Mobile/PDA About Us Advertise here
User User name Password  
  Not registered yet? Register here.
Lost your password? Click here. 		 
  Home   News   Guides   Downloads   Glossary   Hardware   Profiles   Forums   v4  
 Advertise at AfterDawn.com     Link to us!     Private messages     Compose a private message     List of all updated threads     Threads without replies     Search messages
Thursday 28.11.2024 / 14:24
Search AfterDawn Forums:        In English   Suomeksi   På svenska
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > viruses
Show topics
 
Forums
Forums
Viruses
  Jump to:
 
Posted Message
zealotry
Account closed as per user's own request
_ 		29. June 2006 @ 05:15 _ Link to this message    Send private message to this user   
Well my computer is extremely slow and doesnt respond most of the time. Also theres alot of popups. If anyone can help, it would be appreciated.

Heres the HijackThis log:



Logfile of HijackThis v1.99.1
Scan saved at 8:20:28 am, on 6.29.06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\VGhlIExlIER5bmFzdHk\command.exe
C:\Program Files\Web Forum & FileSharing Server\installservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\windows\system32\qndsregs.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\WINDOWS\system32\ycrck.exe
C:\WINDOWS\system32\ycrck.exe
C:\WINDOWS\system32\ycrck.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\NOTEPAD.EXE
C:\Documents and Settings\The Le Dynasty\Desktop\hijackthis\HijackThis.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.searchtraffic.com/search.php3?l=protect1&term=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.accoona.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.the-exit.com/search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr6/...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.accoona.com/search?q=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Exploder
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = actsvr.comcastonline.com:8100
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = actsvr.comcastonline.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\ycrck.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe,jwygucd.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [defender] C:\\dfndrc_2.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdc_2.exe
O4 - HKLM\..\Run: [newname] C:\\nwnmc_2.exe
O4 - HKLM\..\Run: [{AD-DB-B6-6B-ZN}] C:\windows\system32\qndsregs.exe GID003
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\twinorez.exe GID003
O4 - HKLM\..\Run: [ACTX1] C:\WINDOWS\v1201.exe
O4 - HKLM\..\Run: [evtabtsA] C:\WINDOWS\evtabtsA.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AntiTracks] C:\Program Files\Anti Tracks\AntiTracks.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [scvhost] "C:\WINDOWS\SYSTEM32\sysprocs\OverSpy.exe" minimized
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\SYSTEM32\twinorez.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: bamyq.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZRxdm185XXUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no file)
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll
O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - (no file)
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra button: Microsoft® JavaScript® Console - {AB9F9408-A3F2-49C3-BF4D-B209BEDE4934} - C:\WINDOWS\system32\COMDLG32.OCX
O9 - Extra 'Tools' menuitem: JavaScript Console - {AB9F9408-A3F2-49C3-BF4D-B209BEDE4934} - C:\WINDOWS\system32\COMDLG32.OCX
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no file) (HKCU)
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - (no file) (HKCU)
O9 - Extra button: Microsoft® JavaScript® Console - {AB9F9408-A3F2-49C3-BF4D-B209BEDE4934} - C:\WINDOWS\system32\COMDLG32.OCX (HKCU)
O9 - Extra 'Tools' menuitem: JavaScript Console - {AB9F9408-A3F2-49C3-BF4D-B209BEDE4934} - C:\WINDOWS\system32\COMDLG32.OCX (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O10 - Hijacked Internet access by New.Net
O10 - Broken Internet access because of LSP provider 'xfire_lsp.dll' missing
O15 - Trusted Zone: *.elitemediagroup.net
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x8...
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/...
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} - http://secure2.comned.com/signuptemplates/securelogin-devel.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} - http://filelodge.bolt.com/ImageUploader3.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,19/m...
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: repairs303169590.dll
O20 - Winlogon Notify: DateTime - C:\WINDOWS\system32\l48mlel11hq.dll
O20 - Winlogon Notify: MCPClient - C:\Program Files\Common Files\Stardock\mcpstub.dll
O20 - Winlogon Notify: mnsvcsp - mnsvcsp.dll (file missing)
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\VGhlIExlIER5bmFzdHk\command.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SSLHTTPServer (SSLHTTP) - Unknown owner - C:\Program Files\Web Forum & FileSharing Server\installservice.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\evtabts.exe
O23 - Service: WUSB54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv4.exe (file missing)
[ + quote]
Advertisement
_ 		__
zealotry
Account closed as per user's own request
_ 		29. June 2006 @ 10:29 _ Link to this message    Send private message to this user   
Can anyone help me out? Sorry for bumpin alittle bit.
[ + quote]
tapiiri
Senior Member
_ 		29. June 2006 @ 11:45 _ Link to this message    Send private message to this user   
Hi zealotry,

Remove via add/remove appöication

New.net or similar name
SurfSideKick

Boot comp and send a fresh log.

There are several lurks in your comp and we'll remove they later.
[ + quote]
Jaa- ei tuollaasia spämmäreitä ookkaa -> tapiiri

http://www.virustorjunta.net/index.php
zealotry
Account closed as per user's own request
_ 		29. June 2006 @ 20:38 _ Link to this message    Send private message to this user   
Ok I have done what you have told me to.
-I've uninstalled new.net and surfsidekick then it told me I had to reboot so I did.
-After that I went to advance uninstaller and it showed an application called Web Nexus Network or something like that. I uninstalled that and it told me to reboot so I did. After that I tried to log in but well all there was on the screen was black. I was able to go into the taskbar so I did and logged into the guest user. The computer isn't as messed up anymore other then the black screen on my regular user but here is some weird stuff that popped up when I logged in, im not sure if its any use though.

-URLBrowserNew
Run Time Error '91'
Object variable or With Block variable not set

-RunDLL
Error Loading C:/WINDOWS/system32/cmrtmgr.dll
A dynamic link library (DLL) initialization routine failed

-RunDLL
Error Loading C:/WINDOWS/system32.Guard.tmp
A dynamic link library (DLL) initialization routine failed



