosuite 7.0.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\S.W.A.T.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Saeta Del Ruiseñor (Joselito).zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\ScreenSwift 3.00 for Flash.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Sean Paul - Dutty Rock.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\SearchMaestro 1.1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\SeaWorld Adventure Parks Tycoon 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Selteco Flash Designer 5.0.21.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Serenity 2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Serenity.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Serious Sam II Demo.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Serv-U 5.2.0.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\ShadowUser Professional 2.5.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\Shall We Dance.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\ShopFactory Devloper 5.8.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Shrek 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Sigur Ros - Von.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Simple Red - Greatest Hits.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Simple Zoop 1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\SiSoftware Sandra 2005.SR1 10.50.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Sky High.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\SLInvest 1.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Slysoft AnyDVD 5.2.7.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Slysoft AnyDVD 5.4.1.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Smart HTTP Debugger 1.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Solaris 3CDs.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Soldiers Heroes Of World War 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Sonic PDF Creator 1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Sophos Anti-Virus 3.90.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Sorenson Squeeze Compression Suite 4.2.301.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Spinto Band - Nice and Nicely Done.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Spy Emergency 2005 2.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\SpyRemover 2.27.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\SpyRemover 2.43.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\Spyware Doctor 2.1.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\Spyware Doctor 3.2.1.359.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\Stephen King - It.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\StocksAloud 1.50.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\StompSoft Firewall X-treme 3.1.8.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\StompSoft StealthSurf X-treme 1.1.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\StopPop.net 2.07.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\StyleXP - Male - Female - Update Fix.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\Super DVD Creator 8.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Super DVD Factory 5.7.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\Sure Thing Photo Plus 1.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Surprise Maker 3.3.0.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\SuSE Linux 10.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\SWAT 4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Symantec Norton AntiVirus 2005.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\Symantec Norton Ghost 9.0.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\Symantec Norton GoBack 4.0.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\Symantec Norton SystemWorks 2005.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\System Mechanic Professional 5.5.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\System Mechanic Professional 5.5b.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\The 40 Year Old Virgin.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\The Blade Runner.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\The Cave.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\The DarknesS.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\The Exorcism of Emily Rose.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\The Fast And The Furious.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\The Future is Wild.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\The Marksman.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\The Sims 2 Nightlife.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\The SphereXP 0.81.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\The Transporter 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Thinkershome Delphi 2 C Plus Plus Builder 1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Thinkershome PC Watcher 1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Thinkershome Photo to Sketch 3.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\TMPGEnc 2.512.52.161 Plus.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Today You Die.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Total Overdose.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Trial-Reset 3.0.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\Trillian Pro 3.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\True Image Enterprise Server 8.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Tunebite 2.0.1.4.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\TweakNow PowerPack 2005 Pro 1.6.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\TweakNow PowerPack 2006 Pro 1.0.8.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\UFC Ultimate Knockout.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\UHARCGUI 3.06 Beta-3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Ulead MediaStudio Pro 8.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Ulead Video Studio 8.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Ultima Online Age of Shadows.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Ultimate BootCD.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Ultimate SpiderMan.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Ultra DVD Creator 1.3.2.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\Ultra MPEG To DVD Burner 1.3.2.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\Unlocker 1.7.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\URIAH HEEP - The Best Of.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Virtual CD 7.1.0.0.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\Vista look for XP.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\Visual Business Cards 4.07.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\Visual Zip Password Recovery 6.0.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\VMware Workstation 4.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\VueScan Professional Edition 8.3.01.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\Wake of Death.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Web Builder Deluxe 2.4.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\Web Cache Illuminator 4.6.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\Webroot Spy Sweeper 4.5.3.560.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\WebSeeker 5.0.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\Whits Chick.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\WinAmp 5.094 Pro.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Winamp 5.1 Surround Pro.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Winamp Pro 5.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Windows XP Generic Activator and Tweaker.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\WinDVD Platinum 7.0.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\WinHex 12.6.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\WinImage Professional 7.0h.7009.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\WinPatrol 9.7.4.0 Plus.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\WinRAR 3.50.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\WinRAR 3.51.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\WinShadow 2.0.2.202.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\WinTools.net Pro 6.3.1.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\WinZip 10.0.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\Without A Paddle.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\WordOMatic 1.1.5.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\WWW2Image 1.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\X-Men Legends II Rise of Apocalypse.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\Xara Suite 2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup C:\Documents and Settings\Owner\Complete\XoftSpy 3.44.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\XoftSpy 4.15.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\xp-AntiSpy 3.95.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\XPCSpy Pro 2.54.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\YetiSport 1-8.zip/Setup.exe -> Worm.VB.an : Error during cleaning C:\Documents and Settings\Owner\Complete\ZoneAlarm Pro 6.0.667.0.zip/Setup.ex

#8 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 02 February 2006 - 07:27 PM

Can I see the new hijackthis log please.

#9 kiddiekarpets

kiddiekarpets

    New Member

  • Authentic Member
  • Pip
  • 15 posts

Posted 02 February 2006 - 08:13 PM

Here is the newest log.

I really appreciate you taking the time to help me :D

Logfile of HijackThis v1.99.1
Scan saved at 9:12:05 PM, on 2/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\lxamsp32.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\windows\winsysban5.exe
C:\WINDOWS\wt\updater\wcmdmgr.exe
C:\Program Files\BellSouth Internet Tools\blsloader.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\system32\w?wexec.exe
C:\Program Files\apsi\wtta.exe
C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe
C:\Program Files\LexmarkX63\ACMonitor_X63.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Owner\My Documents\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...lion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.fin...siteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.fin...siteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.fin...siteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.fin...siteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.fin...siteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {02BC709B-C600-BAAE-7901-CDCE6DCDE2C7} - C:\WINDOWS\system32\fgae.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Real Internet Player] REAIPLAY.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [gzwt] C:\WINDOWS\gzwt.exe
O4 - HKLM\..\Run: [heFHB7M] C:\documents and settings\owner\local settings\temp\heFHB7M.exe
O4 - HKLM\..\Run: [Zr] C:\documents and settings\owner\local settings\temp\Zr.exe
O4 - HKLM\..\Run: [bKr192e] C:\documents and settings\owner\local settings\temp\bKr192e.exe
O4 - HKLM\..\Run: [s] C:\documents and settings\owner\local settings\temp\s.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [1VPxZK7] C:\documents and settings\owner\local settings\temp\1VPxZK7.exe
O4 - HKLM\..\Run: [K5xB1] C:\documents and settings\owner\local settings\temp\K5xB1.exe
O4 - HKLM\..\Run: [XKA] C:\documents and settings\owner\local settings\temp\XKA.exe
O4 - HKLM\..\Run: [sbY3U27] C:\documents and settings\owner\local settings\temp\sbY3U27.exe
O4 - HKLM\..\Run: [C5TZYZ8] c:\documents and settings\owner\local settings\temp\C5TZYZ8.exe
O4 - HKLM\..\Run: [sWL] c:\documents and settings\owner\local settings\temp\sWL.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [lxamsp32.exe] lxamsp32.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd5.exe
O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban5.exe
O4 - HKLM\..\Run: [gimmygames] C:\\gimmygames.exe
O4 - HKLM\..\Run: [blspcloader] "C:\Program Files\BellSouth Internet Tools\blsloader.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Kmbol] C:\WINDOWS\system32\w?wexec.exe
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [Notn] "C:\Program Files\apsi\wtta.exe" -vt rbnd
O4 - HKCU\..\Run: [CMSystem] "C:\Program Files\CMSystem\CMSystem.exe"
O4 - Startup: IMStart.lnk = C:\Program Files\InterMute\IMStart.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: SpamSubtract.lnk = C:\Program Files\InterMute\SpamSubtract\SpamSub.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\qwinqsap.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O4 - Global Startup: AcBtnMgr_X63.exe.lnk = C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe
O4 - Global Startup: ACMonitor_X63.exe.lnk = C:\Program Files\LexmarkX63\ACMonitor_X63.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PopSubtract.lnk = C:\Program Files\InterMute\PopSubtract\PopSub.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-12.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} (elitectl.DemoCtl) - http://cabs.elitemed...s/mediaview.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - C:\Program Files\CMSystem\plugin.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: policies - C:\WINDOWS\system32\ennol1531.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\hknbkcq.exe (file missing)

#10 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 02 February 2006 - 08:17 PM

Please download WebRoot SpySweeper from HERE >>> http://www.webroot.c...ode=af1&rc=3597 (It's a 2 week trial):
Click the Free Trial link under to "SpySweeper" to download the program.
Install it. Once the program is installed, it will open.
It will prompt you to update to the latest definitions, click Yes.
Once the definitions are installed, click Options on the left side.
Click the Sweep Options tab.
Under What to Sweep please put a check next to the following:
Sweep Memory
Sweep Registry
Sweep Cookies
Sweep All User Accounts
Enable Direct Disk Sweeping
Sweep Contents of Compressed Files
Sweep for Rootkits
Please UNCHECK Do not Sweep System Restore Folder.
Click Sweep Now on the left side.
Click the Start button.
When it's done scanning, click the Next button.
Make sure everything has a check next to it, then click the Next button.
It will remove all of the items found.
Click Session Log in the upper right corner, copy everything in that window.
Click the Summary tab and click Finish.
Paste the contents of the session log you copied into your next reply as well as a new hijackthsi log please.

