Mobile/PDA About Us Advertise here
User User name Password  
  Not registered yet? Register here.
Lost your password? Click here. 		 
  Home   News   Guides   Downloads   Glossary   Hardware   Profiles   Forums   v4  
 Advertise at AfterDawn.com     Link to us!     Private messages     Compose a private message     List of all updated threads     Threads without replies     Search messages
Wednesday 27.11.2024 / 21:48
Search AfterDawn Forums:        In English   Suomeksi   På svenska
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > hjt log need help
Show topics
 
Forums
Forums
hjt log need help
  Jump to:
 
Posted Message
dirtydz
Suspended due to non-functional email address
_ 		17. March 2006 @ 11:23 _ Link to this message    Send private message to this user   
I am getting way to many popups i have scanned for virus & scanned for spyware but am still getting popups like crazy ...here is the hijack this log


Logfile of HijackThis v1.99.1
Scan saved at 4:17:52 PM, on 3/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\msoevc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\windows\system32\qjdsregn.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\AOL\1126566416\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1126566416\ee\AOLServiceHost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\qwinkrag.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Spyware Doctor\unins000.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\_iu14D2N.tmp
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1126566416\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [RCScheduleCheck] C:\Program Files\VCOM\Recovery Commander\RCSCHED.EXE -CHECK
O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"
O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd8.exe
O4 - HKLM\..\Run: [0s0s0raw.dll] RUNDLL32.EXE 0s0s0raw.dll,b 622687
O4 - HKLM\..\Run: [susse] "C:\WINDOWS\system32\hpsw.exe"
O4 - HKLM\..\Run: [gimmygames] C:\windows\gimmygames.exe
O4 - HKLM\..\Run: [delqsrmA] C:\WINDOWS\delqsrmA.exe
O4 - HKLM\..\Run: [{8F-FA-A2-29-ZN}] C:\windows\system32\qjdsregn.exe CORN001
O4 - HKLM\..\Run: [Qyndy] C:\Program Files\Alhisf\Atdeptz.exe
O4 - HKLM\..\Run: [Windows Startup SVC] WINSVC32.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\qwinkrag.exe CORN001
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\qwinkrag.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxmk809DHUS
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O15 - Trusted Zone: http://download.windowsupdate.com
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCent...
O17 - HKLM\System\CCS\Services\Tcpip\..\{314EACA8-55E3-48DB-9020-E82E0878F749}: NameServer = 69.72.74.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{314EACA8-55E3-48DB-9020-E82E0878F749}: NameServer = 69.72.74.3
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - {2F6E85DC-8D2D-4896-8A4F-7DF8A7B1749D} - C:\PROGRA~1\Jalmp\jalmp.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: Internet Settings - C:\WINDOWS\system32\fbclient.dll (file missing)
O20 - Winlogon Notify: Nls - C:\WINDOWS\system32\i0lo0a33ed.dll (file missing)
O20 - Winlogon Notify: ShellServiceObjectDelayLoad - C:\WINDOWS\system32\q6nulg5916.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: OSdebug (Microsoft Regulator) - Unknown owner - C:\WINDOWS\msoevc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
[ + quote]
Advertisement
_ 		__
JaPK
Senior Member
_ 		17. March 2006 @ 20:44 _ Link to this message    Send private message to this user   
Hi dirtydz.

Ok, you have a nice collection of infections on your computer
-> Cleaning instructions are quite long :)


You don't have a firewall on your computer. Donwload and install one firewall.

These are good (free) firewalls:
ZoneAlarm --> http://www.zonelabs.com
Kerio--> http://www.sunbelt-software.com/Kerio.cfm
Outpost-> http://www.agnitum.com

Download and install Ewido, UPDATE it, but do NOT run a scan yet. -> http://www.ewido.net/en/download/

Cleaning instructions: (Please follow carefully)

Donwload LSPFix -> http://www.cexx.org/lspfix.htm to yuor desktop.
Don't run this program yet. This program is used only if you lost your internet connection during the cleaning.

Go to Control Panel -> Add or remove programs -> Remove if found New.Net or NewDotNet


IF New.Net or NewDotNet ain't listed in add/or remove programs, do this

Un-plug your internet cable.

