View Full Version : Messed Up Laptop. HJT Log
Laguna
09-28-2006, 05:29 PM
My uncle asked me to have a look at his laptop for him. He uses the laptop for work so there are files on it that he needs, so a re-install is out of the question. His son also uses the laptop and that is how he got the infections.
All the logs and info will be posted below.
Laguna
09-28-2006, 05:31 PM
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 2:52:54 PM 9/28/2006
+ Scan result:
HKLM\SOFTWARE\Effective-i -> Adware.EffectiveBrandToolbar : Cleaned.
HKLM\SOFTWARE\Effective-i\TheSearchAccelerator -> Adware.EffectiveBrandToolbar : Cleaned.
HKLM\SOFTWARE\Effective-i\TheSearchAccelerator\IE5 -> Adware.EffectiveBrandToolbar : Cleaned.
HKU\.DEFAULT\Software\Effective-i -> Adware.EffectiveBrandToolbar : Cleaned.
HKU\.DEFAULT\Software\Effective-i\TheSearchAccelerator -> Adware.EffectiveBrandToolbar : Cleaned.
HKU\.DEFAULT\Software\Effective-i\TheSearchAccelerator\IE5 -> Adware.EffectiveBrandToolbar : Cleaned.
HKU\S-1-5-18\Software\Effective-i -> Adware.EffectiveBrandToolbar : Cleaned.
HKU\S-1-5-18\Software\Effective-i\TheSearchAccelerator -> Adware.EffectiveBrandToolbar : Cleaned.
HKU\S-1-5-18\Software\Effective-i\TheSearchAccelerator\IE5 -> Adware.EffectiveBrandToolbar : Cleaned.
[760] C:\WINDOWS\system32\medtcprx.dll -> Adware.Look2Me : Cleaned.
[852] C:\WINDOWS\system32\wantrust.dll -> Adware.Look2Me : Cleaned.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\UCmore - The Search Accelerator -> Adware.UCmore : Cleaned.
HKLM\SOFTWARE\Classes\CLSID\{2178F3FB-2560-458f-BDEE-631E2FE0DFE4} -> Adware.WinAntiVirus : Cleaned.
::Report end
Laguna
09-28-2006, 05:34 PM
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 3:27:57 PM 9/28/2006
+ Scan result:
C:\Documents and Settings\tommy plant\Local Settings\Temporary Internet Files\Content.IE5\8XUV4TUJ\AppWrap[1].exe -> Adware.AdURL : Cleaned.
C:\WINDOWS\icont.exe -> Adware.AdURL : Cleaned.
C:\WINDOWS\dG9tbXkgcGxhbnQ\asappsrv.dll -> Adware.CommAd : Cleaned.
C:\WINDOWS\dG9tbXkgcGxhbnQ\command.exe -> Adware.CommAd : Cleaned.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IRE5ODS1\Installer[1].exe -> Adware.Look2Me : Cleaned.
C:\Installer3.exe -> Adware.Look2Me : Cleaned.
C:\Installer4.exe -> Adware.Look2Me : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP214\A0030213.dll -> Adware.Look2Me : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP214\A0030214.dll -> Adware.Look2Me : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP214\A0030240.dll -> Adware.Look2Me : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP215\A0030267.dll -> Adware.Look2Me : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP215\A0030282.dll -> Adware.Look2Me : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP215\A0030291.dll -> Adware.Look2Me : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP218\A0030321.dll -> Adware.Look2Me : Cleaned.
C:\WINDOWS\system32\__delete_on_reboot__w_a_n_t_r_ u_s_t_._d_l_l_ -> Adware.Look2Me : Cleaned.
C:\WINDOWS\system32\enl4l13q1.dll -> Adware.Look2Me : Cleaned.
C:\WINDOWS\system32\ijfosoft.dll -> Adware.Look2Me : Cleaned.
C:\WINDOWS\system32\izaapi.dll -> Adware.Look2Me : Cleaned.
C:\WINDOWS\system32\jXvaee.dll -> Adware.Look2Me : Cleaned.
C:\WINDOWS\system32\l6j8lg1u16.dll -> Adware.Look2Me : Cleaned.
C:\WINDOWS\system32\obuninst.dll -> Adware.Look2Me : Cleaned.
C:\WINDOWS\system32\ozbcint.dll -> Adware.Look2Me : Cleaned.
C:\WINDOWS\system32\r06u0aj9edo.dll -> Adware.Look2Me : Cleaned.
C:\WINDOWS\system32\sye.dll -> Adware.Look2Me : Cleaned.
C:\warebundlenewer.exe -> Adware.Look2Me : Cleaned.
[760] C:\WINDOWS\system32\medtcprx.dll -> Adware.Look2Me : Cleaned.
[852] C:\WINDOWS\system32\wantrust.dll -> Adware.Look2Me : Error during cleaning.
C:\WINDOWS\Downloaded Program Files\Install.dll -> Adware.SpywareStorm : Cleaned.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Y9ML6HCD\ucmoreiex[1].exe/IUCMORE.DLL -> Adware.Ucmore : Cleaned.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Y9ML6HCD\ucmoreiex[1].exe/UCMTSAIE.DLL -> Adware.Ucmore : Cleaned.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Y9ML6HCD\ucmoreiex[1].exe/empty_00000001 -> Adware.Ucmore : Cleaned.
C:\Program Files\TheSearchAccelerator -> Adware.UCmore : Cleaned.
C:\Program Files\TheSearchAccelerator\INSTALL.LOG -> Adware.UCmore : Cleaned.
C:\Program Files\TheSearchAccelerator\IUCmore.dll -> Adware.UCmore : Cleaned.
C:\Program Files\TheSearchAccelerator\TBlogin.users.ucmore.co m.4.5.40.0 -> Adware.UCmore : Cleaned.
C:\Program Files\TheSearchAccelerator\UCMTSAIE.dll -> Adware.UCmore : Cleaned.
C:\Program Files\TheSearchAccelerator\UNWISE.EXE -> Adware.UCmore : Cleaned.
C:\Program Files\TheSearchAccelerator\logo.ico -> Adware.UCmore : Cleaned.
C:\Program Files\TheSearchAccelerator\toolbar.cfg -> Adware.UCmore : Cleaned.
C:\ucmoreiex.exe/IUCMORE.DLL -> Adware.Ucmore : Cleaned.
C:\ucmoreiex.exe/UCMTSAIE.DLL -> Adware.Ucmore : Cleaned.
C:\ucmoreiex.exe/empty_00000001 -> Adware.Ucmore : Cleaned.
C:\Documents and Settings\tommy plant\Local Settings\Temporary Internet Files\Content.IE5\RM0VV54T\AppWrap[1].exe -> Adware.Zestyfind : Cleaned.
C:\WINDOWS\Temp\bw2.com -> Adware.Zestyfind : Cleaned.
C:\WINDOWS\iconu.exe -> Adware.Zestyfind : Cleaned.