NEXT

Then do a virus scan here >>> Trend Micro

Reboot

Download the trial version of trojan hunter from the link below. Update it scan your system and allow it to clean what it finds.

http://www.trojanhunter.com/

Let me know if it finds something it can not remove.

Then reboot and a new hijackthis log please.

    Advertisements

Register to Remove


#11 kiddiekarpets

kiddiekarpets

    New Member

  • Authentic Member
  • Pip
  • 15 posts

Posted 02 February 2006 - 09:49 PM

This is my spysweeper log, below is my hijack this log after running spysweeper. I am on to the next step like you said. Trend micro, reboot, Trojan hunter, reboot, new hijack log. ******** 9:52 PM: | Start of Session, Thursday, February 02, 2006 | 9:52 PM: Spy Sweeper started 9:52 PM: Sweep initiated using definitions version 610 9:52 PM: Found Adware: look2me 9:52 PM: HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\policies\ || dllname (ID = 1139663) 9:52 PM: ennol1531.dll (ID = 1139663) 9:53 PM: Starting Memory Sweep 9:53 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 9:53 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 9:53 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 9:53 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 9:54 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 9:54 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 9:54 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 9:54 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 9:55 PM: Found Adware: purityscan 9:55 PM: Detected running threat: C:\Program Files\apsi\wtta.exe (ID = 230) 9:55 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 9:55 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 9:55 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 9:55 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 9:56 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 9:56 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 9:56 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 9:56 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 9:56 PM: Memory Sweep Complete, Elapsed Time: 00:03:38 9:56 PM: Starting Registry Sweep 9:56 PM: Found Adware: begin2search 9:56 PM: HKCR\btnetw.amo.1\ (3 subtraces) (ID = 104095) 9:56 PM: HKCR\btnetw.amo\ (5 subtraces) (ID = 104096) 9:56 PM: Found Adware: hotsearchbar toolbar 9:56 PM: HKCR\btnetw.amo\ (5 subtraces) (ID = 104096) 9:56 PM: HKCR\btnetw.iiittt.1\ (3 subtraces) (ID = 104097) 9:56 PM: HKCR\btnetw.iiittt\ (5 subtraces) (ID = 104098) 9:56 PM: HKCR\btnetw.iiittt\ (5 subtraces) (ID = 104098) 9:56 PM: HKCR\btnetw.momo.1\ (3 subtraces) (ID = 104099) 9:56 PM: HKCR\btnetw.momo\ (5 subtraces) (ID = 104100) 9:56 PM: HKCR\btnetw.momo\ (5 subtraces) (ID = 104100) 9:56 PM: HKCR\btnetw.ohb.1\ (3 subtraces) (ID = 104101) 9:56 PM: HKCR\btnetw.ohb\ (5 subtraces) (ID = 104102) 9:56 PM: HKCR\btnetw.ohb\ (5 subtraces) (ID = 104102) 9:56 PM: HKCR\clsid\{9ade0443-2ab2-4b23-a3f8-ac520773de12}\ (11 subtraces) (ID = 104109) 9:56 PM: HKCR\clsid\{9ade0443-2ab2-4b23-a3f8-ac520773de12}\ (11 subtraces) (ID = 104109) 9:56 PM: HKCR\clsid\{bc54b24c-5a97-4c19-9181-8b8a05b2e931}\ (11 subtraces) (ID = 104118) 9:56 PM: HKCR\clsid\{bc54b24c-5a97-4c19-9181-8b8a05b2e931}\ (11 subtraces) (ID = 104118) 9:56 PM: HKCR\clsid\{bd9584ef-c28c-4f6d-8d49-0cee3c0e442f}\ (22 subtraces) (ID = 104119) 9:56 PM: HKCR\clsid\{bd9584ef-c28c-4f6d-8d49-0cee3c0e442f}\ (22 subtraces) (ID = 104119) 9:56 PM: HKCR\clsid\{c7888681-1a83-4c14-b9a5-95f91240b44f}\ (11 subtraces) (ID = 104120) 9:56 PM: HKCR\clsid\{c7888681-1a83-4c14-b9a5-95f91240b44f}\ (11 subtraces) (ID = 104120) 9:56 PM: HKCR\interface\{6b882c34-a832-4f5b-bef1-7e198be3f094}\ (8 subtraces) (ID = 104124) 9:56 PM: HKCR\interface\{9b6b4031-1d6d-4c65-acba-021916853822}\ (8 subtraces) (ID = 104126) 9:56 PM: HKCR\interface\{9ff60a27-0c0c-4a6a-a15f-b21b644d67bb}\ (8 subtraces) (ID = 104127) 9:56 PM: HKCR\interface\{15d53b86-e055-43b1-bbee-a91a0f37bd2a}\ (8 subtraces) (ID = 104128) 9:56 PM: HKCR\interface\{f3c41c1d-22f1-4692-8a7a-88de70a2e9e2}\ (8 subtraces) (ID = 104139) 9:56 PM: HKCR\interface\{fa6fa7a5-2c49-4567-ba74-6dd1c36099ee}\ (8 subtraces) (ID = 104141) 9:56 PM: HKLM\software\classes\btnetw.amo.1\ (3 subtraces) (ID = 104145) 9:56 PM: HKLM\software\classes\btnetw.amo\ (5 subtraces) (ID = 104146) 9:56 PM: HKLM\software\classes\btnetw.amo\ (5 subtraces) (ID = 104146) 9:56 PM: HKLM\software\classes\btnetw.iiittt.1\ (3 subtraces) (ID = 104147) 9:56 PM: HKLM\software\classes\btnetw.iiittt\ (5 subtraces) (ID = 104148) 9:56 PM: HKLM\software\classes\btnetw.iiittt\ (5 subtraces) (ID = 104148) 9:56 PM: HKLM\software\classes\btnetw.momo.1\ (3 subtraces) (ID = 104149) 9:56 PM: HKLM\software\classes\btnetw.momo\ (5 subtraces) (ID = 104150) 9:56 PM: HKLM\software\classes\btnetw.momo\ (5 subtraces) (ID = 104150) 9:56 PM: HKLM\software\classes\btnetw.ohb.1\ (3 subtraces) (ID = 104151) 9:56 PM: HKLM\software\classes\btnetw.ohb\ (5 subtraces) (ID = 104152) 9:56 PM: HKLM\software\classes\btnetw.ohb\ (5 subtraces) (ID = 104152) 9:56 PM: HKLM\software\classes\clsid\{9ade0443-2ab2-4b23-a3f8-ac520773de12}\ (11 subtraces) (ID = 104159) 9:56 PM: HKLM\software\classes\clsid\{9ade0443-2ab2-4b23-a3f8-ac520773de12}\ (11 subtraces) (ID = 104159) 9:56 PM: HKLM\software\classes\clsid\{bc54b24c-5a97-4c19-9181-8b8a05b2e931}\ (11 subtraces) (ID = 104168) 9:56 PM: HKLM\software\classes\clsid\{bc54b24c-5a97-4c19-9181-8b8a05b2e931}\ (11 subtraces) (ID = 104168) 9:56 PM: HKLM\software\classes\clsid\{bd9584ef-c28c-4f6d-8d49-0cee3c0e442f}\ (22 subtraces) (ID = 104169) 9:56 PM: HKLM\software\classes\clsid\{bd9584ef-c28c-4f6d-8d49-0cee3c0e442f}\ (22 subtraces) (ID = 104169) 9:56 PM: HKLM\software\classes\clsid\{c7888681-1a83-4c14-b9a5-95f91240b44f}\ (11 subtraces) (ID = 104170) 9:56 PM: HKLM\software\classes\clsid\{c7888681-1a83-4c14-b9a5-95f91240b44f}\ (11 subtraces) (ID = 104170) 9:56 PM: HKLM\software\classes\interface\{6b882c34-a832-4f5b-bef1-7e198be3f094}\ (8 subtraces) (ID = 104174) 9:56 PM: HKLM\software\classes\interface\{9b6b4031-1d6d-4c65-acba-021916853822}\ (8 subtraces) (ID = 104176) 9:56 PM: HKLM\software\classes\interface\{9ff60a27-0c0c-4a6a-a15f-b21b644d67bb}\ (8 subtraces) (ID = 104177) 9:56 PM: HKLM\software\classes\interface\{15d53b86-e055-43b1-bbee-a91a0f37bd2a}\ (8 subtraces) (ID = 104178) 9:56 PM: HKLM\software\classes\interface\{f3c41c1d-22f1-4692-8a7a-88de70a2e9e2}\ (8 subtraces) (ID = 104189) 9:56 PM: HKLM\software\classes\interface\{fa6fa7a5-2c49-4567-ba74-6dd1c36099ee}\ (8 subtraces) (ID = 104191) 9:56 PM: HKLM\software\classes\typelib\{bf56be6a-0aea-45f3-8b10-7312876584a8}\ (9 subtraces) (ID = 104195) 9:56 PM: HKLM\software\classes\typelib\{bf56be6a-0aea-45f3-8b10-7312876584a8}\ (9 subtraces) (ID = 104195) 9:56 PM: HKCR\typelib\{bf56be6a-0aea-45f3-8b10-7312876584a8}\ (9 subtraces) (ID = 104238) 9:56 PM: HKCR\typelib\{bf56be6a-0aea-45f3-8b10-7312876584a8}\ (9 subtraces) (ID = 104238) 9:56 PM: Found Adware: cas 9:56 PM: HKCR\clsid\{8293d547-38dd-4325-b35a-f1817edfa5fc}\ (11 subtraces) (ID = 105365) 9:56 PM: HKCR\typelib\{d4c89c18-b4f3-46a9-8800-e9e7a55afbd9}\ (9 subtraces) (ID = 105366) 9:56 PM: HKLM\software\classes\clsid\{8293d547-38dd-4325-b35a-f1817edfa5fc}\ (11 subtraces) (ID = 105368) 9:56 PM: HKLM\software\classes\typelib\{d4c89c18-b4f3-46a9-8800-e9e7a55afbd9}\ (9 subtraces) (ID = 105369) 9:56 PM: Found Adware: findthewebsiteyouneed hijack 9:56 PM: HKLM\software\microsoft\internet explorer\main\ || search page (ID = 125241) 9:56 PM: HKLM\software\microsoft\internet explorer\search\ || searchassistant (ID = 125242) 9:56 PM: Found Adware: ie driver 9:56 PM: HKU\.default\software\microsoft\internet explorer\extensions\cmdmapping\ || {120e090d-9136-4b78-8258-f0b44b4bd2ac} (ID = 127909) 9:56 PM: Found Adware: wild media - minigolf 9:56 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/wildapp.dll\ (2 subtraces) (ID = 135051) 9:56 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/minigolf_affiliate.exe\ (2 subtraces) (ID = 135052) 9:56 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\wildapp.dll (ID = 135057) 9:56 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\minigolf_affiliate.exe (ID = 135058) 9:56 PM: Found Adware: mirar