Disable your antispyware and antivirus

Download NNuninstall to your desktop http://www.new.net/support/NNuninstall.exe

Run NNuninstall.exe file.
->It asks if you want to remove New.Net
->Click Yes.
->When it is done click OK.
->Restart your computer

Restart your antivirus
Plug your internet cable back.

Empty the recycle bin.

(IF you lost your internet connection during the new.net removal, doubleclik LSPFix.exe. Check "I know what I'm doing" option.You see two panels; If something is listed in "Remove" panel on the right side, leave it there and press "Finish>>". Then restart your computer and the connection should work. If nothing is listed in "Remove" panel, DO NOTHING, close LSPFix. Go to some different machine to get help. (This is just a precaution. Usually the internet connection stays ok ;) )



Then

Download Look2Me-Destroyer.exe to your desktop -> http://www.atribune.org/ccount/click.php?id=7
->Close all windows to continue.
->Run Look2Me-Destroyer.exe
->Check Run this program as a task.
->You'll get a message"Look2Me-Destroyer will close and re-open in approximately 1 minute". Click OK
->When it opens again, click Scan for L2M, shortcut will disappear but it is normal.
->When scanning is ready, Click Remove L2M.
->You'll get the meesage Done Scanning , clickOK.
->When you get this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
-> PC shutsdown.
->Restart it.



Run HijackThis and fix these entries (if found): (Do a system scan only, check entries, close all other windows, press Fix checked)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd8.exe
O4 - HKLM\..\Run: [0s0s0raw.dll] RUNDLL32.EXE 0s0s0raw.dll,b 622687
O4 - HKLM\..\Run: [susse] "C:\WINDOWS\system32\hpsw.exe"
O4 - HKLM\..\Run: [gimmygames] C:\windows\gimmygames.exe
O4 - HKLM\..\Run: [delqsrmA] C:\WINDOWS\delqsrmA.exe
O4 - HKLM\..\Run: [{8F-FA-A2-29-ZN}] C:\windows\system32\qjdsregn.exe CORN001
O4 - HKLM\..\Run: [Qyndy] C:\Program Files\Alhisf\Atdeptz.exe
O4 - HKLM\..\Run: [Windows Startup SVC] WINSVC32.EXE
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\qwinkrag.exe CORN001
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\qwinkrag.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxmk809DHUS
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCent...
O18 - Filter: text/html - {2F6E85DC-8D2D-4896-8A4F-7DF8A7B1749D} - C:\PROGRA~1\Jalmp\jalmp.dll
O23 - Service: OSdebug (Microsoft Regulator) - Unknown owner - C:\WINDOWS\msoevc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe


Then on the downright corner in HijackThis press config
->Misc Tools
->Delete NT service
->Copy this: Microsoft Regulator and paste it to the field
->Press OK

Again but
->Delete NT service
->Copy this: Network Monitor and paste it to the field
->Press OK


Restart your computer to the safe mode (Press F8 button when computer is starting and choose safe mode)

Make your hidden files visible:
->On the Tools menu in Windows Explorer, click Folder Options.
->Click the View tab.
->Under Hidden files and folders, click Show hidden files and folders.

Delete this folder if found:
C:\Program Files\-->Network Monitor
C:\Program Files\-->New.Net
C:\Program Files\-->NewDotNet
C:\PROGRA~1\-->Jalmp
C:\Program Files\-->Alhisf

Delete these files if found:
C:\windows\-->winsysupd8.exe
C:\WINDOWS\system32\-->hpsw.exe
C:\windows\-->gimmygames.exe
C:\WINDOWS\-->delqsrmA.exe
C:\windows\system32\-->qjdsregn.exe
C:\WINDOWS\system32\-->qwinkrag.exe
C:\WINDOWS\system32\-->dwdsregt.exe
C:\WINDOWS\-->msoevc.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\-->_iu14D2N.tmp


Use the Windows "search" function (make sure that you search from hidden files and folders and from system folders too)
Search for this and delete if found: 0s0s0raw.dll
Search for this and delete if found: WINSVC32.EXE


Empty the Recycle Bin

Make your hidden files invisible again:
->On the Tools menu in Windows Explorer, click Folder Options.
->Click the View tab.
->Under Hidden files and folders, click Do not show hidden files and folders.

Scan yor computer with Ewido and save the log file.

Restart your computer normally.