-Heres an update on the HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 11:37:37 PM, on 6/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\windows\system32\qndsregs.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\cfg32.exe
C:\WINDOWS\cfg32a.exe
c:\progra~1\common~1\instal~1\update~1\isuspm.exe
C:\WINDOWS\explorer.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr6/...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://gunbound.softnyx.net/03_how/01_download.asp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\ycrck.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe,jwygucd.exe
O3 - Toolbar: Search - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\WINDOWS\cfg32s.dll
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [defender] C:\\dfndrc_2.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdc_2.exe
O4 - HKLM\..\Run: [newname] C:\\nwnmb_2.exe
O4 - HKLM\..\Run: [{AD-DB-B6-6B-ZN}] C:\windows\system32\qndsregs.exe GID003
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\SYSTEM32\twinorag.exe GID003
O4 - HKLM\..\Run: [ACTX1] C:\WINDOWS\v1201.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [Configuration Manager] C:\WINDOWS\cfg32.exe
O4 - HKLM\..\Run: [oxe8db27] RUNDLL32.EXE w0058fc4.dll,n 0018db26000000030058fc4
O4 - HKLM\..\Run: [w0070731.dll] RUNDLL32.EXE w0070731.dll,I2 0018db2600070731
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\SYSTEM32\twinorag.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no file)
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - (no file)
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra button: Microsoft® JavaScript® Console - {AB9F9408-A3F2-49C3-BF4D-B209BEDE4934} - C:\WINDOWS\system32\COMDLG32.OCX
O9 - Extra 'Tools' menuitem: JavaScript Console - {AB9F9408-A3F2-49C3-BF4D-B209BEDE4934} - C:\WINDOWS\system32\COMDLG32.OCX
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O10 - Broken Internet access because of LSP provider 'xfire_lsp.dll' missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x8...
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/...
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} - http://secure2.comned.com/signuptemplates/securelogin-devel.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} - http://filelodge.bolt.com/ImageUploader3.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,19/m...
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: MCPClient - C:\Program Files\Common Files\Stardock\mcpstub.dll
O20 - Winlogon Notify: mnsvcsp - mnsvcsp.dll (file missing)
O20 - Winlogon Notify: ShellServiceObjectDelayLoad - C:\WINDOWS\system32\fnj0211mg.dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\VGhlIExlIER5bmFzdHk\command.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SSLHTTPServer (SSLHTTP) - Unknown owner - C:\Program Files\Web Forum & FileSharing Server\installservice.exe
O23 - Service: WUSB54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv4.exe (file missing)
[ + quote]
zealotry
Account closed as per user's own request
_ 		29. June 2006 @ 20:52 _ Link to this message    Send private message to this user   
Well this sucks, I no longer am able to get into my admin user account.
[ + quote]
tapiiri
Senior Member
_ 		29. June 2006 @ 21:04 _ Link to this message    Send private message to this user   
Hi zealotry,
That webnexus is Qoologic virus. we remove that later. First we have to remove Look2me, then you get rights back :)

We'll start te cleaning with this:


Download Look2Me-Destroyer -> http://www.atribune.org/ccount/click.php?id=7 and save it on desktop

IMPORTANT: Before continuing, you MUST do the following:

->Print this or save as a textfile
->Click start -> run -> services.msc -> ok
->Check that this service is running or its startuptype is automatic
Secondary logon
->Disconnect from internet (unplug your network cable)
->Close ALL antivirus programs (this is essential!)
->Close all windows before continuing.
->Double-click Look2Me-Destroyer.exe to run it.
->Put a check next to Run this program as a task.
->You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK
->When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
->Once it's done scanning, click the Remove L2M button.
->You will receive a Done Scanning message, click OK.
->When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
->Your computer will then shutdown.
->Turn your computer back on.
->Please post the contents of C:\Look2Me-Destroyer.txt

If you receive a message from your firewall about this program accessing the internet please allow it.

If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.
http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX

So post the contents of C:\Look2Me-Destroyer.txt and a new HijackThis log to here.

Then we'll continue the cleaning, you're not clean yet!
[ + quote]
Jaa- ei tuollaasia spämmäreitä ookkaa -> tapiiri

http://www.virustorjunta.net/index.php
zealotry
Account closed as per user's own request
_ 		29. June 2006 @ 21:14 _ Link to this message    Send private message to this user   
It says access denied on the services.msc
[ + quote]
zealotry
Account closed as per user's own request
_ 		29. June 2006 @ 22:32 _ Link to this message    Send private message to this user   
Well..I tried to run services.msc and it said error 5 access denied window. Then showed a Window with services to the left but nothing else on the right. Later I disconnected my internet, turned off ClamWin my antivirus and im sure its the only one I have, after that I closed off all the windows and turned on the look2me-destroyer.exe and checked off "Run this program as a task". After that I waited for at least a good 5minutes and nothing happened so I tried again. Nothing has been happening. I restarted and tried again but no luck.
[ + quote]
tapiiri
Senior Member
_ 		30. June 2006 @ 03:26 _ Link to this message    Send private message to this user   
Allright, Download F-secure

http://www.f-secure.com/sw-desc/look2me.shtml

Follow instructions.

Try after run look2medestroyer.


[ + quote]
Jaa- ei tuollaasia spämmäreitä ookkaa -> tapiiri

http://www.virustorjunta.net/index.php
zealotry
Account closed as per user's own request
_ 		30. June 2006 @ 05:51 _ Link to this message    Send private message to this user   
Woot yes! Well I was able to run F-secure off from the taskbar manager of the administrator and now I have admin rights back(Thanks alot).

-Heres an update of a HijackThis log:


Logfile of HijackThis v1.99.1
Scan saved at 8:59:52 am, on 6.30.06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\VGhlIExlIER5bmFzdHk\command.exe
C:\Program Files\Network Monitor\netmon.exe
C:\Program Files\Web Forum & FileSharing Server\installservice.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\dfndrc_2.exe
C:\windows\system32\qndsregs.exe
c:\dfndrb_3.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.searchtraffic.com/search.php3?l=protect1&term=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.the-exit.com/search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr6/...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.accoona.com/search?q=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Exploder
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = actsvr.comcastonline.com:8100
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = actsvr.comcastonline.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\ycrck.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe,jwygucd.exe
O3 - Toolbar: Search - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\WINDOWS\cfg32s.dll
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [defender] c:\\dfndrb_3.exe
O4 - HKLM\..\Run: [keyboard] c:\\kybrdb_3.exe
O4 - HKLM\..\Run: [newname] c:\\nwnmb_3.exe
O4 - HKLM\..\Run: [{AD-DB-B6-6B-ZN}] C:\windows\system32\qndsregs.exe GID003
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\twinorez.exe GID003
O4 - HKLM\..\Run: [ACTX1] C:\WINDOWS\v1201.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [Configuration Manager] C:\WINDOWS\cfg32.exe
O4 - HKLM\..\Run: [oxe8db27] RUNDLL32.EXE w0058fc4.dll,n 0018db26000000030058fc4
O4 - HKLM\..\Run: [w0070731.dll] RUNDLL32.EXE w0070731.dll,I2 0018db2600070731
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AntiTracks] C:\Program Files\Anti Tracks\AntiTracks.exe
O4 - HKCU\..\Run: [scvhost] "C:\WINDOWS\SYSTEM32\sysprocs\OverSpy.exe" minimized
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\SYSTEM32\twinorez.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZRxdm185XXUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no file)
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - (no file)
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra button: Microsoft® JavaScript® Console - {AB9F9408-A3F2-49C3-BF4D-B209BEDE4934} - C:\WINDOWS\system32\COMDLG32.OCX
O9 - Extra 'Tools' menuitem: JavaScript Console - {AB9F9408-A3F2-49C3-BF4D-B209BEDE4934} - C:\WINDOWS\system32\COMDLG32.OCX
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no file) (HKCU)
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - (no file) (HKCU)
O9 - Extra button: Microsoft® JavaScript® Console - {AB9F9408-A3F2-49C3-BF4D-B209BEDE4934} - C:\WINDOWS\system32\COMDLG32.OCX (HKCU)
O9 - Extra 'Tools' menuitem: JavaScript Console - {AB9F9408-A3F2-49C3-BF4D-B209BEDE4934} - C:\WINDOWS\system32\COMDLG32.OCX (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O10 - Hijacked Internet access by New.Net
O10 - Broken Internet access because of LSP provider 'xfire_lsp.dll' missing
O15 - Trusted Zone: *.elitemediagroup.net
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x8...
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/...
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} - http://secure2.comned.com/signuptemplates/securelogin-devel.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} - http://filelodge.bolt.com/ImageUploader3.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,19/m...
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: MCPClient - C:\Program Files\Common Files\Stardock\mcpstub.dll
O20 - Winlogon Notify: mnsvcsp - mnsvcsp.dll (file missing)
O20 - Winlogon Notify: Telephony - C:\WINDOWS\system32\e202lcdo1f0c.dll (file missing)
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\VGhlIExlIER5bmFzdHk\command.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SSLHTTPServer (SSLHTTP) - Unknown owner - C:\Program Files\Web Forum & FileSharing Server\installservice.exe
O23 - Service: WUSB54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv4.exe (file missing)
[ + quote]
tapiiri
Senior Member
_ 		30. June 2006 @ 06:08 _ Link to this message    Send private message to this user   
Download and install Ewido Anti-Spyware 4.0 -> http://www.ewido.net/en/download/

-> Open Ewido Anti-Spyware
-> Click the Update icon at the top of the window
-> Click the Start update button
-> Wait for the update to download and install
-> Quit the program, we'll use this later.


