Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93101 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Hijack this log..Please help with next steps

Started by aditya , Mar 03 2006 10:09 AM

  • This topic is locked This topic is locked
8 replies to this topic

#1 aditya

aditya

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 03 March 2006 - 10:09 AM

I have a browser hijacker which opens windows to various shopping sites
have tried all the spyware removal programs in vain
PLease advise.
Here is the hijack log:
Logfile of HijackThis v1.99.1
Scan saved at 9:31:15 PM, on 3/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\WINDOWS\system32\CALC32.EXE
C:\WINDOWS\System32\igfxsrvc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\DivX\DivX Player\DivX Player.exe
C:\WINDOWS\SYSTEM32\aolspywarecleaner.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....56626&homepage=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....B_PVER}&ar=home
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [CALC32] CALC32.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [AOLSPYWAREREMOVER] AOLSPYWARECLEANER.EXE
O4 - HKLM\..\Run: [keyboard] C:\\keyboard.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\RunOnce: [AOLSPYWAREREMOVER] AOLSPYWARECLEANER.EXE
O4 - HKCU\..\RunOnce: [CALC32] CALC32.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1139811308040
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: Shell Extensions - C:\WINDOWS\system32\i0060adsed060.dll (file missing)
O20 - Winlogon Notify: WindowsUpdate - C:\WINDOWS\system32\lvp0097me.dll
O23 - Service: AVG6 Service (AvgServ) - GRISOFT© SOFTWARE s.r.o - C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\Owner\LOCALS~1\Temp\hpdj.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

    Advertisements

Register to Remove

#2 Piatan

Piatan

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,825 posts

Posted 05 March 2006 - 03:57 PM

Hi aditya:

Please download Look2Me-Destroyer.exe to your desktop.

Please use this link:
http://www.atribune....ontent/view/28/

* Close all windows and browsers, before continuing.
* Double-click Look2Me-Destroyer.exe to run it.
* Put a check next to Run this program as a task.
* You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK
* When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
* Once it's done scanning, click the Remove L2M button.
* You will receive a Done Scanning message, click OK.
* When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
* Your computer will then shutdown.
* Turn your computer back on.

If you receive a message from your firewall about this program accessing the internet please allow it.

If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.
http://www.ascentive...ib/MSWINSCK.OCX

Next:
Please download, install, update and scan your system with the free version of Ewido trojan scanner:[list=1]
[*]When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
[*]When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK.
[*]From the main ewido screen, click on update in the left menu, then click the Start update button.
[*]After the update finishes (the status bar at the bottom will display "Update successful"), click on the Scanner button in the left menu, then click on the Start button. This scan can take quite a while to run, so time to go get a drink and a snack....
[*]If ewido finds anything, it will pop up a notification. You can select "clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.
[*]When the scan finishes, click on "Save Report". This will create a text file.
Please save the Ewido report, to be posted here later.

If you are having problems with the updater, you can use this link to manually update Ewido.
Ewido manual updates

The trial version of Ewido works like a full featured version for 14 days, after that the only features that will not work are, autoupdate and realtime protection. It will still be able to be updated with the link above and be used to scan and remove undesirables.


Please post the contents of C:\Look2Me-Destroyer.txt, the Ewido report and a new HiJackThis log into this topic.

To post, please use the Add Reply feature, so I will be notified.
The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.

Posted Image

#3 aditya

aditya

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 16 March 2006 - 10:52 AM

Hi
below are the 3 reports you asked for. I wanted to mention that while the ewido trojan scanner was removing the infections a pop up window came up with the following message:

" the file C:\systemvolumeinformation\_restore{9E75938D-30BD-45AO-81DC-8502D3051D98}\RP92\A0005986.exe/kansup.reg
cannot be removed because it is embedded in C:\systemvolumeinformation\_restore{9E75938D-30BD-45AO-81DC-8502D3051D98}\RP92\A0005986.exe

here are the 3 reports. thanks in advance for your help

Aditya


Destroyer report:

Look2Me-Destroyer V1.0.11

Scanning for infected files.....
Scan started at 3/16/2006 9:36:05 PM

Infected! C:\WINDOWS\system32\p66slgj716o.dll

Attempting to delete infected files...

