WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93101 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

HJT Log Post

Started by OnN2nN5 , Mar 02 2006 09:01 AM

This topic is locked

28 replies to this topic

#1 OnN2nN5

New Member

Authentic Member
14 posts

Posted 02 March 2006 - 09:01 AM

After a major spyware/malware attack a few days ago I have gone from cleaning a couple minor annoyances a month to close to a hundred in the last few days. There is at least one redirector that eludes me. Assistance is greatly appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 6:02:33 AM, on 3/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\Tools\Spyware Tools\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\ffpsrv.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\tools\Alarm\Alarm Tray.exe
C:\Tools\ClipCache\clipc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\tools\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Tools\HotKeyz\HotKeyz.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Tools\SnagIt 7\SnagIt32.exe
C:\Tools\RemindMe\RemindMe.exE
C:\Tools\Traybar\Traybar.exe
C:\tools\CompuPicPro\ScsiAccess.exe
C:\Tools\SnagIt 7\TSCHelp.exe
C:\tools\Alarm\AlarmMonitor.exe
C:\tools\PerfectDisk\PerfectDisk\PDSched.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Tools\Spyware Tools\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\MOZILLA FIREFOX\FIREFOX.EXE
C:\WINDOWS\System32\svchost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://charter.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://charter.net/
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://crackspider.net/"); (C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Profiles\default\0lnqtvhv.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Profiles\default\0lnqtvhv.slt\prefs.js)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Tools\RoboForm\roboform.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
O4 - HKLM\..\Run: [Show missed alarms] C:\tools\Alarm\Alarm.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ClipCache] C:\Tools\ClipCache\clipc.exe /wait 3
O4 - HKCU\..\Run: [FreeRAM XP] "C:\tools\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [HotKeyz.exe Startup] C:\Tools\HotKeyz\HotKeyz.exe Startup
O4 - Startup: RemindMe.lnk = C:\Tools\RemindMe\RemindMe.exE
O4 - Startup: Traybar.lnk = C:\Tools\Traybar\Traybar.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: SnagIt 7.lnk = C:\Tools\SnagIt 7\SnagIt32.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Answers... - file:C:\Program Files\1-Click Answers\Html\atiemenu.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Tools\RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Save Forms - file://C:\Tools\RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Tools\RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Tools\RoboForm\RoboFormComSavePass.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://install.char...bin/tgctlcm.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_2.1.1.74.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1131848612778
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai...0/installer.exe
O20 - Winlogon Notify: Telephony - C:\WINDOWS\system32\k008ladu1d08.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Talking Alarm Clock user logon monitor (AlarmClockMonitor) - Cinnamon Software Inc. - C:\tools\Alarm\AlarmMonitor.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Tools\Spyware Tools\ewido anti-malware\ewidoctrl.exe
O23 - Service: File and Folder Protector (FileAndFolderProtector_S) - Unknown owner - C:\WINDOWS\System32\ffpsrv.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\tools\PerfectDisk\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\tools\PerfectDisk\PerfectDisk\PDSched.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown owner - C:\tools\CompuPicPro\ScsiAccess.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Unknown owner - C:\Tools\Spyware Tools\Spy Sweeper\WRSSSDK.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\tools\TuneUp 2006\WinStylerThemeSvc.exe

Advertisements

Register to Remove

#2 pskelley

R.I.P Always in our hearts

Authentic Member
3,879 posts

Interests:Computers, fishing, biking, basketball, travel

Posted 03 March 2006 - 06:44 PM

Hello and welcome to TomCoyote forum. This is an Adware.Look2Me infection. You can remove it if you will follow the directions.

Thanks to Atribune and any others who helped with this fix

Please download Look2Me-Destroyer.exe to your desktop.

Close all windows before continuing.
Double-click Look2Me-Destroyer.exe to run it.
Put a check next to Run this program as a task.
You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK
When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
Once it's done scanning, click the Remove L2M button.
You will receive a Done Scanning message, click OK.
When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
Your computer will then shutdown.
Turn your computer back on.
Please post the contents of C:\Look2Me-Destroyer.txt and a new HiJackThis log.

If Look2Me-Destroyer does not reopen automatically, reboot and try again.

If you receive a message from your firewall about this program accessing the internet please allow it.

If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.
http://www.ascentive...ib/MSWINSCK.OCX

More info:

If for some reason Look2Me-Destroyer doesn't reopen check that task scheduler is running.
If it isnt you can use sc.exe to start it

start>run sc start schedule press enter.

Post the two logs bolded above in this same thread. We may have more to do.

Thanks...pskelley
TomCoyote forum
Expert Member

MS-MVP Windows Security 2007-8-9 Proud Member ASAP UNITE Member 2006

#3 OnN2nN5

New Member

Authentic Member
14 posts

Posted 03 March 2006 - 08:37 PM

Thank you for the reply.

I get bluescreened when I click the scan button on L2M Destroyer (with and without the OCX file in place).

Here is a current HJT log.