Download Brute Force Uninstaller to your desktop.
http://www.merijn.org/files/bfu.zip

Right click the file on your Desktop, and choose Extract All.
Click Next.
In the box to choose where to extract the files to:
Click Browse.
Click on the + sign next to My Computer
Click on Local Disk (C or whatever your primary drive is.
Click Make New Folder
Type in BFU
Click Next, and uncheck the Show Extracted Files box and then click Finish.


Download sidekickFix.bat -> right click on that link and choose save as -> http://downloads.subratam.org/Lon/sidekickFix.bat <-


Place sidekickFix.bat in your C:\BFU - folder. (Important!)
Close all browsers and explorer folders.
Double-click on sidekickFix.bat
Click Yes and follow the prompts, when prompted to restart the PC please do so.


Step

RIGHT-CLICK HERE -> http://metallica.geekstogo.com/alcanshorty.bfu <- and choose "Save As" (in IE it's "Save Target As")
save as text "Alcra PLUS" Remover.
Save it in the same folder you made earlier (c:\BFU).
If it was saved as alcanshorty.bfu.txt rename to alcanshorty.bfu
Do not do anything with these yet!


Download qoofix.bat
http://downloads.subratam.org/Lon/qooFix.bat
(rightclick on link above and choose save as, if using IE save target as)
Place qoofix.bat in your C:\BFU - folder. (Important!)
Doubleclick qooFix.bat, Close all browsers and explorer folders.
Choose option 1 (Qoolfix autofix) and follow the prompts.
Please be patient, it will take about five minutes.



Restart your computer to the safemode -> http://www.pchell.com/support/safemode.shtml

Go to C:\BFU and start the Brute Force Uninstaller by doubleclicking BFU.exe
Behind the scriptline to execute field click the folder icon http://metallica.geekstogo.com/foldericon.png and select alcanshorty.bfu
Press Execute and let the program do it?s job. (You ought to see a progress bar if you did this correctly.)
Wait for the complete script execution box to pop up and press OK.
Press exit to terminate the BFU program.

Still in safe mode:

-> Open Ewido Anti-Spyware
-> Click the Scanner icon at the top of the window
-> Click the Settings tab then select Recommended Options and choose Quarantine
-> Click the Scan tab
-> Select Complete System Scan. The scanning begins.
-> When the scan has completed, click on the Save Scan Report button and save the scan to your Desktop.
-> Copy and paste the scan results into your next post

Send a fresh hijack log too .




[ + quote]
Jaa- ei tuollaasia spämmäreitä ookkaa -> tapiiri

http://www.virustorjunta.net/index.php
zealotry
Account closed as per user's own request
_ 		30. June 2006 @ 09:47 _ Link to this message    Send private message to this user   
Ok done everything and seems more stable now.

-Should I delete those viruses and adware from the computer or keep it quarantine for now?

Logfile of HijackThis v1.99.1
Scan saved at 12:44:28 pm, on 6.30.06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =

http://www.searchtraffic.com/search.php3?l=protect1&term=
R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Default_Search_URL =

http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search

Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search

Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start

Page = http://www.myspace.com/
R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,SearchURL = http://www.the-exit.com/search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search

Bar =

http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*ht

tp://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search

Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start

Page =

http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr6/*h

ttp://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet

Explorer\Search,SearchAssistant =

http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,

(Default) = http://www.accoona.com/search?q=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start

Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window

Title = Exploder
R1 -

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,ProxyServer = actsvr.comcastonline.com:8100
R1 -

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,ProxyOverride = actsvr.comcastonline.com
R0 - HKCU\Software\Microsoft\Internet

Explorer\Toolbar,LinksFolderName =
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-

ABCD-8D32436323D9} - C:\WINDOWS\cfg32p.dll
O2 - BHO: CFG32S - {7564B020-44E8-4c9b-A887-

C6EC41AC67DA} - C:\WINDOWS\cfg32r.dll
O2 - BHO: (no name) - {AE40EBA0-2D49-48C9-BA8D-

E9F046240F5F} - (no file)
O2 - BHO: Scaggy Insert - {C68AE9C0-0909-4DDC-B661-

C1AFB9F59898} - C:\WINDOWS\cfg32o.dll
O3 - Toolbar: Search - {669695BC-A811-4A9D-8CDF-

BA8C795F261C} - C:\WINDOWS\cfg32s.dll
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1

\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32

\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1

\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common

Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program

Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ClamWin] "C:\Program

Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ACTX1] C:\WINDOWS\v1201.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1

\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [oxe8db27] RUNDLL32.EXE

w0058fc4.dll,n 0018db26000000030058fc4
O4 - HKLM\..\Run: [w0070731.dll] RUNDLL32.EXE

w0070731.dll,I2 0018db2600070731
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-

spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [PopUpStopperFreeEdition]

"C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32

\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN

Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AntiTracks] C:\Program Files\Anti

Tracks\AntiTracks.exe
O4 - HKCU\..\Run: [scvhost] "C:\WINDOWS\SYSTEM32

\sysprocs\OverSpy.exe" minimized
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common

Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk =

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program

Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet

Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet

Explorer\Control Panel present
O8 - Extra context menu item: &Search -

http://bar.mywebsearch.com/menusearch.html?

p=ZRxdm185XXUS
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5

-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-

4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB

-D8BC14BA0B89} - (no file)
O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-

EDC8E239AD5F} - (no file)
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-

705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-

9A1F-705087832AD6} - (no file)
O9 - Extra button: Microsoft® JavaScript® Console -

{AB9F9408-A3F2-49C3-BF4D-B209BEDE4934} -

C:\WINDOWS\system32\COMDLG32.OCX
O9 - Extra 'Tools' menuitem: JavaScript Console - {AB9F9408-

A3F2-49C3-BF4D-B209BEDE4934} -

C:\WINDOWS\system32\COMDLG32.OCX
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-

00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-

00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-

00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910

-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB

-D8BC14BA0B89} - (no file) (HKCU)
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-

9A5F3A62F683} - file://C:\Program

Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file

missing) (HKCU)
O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-

EDC8E239AD5F} - (no file) (HKCU)
O9 - Extra button: Microsoft® JavaScript® Console -

{AB9F9408-A3F2-49C3-BF4D-B209BEDE4934} -

C:\WINDOWS\system32\COMDLG32.OCX (HKCU)
O9 - Extra 'Tools' menuitem: JavaScript Console - {AB9F9408-

A3F2-49C3-BF4D-B209BEDE4934} -

C:\WINDOWS\system32\COMDLG32.OCX (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-

A198-B7D41EF1CB52} - C:\Program

Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O10 - Broken Internet access because of LSP provider

'c:\program files\newdotnet\newdotnet7_22.dll' missing
O15 - Trusted Zone: *.elitemediagroup.net
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700}