webband 9:56 PM: HKCR\interface\{6e4c7afc-9915-4036-b7f9-8b3f1710788f}\ (8 subtraces) (ID = 135069) 9:56 PM: HKCR\interface\{54b287f9-fd90-4457-b65e-cb91560c021d}\ (8 subtraces) (ID = 135070) 9:56 PM: HKCR\interface\{1037b06c-84b7-4240-8d80-485810a0497d}\ (8 subtraces) (ID = 135071) 9:56 PM: HKCR\interface\{224302b0-94e9-45c2-9e5b-ba989ee556e1}\ (8 subtraces) (ID = 135072) 9:56 PM: HKCR\nn_bar_dummy.nn_bardummy.1\ (3 subtraces) (ID = 135075) 9:56 PM: HKCR\nn_bar_dummy.nn_bardummy\ (5 subtraces) (ID = 135076) 9:56 PM: HKLM\software\classes\interface\{6e4c7afc-9915-4036-b7f9-8b3f1710788f}\ (8 subtraces) (ID = 135082) 9:56 PM: HKLM\software\classes\interface\{54b287f9-fd90-4457-b65e-cb91560c021d}\ (8 subtraces) (ID = 135083) 9:56 PM: HKLM\software\classes\interface\{1037b06c-84b7-4240-8d80-485810a0497d}\ (8 subtraces) (ID = 135084) 9:56 PM: HKLM\software\classes\interface\{224302b0-94e9-45c2-9e5b-ba989ee556e1}\ (8 subtraces) (ID = 135085) 9:56 PM: HKLM\software\classes\nn_bar_dummy.nn_bardummy.1\ (3 subtraces) (ID = 135088) 9:56 PM: HKLM\software\classes\nn_bar_dummy.nn_bardummy\ (5 subtraces) (ID = 135089) 9:56 PM: HKLM\software\classes\nn_bar_dummy.nn_bardummy\clsid\ (1 subtraces) (ID = 135090) 9:56 PM: HKLM\software\classes\nn_bar_dummy.nn_bardummy\curver\ (1 subtraces) (ID = 135091) 9:56 PM: HKLM\software\classes\typelib\{566dede9-9ed8-45da-9be6-9b2eeab17f49}\ (9 subtraces) (ID = 135092) 9:56 PM: HKLM\software\classes\typelib\{f8310e7d-4c4d-46a4-a068-b5bb99411cc7}\ (9 subtraces) (ID = 135093) 9:56 PM: HKCR\typelib\{566dede9-9ed8-45da-9be6-9b2eeab17f49}\ (9 subtraces) (ID = 135121) 9:56 PM: HKCR\typelib\{f8310e7d-4c4d-46a4-a068-b5bb99411cc7}\ (9 subtraces) (ID = 135122) 9:56 PM: Found System Monitor: stealth website logger 9:56 PM: HKLM\software\microsoft\windows\currentversion\run\ || swl (ID = 142936) 9:56 PM: Found Adware: syncroad 9:56 PM: HKLM\software\windows syncroad\ (6 subtraces) (ID = 143511) 9:56 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/syncroadx.dll\ (2 subtraces) (ID = 143513) 9:56 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\syncroadx.dll (ID = 143515) 9:56 PM: Found Trojan Horse: trojan-backdoor-soundcheck 9:56 PM: HKLM\system\currentcontrolset\services\msdirectx\ (11 subtraces) (ID = 144200) 9:56 PM: Found Trojan Horse: trojan_backdoor_retro64 9:56 PM: HKCR\interface\{450b9e4d-4014-4de3-b34e-014a81468293}\ (8 subtraces) (ID = 144995) 9:56 PM: HKLM\software\classes\interface\{450b9e4d-4014-4de3-b34e-014a81468293}\ (8 subtraces) (ID = 145000) 9:56 PM: HKLM\software\classes\typelib\{c7f00a9a-f1bc-436e-82c7-e8cae6fd67f7}\ (9 subtraces) (ID = 145003) 9:56 PM: HKCR\typelib\{c7f00a9a-f1bc-436e-82c7-e8cae6fd67f7}\ (9 subtraces) (ID = 145004) 9:56 PM: Found Adware: zenosearchassistant 9:56 PM: HKLM\software\microsoft\windows\currentversion\app management\arpcache\zeno search assistant\ (2 subtraces) (ID = 147930) 9:56 PM: HKLM\software\microsoft\windows\currentversion\app management\arpcache\enhanced ads by zeno\ (2 subtraces) (ID = 147931) 9:56 PM: HKLM\software\microsoft\windows\currentversion\uninstall\enhanced ads by zeno\ (2 subtraces) (ID = 147934) 9:56 PM: HKLM\software\microsoft\windows\currentversion\uninstall\zeno search assistant\ (2 subtraces) (ID = 147935) 9:56 PM: HKCR\main.mimefilter\ (5 subtraces) (ID = 498504) 9:56 PM: HKLM\software\classes\main.mimefilter\ (5 subtraces) (ID = 498516) 9:56 PM: HKCR\main.mimefilter\ (5 subtraces) (ID = 499294) 9:56 PM: HKLM\software\classes\main.mimefilter\ (5 subtraces) (ID = 499295) 9:56 PM: HKCR\main.mimefilter.1\ (3 subtraces) (ID = 609377) 9:56 PM: HKCR\appid\{e0dc5cc4-25a5-4bc7-a3aa-3525733dc796}\ (1 subtraces) (ID = 609381) 9:56 PM: HKLM\software\classes\appid\{e0dc5cc4-25a5-4bc7-a3aa-3525733dc796}\ (1 subtraces) (ID = 609547) 9:56 PM: Found Adware: visfx 9:56 PM: HKLM\software\microsoft\windows\currentversion\uninstall\ovmon\ (2 subtraces) (ID = 712951) 9:56 PM: HKLM\system\currentcontrolset\services\windows overlay components\ (12 subtraces) (ID = 712954) 9:56 PM: HKLM\software\classes\clsid\{8293d547-38dd-4325-b35a-f1817edfa5fc}\progid\ (1 subtraces) (ID = 724042) 9:56 PM: HKCR\appid\main.dll\ || appid (ID = 889946) 9:56 PM: HKLM\software\classes\appid\main.dll\ || appid (ID = 889947) 9:56 PM: Found Adware: elitemediagroup-pop64 9:56 PM: HKCR\elitectl.democtl\ (3 subtraces) (ID = 967500) 9:56 PM: HKCR\clsid\{9ac54695-69a4-46f1-be10-10c74f9520d5}\ (27 subtraces) (ID = 967504) 9:56 PM: HKCR\interface\{b216c7fc-397c-45f0-adfc-907df3c87339}\ (8 subtraces) (ID = 967532) 9:56 PM: HKCR\interface\{efdfe6ee-8888-422e-ab3c-b48589338ae3}\ (8 subtraces) (ID = 967541) 9:56 PM: HKCR\typelib\{5bec549d-581b-4636-ae75-28645e8cddc1}\ (9 subtraces) (ID = 967550) 9:56 PM: HKLM\software\classes\elitectl.democtl\ (3 subtraces) (ID = 967560) 9:56 PM: HKLM\software\classes\clsid\{9ac54695-69a4-46f1-be10-10c74f9520d5}\ (27 subtraces) (ID = 967564) 9:56 PM: HKLM\software\classes\interface\{b216c7fc-397c-45f0-adfc-907df3c87339}\ (8 subtraces) (ID = 967592) 9:56 PM: HKLM\software\classes\interface\{efdfe6ee-8888-422e-ab3c-b48589338ae3}\ (8 subtraces) (ID = 967601) 9:56 PM: HKLM\software\classes\typelib\{5bec549d-581b-4636-ae75-28645e8cddc1}\ (9 subtraces) (ID = 967610) 9:56 PM: HKLM\software\microsoft\windows\currentversion\uninstall\elitemediagroup\ (2 subtraces) (ID = 1015939) 9:56 PM: Found Adware: command 9:56 PM: HKLM\system\currentcontrolset\enum\root\legacy_cmdservice\0000\ (6 subtraces) (ID = 1016064) 9:56 PM: HKLM\system\currentcontrolset\enum\root\legacy_cmdservice\ (8 subtraces) (ID = 1016072) 9:56 PM: HKLM\software\microsoft\windows\currentversion\uninstall\{a394e835-c8d6-4b4b-884b-d2709059f3be}\ (7 subtraces) (ID = 1110756) 9:56 PM: Found Adware: findthewebsiteyouneed hijacker 9:56 PM: HKLM\software\microsoft\windows\currentversion\run\ || winsysupd (ID = 1121711) 9:56 PM: HKLM\software\microsoft\windows\currentversion\run\ || winsysban (ID = 1121712) 9:56 PM: HKU\S-1-5-21-566854973-1618620410-2854812708-1003\software\microsoft\internet explorer\main\ || default_search_url (ID = 125236) 9:56 PM: HKU\S-1-5-21-566854973-1618620410-2854812708-1003\software\microsoft\internet explorer\main\ || search bar (ID = 125237) 9:56 PM: HKU\S-1-5-21-566854973-1618620410-2854812708-1003\software\microsoft\internet explorer\main\ || search page (ID = 125238) 9:56 PM: HKU\S-1-5-21-566854973-1618620410-2854812708-1003\software\microsoft\internet explorer\main\ || start page (ID = 125239) 9:56 PM: Found Adware: lopdotcom 9:56 PM: HKU\S-1-5-21-566854973-1618620410-2854812708-1003\software\microsoft\windows\currentversion\run\ || notn (ID = 131448) 9:56 PM: HKU\S-1-5-21-566854973-1618620410-2854812708-1003\software\microsoft\internet explorer\toolbar\webbrowser\ || {9a9c9b68-f908-4aab-8d0c-10ea8997f37e} (ID = 135102) 9:56 PM: HKU\S-1-5-21-566854973-1618620410-2854812708-1003\software\microsoft\internet explorer\search\searchassistant explorer\main\ || default_search_url (ID = 555437) 9:56 PM: HKU\S-1-5-21-566854973-1618620410-2854812708-1003\software\microsoft\internet explorer\main\ || search bar (ID = 790268) 9:56 PM: HKU\S-1-5-21-566854973-1618620410-2854812708-1003\software\microsoft\internet explorer\main\ || default_search_url (ID = 790269) 9:56 PM: HKU\S-1-5-21-566854973-1618620410-2854812708-1003\software\cmsystem\ (1 subtraces) (ID = 820421) 9:56 PM: HKU\S-1-5-21-566854973-1618620410-2854812708-1003\software\microsoft\windows\currentversion\run\ || cmsystem (ID = 820436) 9:57 PM: HKU\S-1-5-18\software\microsoft\internet explorer\extensions\cmdmapping\ || {120e090d-9136-4b78-8258-f0b44b4bd2ac} (ID = 127930) 9:57 PM: Found Adware: maxifiles 9:57 PM: HKU\S-1-5-18\software\microsoft\internet explorer\extensions\cmdmapping\ || {77fbf9b8-1d37-4ff2-9ced-192d8e3aba6f} (ID = 1021025) 9:57 PM: Registry Sweep Complete, Elapsed Time:00:00:20 9:57 PM: Starting Cookie Sweep 9:57 PM: Found Spy Cookie: adecn cookie 9:57 PM: owner@adecn[1].txt (ID = 2063) 9:57 PM: Found Spy Cookie: adlegend cookie 9:57 PM: owner@adlegend[1].txt (ID = 2074) 9:57 PM: Found Spy Cookie: hbmediapro cookie 9:57 PM: owner@adopt.hbmediapro[2].txt (ID = 2768) 9:57 PM: Found Spy Cookie: banners cookie 9:57 PM: owner@banners[1].txt (ID = 2282) 9:57 PM: owner@banners[2].txt (ID = 2282) 9:57 PM: Found Spy Cookie: cc214142 cookie 9:57 PM: owner@cc214142[2].txt (ID = 2366) 9:57 PM: Found Spy Cookie: starware.com cookie 9:57 PM: owner@h.starware[2].txt (ID = 3442) 9:57 PM: owner@hbmediapro[2].txt (ID = 2767) 9:57 PM: Found Spy Cookie: screensavers.com cookie 9:57 PM: owner@i.screensavers[2].txt (ID = 3298) 9:57 PM: Found Spy Cookie: kmpads cookie 9:57 PM: owner@kmpads[2].txt (ID = 2909) 9:57 PM: owner@starware[2].txt (ID = 3441) 9:57 PM: Found Spy Cookie: reliablestats cookie 9:57 PM: owner@stats1.reliablestats[2].txt (ID = 3254) 9:57 PM: Found Spy Cookie: tacoda cookie 9:57 PM: owner@tacoda[2].txt (ID = 6444) 9:57 PM: owner@www.screensavers[2].txt (ID = 3298) 9:57 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00 9:57 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 9:57 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 9:57 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 9:57 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 9:57 PM: Starting File Sweep 9:57 PM: c:\program files\network monitor (ID = -2147459771) 9:57 PM: Found Adware: delfin 9:57 PM: c:\documents and settings\all users\application data\dpi (2 subtraces) (ID = -2147481137) 9:57 PM: c:\documents and settings\all users\application data\pcsvc (11 subtraces) (ID = -2147481135) 9:57 PM: c:\program files\common files\dpi (ID = -2147481129) 9:57 PM: c:\program files\cmsystem (1 subtraces) (ID = -2147471610) 9:57 PM: Found Trojan Horse: fu rootkit components 9:57 PM: a0275931.sys (ID = 134168) 9:57 PM: a0273933.sys (ID = 134168) 9:57 PM: a0281701.sys (ID = 134168) 9:57 PM: a0281784.exe (ID = 185985) 9:57 PM: a0274936.sys (ID = 134168) 9:57 PM: a0276931.sys (ID = 134168) 9:57 PM: a0279931.sys (ID = 134168) 9:57 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 9:57 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 9:57 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 9:57 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 9:57 PM: a0270861.sys (ID = 134168) 9:57 PM: a0277931.sys (ID = 134168) 9:57 PM: Found Trojan Horse: trojan-downloader-dh 9:57 PM: a0280098.exe (ID = 208497) 9:57 PM: a0266860.sys (ID = 134168) 9:57 PM: a0280700.sys (ID = 134168) 9:57 PM: a0268860.sys (ID = 134168) 9:57 PM: a0278931.sys (ID = 134168) 9:57 PM: a0271860.sys (ID = 134168) 9:57 PM: a0271932.sys (ID = 134168) 9:57 PM: a0269860.sys (ID = 134168) 9:57 PM: a0267860.sys (ID = 134168) 9:57 PM: a0281780.exe (ID = 168558) 9:57 PM: Found Adware: gain - common components 9:57 PM: hdplugin1019.inf (ID = 61473) 9:57 PM: a0279996.sys (ID = 134168) 9:57 PM: Found Adware: dollarrevenue 9:57 PM: a0266877.exe (ID = 233932) 9:57 PM: a0284885.sys (ID = 134168) 9:57 PM: a0280459.sys (ID = 134168) 9:57 PM: a0285878.sys (ID = 134168) 9:57 PM: a0274011.exe (ID = 208539) 9:57 PM: a0280008.exe (ID = 239527) 9:58 PM: a0281838.sys (ID = 134168) 9:58 PM: Found Adware: quicklink search toolbar 9:58 PM: a0280062.exe (ID = 238240) 9:58 PM: a0280054.exe (ID = 237448) 9:58 PM: Found Adware: surfsidekick 9:58 PM: a0274928.dll (ID = 189) 9:58 PM: a0255464.sys (ID = 134168) 9:58 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 9:58 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 9:58 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 9:58 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 9:58 PM: a0283883.sys (ID = 134168) 9:58 PM: a0253394.sys (ID = 134168) 9:58 PM: a0281795.sys (ID = 134168) 9:58 PM: a0280063.exe (ID = 238236) 9:58 PM: a0280082.exe (ID = 212828) 9:58 PM: a0267877.exe (ID = 233932) 9:58 PM: Found Adware: webhancer 9:58 PM: a0280021.exe (ID = 208917) 9:58 PM: a0280080.exe (ID = 212830) 9:58 PM: Found Adware: clipgenie 9:58 PM: a0285895.exe (ID = 53067) 9:58 PM: Found Adware: emarketmakers 9:58 PM: movies.exe (ID = 60101) 9:58 PM: Found Adware: wfgtech 9:58 PM: a0280093.dll (ID = 236430) 9:58 PM: a0255546.exe (ID = 230704) 9:58 PM: a0281779.dll (ID = 163672) 9:58 PM: setup.exe (ID = 63133) 9:58 PM: a0255547.exe (ID = 208539) 9:58 PM: a0285924.exe (ID = 63151) 9:58 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 9:58 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 9:58 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 9:58 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 9:59 PM: Found Adware: searchtoolbar 9:59 PM: stlb2.xml (ID = 75193) 9:59 PM: hdplugin1019.inf (ID = 61473) 9:59 PM: hdplugin1019.inf (ID = 61473) 9:59 PM: a0251357.sys (ID = 134168) 9:59 PM: a0280086.exe (ID = 238239) 9:59 PM: a0280007.exe (ID = 239528) 9:59 PM: Found Adware: linkmaker 9:59 PM: a0255517.exe (ID = 200300) 9:59 PM: a0285926.dll (ID = 70014) 9:59 PM: a0280029.dll (ID = 189) 9:59 PM: a0280019.exe (ID = 208348) 9:59 PM: a0255823.sys (ID = 134168) 9:59 PM: a0251394.sys (ID = 134168) 9:59 PM: a0264860.sys (ID = 134168) 9:59 PM: a0255882.sys (ID = 134168) 9:59 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 9:59 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 9:59 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 9:59 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 9:59 PM: a0255535.exe (ID = 208497) 9:59 PM: a0255541.exe (ID = 230703) 9:59 PM: Found Adware: elitemediagroup-mediamotor 9:59 PM: mm20.inf (ID = 74036) 9:59 PM: hdplugin1019.inf (ID = 61473) 9:59 PM: Found Adware: whenu weathercast 9:59 PM: a0285888.exe (ID = 83765) 9:59 PM: Found Adware: clkoptimizer 9:59 PM: a0255401.dll (ID = 188960) 9:59 PM: hdplugin1019.inf (ID = 61473) 9:59 PM: mm20.inf (ID = 74036) 9:59 PM: hdplugin1019.inf (ID = 61473) 10:00 PM: hdplugin1019.inf (ID = 61473) 10:00 PM: a0260822.sys (ID = 134168) 10:00 PM: mm20.inf (ID = 74036) 10:00 PM: a0255519.vbs (ID = 231442) 10:00 PM: hdplugin1019.inf (ID = 61473) 10:00 PM: a0285925.exe (ID = 63160) 10:00 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:00 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:00 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:00 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:00 PM: hdplugin1019.inf (ID = 61473) 10:00 PM: a0285918.dll (ID = 51054) 10:00 PM: a0280079.exe (ID = 212831) 10:00 PM: a0259822.sys (ID = 134168) 10:00 PM: remove_tools.html (ID = 57781) 10:00 PM: a0252394.sys (ID = 134168) 10:00 PM: a0254400.exe (ID = 188961) 10:00 PM: a0254397.sys (ID = 134168) 10:00 PM: Found Adware: e2g 10:00 PM: a0280090.exe (ID = 236511) 10:00 PM: a0263825.sys (ID = 134168) 10:00 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:00 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:00 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:00 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:01 PM: a0280053.dll (ID = 214221) 10:01 PM: a0261822.sys (ID = 134168) 10:01 PM: a0255540.exe (ID = 216717) 10:01 PM: a0280789.exe (ID = 60100) 10:01 PM: a0285915.sys (ID = 134168) 10:01 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:01 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:01 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:01 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:01 PM: a0255396.sys (ID = 134168) 10:01 PM: a0255595.sys (ID = 134168) 10:01 PM: all_icons.exe (ID = 60097) 10:01 PM: a0280088.dll (ID = 180542) 10:01 PM: mediaticketsinstaller.ocx (ID = 73162) 10:01 PM: a0280065.exe (ID = 188217) 10:01 PM: a0255545.exe (ID = 203674) 10:01 PM: a0274931.dll (ID = 215893) 10:02 PM: a0280919.dll (ID = 208918) 10:02 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:02 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:02 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:02 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:02 PM: a0282846.dll (ID = 159) 10:02 PM: a0265877.exe (ID = 233932) 10:02 PM: hdplugin1019.inf (ID = 61473) 10:02 PM: Found Adware: tvmedia 10:02 PM: tvmknwrd.dll (ID = 81726) 10:02 PM: Found Adware: virtualbouncer 10:02 PM: wrapperouter1154.exe (ID = 82857) 10:02 PM: wrapperouter1154.exe (ID = 82857) 10:02 PM: a0258822.sys (ID = 134168) 10:02 PM: hdplugin1019.inf (ID = 61473) 10:02 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:02 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:02 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:02 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:02 