Logfile of HijackThis v1.99.1
Scan saved at 6:27:42 PM, on 3/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Tools\Spyware Tools\ewido anti-malware\ewidoctrl.exe
C:\Tools\ClipCache\clipc.exe
C:\tools\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Tools\HotKeyz\HotKeyz.exe
C:\tools\Alarm\Alarm Tray.exe
C:\WINDOWS\System32\ffpsrv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Tools\SnagIt 7\SnagIt32.exe
C:\Tools\RemindMe\RemindMe.exE
C:\Tools\Traybar\Traybar.exe
C:\Tools\SnagIt 7\TSCHelp.exe
C:\tools\CompuPicPro\ScsiAccess.exe
C:\tools\Alarm\AlarmMonitor.exe
C:\tools\PerfectDisk\PerfectDisk\PDSched.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Tools\Spyware Tools\HijackThis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://charter.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://charter.net/
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://crackspider.net/"); (C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Profiles\default\0lnqtvhv.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Profiles\default\0lnqtvhv.slt\prefs.js)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Tools\RoboForm\roboform.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
O4 - HKLM\..\Run: [Show missed alarms] C:\tools\Alarm\Alarm.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ClipCache] C:\Tools\ClipCache\clipc.exe /wait 3
O4 - HKCU\..\Run: [FreeRAM XP] "C:\tools\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [HotKeyz.exe Startup] C:\Tools\HotKeyz\HotKeyz.exe Startup
O4 - Startup: RemindMe.lnk = C:\Tools\RemindMe\RemindMe.exE
O4 - Startup: Traybar.lnk = C:\Tools\Traybar\Traybar.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: SnagIt 7.lnk = C:\Tools\SnagIt 7\SnagIt32.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Answers... - file:C:\Program Files\1-Click Answers\Html\atiemenu.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Tools\RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Save Forms - file://C:\Tools\RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Tools\RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Tools\RoboForm\RoboFormComSavePass.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://install.char...bin/tgctlcm.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_2.1.1.74.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1131848612778
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai...0/installer.exe
O20 - Winlogon Notify: MCD - C:\WINDOWS\system32\dnj6011se.dll
O20 - Winlogon Notify: WindowsUpdate - C:\WINDOWS\system32\r6p8lg7u16.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Talking Alarm Clock user logon monitor (AlarmClockMonitor) - Cinnamon Software Inc. - C:\tools\Alarm\AlarmMonitor.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Tools\Spyware Tools\ewido anti-malware\ewidoctrl.exe
O23 - Service: File and Folder Protector (FileAndFolderProtector_S) - Unknown owner - C:\WINDOWS\System32\ffpsrv.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\tools\PerfectDisk\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\tools\PerfectDisk\PerfectDisk\PDSched.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown owner - C:\tools\CompuPicPro\ScsiAccess.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Unknown owner - C:\Tools\Spyware Tools\Spy Sweeper\WRSSSDK.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\tools\TuneUp 2006\WinStylerThemeSvc.exe

#4 pskelley

R.I.P Always in our hearts

Authentic Member
3,879 posts

Interests:Computers, fishing, biking, basketball, travel

Posted 04 March 2006 - 04:37 AM

Hello and obviously you still have the Look2me infection. This is not easy to remove and I suggest you try the fix again, making sure you are following the instructions exactly. Make sure you are signed on to the computer as the administrator. Spysweeper also removes this infection but this line: O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll indicates you have already used the free trial. The infection is nasty because it signs on to Winlogon as the computer is booting negating most methods of removing it. I have no magic bullet. Try turning off Windows defender, It is so new we are still learning what it does and it may be blocking the fix. If you try a time or two with no success, try running an ewido scan like this: I see ewido onboard, open the program and choose update, allow time for it to finish. Now click scanner then complete system scan. Allow ewido to remove anything it locates unless you know it is not bad. Save that scan report, I must see it. Let me know how things are going. Thanks