C:\WINDOWS\system32\eraseme_67751.exe -> Backdoor.SdBot.xd : Cleaned.
C:\WINDOWS\win32host.exe -> Backdoor.SdBot.xd : Cleaned.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPQRSTUV\MTE3NDI6ODoxNg[1].exe -> Downloader.Small.buy : Cleaned.
C:\MTE3NDI6ODoxNg.exe -> Downloader.Small.buy : Cleaned.
C:\WINDOWS\system32\Ncpjoqhg.exe -> Dropper.Agent.gz : Cleaned.
C:\WINDOWS\system32\datglm.exe -> Dropper.Agent.gz : Cleaned.
C:\WINDOWS\system32\Lemgpccd.dll -> Logger.Qukart.s : Cleaned.
C:\WINDOWS\system32\Qpnppnlj.dll -> Logger.Qukart.s : Cleaned.
C:\Program Files\Network Monitor\netmon.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Cleaned.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Y9ML6HCD\j2update[1].exe -> Proxy.Ranky : Cleaned.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Y9ML6HCD\j2update[2].exe -> Proxy.Ranky : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP187\A0026173.exe -> Proxy.Ranky : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP187\A0026175.exe -> Proxy.Ranky : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP187\A0027173.exe -> Proxy.Ranky : Cleaned.
::Report end
Laguna
09-28-2006, 05:35 PM
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP187\A0027175.exe -> Proxy.Ranky : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP188\A0027185.exe -> Proxy.Ranky : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP189\A0027197.exe -> Proxy.Ranky : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP189\A0028196.exe -> Proxy.Ranky : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP189\A0028197.exe -> Proxy.Ranky : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP189\A0028210.exe -> Proxy.Ranky : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP189\A0028211.exe -> Proxy.Ranky : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP189\A0028228.exe -> Proxy.Ranky : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP189\A0028242.exe -> Proxy.Ranky : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP189\A0028261.exe -> Proxy.Ranky : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP189\A0028268.exe -> Proxy.Ranky : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP190\A0028278.exe -> Proxy.Ranky : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP190\A0028280.exe -> Proxy.Ranky : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP190\A0028300.exe -> Proxy.Ranky : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP190\A0028312.exe -> Proxy.Ranky : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP190\A0028313.exe -> Proxy.Ranky : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP191\A0028336.exe -> Proxy.Ranky : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP191\A0028338.exe -> Proxy.Ranky : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP192\A0028383.exe -> Proxy.Ranky : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP192\A0028406.exe -> Proxy.Ranky : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP192\A0028408.exe -> Proxy.Ranky : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP193\A0028432.exe -> Proxy.Ranky : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP193\A0028448.exe -> Proxy.Ranky : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP193\A0028456.exe -> Proxy.Ranky : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP193\A0028457.exe -> Proxy.Ranky : Cleaned.
C:\System Volume
Laguna
09-28-2006, 05:35 PM
Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP193\A0028474.exe -> Proxy.Ranky : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP193\A0028475.exe -> Proxy.Ranky : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP194\A0028486.exe -> Proxy.Ranky : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP194\A0028495.exe -> Proxy.Ranky : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP194\A0028496.exe -> Proxy.Ranky : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP194\A0028510.exe -> Proxy.Ranky : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP195\A0028534.exe -> Proxy.Ranky : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP195\A0028545.exe -> Proxy.Ranky : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP195\A0028546.exe -> Proxy.Ranky : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP195\A0028561.exe -> Proxy.Ranky : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP195\A0028562.exe -> Proxy.Ranky : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP195\A0028593.exe -> Proxy.Ranky : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP196\A0028607.exe -> Proxy.Ranky : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP196\A0028627.exe -> Proxy.Ranky : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP196\A0028641.exe -> Proxy.Ranky : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP197\A0028661.exe -> Proxy.Ranky : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP197\A0028680.exe -> Proxy.Ranky : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP197\A0028693.exe -> Proxy.Ranky : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP197\A0028694.exe -> Proxy.Ranky : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP197\A0028708.exe -> Proxy.Ranky : Cleaned.
C:\WINDOWS\system32\win32bootcfg.exe -> Proxy.Ranky : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\orla hopkins\Cookies\orla hopkins@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\orla hopkins\Cookies\orla hopkins@2o7[3].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\orla hopkins\Cookies\orla hopkins@aerlingus.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\orla hopkins\Cookies\orla hopkins@americanskiingco.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\orla hopkins\Cookies\orla hopkins@efashionsolutions.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\orla hopkins\Cookies\orla hopkins@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@2o7[4].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@2o7[5].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@aerlingus.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@efashionsolutions.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@motricity.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
Laguna
09-28-2006, 05:36 PM
C:\Documents and Settings\tommy plant\Local Settings\Temp\Cookies\tommy plant@aerlingus.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\orla hopkins\Cookies\orla hopkins@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@ads.addynamix[3].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@rotator.adjuggler[2].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\orla hopkins\Cookies\orla hopkins@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@z1.adserver[3].txt -> TrackingCookie.Adserver : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@z1.adserver[4].txt -> TrackingCookie.Adserver : Cleaned.
C:\Documents and Settings\orla hopkins\Cookies\orla hopkins@adtech[1].txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@adtech[3].txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@adtech[4].txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\orla hopkins\Cookies\orla hopkins@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@advertising[3].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@advertising[4].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@advertising[5].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@servedby.advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@servedby.advertising[3].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@servedby.advertising[4].txt -> TrackingCookie.Advertising : Cleaned.
Laguna
09-28-2006, 05:37 PM
C:\Documents and Settings\tommy plant\Cookies\tommy plant@adviva[1].txt -> TrackingCookie.Adviva : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@adviva[2].txt -> TrackingCookie.Adviva : Cleaned.
C:\Documents and Settings\orla hopkins\Cookies\orla hopkins@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\orla hopkins\Cookies\orla hopkins@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@bfast[2].txt -> TrackingCookie.Bfast : Cleaned.
C:\Documents and Settings\orla hopkins\Cookies\orla hopkins@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@bluestreak[3].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@bluestreak[4].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@citi.bridgetrack[1].txt -> TrackingCookie.Bridgetrack : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\orla hopkins\Cookies\orla hopkins@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@casalemedia[3].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@casalemedia[4].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\orla hopkins\Cookies\orla hopkins@centrport[1].txt -> TrackingCookie.Centrport : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@centrport[1].txt -> TrackingCookie.Centrport : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@clickbank[1].txt -> TrackingCookie.Clickbank : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@com[2].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@commission-junction[1].txt -> TrackingCookie.Commission-junction : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\orla hopkins\Cookies\orla hopkins@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\orla hopkins\Cookies\orla hopkins@e-2dj6wfmieoajodo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\orla hopkins\Cookies\orla hopkins@e-2dj6wjl4chazefp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\orla hopkins\Cookies\orla hopkins@e-2dj6wjlygmc5kdp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@e-2dj6wfk4ehc5ccp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@e-2dj6wfk4ohajwfq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@e-2dj6wfk4qhczgbp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@e-2dj6wfkocjdzsap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
Laguna
09-28-2006, 05:37 PM
C:\Documents and Settings\tommy plant\Cookies\tommy plant@e-2dj6wfkocpdzolo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@e-2dj6wfkoegd5ifo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@e-2dj6wflosicjsgo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@e-2dj6wgkiqnazoko.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@e-2dj6wjk4eicjiap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@e-2dj6wjliepcpoaq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@e-2dj6wjmiqpc5mfq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@e-2dj6wjmyajdpehp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@estat[1].txt -> TrackingCookie.Estat : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\orla hopkins\Cookies\orla hopkins@as1.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@as-eu.falkag[3].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@as1.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@as1.falkag[3].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@as1.falkag[4].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\orla hopkins\Cookies\orla hopkins@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@fastclick[3].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@fastclick[4].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned.