Attempting to delete: C:\WINDOWS\system32\p66slgj716o.dll
C:\WINDOWS\system32\p66slgj716o.dll Deleted successfully!

Making registry repairs.

Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Nls

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{60294D6D-E639-4E6C-B91E-B582FCDF5FCC}"
HKCR\Clsid\{60294D6D-E639-4E6C-B91E-B582FCDF5FCC}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{46892B41-2839-47D8-820E-C66E861F174F}"
HKCR\Clsid\{46892B41-2839-47D8-820E-C66E861F174F}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{D6F7EF31-9992-471A-A68F-488E8DCDD36B}"
HKCR\Clsid\{D6F7EF31-9992-471A-A68F-488E8DCDD36B}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{04CF8A74-EE12-4D9D-B603-3DB6C741E8D4}"
HKCR\Clsid\{04CF8A74-EE12-4D9D-B603-3DB6C741E8D4}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{A178CA4E-990C-49A4-8FCC-DE78DDC20E5F}"
HKCR\Clsid\{A178CA4E-990C-49A4-8FCC-DE78DDC20E5F}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{4230DE04-8879-4498-88EC-19A47E28B3AB}"
HKCR\Clsid\{4230DE04-8879-4498-88EC-19A47E28B3AB}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{E1734460-D93A-43D5-8A9F-4EA7B0BAD075}"
HKCR\Clsid\{E1734460-D93A-43D5-8A9F-4EA7B0BAD075}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{CA1A9FFE-C2C6-4D74-AEFE-D12FE2EB263A}"
HKCR\Clsid\{CA1A9FFE-C2C6-4D74-AEFE-D12FE2EB263A}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{BD597657-B5FA-4EA3-A354-9EA8E1BBAC65}"
HKCR\Clsid\{BD597657-B5FA-4EA3-A354-9EA8E1BBAC65}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{E4131FC2-1894-46E9-821B-41BE4D4BC352}"
HKCR\Clsid\{E4131FC2-1894-46E9-821B-41BE4D4BC352}

Restoring Windows certificates.

Replaced hosts file with default windows hosts file


Restoring SeDebugPrivilege for Administrators - Succeeded


EWIDO REPORT


---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 10:08:50 PM, 3/16/2006
+ Report-Checksum: 67B42529

+ Scan result:

[2040] C:\WINDOWS\system32\CALC32.EXE -> Worm.SpyBot.gl : Cleaned with backup
C:\WINDOWS\system32\jt4207hoe.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\aolspywarecleaner.exe -> Worm.SpyBot.gl : Cleaned with backup
C:\WINDOWS\system32\upd32.exe/kansup.reg -> Trojan.LowZones.f : Error during cleaning
C:\WINDOWS\system32\wuyumtnrpcmxgaptt.exe -> Worm.SpyBot.gl : Cleaned with backup
C:\WINDOWS\system32\calc32.exe -> Worm.SpyBot.gl : Cleaned with backup
C:\WINDOWS\system32\ebqcon.exe -> Worm.SpyBot.gl : Cleaned with backup
C:\WINDOWS\gimmygames11.exe -> Downloader.Adload.u : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b9m9xcwn.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b9m9xcwn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b9m9xcwn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b9m9xcwn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b9m9xcwn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b9m9xcwn.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b9m9xcwn.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b9m9xcwn.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b9m9xcwn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b9m9xcwn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b9m9xcwn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b9m9xcwn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b9m9xcwn.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b9m9xcwn.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b9m9xcwn.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b9m9xcwn.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b9m9xcwn.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b9m9xcwn.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b9m9xcwn.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b9m9xcwn.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b9m9xcwn.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b9m9xcwn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b9m9xcwn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b9m9xcwn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b9m9xcwn.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b9m9xcwn.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b9m9xcwn.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b9m9xcwn.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b9m9xcwn.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b9m9xcwn.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b9m9xcwn.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b9m9xcwn.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b9m9xcwn.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b9m9xcwn.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b9m9xcwn.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.145:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b9m9xcwn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.146:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b9m9xcwn.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.152:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b9m9xcwn.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.153:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b9m9xcwn.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.156:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b9m9xcwn.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.157:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b9m9xcwn.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.158:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b9m9xcwn.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.169:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b9m9xcwn.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.170:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b9m9xcwn.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.171:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b9m9xcwn.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.172:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b9m9xcwn.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.181:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b9m9xcwn.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.189:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b9m9xcwn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.195:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b9m9xcwn.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup
:mozilla.201:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b9m9xcwn.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.202:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b9m9xcwn.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.203:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b9m9xcwn.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.204:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b9m9xcwn.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.205:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b9m9xcwn.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.206:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b9m9xcwn.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.216:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b9m9xcwn.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.217:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b9m9xcwn.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.229:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b9m9xcwn.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.231:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b9m9xcwn.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.232:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b9m9xcwn.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.234:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b9m9xcwn.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned with backup
:mozilla.263:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b9m9xcwn.default\cookies.txt -> TrackingCookie.Paycounter : Cleaned with backup
:mozilla.273:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b9m9xcwn.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.274:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b9m9xcwn.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.275:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b9m9xcwn.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.281:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b9m9xcwn.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.283:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b9m9xcwn.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.291:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b9m9xcwn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.305:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b9m9xcwn.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.306:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b9m9xcwn.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
:mozilla.308:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b9m9xcwn.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.309:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b9m9xcwn.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.310:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\b9m9xcwn.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Owner\pwha.exe -> Not-A-Virus.PSWTool.Win32.PassView.162 : Cleaned with backup
C:\Documents and Settings\Owner\astr.exe -> Downloader.VB.na : Cleaned with backup
C:\Documents and Settings\Owner\im.exe -> Not-A-Virus.PSWTool.Win32.Messen.103 : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP92\A0005986.exe/kansup.reg -> Trojan.LowZones.f : Error during cleaning
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP92\A0005986.exe/grimy.exe -> Downloader.VB.ws : Error during cleaning