(Windows Genuine Advantage Validation Tool) -

http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}

(Symantec AntiVirus scanner) -

http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.ca

b
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8}

(Cult3D ActiveX Player) -

http://www.cult3d.com/download/cult.cab
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} -

http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}

(WUWebControl Class) -

http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/e

n/x86/client/wuweb_site.cab?1093065219046
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5}

(Symantec RuFSI Utility Class) -

http://security.symantec.com/sscv6/SharedContent/common/bin/ca

bsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}

(MUWebControl Class) -

http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86

/client/muweb_site.cab?1132454498734
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} -

http://secure2.comned.com/signuptemplates/securelogin-devel.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8}

- http://filelodge.bolt.com/ImageUploader3.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592}

-

http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.ca

b
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389}

(DwnldGroupMgr Class) -

http://download.mcafee.com/molbin/shared/mcgdmgr/en-

us/1,0,0,19/mcgdmgr.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} -

http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-

8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll"

(file missing)
O20 - Winlogon Notify: MCPClient - C:\Program Files\Common

Files\Stardock\mcpstub.dll
O20 - Winlogon Notify: mnsvcsp - mnsvcsp.dll (file missing)
O20 - Winlogon Notify: Telephony - C:\WINDOWS\system32

\e202lcdo1f0c.dll (file missing)
O20 - Winlogon Notify: WB - C:\PROGRA~1

\Stardock\OBJECT~1\WINDOW~1\fastload.dll (file missing)
O20 - Winlogon Notify: WgaLogon -

C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware

Development a.s. - C:\Program Files\ewido anti-spyware 4.0

\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) -

Macrovision Corporation - C:\Program Files\Common

Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Remote Packet Capture Protocol v.0

(experimental) (rpcapd) - Unknown owner - %ProgramFiles%

\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%

\WinPcap\rpcapd.ini (file missing)
O23 - Service: SSLHTTPServer (SSLHTTP) - Unknown owner -

C:\Program Files\Web Forum & FileSharing

Server\installservice.exe
O23 - Service: WUSB54Gv4SVC - Unknown owner -

C:\Program Files\Linksys Wireless-G USB Wireless Network

Monitor\WLService.exe" "WUSB54Gv4.exe (file missing)



============================================================================================================================================

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 12:41:42 pm 6.30.06

+ Scan result:



HKLM\SOFTWARE\Classes\CLSID\{364B6276-C6C1-40B6-A6D7-6C48871FD707} -> Adware.Accoona : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{944864A5-3916-46E2-96A9-A2E84F3F1208} -> Adware.Accoona : No action taken.
HKU\S-1-5-21-930950596-3244742079-1297816721-1006\Software\Microsoft\Internet Explorer\URLSearchHooks\{944864A5-3916-46E2-96A9-A2E84F3F1208} -> Adware.Accoona : No action taken.
C:\WINDOWS\SYSTEM32\ngsh35.dl$ -> Adware.AdBlaster : No action taken.
C:\WINDOWS\SYSTEM32\ngsh40.dll -> Adware.AdBlaster : No action taken.
C:\WINDOWS\SYSTEM\sngsh35.dll -> Adware.AdBlaster : No action taken.
C:\WINDOWS\Sngsh40.dll -> Adware.AdBlaster : No action taken.
HKLM\SOFTWARE\Classes\SWLAD1.SWLAD -> Adware.AdDestroyer : No action taken.
HKLM\SOFTWARE\Classes\SWLAD1.SWLAD\Clsid -> Adware.AdDestroyer : No action taken.
C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\4BSPEZOF\AppWrap[1].exe -> Adware.AdURL : No action taken.
C:\WINDOWS\icont.exe -> Adware.AdURL : No action taken.
C:\WINDOWS\SYSTEM32\tdbOs.dll/bi.dll -> Adware.BiSpy : No action taken.
C:\WINDOWS\SYSTEM32\tdbOs.dll/preInsBI.exe -> Adware.BiSpy : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP110\A0040374.exe -> Adware.BookedSpace : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP110\A0040375.exe -> Adware.BookedSpace : No action taken.
C:\WINDOWS\cfg32o.dll -> Adware.BookedSpace : No action taken.
C:\WINDOWS\cfg32r.dll -> Adware.BookedSpace : No action taken.
C:\WINDOWS\cfg32s.dll -> Adware.BookedSpace : No action taken.
C:\stub_sca3.exe -> Adware.BookedSpace : No action taken.
HKLM\SOFTWARE\Classes\AppID\BookedSpace.DLL -> Adware.BookedSpace : No action taken.
HKLM\SOFTWARE\Classes\BookedSpace.Extension -> Adware.BookedSpace : No action taken.
HKLM\SOFTWARE\Classes\BookedSpace.Extension.5 -> Adware.BookedSpace : No action taken.
HKLM\SOFTWARE\Classes\BookedSpace.Extension\CLSID -> Adware.BookedSpace : No action taken.
HKLM\SOFTWARE\Classes\BookedSpace.Extension\CurVer -> Adware.BookedSpace : No action taken.
C:\WINDOWS\SYSTEM32\msfaol.dll -> Adware.ClientMan : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP110\A0039336.dll -> Adware.CommAd : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP110\A0039337.exe -> Adware.CommAd : No action taken.
C:\WINDOWS\SYSTEM32\cdsync.dll -> Adware.Couponage : No action taken.
C:\WINDOWS\dhp2.dll -> Adware.DealHelper : No action taken.
HKLM\SOFTWARE\DelFin -> Adware.Delfin : No action taken.
HKLM\SOFTWARE\DelFin\PromulGate -> Adware.Delfin : No action taken.
HKU\S-1-5-21-930950596-3244742079-1297816721-1006\Software\DelFin -> Adware.Delfin : No action taken.
HKU\S-1-5-21-930950596-3244742079-1297816721-1006\Software\DelFin\PromulGate -> Adware.Delfin : No action taken.
C:\WINDOWS\eliteunstall.exe -> Adware.EliteMedia : No action taken.
C:\WINDOWS\JUSTIN2.exe -> Adware.EZula : No action taken.
C:\WINDOWS\SYSTEM32\nsk25F.dll -> Adware.EZula : No action taken.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38} -> Adware.Generic : No action taken.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38} -> Adware.Generic : No action taken.
HKU\S-1-5-21-930950596-3244742079-1297816721-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38} -> Adware.Generic : No action taken.
HKU\S-1-5-21-930950596-3244742079-1297816721-1006\Software\hsb -> Adware.HotBar : No action taken.
HKU\S-1-5-21-930950596-3244742079-1297816721-1006\Software\hsb\ccc -> Adware.HotBar : No action taken.
HKU\S-1-5-21-930950596-3244742079-1297816721-1006\Software\hsb\eee -> Adware.HotBar : No action taken.
HKU\S-1-5-21-930950596-3244742079-1297816721-1006\Software\hsb\rrr -> Adware.HotBar : No action taken.
HKU\S-1-5-21-930950596-3244742079-1297816721-1006\Software\hsb\ttt -> Adware.HotBar : No action taken.
HKU\S-1-5-21-930950596-3244742079-1297816721-1006\Software\hsb\www -> Adware.HotBar : No action taken.
C:\WINDOWS\SYSTEM32\tool5-fran-two.exe -> Adware.HotSearchBar : No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt -> Adware.InternetOptimizer : No action taken.
C:\WINDOWS\SYSTEM32\msiaih.dll -> Adware.Ipend : No action taken.
C:\WINDOWS\SYSTEM32\msnimk.gif -> Adware.Ipend : No action taken.
HKLM\SOFTWARE\PerfectNav -> Adware.KeenValue : No action taken.
HKU\S-1-5-21-930950596-3244742079-1297816721-1006\Software\Updater -> Adware.KeenValue : No action taken.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GNU96RM3\Installer[1].exe -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP109\A0037240.DLL -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP109\A0037288.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP109\A0037298.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP109\A0038289.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP109\A0038294.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP109\A0038297.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP109\A0038303.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP109\A0038322.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP110\A0038343.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP110\A0038344.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP110\A0038345.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP110\A0038346.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP110\A0038347.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP110\A0038348.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP110\A0038349.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP110\A0038350.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP110\A0040392.exe -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP110\A0040393.exe -> Adware.Look2Me : No action taken.
C:\WINDOWS\SYSTEM32\d4j0le1m1h.dll.ren -> Adware.Look2Me : No action taken.
C:\WINDOWS\warebundle.exe -> Adware.Look2Me : No action taken.
C:\WINDOWS\876057.exe -> Adware.Mirar : No action taken.
C:\WINDOWS\SYSTEM32\WinNB57.dll -> Adware.Mirar : No action taken.
C:\Documents and Settings\All Users\.clamwin\quarantine\NNSCAA638[1].EXE -> Adware.NewDotNet : No action taken.
C:\NNSCAA638.EXE -> Adware.NewDotNet : No action taken.
C:\Program Files\NewDotNet -> Adware.NewDotNet : No action taken.
C:\Program Files\NewDotNet\readme.html -> Adware.NewDotNet : No action taken.
C:\Program Files\NewDotNet\uninstall6_38.exe -> Adware.NewDotNet : No action taken.
C:\Program Files\NewDotNet\uninstall7_22.exe -> Adware.NewDotNet : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP108\A0036715.dll -> Adware.NewDotNet : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP110\A0039335.dll -> Adware.NewDotNet : No action taken.
C:\WINDOWS\NDNuninstall6_38.exe -> Adware.NewDotNet : No action taken.
C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : No action taken.
HKLM\SOFTWARE\Classes\actsetup.ActSetupObj -> Adware.Odysseus : No action taken.
HKLM\SOFTWARE\Classes\actsetup.ActSetupObj.1 -> Adware.Odysseus : No action taken.
HKLM\SOFTWARE\Classes\actsetup.ActSetupObj\CLSID -> Adware.Odysseus : No action taken.
HKLM\SOFTWARE\Classes\actsetup.ActSetupObj\CurVer -> Adware.Odysseus : No action taken.
HKLM\SOFTWARE\Classes\KBBar.KBBarBand -> Adware.PowerStrip : No action taken.
HKLM\SOFTWARE\Classes\KBBar.KBBarBand.1 -> Adware.PowerStrip : No action taken.
HKLM\SOFTWARE\Classes\KBBar.KBBarBand\CLSID -> Adware.PowerStrip : No action taken.
HKLM\SOFTWARE\Classes\KBBar.KBBarBand\CurVer -> Adware.PowerStrip : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP107\A0035670.exe -> Adware.PurityScan : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP108\A0036660.dll -> Adware.PurityScan : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP109\A0037269.dll -> Adware.PurityScan : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP109\A0037270.exe -> Adware.PurityScan : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP84\A0025365.dll -> Adware.PurityScan : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP87\A0025592.dll -> Adware.PurityScan : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP88\A0025606.dll -> Adware.PurityScan : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP89\A0025619.dll -> Adware.PurityScan : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP89\A0025620.dll -> Adware.PurityScan : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP90\A0025642.dll -> Adware.PurityScan : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP98\A0028226.dll -> Adware.PurityScan : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP98\A0028227.exe -> Adware.PurityScan : No action taken.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ENIDAH4R\gkyukar[1].cab/ssn6tuu.exe -> Adware.Suggestor : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP108\A0036770.dll -> Adware.Suggestor : No action taken.
C:\WINDOWS\SYSTEM32\gbe90qs.exe -> Adware.Suggestor : No action taken.
C:\WINDOWS\SYSTEM32\ssn6tuu.exe -> Adware.Suggestor : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP109\A0037285.exe -> Adware.SurfSide : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP109\A0037297.dll -> Adware.SurfSide : No action taken.
HKU\.DEFAULT\Software\SurfSideKick3 -> Adware.SurfSide : No action taken.
HKU\.DEFAULT\Software\SurfSideKick3\Internet Explorer -> Adware.SurfSide : No action taken.
HKU\S-1-5-18\Software\SurfSideKick3 -> Adware.SurfSide : No action taken.
HKU\S-1-5-18\Software\SurfSideKick3\Internet Explorer -> Adware.SurfSide : No action taken.
C:\Program Files\Common Files\rifm\rifmd\rifmc.dll -> Adware.TargetServer : No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : No action taken.
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Adware.WebSearch : No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\AUI -> Adware.WebSearch : No action taken.
HKU\.DEFAULT\Software\toolbar -> Adware.WebSearch : No action taken.
HKU\S-1-5-18\Software\toolbar -> Adware.WebSearch : No action taken.
C:\Documents and Settings\The Le Dynasty\My Documents\ \Setup.exe -> Adware.Zango : No action taken.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GNU96RM3\ZIGID003[1].exe -> Adware.ZenoSearch : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP110\A0039339.exe -> Adware.ZenoSearch : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP110\A0039364.exe -> Adware.ZenoSearch : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP110\A0040395.exe -> Adware.ZenoSearch : No action taken.
C:\WINDOWS\ZIFI002.exe -> Adware.ZenoSearch : No action taken.
C:\ZIGID003.exe -> Adware.ZenoSearch : No action taken.
C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\OT2JQP0H\AppWrap[1].exe -> Adware.Zestyfind : No action taken.
C:\WINDOWS\iconu.exe -> Adware.Zestyfind : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP110\A0040373.exe -> Backdoor.Agent.oo : No action taken.
C:\WINDOWS\system16.exe -> Backdoor.Agent.oo : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP98\A0027206.exe -> Backdoor.Beastdoor.205 : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP108\A0036702.exe -> Backdoor.SdBot.aad : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP108\A0036710.pif -> Backdoor.SdBot.aad : No action taken.
C:\WINDOWS\winhlp32.exe.tmp -> Backdoor.SdBot.aad : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP110\A0040377.exe -> Downloader.Adload.ck : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP110\A0040378.exe -> Downloader.Adload.ck : No action taken.
C:\WINDOWS\v5zsk.exe -> Downloader.Agent.afi : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP109\A0037289.dll -> Downloader.Agent.agw : No action taken.
C:\bintheredunthat\w0070731.dll -> Downloader.Agent.ahv : No action taken.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GNU96RM3\wd7gi8n[1].exe -> Downloader.Agent.ala : No action taken.
C:\wd7gi8n.exe -> Downloader.Agent.ala : No action taken.
C:\Documents and Settings\All Users\.clamwin\quarantine\!update.exe -> Downloader.PurityScan.co : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP108\A0036713.dll -> Downloader.Qoologic.ae : No action taken.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GNU96RM3\installerwnus[1].exe -> Downloader.Qoologic.at : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP108\A0036714.exe -> Downloader.Qoologic.at : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP109\A0038288.exe -> Downloader.Qoologic.at : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP110\A0039367.exe -> Downloader.Qoologic.at : No action taken.
C:\installerwnus.exe -> Downloader.Qoologic.at : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP109\A0037290.exe -> Downloader.Qoologic.bj : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP109\A0037291.exe -> Downloader.Qoologic.bj : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP109\A0037292.exe -> Downloader.Qoologic.bj : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP109\A0037293.dll -> Downloader.Qoologic.bj : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP109\A0037295.exe -> Downloader.Qoologic.bj : No action taken.