C:\Documents and Settings\orla hopkins\Cookies\orla hopkins@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\orla hopkins\Cookies\orla hopkins@ehg-kodak.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\orla hopkins\Cookies\orla hopkins@ehg-uniontrib.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\orla hopkins\Cookies\orla hopkins@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@ehg-adidas.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@ehg-adidas.hitbox[3].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@ehg-adidasus.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@ehg-atariinc.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@ehg-aura.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@ehg-betterphoto.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@ehg-bskyb.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@ehg-bskyb.hitbox[3].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@ehg-carphonewarehouse.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@ehg-cendant.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@ehg-cricinfo.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@ehg-firstchoice.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@ehg-holidaybreak.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@ehg-iwantoneofthose.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@ehg-iwantoneofthose.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
Laguna
09-28-2006, 05:38 PM
C:\Documents and Settings\tommy plant\Cookies\tommy plant@ehg-littlewoods.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@ehg-logantod.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@ehg-nokiafin.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@ehg-traderpublishing.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@ehg-twi.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@ehg-uniontrib.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@hitbox[3].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@hitbox[4].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@phg.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@phg.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@counter.hitslink[1].txt -> TrackingCookie.Hitslink : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@counter.hitslink[2].txt -> TrackingCookie.Hitslink : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@counter.hitslink[3].txt -> TrackingCookie.Hitslink : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@counter.hitslink[5].txt -> TrackingCookie.Hitslink : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@counter2.hitslink[1].txt -> TrackingCookie.Hitslink : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@counter2.hitslink[2].txt -> TrackingCookie.Hitslink : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@hypertracker[2].txt -> TrackingCookie.Hypertracker : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@linksynergy[2].txt -> TrackingCookie.Linksynergy : Cleaned.
C:\Documents and Settings\orla hopkins\Cookies\orla hopkins@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\orla hopkins\Cookies\orla hopkins@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@mediaplex[3].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@stat.onestat[1].txt -> TrackingCookie.Onestat : Cleaned.
C:\Documents and Settings\orla hopkins\Cookies\orla hopkins@data3.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\orla hopkins\Cookies\orla hopkins@overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\orla hopkins\Cookies\orla hopkins@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@data2.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@data2.perf.overture[3].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@data4.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@overture[3].txt -> TrackingCookie.Overture : Cleaned.
Laguna
09-28-2006, 05:39 PM
C:\Documents and Settings\tommy plant\Cookies\tommy plant@overture[4].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\orla hopkins\Cookies\orla hopkins@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@pro-market[2].txt -> TrackingCookie.Pro-market : Cleaned.
C:\Documents and Settings\orla hopkins\Cookies\orla hopkins@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@questionmarket[4].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\orla hopkins\Cookies\orla hopkins@ads1.revenue[1].txt -> TrackingCookie.Revenue : Cleaned.
C:\Documents and Settings\orla hopkins\Cookies\orla hopkins@revenue[2].txt -> TrackingCookie.Revenue : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@ads1.revenue[1].txt -> TrackingCookie.Revenue : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@revenue[1].txt -> TrackingCookie.Revenue : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@revenue[2].txt -> TrackingCookie.Revenue : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@revenue[3].txt -> TrackingCookie.Revenue : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@revenue[4].txt -> TrackingCookie.Revenue : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\orla hopkins\Cookies\orla hopkins@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\orla hopkins\Cookies\orla hopkins@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@bs.serving-sys[3].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@serving-sys[4].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\orla hopkins\Cookies\orla hopkins@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@h.starware[2].txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@starware[2].txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@starware[3].txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@try.starware[1].txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@www.starware[1].txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\orla hopkins\Cookies\orla hopkins@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
Laguna
09-28-2006, 05:39 PM
C:\Documents and Settings\tommy plant\Cookies\tommy plant@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@statcounter[3].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@statcounter[4].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\orla hopkins\Cookies\orla hopkins@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@tacoda[3].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\orla hopkins\Cookies\orla hopkins@fad-608.iad6.targetnet[1].txt -> TrackingCookie.Targetnet : Cleaned.
C:\Documents and Settings\orla hopkins\Cookies\orla hopkins@targetnet[2].txt -> TrackingCookie.Targetnet : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@targetnet[1].txt -> TrackingCookie.Targetnet : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@targetnet[2].txt -> TrackingCookie.Targetnet : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\orla hopkins\Cookies\orla hopkins@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@tradedoubler[3].txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\orla hopkins\Cookies\orla hopkins@a.tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\orla hopkins\Cookies\orla hopkins@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@vdn.valuead[2].txt -> TrackingCookie.Valuead : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@valueclick[2].txt -> TrackingCookie.Valueclick : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@valueclick[3].txt -> TrackingCookie.Valueclick : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@webstat[1].txt -> TrackingCookie.Web-stat : Cleaned.
C:\Documents and Settings\orla hopkins\Cookies\orla hopkins@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@statse.webtrendslive[4].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\tommy plant\Local Settings\Temp\Cookies\tommy plant@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@yadro[2].txt -> TrackingCookie.Yadro : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@ad.yieldmanag er[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\orla hopkins\Cookies\orla hopkins@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@ad.yieldmanager[3].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@c1.zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@c2.zedo[2].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@zedo[2].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@zedo[3].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\tommy plant\Cookies\tommy plant@zedo[5].txt -> TrackingCookie.Zedo : Cleaned.
C:\WINDOWS\system32\helperymsmsgs.exe -> Trojan.Agent.an : Cleaned.
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4XIJ4LMV\x[1].exe -> Worm.Padobot.m : Cleaned.
Laguna
09-28-2006, 05:40 PM
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 6:08:26 PM 9/28/2006
+ Scan result:
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP219\A0031353.exe -> Adware.AdURL : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP219\A0031351.dll -> Adware.CommAd : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP219\A0031352.exe -> Adware.CommAd : Cleaned.
HKLM\SOFTWARE\Effective-i -> Adware.EffectiveBrandToolbar : Cleaned.