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP95\A0006036.cpl -> Downloader.Qoologic.at : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP95\A0006040.exe -> Downloader.Qoologic.bh : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP95\A0006042.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP95\A0006046.exe -> Trojan.Pakes : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP95\A0006047.dll -> Downloader.Qoologic.az : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP95\A0006048.dll -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP95\A0006051.exe/kansup.reg -> Trojan.LowZones.f : Error during cleaning
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP95\A0006051.exe/grimy.exe -> Downloader.VB.ws : Error during cleaning
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP95\A0006052.exe -> Downloader.Qoologic.at : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP95\A0006056.exe -> Downloader.Qoologic.at : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP95\A0006057.dll -> Downloader.Qoologic.az : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP95\A0006063.exe/kansup.reg -> Trojan.LowZones.f : Error during cleaning
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP95\A0006063.exe/grimy.exe -> Downloader.VB.ws : Error during cleaning
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP96\A0006070.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP96\A0006074.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP96\A0006075.exe/kansup.reg -> Trojan.LowZones.f : Error during cleaning
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP96\A0006075.exe/grimy.exe -> Downloader.VB.ws : Error during cleaning
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP96\A0006095.exe -> Trojan.Pakes : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP96\A0006188.reg -> Trojan.LowZones.f : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP96\A0006189.exe -> Downloader.VB.ws : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP96\A0006191.scr -> Worm.SpyBot.gl : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP96\A0006199.exe -> Downloader.Adload.u : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP96\A0006200.exe -> Downloader.Adload.u : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP96\A0006201.exe/kansup.reg -> Trojan.LowZones.f : Error during cleaning
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP96\A0006201.exe/grimy.exe -> Downloader.VB.ws : Error during cleaning
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP96\A0006206.exe -> Downloader.Adload.u : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP96\A0006207.exe/kansup.reg -> Trojan.LowZones.f : Error during cleaning
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP96\A0006207.exe/grimy.exe -> Downloader.VB.ws : Error during cleaning
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP96\A0006209.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP96\A0006225.exe/kansup.reg -> Trojan.LowZones.f : Error during cleaning
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP96\A0006225.exe/grimy.exe -> Downloader.VB.ws : Error during cleaning
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP96\A0006237.exe/kansup.reg -> Trojan.LowZones.f : Error during cleaning
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP96\A0006237.exe/grimy.exe -> Downloader.VB.ws : Error during cleaning
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP97\A0006243.exe/kansup.reg -> Trojan.LowZones.f : Error during cleaning
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP97\A0006243.exe/grimy.exe -> Downloader.VB.ws : Error during cleaning
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP97\A0006259.exe/kansup.reg -> Trojan.LowZones.f : Error during cleaning
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP97\A0006259.exe/grimy.exe -> Downloader.VB.ws : Error during cleaning
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP98\A0006308.exe/kansup.reg -> Trojan.LowZones.f : Error during cleaning
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP98\A0006308.exe/grimy.exe -> Downloader.VB.ws : Error during cleaning
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP99\A0006312.reg -> Trojan.LowZones.f : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP99\A0006313.exe -> Downloader.VB.ws : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP99\A0006314.exe/kansup.reg -> Trojan.LowZones.f : Error during cleaning
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP99\A0006314.exe/grimy.exe -> Downloader.VB.ws : Error during cleaning
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP99\A0006317.dll -> Hijacker.Small.jf : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP99\A0006321.exe/kansup.reg -> Trojan.LowZones.f : Error during cleaning
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP99\A0006321.exe/grimy.exe -> Downloader.VB.ws : Error during cleaning
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP100\A0006345.reg -> Trojan.LowZones.f : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP100\A0006346.exe -> Downloader.VB.ws : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP100\A0006347.exe -> Downloader.Adload.u : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP100\A0006349.exe/kansup.reg -> Trojan.LowZones.f : Error during cleaning
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP100\A0006349.exe/grimy.exe -> Downloader.VB.ws : Error during cleaning
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP100\A0006354.exe -> Downloader.Small.buy : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP100\A0006355.exe/UCMTSAIE.DLL -> Adware.Ucmore : Error during cleaning
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP100\A0006355.exe/IUCMORE.DLL -> Adware.Ucmore : Error during cleaning
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP100\A0006356.exe -> Hijacker.VB.li : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP100\A0006358.exe/kansup.reg -> Trojan.LowZones.f : Error during cleaning
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP100\A0006358.exe/grimy.exe -> Downloader.VB.ws : Error during cleaning
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP100\A0006360.exe -> Downloader.Adload.u : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP100\A0006361.exe -> Downloader.Adload.v : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP100\A0006362.exe -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP100\A0006363.exe -> Downloader.Qoologic.bh : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP100\A0006368.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP100\A0006369.exe -> Adware.CommAd : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP100\A0006370.dll -> Adware.CommAd : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP100\A0006371.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP100\A0006378.exe/kansup.reg -> Trojan.LowZones.f : Error during cleaning
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP100\A0006378.exe/grimy.exe -> Downloader.VB.ws : Error during cleaning
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP100\A0006380.exe -> Hijacker.VB.li : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP100\A0006381.dll -> Hijacker.Small.jf : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP100\A0006383.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP100\A0006387.exe/kansup.reg -> Trojan.LowZones.f : Error during cleaning
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP100\A0006387.exe/grimy.exe -> Downloader.VB.ws : Error during cleaning
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP101\A0006395.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP101\A0006403.exe -> Worm.SpyBot.gl : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP101\A0006411.exe/kansup.reg -> Trojan.LowZones.f : Error during cleaning
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP101\A0006411.exe/grimy.exe -> Downloader.VB.ws : Error during cleaning