C:\WINDOWS\stup3.exe -> Downloader.Small : No action taken.
C:\Program Files\Windows Media Player\medo.dll.exe -> Downloader.Small.ajc : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP108\A0036706.exe -> Downloader.Small.ajc : No action taken.
C:\Documents and Settings\All Users\.clamwin\quarantine\MTE3NDI6ODoxNg[1].exe -> Downloader.Small.buy : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP110\A0040383.exe -> Downloader.Small.buy : No action taken.
C:\WINDOWS\MTE3NDI6ODoxNg.exe -> Downloader.Small.buy : No action taken.
C:\Program Files\Windows Media Player\medo.dll -> Downloader.Small.ctp : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP109\A0037319.dll -> Downloader.Small.ctp : No action taken.
C:\Program Files\Common Files\rifm\rifmp.exe -> Downloader.TSUpdate.f : No action taken.
C:\Program Files\Common Files\rifm\rifma.exe -> Downloader.TSUpdate.l : No action taken.
C:\Program Files\Common Files\rifm\rifmm.exe -> Downloader.TSUpdate.n : No action taken.
C:\Documents and Settings\All Users\.clamwin\quarantine\stub_113_4_0_4_0[1].exe -> Downloader.TSUpdate.o : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP110\A0040384.exe -> Downloader.TSUpdate.o : No action taken.
C:\Program Files\Common Files\rifm\rifml.exe -> Downloader.TSUpdate.p : No action taken.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ENIDAH4R\dfndrc_2[1].exe -> Downloader.VB.afv : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP110\A0040390.exe -> Downloader.VB.afv : No action taken.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\81EB01AJ\kybrdc_2[1].exe -> Downloader.VB.agi : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP110\A0040388.exe -> Downloader.VB.agi : No action taken.
C:\Documents and Settings\All Users\.clamwin\quarantine\Eix4.exe -> Downloader.VB.em : No action taken.
C:\Documents and Settings\All Users\.clamwin\quarantine\HqjsOv.exe -> Downloader.VB.em : No action taken.
C:\Documents and Settings\All Users\.clamwin\quarantine\Iel277g.exe -> Downloader.VB.em : No action taken.
C:\Documents and Settings\All Users\.clamwin\quarantine\Itg4V.exe -> Downloader.VB.em : No action taken.
C:\Documents and Settings\All Users\.clamwin\quarantine\Xevz.exe -> Downloader.VB.em : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP109\A0037314.exe -> Downloader.VB.nw : No action taken.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GNU96RM3\visfx500[1].exe -> Dropper.Agent.aie : No action taken.
C:\visfx500.exe -> Dropper.Agent.aie : No action taken.
C:\bintheredunthat\numbsoft.exe -> Dropper.Agent.hl : No action taken.
C:\626_101.exe -> Dropper.Agent.mu : No action taken.
C:\WINDOWS\payload.exe -> Dropper.Agent.og : No action taken.
C:\Documents and Settings\All Users\.clamwin\quarantine\SS1001[1].exe -> Dropper.Small.qn : No action taken.
C:\SS1001.exe -> Dropper.Small.qn : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP109\A0037272.exe -> Dropper.VB.mz : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP100\A0029409.exe -> Hijacker.Delf.dp : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP100\A0030409.exe -> Hijacker.Delf.dp : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP100\A0030431.exe -> Hijacker.Delf.dp : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP104\A0031429.exe -> Hijacker.Delf.dp : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP104\A0031444.exe -> Hijacker.Delf.dp : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP104\A0032442.exe -> Hijacker.Delf.dp : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP105\A0032476.exe -> Hijacker.Delf.dp : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP105\A0032577.exe -> Hijacker.Delf.dp : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP107\A0032637.exe -> Hijacker.Delf.dp : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP107\A0032669.exe -> Hijacker.Delf.dp : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP107\A0033666.exe -> Hijacker.Delf.dp : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP107\A0034665.exe -> Hijacker.Delf.dp : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP107\A0035666.exe -> Hijacker.Delf.dp : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP108\A0036667.exe -> Hijacker.Delf.dp : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP108\A0036689.exe -> Hijacker.Delf.dp : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP108\A0036722.exe -> Hijacker.Delf.dp : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP109\A0037249.exe -> Hijacker.Delf.dp : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP109\A0037312.exe -> Hijacker.Delf.dp : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP110\A0039354.exe -> Hijacker.Delf.dp : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP110\A0039377.exe -> Hijacker.Delf.dp : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP89\A0025626.exe -> Hijacker.Delf.dp : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP91\A0025664.exe -> Hijacker.Delf.dp : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP91\A0026667.exe -> Hijacker.Delf.dp : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP93\A0026863.exe -> Hijacker.Delf.dp : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP96\A0027155.exe -> Hijacker.Delf.dp : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP98\A0027224.exe -> Hijacker.Delf.dp : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP98\A0028224.exe -> Hijacker.Delf.dp : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP99\A0029223.exe -> Hijacker.Delf.dp : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP99\A0029274.exe -> Hijacker.Delf.dp : No action taken.
C:\WINDOWS\vbstub.exe -> Hijacker.Delf.dp : No action taken.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\81EB01AJ\v1201[1].exe -> Hijacker.Small : No action taken.
C:\WINDOWS\v1201.exe -> Hijacker.Small : No action taken.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ENIDAH4R\gkyukar[1].cab/mptft.exe -> Hijacker.StartPage.ajj : No action taken.
C:\WINDOWS\SYSTEM32\mptft.exe -> Hijacker.StartPage.ajj : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP110\A0040385.exe -> Hijacker.VB.fc : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP109\A0037313.exe -> Hijacker.VB.ij : No action taken.
C:\bintheredunthat\evtabts.exe -> Hijacker.VB.ij : No action taken.
C:\WINDOWS\SYSTEM32\mseggo.gif -> Logger.Delf.dx : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP110\A0039338.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : No action taken.
C:\Documents and Settings\Guest\Local Settings\Temp\Cookies\guest@ads.addynamix[2].txt -> TrackingCookie.Addynamix : No action taken.
C:\Documents and Settings\Guest\Local Settings\Temp\Cookies\guest@adrevolver[2].txt -> TrackingCookie.Adrevolver : No action taken.
C:\Documents and Settings\Guest\Local Settings\Temp\Cookies\guest@advertising[1].txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\Guest\Local Settings\Temp\Cookies\guest@atdmt[1].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\LocalService\Cookies\system@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Guest\Local Settings\Temp\Cookies\guest@casalemedia[2].txt -> TrackingCookie.Casalemedia : No action taken.
C:\Documents and Settings\Guest\Local Settings\Temp\Cookies\guest@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\LocalService\Cookies\system@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\LocalService\Cookies\system@c.enhance[1].txt -> TrackingCookie.Enhance : No action taken.
C:\Documents and Settings\Guest\Local Settings\Temp\Cookies\guest@as-eu.falkag[1].txt -> TrackingCookie.Falkag : No action taken.
C:\Documents and Settings\Guest\Local Settings\Temp\Cookies\guest@fastclick[2].txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\LocalService\Cookies\system@fastclick[2].txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\LocalService\Cookies\system@findwhat[1].txt -> TrackingCookie.Findwhat : No action taken.
C:\Documents and Settings\LocalService\Cookies\system@c.goclick[1].txt -> TrackingCookie.Goclick : No action taken.
C:\Documents and Settings\LocalService\Cookies\system@ehg-nestleusainc.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\LocalService\Cookies\system@hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Guest\Local Settings\Temp\Cookies\guest@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\Guest\Local Settings\Temp\Cookies\guest@questionmarket[1].txt -> TrackingCookie.Questionmarket : No action taken.
C:\Documents and Settings\LocalService\Cookies\system@banners.searchingbooth[1].txt -> TrackingCookie.Searchingbooth : No action taken.
C:\Documents and Settings\Guest\Local Settings\Temp\Cookies\guest@serving-sys[2].txt -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\LocalService\Cookies\system@media.top-banners[1].txt -> TrackingCookie.Top-banners : No action taken.
C:\Documents and Settings\Guest\Local Settings\Temp\Cookies\guest@trafficmp[2].txt -> TrackingCookie.Trafficmp : No action taken.
C:\Documents and Settings\LocalService\Cookies\system@trafficmp[1].txt -> TrackingCookie.Trafficmp : No action taken.
C:\Documents and Settings\Guest\Local Settings\Temp\Cookies\guest@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\Guest\Local Settings\Temp\Cookies\guest@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\LocalService\Cookies\system@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Guest\Local Settings\Temp\Cookies\guest@zedo[2].txt -> TrackingCookie.Zedo : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP100\A0029408.dll -> Trojan.Agent.je : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP100\A0030408.dll -> Trojan.Agent.je : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP100\A0030430.dll -> Trojan.Agent.je : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP104\A0031428.dll -> Trojan.Agent.je : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP104\A0031443.dll -> Trojan.Agent.je : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP104\A0032441.dll -> Trojan.Agent.je : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP105\A0032475.dll -> Trojan.Agent.je : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP105\A0032576.dll -> Trojan.Agent.je : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP107\A0032636.dll -> Trojan.Agent.je : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP107\A0032668.dll -> Trojan.Agent.je : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP107\A0033665.dll -> Trojan.Agent.je : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP107\A0034663.dll -> Trojan.Agent.je : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP107\A0035665.dll -> Trojan.Agent.je : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP108\A0036666.dll -> Trojan.Agent.je : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP108\A0036688.dll -> Trojan.Agent.je : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP108\A0036721.dll -> Trojan.Agent.je : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP109\A0037248.dll -> Trojan.Agent.je : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP109\A0037311.dll -> Trojan.Agent.je : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP110\A0039352.dll -> Trojan.Agent.je : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP110\A0039376.dll -> Trojan.Agent.je : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP89\A0025625.dll -> Trojan.Agent.je : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP91\A0025663.dll -> Trojan.Agent.je : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP91\A0026666.dll -> Trojan.Agent.je : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP93\A0026862.dll -> Trojan.Agent.je : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP96\A0027153.dll -> Trojan.Agent.je : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP98\A0027223.dll -> Trojan.Agent.je : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP99\A0029222.dll -> Trojan.Agent.je : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP99\A0029272.dll -> Trojan.Agent.je : No action taken.
C:\WINDOWS\libHide.dll -> Trojan.Agent.je : No action taken.
C:\WINDOWS\elitemediapop.exe -> Trojan.LowZones.am : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP109\A0037296.exe -> Trojan.Qoologic : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP109\A0038290.exe -> Trojan.Qoologic : No action taken.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP110\A0039368.exe -> Trojan.Qoologic : No action taken.
C:\WINDOWS\wnu_75.exe -> Trojan.Qoologic : No action taken.
C:\WINDOWS\wnu_85.exe -> Trojan.Qoologic : No action taken.