HKLM\SOFTWARE\Effective-i\TheSearchAccelerator -> Adware.EffectiveBrandToolbar : Cleaned.
HKLM\SOFTWARE\Effective-i\TheSearchAccelerator\IE5 -> Adware.EffectiveBrandToolbar : Cleaned.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\I3SZO9C3\Installer[2].exe -> Adware.Look2Me : Cleaned.
C:\Installer4.exe -> Adware.Look2Me : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP219\A0031338.exe -> Adware.Look2Me : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP219\A0031339.exe -> Adware.Look2Me : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP219\A0031340.dll -> Adware.Look2Me : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP219\A0031342.dll -> Adware.Look2Me : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP219\A0031343.dll -> Adware.Look2Me : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP219\A0031345.dll -> Adware.Look2Me : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP219\A0031346.dll -> Adware.Look2Me : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP219\A0031348.dll -> Adware.Look2Me : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP219\A0031349.exe -> Adware.Look2Me : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP219\A0031637.dll -> Adware.Look2Me : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP219\A0032931.dll -> Adware.Look2Me : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP219\A0032932.dll -> Adware.Look2Me : Cleaned.
C:\WINDOWS\system32\MXVCRTD.DLL -> Adware.Look2Me : Cleaned.
C:\WINDOWS\system32\__delete_on_reboot__e_n_l_4_l_ 1_3_q_1_._d_l_l_ -> Adware.Look2Me : Cleaned.
C:\WINDOWS\system32\__delete_on_reboot__w_a_n_t_r_ u_s_t_._d_l_l_ -> Adware.Look2Me : Cleaned.
C:\WINDOWS\system32\en28l1fu1.dll -> Adware.Look2Me : Cleaned.
C:\WINDOWS\system32\mitime.dll -> Adware.Look2Me : Cleaned.
C:\WINDOWS\system32\ndhtml.dll -> Adware.Look2Me : Cleaned.
C:\warebundlenewer.exe -> Adware.Look2Me : Cleaned.
[660] C:\WINDOWS\system32\sgdpsrv.dll -> Adware.Look2Me : Cleaned.
[784] C:\WINDOWS\system32\sgdpsrv.dll -> Adware.Look2Me : Cleaned.
C:\Program Files\Deskbar\deskbar.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP214\A0030227.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP215\A0030275.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP219\A0031941.dll -> Adware.Softomate : Cleaned.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Y9ML6HCD\ucmoreiex[1].exe/IUCMORE.DLL -> Adware.Ucmore : Cleaned.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Y9ML6HCD\ucmoreiex[1].exe/UCMTSAIE.DLL -> Adware.Ucmore : Cleaned.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Y9ML6HCD\ucmoreiex[1].exe/empty_00000001 -> Adware.Ucmore : Cleaned.
C:\Documents and Settings\LocalService\Start Menu\Programs\UCmore - The Search Accelerator -> Adware.Ucmore : Cleaned.
C:\Documents and Settings\LocalService\Start Menu\Programs\UCmore - The Search Accelerator\How To Uninstall.lnk -> Adware.Ucmore : Cleaned.
C:\Documents and Settings\LocalService\Start Menu\Programs\UCmore - The Search Accelerator\UCmore - The Search Accelerator.lnk -> Adware.Ucmore : Cleaned.
C:\Documents and Settings\LocalService\Start Menu\Programs\UCmore - The Search Accelerator\UCmore Tour.lnk -> Adware.Ucmore : Cleaned.
C:\Program Files\TheSearchAccelerator -> Adware.UCmore : Cleaned.
C:\Program Files\TheSearchAccelerator\INSTALL.LOG -> Adware.UCmore : Cleaned.
C:\Program Files\TheSearchAccelerator\IUCmore.dll -> Adware.UCmore : Cleaned.
C:\Program Files\TheSearchAccelerator\UCMTSAIE.dll -> Adware.UCmore : Cleaned.
C:\Program Files\TheSearchAccelerator\UNWISE.EXE -> Adware.UCmore : Cleaned.
C:\Program Files\TheSearchAccelerator\logo.ico -> Adware.UCmore : Cleaned.
C:\Program Files\TheSearchAccelerator\toolbar.cfg -> Adware.UCmore : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP219\A0031355.dll -> Adware.Ucmore : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP219\A0031359.exe/IUCMORE.DLL -> Adware.Ucmore : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP219\A0031359.exe/UCMTSAIE.DLL -> Adware.Ucmore : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP219\A0031359.exe/empty_00000001 -> Adware.Ucmore : Cleaned.
C:\ucmoreiex.exe/IUCMORE.DLL -> Adware.Ucmore : Cleaned.
C:\ucmoreiex.exe/UCMTSAIE.DLL -> Adware.Ucmore : Cleaned.
C:\ucmoreiex.exe/empty_00000001 -> Adware.Ucmore : Cleaned.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\UCmore - The Search Accelerator -> Adware.UCmore : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP219\A0031350.exe -> Adware.Zestyfind : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP193\A0028437.exe -> Backdoor.Rbot.aeu : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP193\A0028467.exe -> Backdoor.Rbot.aeu : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP193\A0028484.exe -> Backdoor.Rbot.aeu : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP194\A0028502.exe -> Backdoor.Rbot.aeu : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP195\A0028521.exe -> Backdoor.Rbot.aeu : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP195\A0028578.exe -> Backdoor.Rbot.aeu : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP219\A0031655.EXE -> Backdoor.Rbot.aeu : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP196\A0028595.exe -> Backdoor.Rbot.bgz : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP196\A0028616.exe -> Backdoor.Rbot.bgz : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP196\A0028633.exe -> Backdoor.Rbot.bgz : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP197\A0028651.exe -> Backdoor.Rbot.bgz : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP197\A0028670.exe -> Backdoor.Rbot.bgz : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP197\A0028686.exe -> Backdoor.Rbot.bhk : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP198\A0028721.exe -> Backdoor.Rbot.bhk : Cleaned.
C:\WINDOWS\system32\newexe.exe -> Backdoor.Rbot.bhk : Cleaned.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\I3SZO9C3\al3[1].txt -> Downloader.Small : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP219\A0031647.exe -> Downloader.Small : Cleaned.
C:\WINDOWS\system32\drivers\ndisrd.sys -> Downloader.Small : Cleaned.
C:\WINDOWS\system32\w0576c8a.dll -> Downloader.Small : Cleaned.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\I3SZO9C3\MTE3NDI6ODoxNg[1].exe -> Downloader.Small.buy : Cleaned.
C:\Documents and Settings\tommy plant\Application Data\winantiviruspro2006freeinstall[1].exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP219\A0031360.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP219\A0031336.exe -> Proxy.Ranky : Cleaned.