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP101\A0006413.exe -> Worm.SpyBot.gl : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP101\A0006414.exe -> Worm.SpyBot.gl : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP101\A0006448.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP101\A0006456.exe -> Worm.SpyBot.gl : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP101\A0006460.reg -> Trojan.LowZones.f : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP101\A0006461.exe -> Downloader.VB.ws : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP101\A0006462.exe/kansup.reg -> Trojan.LowZones.f : Error during cleaning
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP101\A0006462.exe/grimy.exe -> Downloader.VB.ws : Error during cleaning
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP101\A0006465.exe -> Downloader.Adload.u : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP101\A0006468.exe -> Downloader.VB.xv : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP101\A0006486.exe -> Worm.SpyBot.gl : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP101\A0006489.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP101\A0006493.exe/kansup.reg -> Trojan.LowZones.f : Error during cleaning
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP101\A0006493.exe/grimy.exe -> Downloader.VB.ws : Error during cleaning
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP101\A0006494.exe -> Worm.SpyBot.gl : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP101\A0006495.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP101\A0006498.exe/UCMTSAIE.DLL -> Adware.Ucmore : Error during cleaning
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP101\A0006498.exe/IUCMORE.DLL -> Adware.Ucmore : Error during cleaning
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP101\A0006499.exe -> Downloader.VB.xv : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP101\A0006500.exe -> Worm.SpyBot.gl : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP101\A0006501.exe -> Downloader.VB.xu : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP101\A0006502.exe -> Downloader.Adload.u : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP103\A0006506.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP103\A0006510.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP103\A0006513.reg -> Trojan.LowZones.f : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP103\A0006514.exe -> Downloader.VB.ws : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP103\A0006520.exe -> Worm.SpyBot.gl : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP103\A0006521.exe -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP103\A0006522.exe/kansup.reg -> Trojan.LowZones.f : Error during cleaning
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP103\A0006522.exe/grimy.exe -> Downloader.VB.ws : Error during cleaning
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP103\A0006523.exe -> Downloader.VB.xv : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP103\A0006524.exe -> Downloader.Adload.u : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP103\A0006525.exe -> Downloader.VB.xu : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP103\A0006526.exe -> Downloader.VB.xv : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP104\A0006529.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP104\A0006535.reg -> Trojan.LowZones.f : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP104\A0006536.exe -> Downloader.VB.ws : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP104\A0006566.exe -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP104\A0006567.exe/UCMTSAIE.DLL -> Adware.Ucmore : Error during cleaning
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP104\A0006567.exe/IUCMORE.DLL -> Adware.Ucmore : Error during cleaning
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP104\A0006568.exe/kansup.reg -> Trojan.LowZones.f : Error during cleaning
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP104\A0006568.exe/grimy.exe -> Downloader.VB.ws : Error during cleaning
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP104\A0006569.exe -> Downloader.Adload.u : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP104\A0006570.exe -> Downloader.VB.xu : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP104\A0006571.exe -> Downloader.Small.buy : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP104\A0006572.exe -> Worm.SpyBot.gl : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP104\A0006573.exe -> Downloader.VB.xv : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP104\A0006574.exe -> Hijacker.VB.li : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP104\A0006575.exe/kansup.reg -> Trojan.LowZones.f : Error during cleaning
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP104\A0006575.exe/grimy.exe -> Downloader.VB.ws : Error during cleaning
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP104\A0006576.exe -> Downloader.Adload.u : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP104\A0006577.exe -> Worm.SpyBot.gl : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP104\A0006578.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP104\A0006579.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP104\A0006581.exe -> Trojan.VB.ajo : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP104\A0006585.dll -> Adware.CommAd : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP104\A0006589.exe -> Worm.SpyBot.gl : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP104\A0006592.exe -> Worm.SpyBot.gl : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP104\A0006596.exe -> Downloader.VB.ws : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP104\A0006602.exe/kansup.reg -> Trojan.LowZones.f : Error during cleaning
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP104\A0006602.exe/grimy.exe -> Downloader.VB.ws : Error during cleaning
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP104\A0006605.reg -> Trojan.LowZones.f : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP104\A0006606.exe -> Downloader.VB.ws : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP105\A0006634.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP105\A0006635.exe -> Worm.SpyBot.gl : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP106\A0006692.exe -> Worm.SpyBot.gl : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP106\A0006696.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP107\A0006705.exe -> Worm.SpyBot.gl : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP107\A0006707.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP108\A0006715.exe -> Worm.SpyBot.gl : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP108\A0006717.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP108\A0006718.reg -> Trojan.LowZones.f : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP109\A0006721.exe -> Worm.SpyBot.gl : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP110\A0006738.exe -> Worm.SpyBot.gl : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP111\A0006743.exe -> Worm.SpyBot.gl : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP111\A0007710.exe -> Worm.SpyBot.gl : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP111\A0007713.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP111\A0007723.exe -> Downloader.VB.ws : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP112\A0007726.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP112\A0007730.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP112\A0007731.exe/kansup.reg -> Trojan.LowZones.f : Error during cleaning
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP112\A0007733.reg -> Trojan.LowZones.f : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP112\A0007740.exe -> Worm.SpyBot.gl : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP112\A0007742.exe -> Dropper.Agent.mf : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP112\A0007745.exe/kansup.reg -> Trojan.LowZones.f : Error during cleaning
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP112\A0007745.exe/grimy.exe -> Downloader.VB.ws : Error during cleaning
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP112\A0007746.exe -> Downloader.Adload.x : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP112\A0007752.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{9E75938D-30BD-45A0-81DC-8502D3051D9B}\RP112\A0007753.dll -> Adware.Look2Me : Cleaned with backup