::Report end
[ + quote]
tapiiri
Senior Member
_ 		30. June 2006 @ 10:05 _ Link to this message    Send private message to this user   
I'm sorry to say that you have to scan ewido again. As you see, nothing was deleted :(

Remove VIA add/remove application

Newnet

Boot comp to safe mode and scan with ewido and allow ewido do recommended action.

[ + quote]
Jaa- ei tuollaasia spämmäreitä ookkaa -> tapiiri

http://www.virustorjunta.net/index.php
zealotry
Account closed as per user's own request
_ 		30. June 2006 @ 10:14 _ Link to this message    Send private message to this user   
Well can I just delete it from ewido? I still have ewido running and stuff and the scan is there.
[ + quote]
tapiiri
Senior Member
_ 		30. June 2006 @ 10:20 _ Link to this message    Send private message to this user   
If you mean NEWNET, it's not recommended, because there can be problem internet connections after that.


[ + quote]
Jaa- ei tuollaasia spämmäreitä ookkaa -> tapiiri

http://www.virustorjunta.net/index.php
zealotry
Account closed as per user's own request
_ 		30. June 2006 @ 10:28 _ Link to this message    Send private message to this user   
No no i mean I still have Ewido on for the virus scans and stuff.
Then I'll remove New.net with advance uninstaller.
[ + quote]
tapiiri
Senior Member
_ 		30. June 2006 @ 11:09 _ Link to this message    Send private message to this user   
Okay, Clean your system restore too:
http://www.pchell.com/virus/systemrestore.shtml
[ + quote]
Jaa- ei tuollaasia spämmäreitä ookkaa -> tapiiri

http://www.virustorjunta.net/index.php
zealotry
Account closed as per user's own request
_ 		30. June 2006 @ 11:52 _ Link to this message    Send private message to this user   
Well the computer seems back to normal, no popups so its fine.

Logfile of HijackThis v1.99.1
Scan saved at 2:54:12 pm, on 6.30.06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Web Forum & FileSharing Server\installservice.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.searchtraffic.com/search.php3?l=protect1&term=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.the-exit.com/search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr6/...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.accoona.com/search?q=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Exploder
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = actsvr.comcastonline.com:8100
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = actsvr.comcastonline.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\cfg32p.dll
O2 - BHO: CFG32S - {7564B020-44E8-4c9b-A887-C6EC41AC67DA} - C:\WINDOWS\cfg32r.dll (file missing)
O2 - BHO: (no name) - {AE40EBA0-2D49-48C9-BA8D-E9F046240F5F} - (no file)
O2 - BHO: Scaggy Insert - {C68AE9C0-0909-4DDC-B661-C1AFB9F59898} - C:\WINDOWS\cfg32o.dll (file missing)
O3 - Toolbar: Search - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\WINDOWS\cfg32s.dll (file missing)
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [oxe8db27] RUNDLL32.EXE w0058fc4.dll,n 0018db26000000030058fc4
O4 - HKLM\..\Run: [w0070731.dll] RUNDLL32.EXE w0070731.dll,I2 0018db2600070731
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AntiTracks] C:\Program Files\Anti Tracks\AntiTracks.exe
O4 - HKCU\..\Run: [scvhost] "C:\WINDOWS\SYSTEM32\sysprocs\OverSpy.exe" minimized
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZRxdm185XXUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no file)
O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - (no file)
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra button: Microsoft® JavaScript® Console - {AB9F9408-A3F2-49C3-BF4D-B209BEDE4934} - C:\WINDOWS\system32\COMDLG32.OCX
O9 - Extra 'Tools' menuitem: JavaScript Console - {AB9F9408-A3F2-49C3-BF4D-B209BEDE4934} - C:\WINDOWS\system32\COMDLG32.OCX
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no file) (HKCU)
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - (no file) (HKCU)
O9 - Extra button: Microsoft® JavaScript® Console - {AB9F9408-A3F2-49C3-BF4D-B209BEDE4934} - C:\WINDOWS\system32\COMDLG32.OCX (HKCU)
O9 - Extra 'Tools' menuitem: JavaScript Console - {AB9F9408-A3F2-49C3-BF4D-B209BEDE4934} - C:\WINDOWS\system32\COMDLG32.OCX (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet7_22.dll' missing
O15 - Trusted Zone: *.elitemediagroup.net
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x8...
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/...
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} - http://secure2.comned.com/signuptemplates/securelogin-devel.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} - http://filelodge.bolt.com/ImageUploader3.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,19/m...
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: MCPClient - C:\Program Files\Common Files\Stardock\mcpstub.dll
O20 - Winlogon Notify: mnsvcsp - mnsvcsp.dll (file missing)
O20 - Winlogon Notify: Telephony - C:\WINDOWS\system32\e202lcdo1f0c.dll (file missing)
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SSLHTTPServer (SSLHTTP) - Unknown owner - C:\Program Files\Web Forum & FileSharing Server\installservice.exe
O23 - Service: WUSB54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv4.exe (file missing)
[ + quote]
tapiiri
Senior Member
_ 		30. June 2006 @ 12:21 _ Link to this message    Send private message to this user   
Please download LSP-Fix from the following link and save it to a location you can find later if necessary.
http://www.cexx.org/lspfix.htm