::Report end
Laguna
09-28-2006, 05:41 PM
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 7:43:03 PM 9/28/2006
+ Scan result:
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP220\A0032963.exe -> Adware.Look2Me : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP220\A0032964.DLL -> Adware.Look2Me : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP220\A0032965.dll -> Adware.Look2Me : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP220\A0032966.dll -> Adware.Look2Me : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP220\A0032967.dll -> Adware.Look2Me : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP220\A0032968.exe -> Adware.Look2Me : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP220\A0032981.dll -> Adware.Look2Me : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP220\A0032982.dll -> Adware.Look2Me : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP220\A0032988.dll -> Adware.Look2Me : Cleaned.
C:\WINDOWS\system32\snmedia.dll -> Adware.Look2Me : Cleaned.
[660] C:\WINDOWS\system32\ormanage.dll -> Adware.Look2Me : Cleaned.
[796] C:\WINDOWS\system32\ormanage.dll -> Adware.Look2Me : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP220\A0032978.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP220\A0032973.dll -> Adware.Ucmore : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP220\A0032977.exe/IUCMORE.DLL -> Adware.Ucmore : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP220\A0032977.exe/UCMTSAIE.DLL -> Adware.Ucmore : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP220\A0032977.exe/empty_00000001 -> Adware.Ucmore : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP219\A0031645.exe -> Backdoor.Rbot.aeu : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP219\A0031646.exe -> Backdoor.Rbot.aeu : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP219\A0031654.EXE -> Backdoor.Rbot.aeu : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP220\A0032962.exe -> Backdoor.Rbot.bhk : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP218\A0030332.exe -> Backdoor.SdBot.avk : Cleaned.
C:\Documents and Settings\orla hopkins\Local Settings\Temporary Internet Files\Content.IE5\41UVWTIZ\spreadno[1].exe -> Backdoor.SdBot.avw : Cleaned.
C:\Documents and Settings\orla hopkins\spreadno.exe -> Backdoor.SdBot.avw : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP210\A0030033.exe -> Backdoor.SdBot.avw : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP220\A0033055.exe -> Backdoor.SdBot.avw : Cleaned.
C:\Documents and Settings\orla hopkins\Local Settings\Temporary Internet Files\Content.IE5\16ZDTEK6\recsl[2].exe -> Backdoor.SdBot.awk : Cleaned.
C:\Documents and Settings\orla hopkins\recsl.exe -> Backdoor.SdBot.awk : Cleaned.
C:\Documents and Settings\tommy plant\recsl.exe -> Backdoor.SdBot.awk : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP213\A0030154.exe -> Backdoor.SdBot.awk : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP213\A0030168.exe -> Backdoor.SdBot.awk : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP213\A0030187.exe -> Backdoor.SdBot.awk : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP214\A0030206.exe -> Backdoor.SdBot.awk : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP214\A0030209.exe -> Backdoor.SdBot.awk : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP214\A0030223.exe -> Backdoor.SdBot.awk : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP215\A0030292.exe -> Backdoor.SdBot.awk : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP218\A0030329.exe -> Backdoor.SdBot.awk : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP220\A0033029.exe -> Backdoor.SdBot.awk : Cleaned.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IRE5ODS1\dr[1].exe -> Downloader.Adload.dg : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP214\A0030235.exe -> Downloader.Adload.dg : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP214\A0030251.exe -> Downloader.Adload.dg : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP215\A0030273.exe -> Downloader.Adload.dg : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP215\A0030288.exe -> Downloader.Adload.dg : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP218\A0030338.exe -> Downloader.Adload.dg : Cleaned.
C:\dwv.exe -> Downloader.Adload.dg : Cleaned.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IRE5ODS1\drsmartload46a[1].exe -> Downloader.Adload.ds : Cleaned.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPQRSTUV\drsmartload849a[1].exe -> Downloader.Adload.ds : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP214\A0030189.exe -> Downloader.Adload.ds : Cleaned.
Laguna
09-28-2006, 05:41 PM
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP214\A0030224.exe -> Downloader.Adload.ds : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP214\A0030236.exe -> Downloader.Adload.ds : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP214\A0030244.exe -> Downloader.Adload.ds : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP214\A0030252.exe -> Downloader.Adload.ds : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP215\A0030257.exe -> Downloader.Adload.ds : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP215\A0030271.exe -> Downloader.Adload.ds : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP215\A0030274.exe -> Downloader.Adload.ds : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP215\A0030286.exe -> Downloader.Adload.ds : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP215\A0030289.exe -> Downloader.Adload.ds : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP218\A0030339.exe -> Downloader.Adload.ds : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP220\A0033038.exe -> Downloader.Adload.ds : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP220\A0033039.exe -> Downloader.Adload.ds : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP220\A0033040.exe -> Downloader.Adload.ds : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP220\A0033041.exe -> Downloader.Adload.ds : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP220\A0033042.exe -> Downloader.Adload.ds : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP220\A0033043.exe -> Downloader.Adload.ds : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP220\A0033044.exe -> Downloader.Adload.ds : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP220\A0033045.exe -> Downloader.Adload.ds : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP220\A0033046.exe -> Downloader.Adload.ds : Cleaned.
C:\winde.exe -> Downloader.Adload.ds : Cleaned.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\I3SZO9C3\nwnmff_18[1].exe -> Downloader.Adload.fg : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP214\A0030190.exe -> Downloader.Adload.fg : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP214\A0030226.exe -> Downloader.Adload.fg : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP214\A0030245.exe -> Downloader.Adload.fg : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP215\A0030259.exe -> Downloader.Adload.fg : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP215\A0030272.exe -> Downloader.Adload.fg : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP215\A0030287.exe -> Downloader.Adload.fg : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP218\A0030333.exe -> Downloader.Adload.fg : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP220\A0033030.exe -> Downloader.Adload.fg : Cleaned.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Y9ML6HCD\kybrdff_18[1].exe -> Downloader.Adload.fk : Cleaned.
C:\kybrdff_18.exe -> Downloader.Adload.fk : Cleaned.
C:\kybrdff_e4.exe -> Downloader.Adload.fk : Cleaned.
C:\kybrdff_e5.exe -> Downloader.Adload.fk : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP219\A0031940.exe -> Downloader.Adload.fo : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP220\A0033036.exe -> Downloader.Adload.fo : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP220\A0033037.exe -> Downloader.Adload.fo : Cleaned.
C:\wie.exe -> Downloader.Adload.fo : Cleaned.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IRE5ODS1\drsmartload195a[1].exe -> Downloader.Adload.fu : Cleaned.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPQRSTUV\drsmartload45a[1].exe -> Downloader.Adload.fu : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP219\A0032940.exe -> Downloader.Adload.fu : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP220\A0033027.exe -> Downloader.Adload.fu : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP220\A0033035.exe -> Downloader.Adload.fu : Cleaned.
C:\dddko.exe -> Downloader.Adload.fu : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP220\A0033047.exe -> Downloader.Adload.fv : Cleaned.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\I3SZO9C3\ac3[1].txt -> Downloader.Agent.awb : Cleaned.