PM: a0257822.sys (ID = 134168) 10:02 PM: a0285911.dll (ID = 159) 10:02 PM: hdplugin1019.inf (ID = 61473) 10:03 PM: a0254402.dll (ID = 188960) 10:03 PM: Found Adware: exact cashback/bargain buddy 10:03 PM: a0285882.exe (ID = 50585) 10:03 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:03 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:03 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:03 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:03 PM: a0280025.exe (ID = 239203) 10:03 PM: a0285917.dll (ID = 159) 10:03 PM: a0285928.dll (ID = 163672) 10:03 PM: a0281783.dll (ID = 144945) 10:03 PM: wrapperouter1154041018.exe (ID = 82859) 10:04 PM: hdplugin1019.inf (ID = 61473) 10:04 PM: gatorhdplugin.log (ID = 119819) 10:04 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:04 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:04 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:04 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:04 PM: a0238880.exe (ID = 198741) 10:04 PM: a0285929.exe (ID = 74177) 10:04 PM: a0285884.exe (ID = 185985) 10:04 PM: pf78.exe (ID = 164525) 10:04 PM: a0280055.dll (ID = 238167) 10:04 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:04 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:04 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:04 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:04 PM: a0272933.exe (ID = 185254) 10:04 PM: uninstall_nmon.vbs (ID = 231442) 10:05 PM: hdplugin1019.inf (ID = 61473) 10:05 PM: a0274930.exe (ID = 216712) 10:05 PM: a0265860.sys (ID = 134168) 10:05 PM: a0280097.dll (ID = 208494) 10:05 PM: a0280095.exe (ID = 203674) 10:05 PM: a0262825.sys (ID = 134168) 10:05 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:05 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:05 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:05 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:05 PM: a0272931.sys (ID = 134168) 10:05 PM: a0255399.exe (ID = 188961) 10:05 PM: a0282838.sys (ID = 134168) 10:05 PM: a0282881.sys (ID = 134168) 10:05 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:05 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:05 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:05 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:05 PM: setup4.exe (ID = 63134) 10:06 PM: a0280027.exe (ID = 216712) 10:06 PM: hdplugin1019.inf (ID = 61473) 10:06 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:06 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:06 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:06 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:06 PM: hdplugin1019.inf (ID = 61473) 10:06 PM: a0255513.exe (ID = 212815) 10:06 PM: a0280092.exe (ID = 236512) 10:06 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:06 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:06 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:06 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:07 PM: a0255543.dll (ID = 232757) 10:07 PM: hdplugin1019.inf (ID = 61473) 10:07 PM: a0255516.exe (ID = 214398) 10:07 PM: luwfx10n.dll (ID = 159) 10:07 PM: a0285898.exe (ID = 136067) 10:07 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:07 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:07 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:07 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:08 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:08 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:08 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:08 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:08 PM: a0285913.dll (ID = 163672) 10:08 PM: a0281848.dll (ID = 163672) 10:08 PM: hdplugin1019.inf (ID = 61473) 10:08 PM: a0265862.exe (ID = 185254) 10:08 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:08 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:08 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:08 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:08 PM: a0274929.dll (ID = 216713) 10:08 PM: a0285908.dll (ID = 163672) 10:08 PM: a0280028.dll (ID = 216713) 10:08 PM: a0280015.dll (ID = 159) 10:09 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:09 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:09 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:09 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:09 PM: a0285880.exe (ID = 208539) 10:09 PM: a0255400.dll (ID = 188959) 10:09 PM: Found Trojan Horse: trojan-backdoor-surila 10:09 PM: a0264846.exe (ID = 184175) 10:09 PM: a0280046.exe (ID = 216230) 10:09 PM: a0263840.exe (ID = 233932) 10:09 PM: mm20.inf (ID = 74036) 10:09 PM: a0266862.exe (ID = 185254) 10:09 PM: a0264823.sys (ID = 134168) 10:09 PM: a0280043.exe (ID = 239204) 10:09 PM: a0274939.exe (ID = 185254) 10:09 PM: a0280045.exe (ID = 237561) 10:09 PM: a0284880.dll (ID = 154758) 10:09 PM: a0280463.exe (ID = 185254) 10:09 PM: a0280672.exe (ID = 185254) 10:09 PM: a0255461.exe (ID = 188701) 10:09 PM: a0280018.exe (ID = 208351) 10:09 PM: a0255459.exe (ID = 188961) 10:09 PM: a0280436.exe (ID = 233932) 10:09 PM: a0255583.dll (ID = 215893) 10:10 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:10 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:10 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:10 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:10 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:10 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:10 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:10 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:10 PM: mm21.inf (ID = 74043) 10:10 PM: a0264839.exe (ID = 233932) 10:11 PM: Found Adware: whenu savenow 10:11 PM: a0280786.exe (ID = 74466) 10:11 PM: a0279933.exe (ID = 185254) 10:11 PM: a0280502.exe (ID = 184175) 10:11 PM: a0255534.dll (ID = 208494) 10:11 PM: a0280089.exe (ID = 208542) 10:11 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:11 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:11 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:11 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:11 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:11 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:11 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:11 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:11 PM: a0255508.exe (ID = 212828) 10:11 PM: a0255457.dll (ID = 188960) 10:11 PM: a0285936.exe (ID = 235993) 10:11 PM: a0255506.exe (ID = 212830) 10:11 PM: a0255397.exe (ID = 188701) 10:12 PM: a0255539.exe (ID = 208542) 10:12 PM: a0263818.dll (ID = 215713) 10:12 PM: a0273936.exe (ID = 185254) 10:12 PM: a0285889.exe (ID = 185463) 10:12 PM: r8p8li7u18.dll (ID = 159) 10:12 PM: a0255505.exe (ID = 212831) 10:12 PM: a0285927.dll (ID = 185460) 10:12 PM: a0281833.dll (ID = 159) 10:12 PM: a0281798.dll (ID = 159) 10:12 PM: a0280026.dll (ID = 159) 10:12 PM: elite.inf (ID = 187156) 10:12 PM: a0275935.exe (ID = 185254) 10:12 PM: a0264878.exe (ID = 233932) 10:12 PM: a0281797.dll (ID = 163672) 10:12 PM: a0285916.dll (ID = 159) 10:12 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:12 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:12 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:12 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:12 PM: a0281782.exe (ID = 144946) 10:12 PM: a0255454.exe (ID = 185254) 10:12 PM: a0276933.exe (ID = 185254) 10:12 PM: a0283899.dll (ID = 159) 10:12 PM: a0277933.exe (ID = 185254) 10:12 PM: a0254401.dll (ID = 188959) 10:12 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:12 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:12 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:12 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:12 PM: Found Adware: apropos 10:12 PM: atmtd.dll (ID = 166754) 10:12 PM: a0279999.dll (ID = 159) 10:13 PM: a0285907.dll (ID = 159) 10:13 PM: a0267862.exe (ID = 185254) 10:13 PM: a0285883.exe (ID = 168558) 10:13 PM: a0285914.dll (ID = 159) 10:13 PM: a0271862.exe (ID = 185254) 10:13 PM: a0261824.exe (ID = 185254) 10:13 PM: a0285906.dll (ID = 159) 10:13 PM: a0285952.dll (ID = 159) 10:13 PM: a0284876.dll (ID = 159) 10:13 PM: a0259825.exe (ID = 185254) 10:13 PM: a0255404.exe (ID = 185254) 10:13 PM: a0255586.dll (ID = 189) 10:13 PM: a0255584.exe (ID = 216712) 10:13 PM: a0264862.exe (ID = 185254) 10:13 PM: a0280014.dll (ID = 159) 10:13 PM: a0268862.exe (ID = 185254) 10:13 PM: a0255536.exe (ID = 188701) 10:13 PM: a0278933.exe (ID = 185254) 10:13 PM: a0264824.exe (ID = 185254) 10:13 PM: a0271933.exe (ID = 185254) 10:13 PM: a0260824.exe (ID = 185254) 10:13 PM: a0255587.exe (ID = 231443) 10:13 PM: a0263824.exe (ID = 185254) 10:13 PM: a0255514.dll (ID = 212814) 10:13 PM: a0255502.exe (ID = 216230) 10:13 PM: a0255585.dll (ID = 216713) 10:13 PM: ennol1531.dll (ID = 159) 10:13 PM: a0254404.exe (ID = 185254) 10:13 PM: a0255489.exe (ID = 217958) 10:13 PM: a0285941.dll (ID = 159) 10:13 PM: a0285932.exe (ID = 239527) 10:13 PM: a0285931.exe (ID = 239528) 10:13 PM: a0285894.exe (ID = 144946) 10:13 PM: a0285893.dll (ID = 144945) 10:14 PM: a0285886.exe (ID = 231443) 10:14 PM: a0285923.dll (ID = 163672) 10:14 PM: a0285897.exe (ID = 238586) 10:14 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:14 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:14 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:14 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:14 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:14 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:14 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:14 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:14 PM: a0285904.exe (ID = 233932) 10:14 PM: a0254398.exe (ID = 188701) 10:14 PM: a0262823.exe (ID = 185254) 10:14 PM: a0270863.exe (ID = 185254) 10:14 PM: a0280010.dll (ID = 159) 10:14 PM: a0280020.dll (ID = 208352) 10:14 PM: en80l1lm1.dll (ID = 159) 10:14 PM: a0286955.dll (ID = 159) 10:14 PM: a0238989.dll (ID = 198616) 10:14 PM: a0280059.cfg (ID = 208796) 10:14 PM: a0280937.exe (ID = 233482) 10:14 PM: a0280936.exe (ID = 233481) 10:14 PM: a0285891.exe (ID = 230704) 10:14 PM: a0285890.exe (ID = 230703) 10:14 PM: a0285881.exe (ID = 216717) 10:14 PM: a0281714.dll (ID = 163672) 10:14 PM: a0281696.dll (ID = 163672) 10:14 PM: a0280389.exe (ID = 238586) 10:14 PM: a0280390.exe (ID = 238283) 10:14 PM: a0280391.exe (ID = 238284) 10:14 PM: a0269862.exe (ID = 185254) 10:14 PM: a0279994.exe (ID = 185254) 10:14 PM: a0255458.dll (ID = 188959) 10:14 PM: a0263847.exe (ID = 217958) 10:15 PM: a0255537.cpl (ID = 189954) 10:15 PM: a0285910.dll (ID = 159) 10:15 PM: a0281781.dll (ID = 166754) 10:15 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:15 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:15 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:15 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:15 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:15 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:15 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:15 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:15 PM: Found Adware: hotbar 10:15 PM: hotbar.inf (ID = 62344) 10:15 PM: zeno.lnk (ID = 146127) 10:15 PM: nt68rrtc12.sys (ID = 220230) 10:15 PM: msnav32.ax (ID = 220229) 10:15 PM: z_start.lnk (ID = 235994) 10:15 PM: Found Adware: effective-i toolbar 10:15 PM: a0280050.lnk (ID = 59855) 10:15 PM: a0280023.ini (ID = 188794) 10:15 PM: Found Adware: zquest 10:15 PM: a0280052.ini (ID = 238253) 10:15 PM: a0280049.lnk (ID = 59838) 10:15 PM: myupdates.dat (ID = 198788) 10:15 PM: Found Adware: whenu 10:15 PM: wuinst.inf (ID = 74480) 10:15 PM: zxdnt3d.cfg (ID = 91140) 10:15 PM: Found Adware: mindset interactive - favoriteman 10:15 PM: atpartners.inf (ID = 69817) 10:15 PM: Found Adware: twain-tech 10:15 PM: wininit.ini (ID = 81900) 10:15 PM: Found Adware: ieplugin 10:15 PM: default.inf (ID = 63343) 10:15 PM: Found Adware: winad 10:15 PM: winadx.inf (ID = 90469) 10:15 PM: a0255520.vbs (ID = 185675) 10:15 PM: ke.vbs (ID = 185675) 10:16 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:16 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:16 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:16 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:16 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:16 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:16 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:16 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:17 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:17 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:17 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:17 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:17 PM: Warning: Invalid file - not a PKZip file 10:17 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:17 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:17 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:17 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:18 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:18 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:18 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:18 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:18 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:18 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:18 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:18 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:18 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:18 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:18 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:18 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:19 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:19 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:19 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:19 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:19 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:19 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:19 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:19 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:20 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:20 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:20 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:20 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:20 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:20 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:20 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:20 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:20 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:20 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:20 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:20 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:21 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:21 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:21 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:21 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:21 PM: Warning: Invalid file - not a PKZip file 10:21 PM: Warning: Invalid file - not a PKZip file 10:21 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:21 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:21 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:21 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:21 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:21 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:21 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:21 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:22 PM: Warning: Invalid Stream 10:22 PM: Warning: Invalid Stream 10:22 PM: Warning: Invalid Stream 10:22 PM: Warning: Invalid file - not a PKZip file 10:22 PM: Warning: Invalid file - not a PKZip file 10:22 PM: Warning: Invalid file - not a PKZip file 10:22 PM: Warning: Invalid file - not a PKZip file 10:22 PM: Warning: Invalid file - not a PKZip file 10:22 PM: Warning: Invalid file - not a PKZip file 10:22 PM: Warning: Invalid Stream 10:22 PM: Warning: Invalid Stream 10:22 PM: Warning: Invalid Stream 10:22 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:22 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:22 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:22 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:23 PM: File Sweep Complete, Elapsed Time: 00:26:01 10:23 PM: Full Sweep has completed. Elapsed time 00:30:10 10:23 PM: Traces Found: 1321 10:23 