Post a fresh HijackThis log and Ewido's log and C:\Look2Me-Destroyer.txt to here so we can see if your computer is now clean.


[ + quote]
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.

This message has been edited since posting. Last time this message was edited on 17. March 2006 @ 20:46
-kemisti-
AfterDawn Addict
_ 		18. March 2006 @ 01:15 _ Link to this message    Send private message to this user   
BFU is also needed :)

Download bfu http://www.merijn.org/files/bfu.zip
and unzip it on desktop.
Start bfu.exe and click "web" like image below


Copy this line to "Download script"-window :
http://metallica.geekstogo.com/alcanshorty.bfu

Start script by clicking Execute.

If you have problems, see link below
http://metallica.geekstogo.com/BFUinstructions.html
[ + quote]
dirtydz
Suspended due to non-functional email address
_ 		18. March 2006 @ 09:02 _ Link to this message    Send private message to this user   
Hi, Hey thanks for the help!!! here is the ewido log


wido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 1:58:22 PM, 3/18/2006
+ Report-Checksum: EF137D69

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{39C78B50-7E98-4aa0-B007-D83114EA6E0F} -> Adware.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C5AF2622-8C75-4dfb-9693-23AB7686A456} -> Adware.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{39C78B50-7E98-4AA0-B007-D83114EA6E0F} -> Adware.Generic : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39C78B50-7E98-4aa0-B007-D83114EA6E0F} -> Adware.Generic : Cleaned with backup
HKU\.DEFAULT\Software\Effective-i -> Adware.EffectiveBrandToolbar : Cleaned with backup
HKU\.DEFAULT\Software\Effective-i\TheSearchAccelerator -> Adware.EffectiveBrandToolbar : Cleaned with backup
HKU\.DEFAULT\Software\Effective-i\TheSearchAccelerator\IE5 -> Adware.EffectiveBrandToolbar : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{39C78B50-7E98-4AA0-B007-D83114EA6E0F} -> Adware.Generic : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5AF2622-8C75-4DFB-9693-23AB7686A456} -> Adware.Generic : Cleaned with backup
HKU\S-1-5-21-1078081533-602609370-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{39C78B50-7E98-4AA0-B007-D83114EA6E0F} -> Adware.Generic : Cleaned with backup
HKU\S-1-5-18\Software\Effective-i -> Adware.EffectiveBrandToolbar : Cleaned with backup
HKU\S-1-5-18\Software\Effective-i\TheSearchAccelerator -> Adware.EffectiveBrandToolbar : Cleaned with backup
HKU\S-1-5-18\Software\Effective-i\TheSearchAccelerator\IE5 -> Adware.EffectiveBrandToolbar : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{39C78B50-7E98-4AA0-B007-D83114EA6E0F} -> Adware.Generic : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5AF2622-8C75-4DFB-9693-23AB7686A456} -> Adware.Generic : Cleaned with backup
C:\2464.exe -> Downloader.Adload.t : Cleaned with backup
C:\34264.exe -> Backdoor.Wisdoor.ao : Cleaned with backup
C:\4634.exe -> Downloader.Adload.r : Cleaned with backup
C:\46x2.exe -> Downloader.Adload.t : Cleaned with backup
C:\adef.exe -> Downloader.Adload.j : Cleaned with backup
C:\cygwid.exe -> Downloader.Small.bmx : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\VCOM\Fix-It\Quarantine\624789.exe -> Downloader.Adload.o : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\VCOM\Fix-It\Quarantine\A0000002.exe -> Downloader.Adload.o : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\VCOM\Fix-It\Quarantine\A0000770.exe -> Downloader.Adload.o : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\VCOM\Fix-It\Quarantine\A0000810.exe -> Downloader.Adload.o : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\VCOM\Fix-It\Quarantine\A0000831.exe -> Downloader.Adload.o : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\VCOM\Fix-It\Quarantine\A0000843.exe -> Downloader.Adload.o : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\VCOM\Fix-It\Quarantine\A0001178.exe -> Downloader.VB.wr : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\VCOM\Fix-It\Quarantine\A0001192.exe -> Downloader.VB.wr : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\VCOM\Fix-It\Quarantine\A0001212.exe -> Downloader.VB.wr : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\VCOM\Fix-It\Quarantine\A0001232.exe -> Downloader.VB.wr : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\VCOM\Fix-It\Quarantine\A0002231.exe -> Downloader.VB.wr : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\VCOM\Fix-It\Quarantine\A0002242.exe -> Downloader.VB.wr : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\VCOM\Fix-It\Quarantine\A0002259.exe -> Downloader.VB.wr : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\VCOM\Fix-It\Quarantine\A0002281.exe -> Downloader.VB.wr : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\VCOM\Fix-It\Quarantine\A0003280.exe -> Downloader.VB.wr : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\VCOM\Fix-It\Quarantine\A0005279.exe -> Downloader.VB.wr : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\VCOM\Fix-It\Quarantine\asde5ycxafhj.exe -> Downloader.Adload.o : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\VCOM\Fix-It\Quarantine\docs.exe -> Downloader.Adload.o : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\VCOM\Fix-It\Quarantine\gimmygames.exe.QUAR00 -> Downloader.VB.wd : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\VCOM\Fix-It\Quarantine\gimmygames[1].exe -> Downloader.VB.wd : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\VCOM\Fix-It\Quarantine\vsslne.exe -> Logger.VB.eh : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\VCOM\Fix-It\Quarantine\winsysban8.exe -> Hijacker.VB.lg : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\VCOM\Fix-It\Quarantine\winsysban8[1].exe -> Hijacker.VB.lg : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\VCOM\Fix-It\Quarantine\winsysupd7.exe -> Downloader.VB.wg : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\VCOM\Fix-It\Quarantine\winsysupd7[1].exe -> Downloader.VB.wg : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\VCOM\Fix-It\Quarantine\winsysupd8.exe -> Hijacker.StartPage.ahg : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\VCOM\Fix-It\Quarantine\winsysupd8[1].exe -> Hijacker.StartPage.ahg : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@banners.searchingbooth[1].txt -> TrackingCookie.Searchingbooth : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@bfast[2].txt -> TrackingCookie.Bfast : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@c.goclick[2].txt -> TrackingCookie.Goclick : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@clickbank[2].txt -> TrackingCookie.Clickbank : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@counter.hitslink[2].txt -> TrackingCookie.Hitslink : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@data1.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@h.starware[2].txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@media.fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@qksrv[1].txt -> TrackingCookie.Qksrv : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@revenue[2].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@sel.as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@targetnet[1].txt -> TrackingCookie.Targetnet : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@www.epilot[1].txt -> TrackingCookie.Epilot : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CP2FSTIJ\eas[1].exe -> Downloader.Adload.t : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CP2FSTIJ\eas[2].exe -> Downloader.Adload.t : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CP2FSTIJ\k1s9q[1].jpg -> Downloader.Adload.t : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GHQRODYV\77pyha[1].jpg -> Backdoor.Wisdoor.ao : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GHQRODYV\actb2m[1].jpg -> Downloader.Adload.o : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GHUJ8XAZ\!update-3195[1].0000 -> Downloader.PurityScan.be : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GHUJ8XAZ\77p6ov[1].jpg -> Downloader.Adload.t : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GHUJ8XAZ\eas[1].exe -> Downloader.Adload.t : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GHUJ8XAZ\sjq3lg[1].jpg -> Downloader.Adload.r : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GHUJ8XAZ\sjq3lg[2].jpg -> Downloader.Adload.r : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\KPE3ODAZ\1ckwl[1].jpg -> Downloader.Adload.o : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\KPE3ODAZ\drsmartload[1].exe -> Downloader.VB.ya : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\KPE3ODAZ\sjq3lg[1].jpg -> Downloader.Adload.r : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@microsoftwga.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@paypopup[1].txt -> TrackingCookie.Paypopup : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@pro-market[2].txt -> TrackingCookie.Pro-market : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\backups\backup-20060317-234233-331.dll -> Adware.Suggestor : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@as-eu.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@as1.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@bfast[1].txt -> TrackingCookie.Bfast : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@citi.bridgetrack[1].txt -> TrackingCookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@clickbank[1].txt -> TrackingCookie.Clickbank : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@entrepreneur.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@media.fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@overture[2].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@pro-market[2].txt -> TrackingCookie.Pro-market : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@revenue[2].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@twci.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\05UR8T6N\AppWrap[1].exe -> Adware.AdURL : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\KFGZ8FI7\AppWrap[1].exe -> Adware.AdURL : Cleaned with backup
C:\dox.exe -> Downloader.Adload.j : Cleaned with backup
C:\NNSCAA638.EXE -> Adware.NewDotNet : Cleaned with backup