Start the LSPfix program and check "I know what I'm doing"
Then make sure that these (AND ONLY THESE!) are on the "remove" side:


newdotnet7_22.dll

And then click finish


Scan hijack and check :

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.searchtraffic.com/search.php3?l=protect1&term=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.the-exit.com/search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr6/...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.accoona.com/search?q=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\cfg32p.dll
O2 - BHO: CFG32S - {7564B020-44E8-4c9b-A887-C6EC41AC67DA} - C:\WINDOWS\cfg32r.dll (file missing)
O2 - BHO: (no name) - {AE40EBA0-2D49-48C9-BA8D-E9F046240F5F} - (no file)
O2 - BHO: Scaggy Insert - {C68AE9C0-0909-4DDC-B661-C1AFB9F59898} - C:\WINDOWS\cfg32o.dll (file missing)
O3 - Toolbar: Search - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\WINDOWS\cfg32s.dll (file missing)
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [oxe8db27] RUNDLL32.EXE w0058fc4.dll,n 0018db26000000030058fc4
O4 - HKLM\..\Run: [w0070731.dll] RUNDLL32.EXE w0070731.dll,I2 0018db2600070731
O4 - HKCU\..\Run: [scvhost] "C:\WINDOWS\SYSTEM32\sysprocs\OverSpy.exe" minimized
O15 - Trusted Zone: *.elitemediagroup.net
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O20 - Winlogon Notify: mnsvcsp - mnsvcsp.dll (file missing)
O20 - Winlogon Notify: Telephony - C:\WINDOWS\system32\e20lcdo1f0c.dll (file missing)

Close all programs exept hijack and click fix checked.

Boot comp to safe mode and delete if exist :

C:\WINDOWS\ >>>cfg32p.dll
c:\program files\ >>>newdotnet\
C:\WINDOWS\SYSTEM32\ >>>>sysprocs\

Boot normally and send a fresh hijack log.

[ + quote]
Jaa- ei tuollaasia spämmäreitä ookkaa -> tapiiri

http://www.virustorjunta.net/index.php
zealotry
Account closed as per user's own request
_ 		30. June 2006 @ 12:48 _ Link to this message    Send private message to this user   
Logfile of HijackThis v1.99.1
Scan saved at 3:55:41 pm, on 6.30.06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Exploder
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = actsvr.comcastonline.com:8100
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = actsvr.comcastonline.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AntiTracks] C:\Program Files\Anti Tracks\AntiTracks.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZRxdm185XXUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no file)
O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - (no file)
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra button: Microsoft® JavaScript® Console - {AB9F9408-A3F2-49C3-BF4D-B209BEDE4934} - C:\WINDOWS\system32\COMDLG32.OCX
O9 - Extra 'Tools' menuitem: JavaScript Console - {AB9F9408-A3F2-49C3-BF4D-B209BEDE4934} - C:\WINDOWS\system32\COMDLG32.OCX
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no file) (HKCU)
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - (no file) (HKCU)
O9 - Extra button: Microsoft® JavaScript® Console - {AB9F9408-A3F2-49C3-BF4D-B209BEDE4934} - C:\WINDOWS\system32\COMDLG32.OCX (HKCU)
O9 - Extra 'Tools' menuitem: JavaScript Console - {AB9F9408-A3F2-49C3-BF4D-B209BEDE4934} - C:\WINDOWS\system32\COMDLG32.OCX (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O10 - Broken Internet access because of LSP provider 'xfire_lsp.dll' missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x8...
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/...
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} - http://secure2.comned.com/signuptemplates/securelogin-devel.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} - http://filelodge.bolt.com/ImageUploader3.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,19/m...
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: MCPClient - C:\Program Files\Common Files\Stardock\mcpstub.dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SSLHTTPServer (SSLHTTP) - Unknown owner - C:\Program Files\Web Forum & FileSharing Server\installservice.exe
O23 - Service: WUSB54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv4.exe (file missing)
[ + quote]
tapiiri
Senior Member
_ 		30. June 2006 @ 13:04 _ Link to this message    Send private message to this user   
Very good work :)

Scan hijack and check :


O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZRxdm185XXUS
O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no file)
O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - (no file)
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no file) (HKCU)
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - (no file) (HKCU)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} - http://secure2.comned.com/signuptemplates/securelogin-devel.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} - http://filelodge.bolt.com/ImageUploader3.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,19/m...

close all windows exept hijack and click fix checked

Delete:
C:\Program Files\ >>>Ebates_MoeMoneyMaker\

Boot comp and happy surffing :)
[ + quote]
Jaa- ei tuollaasia spämmäreitä ookkaa -> tapiiri

http://www.virustorjunta.net/index.php
zealotry
Account closed as per user's own request
_ 		30. June 2006 @ 13:15 _ Link to this message    Send private message to this user   
You are my Hero.
[ + quote]
Advertisement
_ 		__
 
_
tapiiri
Senior Member
_ 		30. June 2006 @ 23:22 _ Link to this message    Send private message to this user   
You're welcome
[ + quote]
Jaa- ei tuollaasia spämmäreitä ookkaa -> tapiiri

http://www.virustorjunta.net/index.php
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > viruses
 

Digital video: AfterDawn.com | AfterDawn Forums
Music: MP3Lizard.com
Gaming: Blasteroids.com | Blasteroids Forums | Compare game prices
Software: Software downloads
Blogs: User profile pages
RSS feeds: AfterDawn.com News | Software updates | AfterDawn Forums
International: AfterDawn in Finnish | AfterDawn in Swedish | AfterDawn in Norwegian | download.fi
Navigate: Search | Site map
About us: About AfterDawn Ltd | Advertise on our sites | Rules, Restrictions, Legal disclaimer & Privacy policy
Contact us: Send feedback | Contact our media sales team
 
  © 1999-2024 by AfterDawn Ltd.

  IDG TechNetwork