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:23 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:23 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:23 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:23 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:23 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:23 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:23 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:24 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:24 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:24 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:24 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:24 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:24 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:24 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:24 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:24 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:24 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:24 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:24 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:25 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:25 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:25 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:25 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:25 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:25 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:25 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:25 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:25 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:25 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:25 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:25 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:26 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:26 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:26 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:26 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:26 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:26 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:26 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:26 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:27 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:27 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:27 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:27 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:27 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:27 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:27 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:27 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:28 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:28 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:28 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:28 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:28 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:28 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:28 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:28 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:28 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:28 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:28 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:28 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:29 PM: Removal process initiated 10:29 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:29 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:29 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:29 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:29 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:29 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:29 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:29 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:29 PM: Quarantining All Traces: clkoptimizer 10:30 PM: Quarantining All Traces: ie driver 10:30 PM: Quarantining All Traces: look2me 10:30 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:30 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:30 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:30 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:30 PM: look2me is in use. It will be removed on reboot. 10:30 PM: ennol1531.dll is in use. It will be removed on reboot. 10:30 PM: luwfx10n.dll is in use. It will be removed on reboot. 10:30 PM: r8p8li7u18.dll is in use. It will be removed on reboot. 10:30 PM: ennol1531.dll is in use. It will be removed on reboot. 10:30 PM: Quarantining All Traces: lopdotcom 10:30 PM: Quarantining All Traces: purityscan 10:30 PM: purityscan is in use. It will be removed on reboot. 10:30 PM: C:\Program Files\apsi\wtta.exe is in use. It will be removed on reboot. 10:30 PM: Quarantining All Traces: stealth website logger 10:30 PM: Quarantining All Traces: trojan-backdoor-surila 10:30 PM: Quarantining All Traces: visfx 10:30 PM: Quarantining All Traces: apropos 10:30 PM: Quarantining All Traces: begin2search 10:30 PM: Quarantining All Traces: cas 10:30 PM: Quarantining All Traces: delfin 10:30 PM: Quarantining All Traces: dollarrevenue 10:30 PM: Quarantining All Traces: e2g 10:30 PM: Quarantining All Traces: fu rootkit components 10:30 PM: Quarantining All Traces: hotbar 10:30 PM: Quarantining All Traces: maxifiles 10:30 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:30 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:30 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:30 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:31 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:31 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:31 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:31 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:31 PM: Quarantining All Traces: mindset interactive - favoriteman 10:31 PM: Quarantining All Traces: quicklink search toolbar 10:31 PM: Quarantining All Traces: surfsidekick 10:31 PM: Quarantining All Traces: trojan_backdoor_retro64 10:31 PM: Quarantining All Traces: trojan-backdoor-soundcheck 10:31 PM: Quarantining All Traces: trojan-downloader-dh 10:31 PM: Quarantining All Traces: winad 10:31 PM: Quarantining All Traces: zquest 10:31 PM: Quarantining All Traces: clipgenie 10:31 PM: Quarantining All Traces: command 10:31 PM: Quarantining All Traces: effective-i toolbar 10:31 PM: Quarantining All Traces: elitemediagroup-mediamotor 10:31 PM: Quarantining All Traces: elitemediagroup-pop64 10:31 PM: Quarantining All Traces: emarketmakers 10:31 PM: Quarantining All Traces: exact cashback/bargain buddy 10:31 PM: Quarantining All Traces: findthewebsiteyouneed hijacker 10:31 PM: Quarantining All Traces: findthewebsiteyouneed hijack 10:31 PM: Quarantining All Traces: hotsearchbar toolbar 10:31 PM: Quarantining All Traces: ieplugin 10:31 PM: Quarantining All Traces: linkmaker 10:31 PM: Quarantining All Traces: mirar webband 10:31 PM: Quarantining All Traces: searchtoolbar 10:31 PM: Quarantining All Traces: syncroad 10:31 PM: Quarantining All Traces: tvmedia 10:31 PM: Quarantining All Traces: twain-tech 10:31 PM: Quarantining All Traces: virtualbouncer 10:31 PM: Quarantining All Traces: webhancer 10:31 PM: Quarantining All Traces: wfgtech 10:31 PM: Quarantining All Traces: wild media - minigolf 10:31 PM: Quarantining All Traces: zenosearchassistant 10:31 PM: Quarantining All Traces: adecn cookie 10:31 PM: Quarantining All Traces: adlegend cookie 10:31 PM: Quarantining All Traces: banners cookie 10:31 PM: Quarantining All Traces: cc214142 cookie 10:31 PM: Quarantining All Traces: gain - common components 10:31 PM: Quarantining All Traces: hbmediapro cookie 10:31 PM: Quarantining All Traces: kmpads cookie 10:31 PM: Quarantining All Traces: reliablestats cookie 10:31 PM: Quarantining All Traces: screensavers.com cookie 10:31 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:31 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:31 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:31 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:31 PM: Quarantining All Traces: starware.com cookie 10:31 PM: Quarantining All Traces: tacoda cookie 10:31 PM: Q