::Report End


HIJACK THIS REPORT:

Logfile of HijackThis v1.99.1
Scan saved at 10:11:26 PM, on 3/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\igfxsrvc.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\unzipped\hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....B_PVER}&ar=home
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [keyboard] c:\\keyboard.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1139811308040
O16 - DPF: {7F4824E8-21D1-4A62-BD34-AB670833DFB6} (MSN Money Screener) - http://moneycentral....bs/pmupd806.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: AVG6 Service (AvgServ) - GRISOFT© SOFTWARE s.r.o - C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\Owner\LOCALS~1\Temp\hpdj.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

#4 Piatan

Piatan

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,825 posts

Posted 16 March 2006 - 03:52 PM

Hi aditya:

RE: The popup advisory from ewido. It is advising those are in System Restore, along with a large amount of others. We will reset SR and remove those, as soon as we are sure your system is clean. No worries there, as long as SR is not used before we are finished.

Possibly this entry/file was missed in the previous cleanup. If it remains this time, then please use the instructions for using Killbox, to remove it. See the directions in RED.

Please set your system to show all files; please see here if you're unsure how to do this.


Disable SpySweeper:
You have SpySweeper installed. While this is a great program, we need to temporarily disable (not uninstall) the program because it might stop our fix.
  • Open it click >Options over to the left then >program options>Uncheck "load at windows startup"
  • Over to the left click "shields" and uncheck all there.
  • Uncheck" home page shield".
  • Uncheck ''automatically restore default without notification".
After all of the fixes are complete it is very important that you enable SpySweeper again.

Disable Ewido:
Please disable Ewido, as it may interfere with the fix.[br]To disable Ewido:
From the system tray:
  • Right-click the system tray icon and uncheck real time protection.
    or From within Ewido -
  • Under 'Your security status', if the real time protection is active, deactivate it by clicking 'real time protection' until the status says 'inactive'.
Once your log is clean you can re-enable Ewido.
[*]Close all Windows and browsers, leaving only HijackThis running.

Place a check against each of the following.
O4 - HKLM\..\Run: [keyboard] c:\\keyboard.exe

Click on Fix Checked when finished and exit HijackThis.