MS-MVP Windows Security 2007-8-9 Proud Member ASAP UNITE Member 2006

#5 OnN2nN5

New Member

Authentic Member
14 posts

Posted 04 March 2006 - 07:32 PM

--------------------------------------------------------- ewido anti-malware - Scan report --------------------------------------------------------- + Created on: 5:24:05 PM, 3/4/2006 + Report-Checksum: 5F0B5A12 + Scan result: :mozilla.11:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup :mozilla.54:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.55:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.56:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.57:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.58:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.59:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.60:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.61:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.62:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.63:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.64:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.65:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.66:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.67:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.68:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.69:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.70:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.71:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.72:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.73:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.74:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.75:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.76:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.102:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup :mozilla.103:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup :mozilla.113:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.114:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.115:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.116:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.144:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup :mozilla.145:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup :mozilla.181:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.182:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.183:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.184:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.240:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup :mozilla.269:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.270:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.271:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.272:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.276:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.277:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.278:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.288:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.289:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup :mozilla.304:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned with backup :mozilla.306:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup :mozilla.307:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup :mozilla.308:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup :mozilla.309:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup :mozilla.331:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup :mozilla.332:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup :mozilla.333:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup :mozilla.334:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup :mozilla.335:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup :mozilla.336:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup :mozilla.337:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup :mozilla.338:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup :mozilla.339:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup :mozilla.340:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup :mozilla.341:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup :mozilla.342:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup :mozilla.343:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup :mozilla.344:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup :mozilla.345:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup :mozilla.346:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup :mozilla.347:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup :mozilla.348:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup :mozilla.351:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Estat : Cleaned with backup :mozilla.410:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Hypertracker : Cleaned with backup :mozilla.411:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Hypertracker : Cleaned with backup :mozilla.438:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Ivwbox : Cleaned with backup :mozilla.540:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup :mozilla.572:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.573:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.574:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.575:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.576:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.577:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.578:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.579:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.580:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.581:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.583:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup :mozilla.584:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup :mozilla.585:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup :mozilla.608:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup :mozilla.609:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup :mozilla.642:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Yadro : Cleaned with backup :mozilla.644:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.645:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.646:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.647:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.648:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup :mozilla.649:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup :mozilla.650:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup :mozilla.651:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup :mozilla.652:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup :mozilla.653:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup :mozilla.654:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup :mozilla.655:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup :mozilla.662:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Cqcounter : Cleaned with backup :mozilla.667:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.668:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.669:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.670:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.679:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Enhance : Cleaned with backup :mozilla.706:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned with backup :mozilla.707:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup :mozilla.709:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Bestoffersnetworks : Cleaned with backup :mozilla.710:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup :mozilla.711:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup :mozilla.714:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup :mozilla.715:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup :mozilla.716:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup :mozilla.717:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup :mozilla.729:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup :mozilla.730:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup :mozilla.731:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup :mozilla.732:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup :mozilla.733:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup :mozilla.734:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup :mozilla.735:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup :mozilla.771:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup :mozilla.818:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup :mozilla.819:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup :mozilla.820:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup :mozilla.821:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup :mozilla.822:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Firefox\Profiles\ay5b6m6w.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup :mozilla.41:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Profiles\default\0lnqtvhv.slt\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup :mozilla.43:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Profiles\default\0lnqtvhv.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.44:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Profiles\default\0lnqtvhv.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.45:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Profiles\default\0lnqtvhv.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.46:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Profiles\default\0lnqtvhv.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.47:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Profiles\default\0lnqtvhv.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.48:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Profiles\default\0lnqtvhv.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.49:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Profiles\default\0lnqtvhv.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.50:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Profiles\default\0lnqtvhv.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.51:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Profiles\default\0lnqtvhv.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.52:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Profiles\default\0lnqtvhv.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.53:C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Profiles\default\0lnqtvhv.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\Theurich Family\Local Settings\Temp\Cookies\theurich family@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\Theurich Family\Local Settings\Temp\Cookies\theurich family@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup C:\Documents and Settings\Theurich Family\Local Settings\Temp\Cookies\theurich family@login.tracking101[2].txt -> TrackingCookie.Tracking101 : Cleaned with backup C:\Documents and Settings\Theurich Family\Local Settings\Temp\Cookies\theurich family@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup C:\Documents and Settings\Theurich Family\Local Settings\Temp\Cookies\theurich family@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup C:\Documents and Settings\Theurich Family\Local Settings\Temp\temp.frF78B -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP199\A0065875.exe -> Backdoor.Rbot : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP199\A0066895.exe -> Backdoor.Rbot : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP199\A0066927.exe -> Backdoor.Rbot : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP199\A0066933.exe -> Backdoor.Rbot : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP199\A0066957.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP199\A0066961.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP199\A0066964.exe -> Backdoor.Rbot : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP199\A0066967.exe -> Backdoor.Rbot : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP199\A0066969.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP199\A0066974.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP199\A0066979.exe -> Backdoor.Rbot : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP199\A0066981.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP199\A0066987.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP199\A0066993.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP199\A0066996.exe -> Backdoor.Rbot : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP199\A0066999.exe -> Backdoor.Rbot : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP200\A0067007.exe -> Backdoor.Rbot : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP200\A0067012.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP200\A0067013.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP200\A0067017.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP200\A0067018.