C:\WINDOWS\system32\osa5e24e.dll -> Downloader.Agent.awb : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP220\A0032960.sys -> Downloader.Small : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP220\A0032961.dll -> Downloader.Small : Cleaned.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Y9ML6HCD\dfndrff_e[1].exe -> Hijacker.VB.ia : Cleaned.
C:\dfndrff_e1.exe -> Hijacker.VB.ia : Cleaned.
C:\dfndrff_e4.exe -> Hijacker.VB.ly : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP220\A0032979.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\I3SZO9C3\update[1].exe -> Proxy.Agent.hd : Cleaned.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IRE5ODS1\jjupdate[1].exe -> Proxy.Agent.hd : Cleaned.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPQRSTUV\update[1].exe -> Proxy.Agent.hd : Cleaned.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Y9ML6HCD\j2update[3].exe -> Proxy.Agent.hd : Cleaned.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Y9ML6HCD\j2updatea[1].exe -> Proxy.Agent.hd : Cleaned.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Y9ML6HCD\update[1].exe -> Proxy.Agent.hd : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP198\A0028733.exe -> Proxy.Agent.hd : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP198\A0028734.exe -> Proxy.Agent.hd : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP198\A0028758.exe -> Proxy.Agent.hd : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP199\A0028760.exe -> Proxy.Agent.hd : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP200\A0028779.exe -> Proxy.Agent.hd : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP201\A0028810.exe -> Proxy.Agent.hd : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP202\A0028816.exe -> Proxy.Agent.hd : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP203\A0029862.exe -> Proxy.Agent.hd : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP204\A0029864.exe -> Proxy.Agent.hd : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP204\A0029874.exe -> Proxy.Agent.hd : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP204\A0029875.exe -> Proxy.Agent.hd : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP206\A0029902.exe -> Proxy.Agent.hd : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP207\A0029948.exe -> Proxy.Agent.hd : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP209\A0029988.exe -> Proxy.Agent.hd : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP209\A0030011.exe -> Proxy.Agent.hd : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP210\A0030030.exe -> Proxy.Agent.hd : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP212\A0030094.exe -> Proxy.Agent.hd : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP214\A0030249.exe -> Proxy.Agent.hd : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP214\A0030250.exe -> Proxy.Agent.hd : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP215\A0030262.exe -> Proxy.Agent.hd : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP218\A0030331.exe -> Proxy.Agent.hd : Cleaned.
C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP220\A0033033.exe -> Proxy.Agent.hd : Cleaned.
C:\WINDOWS\system32\taskmngr32.exe -> Proxy.Agent.hd : Cleaned.
C:\dfndrff_e7.exe -> Trojan.VB.asv : Cleaned.
::Report end
Laguna
09-28-2006, 05:43 PM
I ran the Smithfraudfix 2nd option in safe mode and it did it's fixes, cleaned the registry and didn't need to replace any files.I seem to have misplaced the log I'm afraid.
Laguna
09-28-2006, 05:51 PM
SpyBot removed the following:
Alexa related,
Winsoftware.WinAntiVirusPro2006,
Command Service,
CoolWWWSearch,
CoolWWWSearch.SmartSearch,
FunWebProducts,
Microsoft.WindowsSecurityCenter_disabled,
MyWay.MyWebSearch,
MyWebSearch,
Network Monitor,
Smitfraud-C,
SpywareStormer,
WinAntiVirusPro2006,
Windows Security Center.AntiVirusDisableNotify,
Variants of ^^(AntiVirusOverride, FirewallDisabled, FirewallDisableNotify
FireWallOverride, SP2Update, UpdateDisableNotify,)
Windows.Security.InternetExplorer,
Laguna
09-28-2006, 05:54 PM
Ad-Aware and AVG removed a lot of trojans and registry entries.
With a lot of the trojans when I told AVG to send them to the vault I was told they were system files and if removed could cause the OS to fuction badly.
But healing them worked fine.
I ran Sophos Anti-Rootkit scanner to see if there was anything and it turned up no hidden items but said I didn't have the rights to do something.(I can't remember what)
Laguna
09-28-2006, 05:57 PM
Sometimes an error message pops up on Boot when you are just after selecting an account to log in under, it says something ahout a runtime error and then when you click ok a blue screen comes up reading fatal error and then the machine restarts.
Also when you log into windows successfully this error message pops up.
"Error loading w0576c8a.dll the specified module could not be found"
Through google I found nothing about this.
I will post a HJT log of the machine in it's current state...
Laguna
09-28-2006, 05:58 PM
Logfile of HijackThis v1.99.1
Scan saved at 9:22:57 PM, on 9/28/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\PROGRA~1\GENIUS~1\GNETMOUS.EXE
C:\Program Files\Simcast Media\Simcast\SimcastAlerts.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Acer\eManager\anbmServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\bmwebcfg.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\UAService7.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Documents and Settings\tommy plant\Desktop\hijackthis\HijackThis.exe
R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\inorjv.exe
O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\GENIUS~1\GNETMOUS.EXE
O4 - HKLM\..\Run: [Simcast] C:\Program Files\Simcast Media\Simcast\SimcastAlerts.exe
O4 - HKLM\..\Run: [msconfig38] mssvcc.exe
O4 - HKLM\..\Run: [secures23] mssecure.exe
O4 - HKLM\..\Run: [YhooUpdates] C:\WINDOWS\system32\ymsmsgs.exe
O4 - HKLM\..\Run: [winystems25] winystems.exe
O4 - HKLM\..\Run: [mysvcig38] mysvcc.exe
O4 - HKLM\..\Run: [osa5e24e] RUNDLL32.EXE w0576c8a.dll,n 0045e24a0000000a0576c8a
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [DrWebScheduler] C:\Program Files\DrWeb\DRWEBSCD.EXE
O4 - HKLM\..\Run: [SpIDerNT] C:\PROGRA~1\DrWeb\spidernt.exe /agent
O4 - HKLM\..\RunServices: [msconfig38] mssvcc.exe
O4 - HKLM\..\RunServices: [secures23] mssecure.exe
O4 - HKLM\..\RunServices: [winystems25] winystems.exe
O4 - HKLM\..\RunServices: [mysvcig38] mysvcc.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm119YYIE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Broken Internet access because of LSP provider 'bmnet.dll' missing
O16 - DPF: ibb_cust - file://E:\AIB\ibb_cust.cab
O20 - Winlogon Notify: Reliability - C:\WINDOWS\system32\fnj0211mg.dll (file missing)
O20 - Winlogon Notify: SideBySide - C:\WINDOWS\system32\guard.tmp (file missing)
O21 - SSODL: CGCJBGF0 - {1D407E84-7C10-1C15-3BF9-3EA4290C064A} - C:\WINDOWS\System32\Qpnppnlj.dll (file missing)
O21 - SSODL: mtklef - {29FCB383-ED19-4522-1A8D-B5A849169B1E} - C:\WINDOWS\System32\adxdym32.dll (file missing)
O21 - SSODL: mtkle - {028F0EDD-A8EF-4C97-B099-C45C953F1BC9} - C:\WINDOWS\System32\xhbe32.dll (file missing)
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - C:\WINDOWS\System32\bmwebcfg.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: SpIDer Guard for Windows NT (spidernt) - Unknown owner - C:\PROGRA~1\DrWeb\SpiderNT.exe (file missing)
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe
O23 - Service: Win32 Kernel Update (Win32Kernel) - Unknown owner - C:\WINDOWS\win32host.exe (file missing)
Budfred
09-28-2006, 10:11 PM
I am not really sure it was necessary to post all of those logs, but for future reference, if you do post Ewido logs, you can edit out all of the cookies....