C:\Program Files\Yazzle Sudoku\Sudoku.exe -> Dropper.VB.kk : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP14\A0002278.exe -> Downloader.Adload.r : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP14\A0003279.exe -> Downloader.Adload.r : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP15\A0004270.exe -> Downloader.VB.tw : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP15\A0005278.exe -> Downloader.Adload.r : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP17\A0005317.exe -> Downloader.Adload.r : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP17\A0005318.exe -> Downloader.VB.xg : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP19\A0005326.exe -> Downloader.VB.tw : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP20\A0005337.exe -> Downloader.Adload.u : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP21\A0005358.exe -> Downloader.Adload.t : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP21\A0005359.exe -> Downloader.Adload.u : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP21\A0005375.exe -> Downloader.Adload.t : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP21\A0005376.exe -> Downloader.Adload.u : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP21\A0005377.exe -> Adware.AdURL : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP21\A0005389.exe -> Downloader.Adload.t : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP21\A0005390.exe -> Downloader.Adload.u : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP21\A0005402.exe -> Downloader.Adload.t : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP21\A0005403.exe -> Downloader.Adload.u : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP22\A0005422.exe -> Downloader.Adload.t : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP22\A0005423.exe -> Downloader.Adload.u : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP23\A0005437.exe -> Downloader.Adload.t : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP23\A0005438.exe -> Downloader.Adload.u : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP23\A0005453.exe -> Downloader.Adload.t : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP23\A0005454.exe -> Downloader.Adload.u : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP23\A0005467.exe -> Downloader.Adload.u : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP24\A0005472.exe -> Downloader.Adload.u : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP26\A0005484.exe -> Downloader.Adload.t : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP26\A0005485.exe -> Downloader.Adload.u : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP26\A0005499.exe -> Downloader.Adload.t : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP26\A0005500.exe -> Downloader.VB.ya : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP26\A0005513.exe -> Downloader.Adload.t : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP26\A0005516.exe -> Downloader.VB.ya : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP27\A0006515.exe -> Downloader.Adload.t : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP27\A0006516.exe -> Downloader.VB.ya : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP27\A0006528.exe -> Downloader.VB.ya : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP27\A0006541.exe -> Downloader.VB.ya : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP29\A0006628.exe -> Downloader.VB.ya : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP29\A0006650.exe -> Downloader.VB.ya : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP30\A0006700.exe -> Downloader.VB.ya : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP30\A0006737.exe -> Downloader.VB.ya : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP32\A0007503.EXE -> Backdoor.Wisdoor.ao : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP32\A0007504.exe -> Backdoor.Wisdoor.ao : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP32\A0007505.exe -> Downloader.Adload.t : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP32\A0007511.exe -> Downloader.Adload.t : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP32\A0007545.exe -> Downloader.VB.tw : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP34\A0007884.exe -> Downloader.VB.nw : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP34\A0007885.dll -> Adware.Ucmore : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP34\A0007888.dll -> Adware.Ucmore : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP34\A0007893.dll -> Adware.E2Give : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP34\A0007894.exe -> Downloader.PurityScan.be : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP36\A0008973.exe -> Downloader.Adload.j : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP36\A0011048.dll -> Adware.Suggestor : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP36\A0011132.dll -> Adware.Suggestor : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP36\A0011191.dll -> Adware.Suggestor : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP36\A0011213.exe -> Adware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP36\A0011214.exe -> Adware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP36\A0011217.dll -> Adware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP36\A0011268.exe -> Adware.ZenoSearch : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP36\A0011271.exe -> Adware.Suggestor : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP36\A0011272.exe -> Adware.ZenoSearch : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP36\A0011274.exe -> Adware.ZenoSearch : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP36\A0011277.exe -> Downloader.VB.tw : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP36\A0011278.EXE -> Backdoor.Wisdoor.ao : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP36\A0011279.exe -> Trojan.VB.tg : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP36\A0011280.exe -> Trojan.Runner.h : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP36\A0011283.dll -> Adware.Suggestor : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP36\A0011284.exe -> Adware.Suggestor : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP36\A0011285.