#12 kiddiekarpets

kiddiekarpets

    New Member

  • Authentic Member
  • Pip
  • 15 posts

Posted 02 February 2006 - 10:32 PM

Okay,
I did everything you said next. Trend micro, reboot, trojan hunter, I allowed it to clean what it scanned, reboot, and here is the new hijackthis log.
The computer is slow opening outlook express, and clicking the link to this page.


Logfile of HijackThis v1.99.1
Scan saved at 11:28:20 PM, on 2/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\lxamsp32.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\wt\updater\wcmdmgr.exe
C:\Program Files\BellSouth Internet Tools\blsloader.exe
C:\Program Files\TrojanHunter 4.2\THGuard.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\system32\w?wexec.exe
C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe
C:\Program Files\LexmarkX63\ACMonitor_X63.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\InterMute\PopSubtract\PopSub.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\wanmpsvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\My Documents\Downloads\HijackThis.exe
C:\Program Files\apsi\wtta.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...lion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {02BC709B-C600-BAAE-7901-CDCE6DCDE2C7} - C:\WINDOWS\system32\fgae.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {02BC709B-C600-BAAE-7901-CDCE6DCDE2C7} - C:\WINDOWS\system32\fgae.dll
O2 - BHO: BlspcHlpr Class - {15C9938F-CB96-496D-800A-B827F2E34EA1} - C:\Program Files\BellSouth Internet Tools\blspc.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Real Internet Player] REAIPLAY.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [gzwt] C:\WINDOWS\gzwt.exe
O4 - HKLM\..\Run: [heFHB7M] C:\documents and settings\owner\local settings\temp\heFHB7M.exe
O4 - HKLM\..\Run: [Zr] C:\documents and settings\owner\local settings\temp\Zr.exe
O4 - HKLM\..\Run: [bKr192e] C:\documents and settings\owner\local settings\temp\bKr192e.exe
O4 - HKLM\..\Run: [s] C:\documents and settings\owner\local settings\temp\s.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [1VPxZK7] C:\documents and settings\owner\local settings\temp\1VPxZK7.exe
O4 - HKLM\..\Run: [K5xB1] C:\documents and settings\owner\local settings\temp\K5xB1.exe
O4 - HKLM\..\Run: [XKA] C:\documents and settings\owner\local settings\temp\XKA.exe
O4 - HKLM\..\Run: [sbY3U27] C:\documents and settings\owner\local settings\temp\sbY3U27.exe
O4 - HKLM\..\Run: [C5TZYZ8] c:\documents and settings\owner\local settings\temp\C5TZYZ8.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [lxamsp32.exe] lxamsp32.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [gimmygames] C:\\gimmygames.exe
O4 - HKLM\..\Run: [blspcloader] "C:\Program Files\BellSouth Internet Tools\blsloader.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Kmbol] C:\WINDOWS\system32\w?wexec.exe
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [Notn] "C:\Program Files\apsi\wtta.exe" -vt ndrv
O4 - Startup: IMStart.lnk = C:\Program Files\InterMute\IMStart.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: SpamSubtract.lnk = C:\Program Files\InterMute\SpamSubtract\SpamSub.exe
O4 - Global Startup: AcBtnMgr_X63.exe.lnk = C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe
O4 - Global Startup: ACMonitor_X63.exe.lnk = C:\Program Files\LexmarkX63\ACMonitor_X63.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PopSubtract.lnk = C:\Program Files\InterMute\PopSubtract\PopSub.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-12.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemed...s/mediaview.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - (no file)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: policies - C:\WINDOWS\
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

#13 kiddiekarpets

kiddiekarpets

    New Member

  • Authentic Member
  • Pip
  • 15 posts

Posted 03 February 2006 - 08:35 AM

Siggyx, Well, after going on line this morning, I was not redirected, did not receive pop ups, and my computer seems to be going at normal speed!! Thanks so much for all your help!! I know you are all volunteers, and I appreciate you taking the time to help me. How does my new hijack log look? Am I good? Also, I know have l2mfix, spysweeper, hijackthis, trend micro, trojan hunter, and ewido on my computer. Do I keep all of these, or just some? thanks again!!! This site is wonderful!! I will definately donate, as it is a great forum!!! Ronda :D

#14 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 03 February 2006 - 12:42 PM

Still some cleaning to do.

Scan with hijackthis and put a check beside these lines and choose FIX

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...lion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R3 - URLSearchHook: (no name) - {02BC709B-C600-BAAE-7901-CDCE6DCDE2C7} - C:\WINDOWS\system32\fgae.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: (no name) - {02BC709B-C600-BAAE-7901-CDCE6DCDE2C7} - C:\WINDOWS\system32\fgae.dll


O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Real Internet Player] REAIPLAY.EXE
O4 - HKLM\..\Run: [gzwt] C:\WINDOWS\gzwt.exe
O4 - HKLM\..\Run: [heFHB7M] C:\documents and settings\owner\local settings\temp\heFHB7M.exe
O4 - HKLM\..\Run: [Zr] C:\documents and settings\owner\local settings\temp\Zr.exe
O4 - HKLM\..\Run: [bKr192e] C:\documents and settings\owner\local settings\temp\bKr192e.exe
O4 - HKLM\..\Run: [s] C:\documents and settings\owner\local settings\temp\s.exe
O4 - HKLM\..\Run: [1VPxZK7] C:\documents and settings\owner\local settings\temp\1VPxZK7.exe
O4 - HKLM\..\Run: [K5xB1] C:\documents and settings\owner\local settings\temp\K5xB1.exe
O4 - HKLM\..\Run: [XKA] C:\documents and settings\owner\local settings\temp\XKA.exe
O4 - HKLM\..\Run: [sbY3U27] C:\documents and settings\owner\local settings\temp\sbY3U27.exe
O4 - HKLM\..\Run: [C5TZYZ8] c:\documents and settings\owner\local settings\temp\C5TZYZ8.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [gimmygames] C:\\gimmygames.exe
O4 - HKCU\..\Run: [Kmbol] C:\WINDOWS\system32\w?wexec.exe
O4 - HKCU\..\Run: [Notn] "C:\Program Files\apsi\wtta.exe" -vt ndrv

O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemed...s/mediaview.cab

O20 - Winlogon Notify: policies - C:\WINDOWS\

NEXT

Please download hoster from the link below.

http://www.funkytoad...load/hoster.zip

Open Hoster.exe.

Then click on "Restore Original Hosts"

Close program when complete.

Next reboot to normal mode and scan and post a new hijackthis log please.

#15 kiddiekarpets

kiddiekarpets

    New Member

  • Authentic Member
  • Pip
  • 15 posts

Posted 03 February 2006 - 02:46 PM

Siggyx,
Here is my new hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 3:45:19 PM, on 2/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\lxamsp32.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\BellSouth Internet Tools\blsloader.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe
C:\Program Files\LexmarkX63\ACMonitor_X63.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\InterMute\PopSubtract\PopSub.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\wanmpsvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\My Documents\Downloads\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: BlspcHlpr Class - {15C9938F-CB96-496D-800A-B827F2E34EA1} - C:\Program Files\BellSouth Internet Tools\blspc.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [lxamsp32.exe] lxamsp32.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [blspcloader] "C:\Program Files\BellSouth Internet Tools\blsloader.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - Startup: IMStart.lnk = C:\Program Files\InterMute\IMStart.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: SpamSubtract.lnk = C:\Program Files\InterMute\SpamSubtract\SpamSub.exe
O4 - Global Startup: AcBtnMgr_X63.exe.lnk = C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe
O4 - Global Startup: ACMonitor_X63.exe.lnk = C:\Program Files\LexmarkX63\ACMonitor_X63.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PopSubtract.lnk = C:\Program Files\InterMute\PopSubtract\PopSub.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-12.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - (no file)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users