[*]Reboot into Safe Mode: please see here if you are not sure how to do this.

Using Windows Explorer, locate the following files/folders shown DARK and delete them:

c:\\keyboard.exe

Exit Explorer, enable hidden files and reboot as normal.

If you were unable to find, or delete any of the files then please follow these additional instructions:
Download Pocket Killbox and unzip it; save it to your Desktop.
Run it, and click the radio button that says Delete a file on reboot. For each of the files you could not delete, paste them one at a time into the full path of file to delete box and click the red circle with a white cross in it.

This would be the entry in question. Please copy and paste the entire line.
c:\\keyboard.exe

The program will ask you if you want to reboot; say No each time until the last one has been pasted in whereupon you should answer Yes.
Let the system reboot.

Then, please run Hijack This again. Scan and copy the log and post it into this topic.

Please advise if any problems remain.

To post, please use the Add Reply feature, so I will be notified.

Edited by Piatan, 16 March 2006 - 03:55 PM.

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.

Posted Image

#5 aditya

aditya

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 16 March 2006 - 08:59 PM

HI
i carried out the steps:
here is the hijack log

Logfile of HijackThis v1.99.1
Scan saved at 8:24:49 AM, on 3/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\igfxsrvc.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....B_PVER}&ar=home
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1139811308040
O16 - DPF: {7F4824E8-21D1-4A62-BD34-AB670833DFB6} (MSN Money Screener) - http://moneycentral....bs/pmupd806.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: AVG6 Service (AvgServ) - GRISOFT© SOFTWARE s.r.o - C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\Owner\LOCALS~1\Temp\hpdj.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

#6 Piatan

Piatan

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,825 posts

Posted 17 March 2006 - 10:55 AM

Hi aditya:

The only suspicious entry remaining is this RO, so lets not take any chances and remove it.

Close all Windows and browsers, leaving only HijackThis running.

Place a check against each of the following.

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....B_PVER}&ar=home

Click on Fix Checked when finished and exit HijackThis.

If your PC is running well, and there are no continuing problems, I recommend the following.

One of the best features of Windows XP is the System Restore option, however if Malware infects a computer with this operating system the Malware can be backed up in the System Restore folder. Therefore, clearing the restore points is necessary after a virus removal.

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(winXP)

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:
  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
  • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.

    Download the new Ad-Aware SE version, and follow the instructions on how to do a full scan: http://forums.spywar...showtopic=11150
    -reboot after using Ad-Aware SE. Also while there get the VX2 plugin and follow the instructions to run it also.
  • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.
To protect yourself further:
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
I also suggest that you delete any files from "temp", "tmp" folders. In Internet Explorer, click on "Tools" => "Internet Options" => "Delete Files" and select the box that says "Delete All Offline Content" and click on "OK" twice. Also, empty the recycle bin by right clicking on it and selecting "Empty Recycle Bin". These steps should be done on a regular basis.

And also see TonyKlein's good advice
http://castlecops.co...tlite7736-.html
So how did I get infected in the first place?

Safe surfing. :wavey:
The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.

Posted Image

#7 aditya

aditya

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 18 March 2006 - 01:18 AM

Hi i carried out the instructions you mentioned thanks SO MUCH for your help looks like my laptop is clean now thanks again good luck with everything Aditya

#8 Piatan

Piatan

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,825 posts

Posted 18 March 2006 - 11:04 AM

You're welcome. Glad to be of assistance. :D
The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.

Posted Image

#9 Piatan

Piatan

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,825 posts

Posted 18 March 2006 - 11:04 AM

Glad we could be of assistance. This topic is now closed. If you wish it reopened, please send us an email (Click for address) with a link to your thread.

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
Make sure you use proper prevention to keep from having problems occur to your computer in the future.

Coyote's Installed programs for prevention:

http://forums.tomcoy...showtopic=31418

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Visit the CoyoteStore http://TomCoyote.org/coyotestore.php
The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.

Posted Image

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·