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP37\A0011295.exe -> Backdoor.SdBot.xd : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP5\A0000915.exe -> Downloader.VB.wj : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP6\A0000955.exe -> Downloader.VB.wj : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP8\A0001143.exe -> Downloader.VB.wj : Cleaned with backup
C:\System Volume Information\_restore{989A6D1C-C999-40B2-AB4F-1028B3F92AC2}\RP8\A0001156.exe -> Downloader.VB.wj : Cleaned with backup
C:\WINDOWS\NDNuninstall6_38.exe -> Adware.NewDotNet : Cleaned with backup
C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup
C:\WINDOWS\system32\irhbgyfu.dll -> Adware.PurityScan : Cleaned with backup
C:\WINDOWS\system32\owinosap.exe -> Adware.ZenoSearch : Cleaned with backup
C:\WINDOWS\system32\pi1_58.exe -> Downloader.Small.bue : Cleaned with backup
C:\WINDOWS\system32\rndsrego.exe -> Adware.ZenoSearch : Cleaned with backup
C:\WINDOWS\Temp\!update.exe -> Downloader.PurityScan.be : Cleaned with backup
C:\WINDOWS\Temp\Cookies\owner@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\WINDOWS\Temp\Cookies\owner@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\WINDOWS\Temp\Cookies\owner@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned with backup
C:\WINDOWS\Temp\Cookies\owner@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned with backup
C:\WINDOWS\Temp\Cookies\owner@ads.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : Cleaned with backup
C:\WINDOWS\Temp\Cookies\owner@ads1.revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\WINDOWS\Temp\Cookies\owner@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\WINDOWS\Temp\Cookies\owner@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\WINDOWS\Temp\Cookies\owner@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\WINDOWS\Temp\Cookies\owner@as1.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\WINDOWS\Temp\Cookies\owner@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\WINDOWS\Temp\Cookies\owner@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\WINDOWS\Temp\Cookies\owner@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup
C:\WINDOWS\Temp\Cookies\owner@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\WINDOWS\Temp\Cookies\owner@clickbank[1].txt -> TrackingCookie.Clickbank : Cleaned with backup
C:\WINDOWS\Temp\Cookies\owner@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\WINDOWS\Temp\Cookies\owner@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\WINDOWS\Temp\Cookies\owner@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned with backup
C:\WINDOWS\Temp\Cookies\owner@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\WINDOWS\Temp\Cookies\owner@hypertracker[1].txt -> TrackingCookie.Hypertracker : Cleaned with backup
C:\WINDOWS\Temp\Cookies\owner@media.fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\WINDOWS\Temp\Cookies\owner@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\WINDOWS\Temp\Cookies\owner@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\WINDOWS\Temp\Cookies\owner@paypopup[1].txt -> TrackingCookie.Paypopup : Cleaned with backup
C:\WINDOWS\Temp\Cookies\owner@qksrv[1].txt -> TrackingCookie.Qksrv : Cleaned with backup
C:\WINDOWS\Temp\Cookies\owner@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\WINDOWS\Temp\Cookies\owner@revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\WINDOWS\Temp\Cookies\owner@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\WINDOWS\Temp\Cookies\owner@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\WINDOWS\Temp\Cookies\owner@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned with backup
C:\WINDOWS\Temp\Cookies\owner@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\WINDOWS\Temp\Cookies\owner@targetnet[2].txt -> TrackingCookie.Targetnet : Cleaned with backup
C:\WINDOWS\Temp\Cookies\owner@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\WINDOWS\Temp\Cookies\owner@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\WINDOWS\Temp\Cookies\owner@valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned with backup
C:\WINDOWS\Temp\Cookies\owner@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\WINDOWS\Temp\Cookies\owner@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup
C:\WINDOWS\Temp\Cookies\owner@zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\WINDOWS\Temp\E1B2D.tmp/titno.exe -> Adware.MDH : Cleaned with backup
C:\WINDOWS\Temp\nein.exe -> Downloader.Small.bgl : Cleaned with backup
C:\WINDOWS\unin101.exe -> Trojan.VB.tg : Cleaned with backup
C:\WINDOWS\uni_eh.exe -> Trojan.VB.tg : Cleaned with backup
C:\WINDOWS\winsysban4.exe -> Hijacker.VB.kc : Cleaned with backup
C:\WINDOWS\winsysupd4.exe -> Hijacker.StartPage.ahg : Cleaned with backup
C:\ZICORN001.exe -> Adware.ZenoSearch : Cleaned with backup