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP200\A0067019.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP200\A0067031.exe -> Adware.ZenoSearch : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP200\A0067043.exe -> Adware.ZenoSearch : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP200\A0067047.exe -> Adware.ZenoSearch : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP200\A0067048.exe -> Dropper.Agent.hl : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP200\A0067049.exe -> Dropper.Agent.hl : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP200\A0067065.dll -> Adware.Suggestor : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP200\A0067067.exe -> Adware.Suggestor : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP200\A0067068.exe -> Downloader.Agent.afi : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP200\A0067070.exe -> Downloader.Qoologic.bh : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP200\A0067074.exe -> Hijacker.VB.li : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP200\A0067079.exe -> Hijacker.StartPage.aib : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP200\A0067080.exe -> Downloader.Adload.u : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP200\A0067081.exe -> Downloader.Adload.t : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP200\A0067177.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP200\A0067185.exe -> Backdoor.Rbot : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP200\A0067283.exe -> Backdoor.Rbot : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP200\A0067302.exe -> Backdoor.Rbot : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP200\A0067372.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP202\A0067381.exe -> Backdoor.Rbot : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP202\A0067383.DLL -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP202\A0067384.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP202\A0067403.exe -> Dropper.Agent.hl : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP202\A0067439.DLL -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP202\A0067441.exe -> Backdoor.Rbot : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP202\A0067447.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP202\A0067451.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP202\A0067453.exe -> Backdoor.Rbot : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP202\A0067459.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP202\A0067463.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP202\A0067476.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP202\A0067481.exe -> Backdoor.Rbot : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP202\A0067483.exe -> Backdoor.Rbot : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP203\A0067489.DLL -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP203\A0067494.exe -> Backdoor.Rbot : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP203\A0067499.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP203\A0067500.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP203\A0067508.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP203\A0067509.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP203\A0067514.exe -> Backdoor.Rbot : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP203\A0067518.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP203\A0067519.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP203\A0067524.exe -> Backdoor.Rbot : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP203\A0067526.exe -> Backdoor.Rbot : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP203\A0067530.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP203\A0067531.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP203\A0067539.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP203\A0067543.DLL -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP203\A0067545.exe -> Backdoor.Rbot : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0067607.exe -> Downloader.Small.abd : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0067612.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0067616.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0067619.exe -> Backdoor.Rbot : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0067633.exe -> Backdoor.Rbot : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0067644.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0067648.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0067667.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0067671.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0068667.dll -> Adware.NewDotNet : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0068668.exe -> Adware.MediaMotor : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0068669.exe -> Trojan.VB.tg : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0068670.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0068680.exe -> Backdoor.Rbot : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0068695.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0068701.exe -> Backdoor.Rbot : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0068705.exe -> Adware.NewDotNet : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0068707.exe -> Downloader.VB.tw : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0068708.exe -> Downloader.VB.tw : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0068710.dll -> Adware.NewDotNet : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0068711.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0068715.exe -> Backdoor.Rbot : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0068720.exe -> Dropper.VB.lu : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0068721.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0068727.exe -> Downloader.VB.xr : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0068728.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0068730.exe -> Downloader.Adload.t : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0068735.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0070739.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0070741.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0070746.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0070748.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0070753.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0070762.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0070768.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0070769.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0070776.exe -> Backdoor.Rbot : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0070777.ocx -> Downloader.VB.ov : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0070778.exe -> Adware.NewDotNet : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0070779.exe/eee2.exe -> Adware.MediaMotor : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0070780.exe -> Backdoor.Rbot : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0070781.exe -> Adware.Suggestor : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0070782.exe -> Downloader.Adload.t : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0070783.exe -> Adware.ZenoSearch : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0070784.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0070785.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0070786.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0070787.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0070788.DLL -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0070789.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0070790.exe -> Downloader.VB.uc : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0070791.exe -> Dropper.Agent.hl : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0070792.exe -> Adware.ZenoSearch : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0070797.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0070798.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0070806.exe -> Hijacker.Small.is : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0070811.exe -> Dropper.Agent.hl : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0070814.exe -> Hijacker.VB.li : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0070815.exe -> Hijacker.StartPage.aib : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0070816.exe -> Adware.ZenoSearch : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0070817.exe -> Downloader.Adload.v : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0070818.exe -> Downloader.Agent.afi : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0070820.exe -> Adware.Trymedia : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0070821.exe -> Dropper.VB.lu : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0070822.exe -> Downloader.Adload.u : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0070823.exe -> Downloader.Adload.v : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0070824.exe -> Dropper.Agent.hl : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP208\A0071797.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP208\A0073801.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP208\A0073804.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP208\A0073809.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP208\A0073812.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP208\A0073817.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP208\A0074815.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP208\A0075814.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP208\A0075826.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP208\A0075832.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP209\A0075877.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP209\A0075881.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP209\A0075902.DLL -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP209\A0075903.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP209\A0075904.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP209\A0075905.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP209\A0075906.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP209\A0075907.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP209\A0075908.dll -> Adware.Suggestor : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP209\A0075914.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP209\A0075936.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP209\A0075956.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP209\A0075970.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP209\A0075980.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP209\A0076018.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP209\A0076019.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP209\A0076026.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP209\A0076033.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP209\A0076038.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP209\A0077037.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP209\A0077040.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP209\A0077045.DLL -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP209\A0077049.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP209\A0077074.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP209\A0077075.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP209\A0078074.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP209\A0079077.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP209\A0080077.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP210\A0080084.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP210\A0080088.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP210\A0081087.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP210\A0081103.exe -> Downloader.Adload.u : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP210\A0082088.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP210\A0083088.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP210\A0083112.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP210\A0083117.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP210\A0084115.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP210\A0085115.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP210\A0086126.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP210\A0086133.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP210\A0086134.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP210\A0086135.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP210\A0086136.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP210\A0086137.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP210\A0086138.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP210\A0086139.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP210\A0086140.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP210\A0086141.dll -> Adware.Look2Me : Cleaned with backup C:\System Volume Informa