::Report End


Hijack this log

Logfile of HijackThis v1.99.1
Scan saved at 1:58:55 PM, on 3/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Common Files\AOL\1126566416\ee\AOLHostManager.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Common Files\AOL\1126566416\ee\AOLServiceHost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1126566416\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://download.windowsupdate.com
O15 - Trusted Zone: http://*.windowsupdate.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{314EACA8-55E3-48DB-9020-E82E0878F749}: NameServer = 69.72.74.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{314EACA8-55E3-48DB-9020-E82E0878F749}: NameServer = 69.72.74.3
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: OSdebug (Microsoft Regulator) - Unknown owner - C:\WINDOWS\msoevc.exe (file missing)
[ + quote]
Advertisement
_ 		__
 
_
JaPK
Senior Member
_ 		18. March 2006 @ 09:16 _ Link to this message    Send private message to this user   
Ok very good, you are almost clean....

You don't have a firewall on your computer. Download and install one firewall.

These are good (free) firewalls:
ZoneAlarm --> http://www.zonelabs.com
Kerio--> http://www.sunbelt-software.com/Kerio.cfm
Outpost-> http://www.agnitum.com


Do this:
Fix this entry with HijackThis:

O23 - Service: OSdebug (Microsoft Regulator) - Unknown owner - C:\WINDOWS\msoevc.exe (file missing)


Then on the downright corner in HijackThis press config
->Misc Tools
->Delete NT service
->Copy this: OSdebug and paste it to the field
->Press OK

Restart your computer to the safe mode (Press F8 button when computer is starting and choose safe mode)

Make your hidden files visible:
->On the Tools menu in Windows Explorer, click Folder Options.
->Click the View tab.
->Under Hidden files and folders, click Show hidden files and folders.

Delete this file if found:
C:\WINDOWS\-->msoevc.exe


Empty the Recycle Bin

Make your hidden files invisible again:
->On the Tools menu in Windows Explorer, click Folder Options.
->Click the View tab.
->Under Hidden files and folders, click Do not show hidden files and folders.

Restart your computer normally.

Post a new HijackThis log.
[ + quote]
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.

This message has been edited since posting. Last time this message was edited on 18. March 2006 @ 09:19
Related links
Download the latest version of HijackThis now!
 
Related forum topics Posts Last post Forum room
Findgala. Sticked Failed. HJT Log 8 21. August 2013 Windows - Virus and spyware problems
Pls check my HJT - is it heathy now? 4 14. February 2012 Windows - Virus and spyware problems
Laptop freezes and need re boot. HJT help needed 6 13. February 2012 Windows - Virus and spyware problems
Hi! Can someone take a look at a HJT log please, nasty virus! 1 27. January 2012 Windows - Virus and spyware problems
HJT..... Assist Please 15 31. December 2011 Windows - Virus and spyware problems
Redirections, other random things, HJT log 2 23. May 2011 Windows - Virus and spyware problems
System slow on startup and running loud - HJT log 3 11. May 2011 Windows - Virus and spyware problems
Slow and lagging computer -HJT log 4 30. March 2011 Windows - Virus and spyware problems
computer actin up a lil (HJT log) 3 24. February 2011 Windows - Virus and spyware problems
HJT log, please check 1 24. January 2011 Windows - Virus and spyware problems

 
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > hjt log need help
 

Digital video: AfterDawn.com | AfterDawn Forums
Music: MP3Lizard.com
Gaming: Blasteroids.com | Blasteroids Forums | Compare game prices
Software: Software downloads
Blogs: User profile pages
RSS feeds: AfterDawn.com News | Software updates | AfterDawn Forums
International: AfterDawn in Finnish | AfterDawn in Swedish | AfterDawn in Norwegian | download.fi
Navigate: Search | Site map
About us: About AfterDawn Ltd | Advertise on our sites | Rules, Restrictions, Legal disclaimer & Privacy policy
Contact us: Send feedback | Contact our media sales team
 
  © 1999-2024 by AfterDawn Ltd.

  IDG TechNetwork