#6 pskelley

R.I.P Always in our hearts

Authentic Member
3,879 posts

Interests:Computers, fishing, biking, basketball, travel

Posted 04 March 2006 - 07:40 PM

Does not look like a complete ewido report? Did you cut it off? You have much junk in System Restore, DO NOT Use it for any reason or the junk will be back on your computer. I will show you how to stop those cookies later. Try running another ewido scan and this time before you post edit out all of the System Restore lines, I do not need to see them. I have little doubt you will need to run the tool to remove Look2me, but once you get another ewido scan, post a HJT log with it so I can see where you are.

Thanks...Phil

MS-MVP Windows Security 2007-8-9 Proud Member ASAP UNITE Member 2006

#7 OnN2nN5

New Member

Authentic Member
14 posts

Posted 04 March 2006 - 07:56 PM

Not sure why the first paste came up short. Looks ok this time. I pulled out the cookies. Not sure what is restore points since all lines seem to have the word restore in them. New HJT included.

Thank you for your time... Brad

Logfile of HijackThis v1.99.1
Scan saved at 5:50:58 PM, on 3/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Tools\Spyware Tools\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\ffpsrv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\tools\CompuPicPro\ScsiAccess.exe
C:\tools\Alarm\AlarmMonitor.exe
C:\tools\PerfectDisk\PerfectDisk\PDSched.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\tools\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Tools\HotKeyz\HotKeyz.exe
C:\tools\Alarm\Alarm Tray.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Tools\SnagIt 7\SnagIt32.exe
C:\Tools\RemindMe\RemindMe.exE
C:\tools\Alarm\Alarm.exe
C:\Tools\Traybar\Traybar.exe
C:\Tools\SnagIt 7\TSCHelp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\Tools\ClipCache\clipc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Tools\Spyware Tools\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://charter.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://charter.net/
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://crackspider.net/"); (C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Profiles\default\0lnqtvhv.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Profiles\default\0lnqtvhv.slt\prefs.js)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Tools\RoboForm\roboform.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
O4 - HKLM\..\Run: [Show missed alarms] C:\tools\Alarm\Alarm.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [ClipCache] C:\Tools\ClipCache\clipc.exe /wait 3
O4 - HKCU\..\Run: [FreeRAM XP] "C:\tools\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - HKCU\..\Run: [HotKeyz.exe Startup] C:\Tools\HotKeyz\HotKeyz.exe Startup
O4 - Startup: RemindMe.lnk = C:\Tools\RemindMe\RemindMe.exE
O4 - Startup: Traybar.lnk = C:\Tools\Traybar\Traybar.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: SnagIt 7.lnk = C:\Tools\SnagIt 7\SnagIt32.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Answers... - file:C:\Program Files\1-Click Answers\Html\atiemenu.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Tools\RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Save Forms - file://C:\Tools\RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Tools\RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Tools\RoboForm\RoboFormComSavePass.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://install.char...bin/tgctlcm.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_2.1.1.74.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1131848612778
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai...0/installer.exe
O20 - Winlogon Notify: URL - C:\WINDOWS\system32\hrr0059me.dll
O20 - Winlogon Notify: WindowsUpdate - C:\WINDOWS\system32\r6p8lg7u16.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Talking Alarm Clock user logon monitor (AlarmClockMonitor) - Cinnamon Software Inc. - C:\tools\Alarm\AlarmMonitor.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Tools\Spyware Tools\ewido anti-malware\ewidoctrl.exe
O23 - Service: File and Folder Protector (FileAndFolderProtector_S) - Unknown owner - C:\WINDOWS\System32\ffpsrv.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\tools\PerfectDisk\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\tools\PerfectDisk\PerfectDisk\PDSched.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown owner - C:\tools\CompuPicPro\ScsiAccess.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Unknown owner - C:\Tools\Spyware Tools\Spy Sweeper\WRSSSDK.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\tools\TuneUp 2006\WinStylerThemeSvc.exe

*********

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 5:24:05 PM, 3/4/2006
+ Report-Checksum: 5F0B5A12

+ Scan result:

C:\Documents and Settings\Theurich Family\Local Settings\Temp\temp.frF78B -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP199\A0065875.exe -> Backdoor.Rbot : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP199\A0066895.exe -> Backdoor.Rbot : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP199\A0066927.exe -> Backdoor.Rbot : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP199\A0066933.exe -> Backdoor.Rbot : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP199\A0066957.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP199\A0066961.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP199\A0066964.exe -> Backdoor.Rbot : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP199\A0066967.exe -> Backdoor.Rbot : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP199\A0066969.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP199\A0066974.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP199\A0066979.exe -> Backdoor.Rbot : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP199\A0066981.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP199\A0066987.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP199\A0066993.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP199\A0066996.exe -> Backdoor.Rbot : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP199\A0066999.exe -> Backdoor.Rbot : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP200\A0067007.exe -> Backdoor.Rbot : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP200\A0067012.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP200\A0067013.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP200\A0067017.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP200\A0067018.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP200\A0067019.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP200\A0067031.exe -> Adware.ZenoSearch : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP200\A0067043.exe -> Adware.ZenoSearch : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP200\A0067047.exe -> Adware.ZenoSearch : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP200\A0067048.exe -> Dropper.Agent.hl : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP200\A0067049.exe -> Dropper.Agent.hl : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP200\A0067065.dll -> Adware.Suggestor : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP200\A0067067.exe -> Adware.Suggestor : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP200\A0067068.exe -> Downloader.Agent.afi : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP200\A0067070.exe -> Downloader.Qoologic.bh : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP200\A0067074.exe -> Hijacker.VB.li : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP200\A0067079.exe -> Hijacker.StartPage.aib : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP200\A0067080.exe -> Downloader.Adload.u : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP200\A0067081.exe -> Downloader.Adload.t : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP200\A0067177.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP200\A0067185.exe -> Backdoor.Rbot : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP200\A0067283.exe -> Backdoor.Rbot : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP200\A0067302.exe -> Backdoor.Rbot : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP200\A0067372.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP202\A0067381.exe -> Backdoor.Rbot : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP202\A0067383.DLL -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP202\A0067384.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP202\A0067403.exe -> Dropper.Agent.hl : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP202\A0067439.DLL -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP202\A0067441.exe -> Backdoor.Rbot : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP202\A0067447.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP202\A0067451.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP202\A0067453.exe -> Backdoor.Rbot : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP202\A0067459.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP202\A0067463.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP202\A0067476.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP202\A0067481.exe -> Backdoor.Rbot : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP202\A0067483.exe -> Backdoor.Rbot : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP203\A0067489.DLL -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP203\A0067494.exe -> Backdoor.Rbot : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP203\A0067499.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP203\A0067500.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP203\A0067508.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP203\A0067509.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP203\A0067514.exe -> Backdoor.Rbot : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP203\A0067518.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP203\A0067519.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP203\A0067524.exe -> Backdoor.Rbot : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP203\A0067526.exe -> Backdoor.Rbot : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP203\A0067530.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP203\A0067531.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP203\A0067539.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP203\A0067543.DLL -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP203\A0067545.exe -> Backdoor.Rbot : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0067607.exe -> Downloader.Small.abd : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0067612.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0067616.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0067619.exe -> Backdoor.Rbot : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0067633.exe -> Backdoor.Rbot : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0067644.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0067648.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0067667.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0067671.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0068667.dll -> Adware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0068668.exe -> Adware.MediaMotor : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0068669.exe -> Trojan.VB.tg : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0068670.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0068680.exe -> Backdoor.Rbot : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0068695.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0068701.exe -> Backdoor.Rbot : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0068705.exe -> Adware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0068707.exe -> Downloader.VB.tw : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0068708.exe -> Downloader.VB.tw : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0068710.dll -> Adware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0068711.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0068715.exe -> Backdoor.Rbot : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0068720.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0068721.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0068727.exe -> Downloader.VB.xr : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0068728.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0068730.exe -> Downloader.Adload.t : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0068735.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0070739.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0070741.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0070746.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0070748.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0070753.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0070762.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0070768.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0070769.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0070776.exe -> Backdoor.Rbot : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0070777.ocx -> Downloader.VB.ov : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0070778.exe -> Adware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0070779.exe/eee2.exe -> Adware.MediaMotor : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0070780.exe -> Backdoor.Rbot : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0070781.exe -> Adware.Suggestor : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0070782.exe -> Downloader.Adload.t : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0070783.exe -> Adware.ZenoSearch : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0070784.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0070785.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0070786.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0070787.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0070788.DLL -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0070789.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0070790.exe -> Downloader.VB.uc : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0070791.exe -> Dropper.Agent.hl : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0070792.exe -> Adware.ZenoSearch : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0070797.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0070798.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0070806.exe -> Hijacker.Small.is : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0070811.exe -> Dropper.Agent.hl : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0070814.exe -> Hijacker.VB.li : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0070815.exe -> Hijacker.StartPage.aib : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0070816.exe -> Adware.ZenoSearch : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0070817.exe -> Downloader.Adload.v : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0070818.exe -> Downloader.Agent.afi : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0070820.exe -> Adware.Trymedia : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0070821.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0070822.exe -> Downloader.Adload.u : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0070823.exe -> Downloader.Adload.v : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0070824.exe -> Dropper.Agent.hl : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP208\A0071797.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP208\A0073801.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP208\A0073804.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP208\A0073809.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP208\A0073812.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP208\A0073817.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP208\A0074815.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP208\A0075814.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP208\A0075826.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP208\A0075832.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP209\A0075877.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP209\A0075881.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP209\A0075902.DLL -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP209\A0075903.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP209\A0075904.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP209\A0075905.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP209\A0075906.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP209\A0075907.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP209\A0075908.dll -> Adware.Suggestor : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP209\A0075914.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP209\A0075936.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP209\A0075956.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP209\A0075970.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP209\A0075980.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP209\A0076018.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP209\A0076019.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP209\A0076026.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP209\A0076033.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP209\A0076038.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP209\A0077037.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP209\A0077040.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP209\A0077045.DLL -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP209\A0077049.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP209\A0077074.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP209\A0077075.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP209\A0078074.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP209\A0079077.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP209\A0080077.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP210\A0080084.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP210\A0080088.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP210\A0081087.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP210\A0081103.exe -> Downloader.Adload.u : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP210\A0082088.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP210\A0083088.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP210\A0083112.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP210\A0083117.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP210\A0084115.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP210\A0085115.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP210\A0086126.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP210\A0086133.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP210\A0086134.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP210\A0086135.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP210\A0086136.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP210\A0086137.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP210\A0086138.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP210\A0086139.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP210\A0086140.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP210\A0086141.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP210\A0086142.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP210\A0086143.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP210\A0086144.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP210\A0086145.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP210\A0086146.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP210\A0086147.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP210\A0086148.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP210\A0086149.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP210\A0086150.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP210\A0086151.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP210\A0086153.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP210\A0086154.dll -> Adware.Look2Me : Cleaned with backup
D:\System Volume Information\_restore{787676C9-C509-431A-ADED-66D76243DDAC}\RP206\A0070825.exe -> Hijacker.Small.is : Cleaned with backup

::Report End

Edited by OnN2nN5, 04 March 2006 - 08:09 PM.

#8 pskelley

R.I.P Always in our hearts

Authentic Member
3,879 posts

Interests:Computers, fishing, biking, basketball, travel

Posted 05 March 2006 - 07:13 AM

You must have missed this, very important that you read the instructions carefully:

You have much junk in System Restore, DO NOT Use it for any reason or the junk will be back on your computer.

Try running another ewido scan and this time before you post edit out all of the System Restore lines

Take a look at this log, I am going to assume you know what all of these items are: C:\tools\ if not, let me know.

This is the Look2me infection: O20 - Winlogon Notify: URL - C:\WINDOWS\system32\hrr0059me.dll and it must go. The best tool we have is the one I posted for you earlier. Return to those instructions and read them through a couple of times, then try it again.

Thanks...Phil

Edited by pskelley, 05 March 2006 - 07:18 AM.

MS-MVP Windows Security 2007-8-9 Proud Member ASAP UNITE Member 2006

#9 OnN2nN5

New Member

Authentic Member
14 posts

Posted 05 March 2006 - 09:36 AM

Another ewido scan is running and I will post log when finished. Yes, the "tools" folder is recognized. I did not do anything with System Restore and like I stated I was not sure what were SR references in the ewido log and did not want to edit the wrong info. Can I assume they are lines beginning with " C:\System Volume Information\_restore"? I did take it upon myself to remove what appeared to be cookie info though that was not your instruction...sorry. I have set my browsers to only accept approved cookies. There are only a few sites that I like the convenience. Based on your first reply I reactivatd the Spy Sweeper trial. It does identify L2M as well as a few others. Of course, it will not clean them without some $$ but it appears that the real time blocking agent remains active. I have had no "symptoms" since installing Spy Sweeper. Is this an indication that it may be able to remove the virus also?

#10 pskelley

R.I.P Always in our hearts

Authentic Member
3,879 posts

Interests:Computers, fishing, biking, basketball, travel

Posted 05 March 2006 - 09:50 AM

Let's see if I can help with this:

I did not do anything with System Restore

Yes, this is your System Restore files that are also infected, here is the post I usually give and I normally wait until last, but you may follow the instructions now if you wish. Understand these protected files can not be modified, the only way to clean them is turn them off, this does remove all restore points and when turned back on you have clean files:

Canned message
System Restore does not know good from bad, it backs up everything. In case some of the infection got into your System Restore files, follow the instructions in this link to get clean System Restore files. Turn it off, restart your computer and turn it back on.
http://service1.syma...src=sec_doc_nam

Based on your first reply I reactivatd the Spy Sweeper trial

I rarely use Spysweeper except for removing L2m. This new tool by Atribune has been doing a great job removing the infection. Spysweeper also removes it, but once the trial is used, folks can't use it again so I have been avoiding SS in case it is needed for other infections. If your trial has not expired, by all means run it and see what happens, here are the instructions:
Install it using the Standard Install option. (You will be asked for your e-mail address, it is safe to give it. If you receive alerts from your firewall, allow all activities for Spy Sweeper)

You will be prompted to check for updated definitions, please do so.
(This may take several minutes)

Click on Options > Sweep Options and check Sweep all Folders on Selected drives. Check Local Disc C. Under What to Sweep, check every box.

Click on Sweep and allow it to fully scan your system.

When the sweep has finished, click Remove. Click Select All and then Next

From 'Results', select the Session Log tab. Click Save to File and save the log somewhere convenient.

Exit Spy Sweeper.

Restart your computer, and then please copy and paste the SpySweeper log into this thread.

Have you tried the first fix to see if it will run now that a lot of the junk was removed by ewido?

I have other fixes, but I am trying to do the removal with the fixes that work best and are easiest on you.

I have had no "symptoms" since installing Spy Sweeper. Is this an indication that it may be able to remove the virus also?

I would assume so, but I have never worked with this infection and a paid version of SpySweeper.

You can also look at the 020 item in a new HJT log, if it is gone, then SS may have removed it. Post a HJT log if you want me to look.

I hope this helps...Phil

Edited by pskelley, 05 March 2006 - 09:54 AM.

MS-MVP Windows Security 2007-8-9 Proud Member ASAP UNITE Member 2006

Advertisements

Register to Remove

#11 OnN2nN5

New Member

Authentic Member
14 posts

Posted 05 March 2006 - 11:32 AM

Unfortunately the SpySweeper trial has expired and it will only identify, not remove, infections. Subscription is needed for removal. The ability to generate a log file seems to be associated with the paid version also. Like mentioned previously, the "blocker" part seems to continue working with the definitions it has and is doing a fine job at this point. At least I don't have the annoying symptoms while trying to work this out. Yes I have tried the L2M Destroyer again and continue to get bluescreened. I even tried the batch file version with the same results when you get to the scan part (option 2). HJT still has lines 020. The ewido scan is still running. (65% after 90 min). Do you still want the log file when done? Minus restore point info of course

. I will reset Sytsem Restore when ewido finishes though it will have to be done again when I get this mess cleaned. At least the current restore points will not clog up the scan logs. Thanks... Brad

#12 pskelley

R.I.P Always in our hearts

Authentic Member
3,879 posts

Interests:Computers, fishing, biking, basketball, travel

Posted 05 March 2006 - 11:40 AM

ewido...runs on my Dell/XP in 45 minutes, but I am uninfected. Edit out all cookies and restore information and post it, also post if anything else changes. I want to look at that log and think about what to do next. If I have not asked, you will probably need to be signed in as administrator to get the Look2me fix to run. Thanks...Phil

MS-MVP Windows Security 2007-8-9 Proud Member ASAP UNITE Member 2006

#13 OnN2nN5

New Member

Authentic Member
14 posts

Posted 05 March 2006 - 12:26 PM

Yes, I am the administrator account. Here is the ewido log. --------------------------------------------------------- ewido anti-malware - Scan report --------------------------------------------------------- + Created on: 9:38:28 AM, 3/5/2006 + Report-Checksum: A008BDA7 + Scan result: [524] C:\WINDOWS\system32\kldsg.dll -> Adware.Look2Me : Error during cleaning [1216] C:\WINDOWS\system32\kldsg.dll -> Adware.Look2Me : Error during cleaning C:\WINDOWS\system32\l2r0lc9m1f.dll -> Adware.Look2Me : Cleaned with backup C:\WINDOWS\system32\l64qlgh5164.dll -> Adware.Look2Me : Cleaned with backup C:\WINDOWS\system32\mfisip.dll -> Adware.Look2Me : Cleaned with backup C:\WINDOWS\system32\MVIMRT.DLL -> Adware.Look2Me : Cleaned with backup ::Report End

#14 pskelley

R.I.P Always in our hearts

Authentic Member
3,879 posts

Interests:Computers, fishing, biking, basketball, travel

Posted 05 March 2006 - 01:08 PM

This item is new to us: C:\Program Files\Windows Defender\MsMpEng.exe it very well may be blocking the Destroyer fix. Try disabling it and run the fix. In fact as a second thought, be offline for safety then disable all spyware programs including Spysweeper before trying to run Destroyer.
If that does not work then move to the next instruction:

Try this, download Killbox from here: http://forum.malware...topic.php?t=320
Read the instructions carefully. If you should have an old copy of Killbox, delete it and get the newest version.

these are the files I want you to Kill:

C:\WINDOWS\system32\kldsg.dll
C:\WINDOWS\system32\hrr0059me.dll
and
Look at a HJT log just before you do this and add any new 020 that is there. This one is Spysweeper:
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll

Then post a new HJT log. I will not be available again until around 7 PM EST.

Thanks...Phil

Edited by pskelley, 05 March 2006 - 01:09 PM.

MS-MVP Windows Security 2007-8-9 Proud Member ASAP UNITE Member 2006

#15 OnN2nN5

New Member

Authentic Member
14 posts

Posted 05 March 2006 - 04:21 PM

I was unable to disable the Windows Defender task or the ewidos (ewidoctrl.exe) with task manager or killbox. I ran L2M Destroyer after disconnecting my modem, disabling AV and killing Spy Sweeper. Still the bluescreen.

I am unable to locate the dll's you requested I delete anywhere in my WINDOWS directory. I deleted gp0413dq1.dll (it was the first 020 in my HJT log) but it appears to have been replaced with another random name. The second 020 reference is not in my sys32 directory and I did not bother the Spy Sweeper reference.

I am posting the Killbox log and a current HJT log. Also, at the end I am including a screen shot of the Spy Sweeper findings since I am unable to generate a log. It identified items that ewidos did not. Perhaps one of them is inhibiting the L2M fix?

***

Pocket Killbox version 2.0.0.648
Running on Windows XP as Theurich Family(Administrator)
was started @ Sunday, March 05, 2006, 1:53 PM

# 1 [End Process]
Path = MsMpEng.exe
Could not End Task on MsMpEng.exe

# 2 [End Process]
Path = ewidoctrl.exe
Could not End Task on ewidoctrl.exe

# 3 [Files to Delete]
Path = C:\WINDOWS\system32\gp04l3dq1.dll
*This File could not be Deleted

# 4 [Delete on Reboot]
Path = C:\WINDOWS\system32\gp04l3dq1.dll
*This File could not be Deleted

PendingFileRenameOperations Registry Data has been Removed by External Process! @ 1:55:40 PM
Killbox Closed(Exit) @ 1:55:56 PM

***

Logfile of HijackThis v1.99.1
Scan saved at 2:01:24 PM, on 3/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Tools\Spyware Tools\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\ffpsrv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\tools\CompuPicPro\ScsiAccess.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Tools\Spyware Tools\Spy Sweeper\SpySweeper.exe
C:\Tools\Spyware Tools\Spy Sweeper\WRSSSDK.exe
C:\tools\Alarm\Alarm Tray.exe
C:\Tools\ClipCache\clipc.exe
C:\tools\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Tools\HotKeyz\HotKeyz.exe
C:\Tools\SnagIt 7\SnagIt32.exe
C:\Tools\RemindMe\RemindMe.exE
C:\Tools\Traybar\Traybar.exe
C:\Tools\SnagIt 7\TSCHelp.exe
C:\tools\Alarm\AlarmMonitor.exe
C:\tools\PerfectDisk\PerfectDisk\PDSched.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Tools\Spyware Tools\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://charter.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://charter.net/
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://crackspider.net/"); (C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Profiles\default\0lnqtvhv.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Theurich Family\Application Data\Mozilla\Profiles\default\0lnqtvhv.slt\prefs.js)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Tools\RoboForm\roboform.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
O4 - HKLM\..\Run: [Show missed alarms] C:\tools\Alarm\Alarm.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Tools\Spyware Tools\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [ClipCache] C:\Tools\ClipCache\clipc.exe /wait 3
O4 - HKCU\..\Run: [FreeRAM XP] "C:\tools\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [HotKeyz.exe Startup] C:\Tools\HotKeyz\HotKeyz.exe Startup
O4 - Startup: RemindMe.lnk = C:\Tools\RemindMe\RemindMe.exE
O4 - Startup: Traybar.lnk = C:\Tools\Traybar\Traybar.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: SnagIt 7.lnk = C:\Tools\SnagIt 7\SnagIt32.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Answers... - file:C:\Program Files\1-Click Answers\Html\atiemenu.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Tools\RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Save Forms - file://C:\Tools\RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Tools\RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Tools\RoboForm\RoboFormComSavePass.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: MediaContentIndex - C:\WINDOWS\system32\enj6l11s1.dll
O20 - Winlogon Notify: WindowsUpdate - C:\WINDOWS\system32\r6p8lg7u16.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Talking Alarm Clock user logon monitor (AlarmClockMonitor) - Cinnamon Software Inc. - C:\tools\Alarm\AlarmMonitor.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Tools\Spyware Tools\ewido anti-malware\ewidoctrl.exe
O23 - Service: File and Folder Protector (FileAndFolderProtector_S) - Unknown owner - C:\WINDOWS\System32\ffpsrv.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\tools\PerfectDisk\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\tools\PerfectDisk\PerfectDisk\PDSched.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown owner - C:\tools\CompuPicPro\ScsiAccess.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Tools\Spyware Tools\Spy Sweeper\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\tools\TuneUp 2006\WinStylerThemeSvc.exe

***

Posted Image

__________________________________________________

Edited by OnN2nN5, 05 March 2006 - 04:22 PM.

Body Background

skin color theme