You still have some crap to fix... You know the drill...
R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll (file missing)
O2 - BHO: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll (file missing)
O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\inorjv.exe
O4 - HKLM\..\Run: [msconfig38] mssvcc.exe
O4 - HKLM\..\Run: [secures23] mssecure.exe
O4 - HKLM\..\Run: [YhooUpdates] C:\WINDOWS\system32\ymsmsgs.exe
O4 - HKLM\..\Run: [winystems25] winystems.exe
O4 - HKLM\..\Run: [mysvcig38] mysvcc.exe
O4 - HKLM\..\RunServices: [msconfig38] mssvcc.exe
O4 - HKLM\..\RunServices: [secures23] mssecure.exe
O4 - HKLM\..\RunServices: [winystems25] winystems.exe
O4 - HKLM\..\RunServices: [mysvcig38] mysvcc.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...p=ZNxdm119YYIE
O16 - DPF: ibb_cust - file://E:\AIB\ibb_cust.cab
O20 - Winlogon Notify: Reliability - C:\WINDOWS\system32\fnj0211mg.dll (file missing)
O20 - Winlogon Notify: SideBySide - C:\WINDOWS\system32\guard.tmp (file missing)
O21 - SSODL: CGCJBGF0 - {1D407E84-7C10-1C15-3BF9-3EA4290C064A} - C:\WINDOWS\System32\Qpnppnlj.dll (file missing)
O21 - SSODL: mtklef - {29FCB383-ED19-4522-1A8D-B5A849169B1E} - C:\WINDOWS\System32\adxdym32.dll (file missing)
O21 - SSODL: mtkle - {028F0EDD-A8EF-4C97-B099-C45C953F1BC9} - C:\WINDOWS\System32\xhbe32.dll (file missing)
O23 - Service: Win32 Kernel Update (Win32Kernel) - Unknown owner - C:\WINDOWS\win32host.exe (file missing)
Find and delete the relevant files/folders...
Use Run and enter
sc Win32Kernel
Then....
1. Download this file - combofix.exe (http://download.bleepingcomputer.com/sUBs/combofix.exe)
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Post the ComboFix and a fresh HJT log after a reboot...
Laguna
09-29-2006, 04:51 AM
Yeah I'm sorry about all the posts...
I was had to go to the shops and I left instructions for my Girlfriend and I just said "Post Ewido Logs" but failed to mention leaving out the cookies.
So it's more my fault than hers.
Will do the above and get back to you.
Thanks for the help.
Laguna
09-29-2006, 08:43 AM
Ok I did the fixes and ran ComboFix.
When I tried sc Win32Kernel it brought up something along the lines of a description for it.And asked me if I wanted to view help for this query.
And I tried sc Win32Kernal delete and the same thing happened.
Anyway here are the logs.
tommy plant - 06-09-29 12:29:28.47 Service Pack 1
ComboFix 06.09.28 - Running from: "C:\Documents and Settings\tommy plant\Desktop"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\dfndrff_e3.exe
C:\dfndrff_e16.exe
C:\dfndrff_e5.exe
C:\deskbar3.exe
C:\deskbar_e13.exe
C:\deskbar.exe
C:\deskbar4.exe
C:\deskbar_e15.exe
C:\kybrdff_e7.exe
C:\kybrdff_e16.exe
C:\nwnmff_e4.exe
C:\nwnmff_e5.exe
C:\nwnmff_e7.exe
C:\Program Files\Deskbar
((((((((((((((((((((((((((((((( Files Created from 2006-08-29 to 2006-09-29 ))))))))))))))))))))))))))))))))))
2006-09-28 20:43 5,856 --a------ C:\WINDOWS\system32\drivers\drwebnet.sys
2006-09-28 20:36 53,248 --a------ C:\WINDOWS\system32\Process.exe
2006-09-28 20:36 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-09-28 20:36 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-09-28 20:36 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-09-28 17:18 6,976 --a------ C:\ddv.exe
2006-09-28 17:18 154,624 -r-hs---- C:\WINDOWS\system32\lviss.exe
2006-09-28 15:59 778,656 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-09-28 15:59 4,992 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2006-09-28 15:59 4,288 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-09-28 15:59 27,904 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-09-28 15:59 23,424 --a------ C:\WINDOWS\system32\drivers\avgmfrs.sys
2006-09-15 12:22 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2006-09-15 12:22 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2006-09-15 12:22 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2006-09-15 12:22 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
2006-09-13 17:27 1,233 --a------ C:\WINDOWS\system32\osa5e24e.sys
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )))
2006-09-28 17:31 -------- d-------- C:\Program Files\Sunbelt Software
2006-09-28 17:07 -------- d-------- C:\Program Files\CCleaner
2006-09-28 16:00 -------- d-------- C:\Documents and Settings\tommy plant\Application Data\AVG7
2006-09-28 15:59 -------- d-------- C:\Program Files\Grisoft
2006-09-28 14:51 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\System32\\ctfmon.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"LaunchApp"="Alaunch"
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"MSPY2002"="C:\\WINDOWS\\System32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"IgfxTray"="C:\\WINDOWS\\System32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"
"LManager"="C:\\Program Files\\Launch Manager\\QtZgAcer.EXE"
"mouseElf"="C:\\PROGRA~1\\GENIUS~1\\GNETMOUS.EXE"
"Simcast"="C:\\Program Files\\Simcast Media\\Simcast\\SimcastAlerts.exe"
"osa5e24e"="RUNDLL32.EXE w0576c8a.dll,n 0045e24a0000000a0576c8a"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Runonceex]
@=""
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\Cur rentVersion\Run]
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.0.720.3640 \\GoogleToolbarNotifier.exe"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.0.720.3640 \\GoogleToolbarNotifier.exe"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{FCF1E36E-0CEB-48A4-D0BA-DAA2E06DC735}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\Cur rentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\MyWebSearch Email Plugin.lnk"
"backup"="C:\\WINDOWS\\pss\\MyWebSearch Email Plugin.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MYWEBS~1\\bar\\1.bin\\MWSOEMON.EXE "
"item"="MyWebSearch Email Plugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^tommy plant^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]
"path"="C:\\Documents and Settings\\tommy plant\\Start Menu\\Programs\\Startup\\MyWebSearch Email Plugin.lnk"
"backup"="C:\\WINDOWS\\pss\\MyWebSearch Email Plugin.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\MYWEBS~1\\bar\\1.bin\\MWSOEMON.EXE "
"item"="MyWebSearch Email Plugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ccApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ccApp"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MyWebSearch Email Plugin]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mwsoemon"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\MYWEBS~1\\bar\\1.bin\\mwsoemon.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\RemoteControl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDVDServ"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\swg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleToolbarNotifier"
"hkey"="HKCU"
"command"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.0.720.3640 \\GoogleToolbarNotifier.exe"
"inimapping"="0"
HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
Completion time: Fri 09/29/2006 12:31:10.13
ComboFix.txt
Laguna
09-29-2006, 08:44 AM
Logfile of HijackThis v1.99.1
Scan saved at 12:37:38 PM, on 9/29/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\PROGRA~1\GENIUS~1\GNETMOUS.EXE
C:\Program Files\Simcast Media\Simcast\SimcastAlerts.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Acer\eManager\anbmServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\bmwebcfg.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\System32\UAService7.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Documents and Settings\tommy plant\Desktop\hijackthis\HijackThis.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\GENIUS~1\GNETMOUS.EXE
O4 - HKLM\..\Run: [Simcast] C:\Program Files\Simcast Media\Simcast\SimcastAlerts.exe
O4 - HKLM\..\Run: [osa5e24e] RUNDLL32.EXE w0576c8a.dll,n 0045e24a0000000a0576c8a
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Broken Internet access because of LSP provider 'bmnet.dll' missing
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - C:\WINDOWS\System32\bmwebcfg.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: SpIDer Guard for Windows NT (spidernt) - Unknown owner - C:\PROGRA~1\DrWeb\SpiderNT.exe (file missing)
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe
O23 - Service: Win32 Kernel Update (Win32Kernel) - Unknown owner - C:\WINDOWS\win32host.exe (file missing)
Budfred
09-29-2006, 09:26 AM
When I tried sc Win32Kernel it brought up something along the lines of a description for it.And asked me if I wanted to view help for this query.
And I tried sc Win32Kernal delete and the same thing happened.
That is what happens when I am in a hurry to get to bed... If should be:
sc delete Win32Kernel
Be careful about the spelling... You do not want to delete Win32Kernal...
Use HJT to fix this:
O4 - HKLM\..\Run: [osa5e24e] RUNDLL32.EXE w0576c8a.dll,n 0045e24a0000000a0576c8a
Find this and check Properties... If it is not clearly from a legit company, submit it to Jotti or change the extension to .old and see if it makes any difference:
C:\ddv.exe
To submit to Jotti:
Please go to Jotti's malware scan at http://virusscan.jotti.org/ and upload the file for scanning and post the results here.
Find and delete:
C:\WINDOWS\system32\lviss.exe
C:\WINDOWS\system32\osa5e24e.sys
I strongly recommend removing this in Add or Remove Programs:
MyWebSearch
Also, it would probably be a really good idea for your uncle to change account numbers, passwords and so on for any financial business he did on this computer...
Finally (for now) I suggest running this:
* Click here (http://support.f-secure.com/enu/home/ols3.shtml) to use the F-Secure Online Scanner
It's explained there with images how to allow the ActiveX to start the scan, so read that first.
Then click the F-Secure Online Scanner Next Generation Beta link.
Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan.
Click the Full System Scan button.
It will start to download scanner components and databases. This can take a while.
The main scan will start.
Once the scan finished scanning, click the Automatic cleaning (recommended) button
It could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.
The cleaning can take a while, so please be patient.
Then click the Show report button and copy and paste what's present under results in your next reply.
Post back on how it is going...
Laguna
09-29-2006, 01:00 PM
Rang him up about changing account details he will get on it right away.
I found and deleted this:
C:\WINDOWS\system32\osa5e24e.sys...
No sign of this and folders are set to show hidden items:
C:\WINDOWS\system32\lviss.exe
Used "sc delete Win32Kernel" and it's no longer in the HJT log.
Used HJT to fix:
O4 - HKLM\..\Run: [osa5e24e] RUNDLL32.EXE w0576c8a.dll,n 0045e24a0000000a0576c8a.
Can't find "MyWebSearch" in the programs list and there is no signs of any folder in program files for it.
Looked at the properties of ddv and the company name read...".." so I said yeah i'll upload it to jotti.Server appears to be very busy so I am awaiting my turn.
I will move on to doing the F-Secure scan as soon as it is finished uploading.
Or if it takes too long I will scan with F-Secure and upload it later.
Will post back when done.
Laguna
09-29-2006, 02:06 PM
The server for jotti seems to be always under a lot of strain.
I highly doubt this is a legit file.Will I rename it or delete it?
Here is the F-secure results.
Scanning Report
Friday, September 29, 2006 17:15:57 - 17:50:06
Computer name: ACER-PXKFPT6LFR
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\ D:\
--------------------------------------------------------------------------------
Result: 23 malware found
Net-Worm.Win32.Opasoft.s (virus)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP219\A0031680.EXE (Renamed)
Net-Worm.Win32.Padobot.m (virus)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP219\A0031677.EXE (Renamed)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP219\A0031678.EXE (Renamed)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP219\A0031679.EXE (Renamed)
Net-Worm.Win32.Padobot.u (virus)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP219\A0031674.DLL (Renamed)
Trojan-Clicker.Win32.VB.ly (virus)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP222\A0033278.EXE (Renamed)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP222\A0033280.EXE (Renamed)
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\Y9ML6HCD\DFNDRFF_E[3].EXE (Renamed)
Trojan-Downloader.BAT.Ftp.ab (virus)
C:\WINDOWS\SYSTEM32\I (Renamed)
Trojan-Downloader.Win32.Adload.fk (virus)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP222\A0033286.EXE (Renamed)
Trojan-Downloader.Win32.Adload.fu (virus)
C:\DDV.EXE (Renamed)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP222\A0033364.EXE (Renamed)
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\I3SZO9C3\DR[1].EXE (Renamed)
Trojan-Downloader.Win32.Adload.fz (virus)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP222\A0033279.EXE (Renamed)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP220\A0033032.EXE (Renamed)
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\OPQRSTUV\NWNMFF_E[1].EXE (Renamed)
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\I3SZO9C3\DFNDRFF_E_UIT[1].EXE (Renamed)
Trojan-PSW.Win32.Agent.an (virus)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP219\A0031653.EXE (Renamed)
Trojan-Spy.Win32.Qukart.s (virus)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP219\A0031675.DLL (Renamed)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP219\A0031676.DLL (Renamed)
W32/Adload.BFO (virus)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP222\A0033290.EXE
W32/Malware (virus)
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\IRE5ODS1\A20[1].EXE
W32/WinFixer.FO (virus)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP219\A0031444.EXE
--------------------------------------------------------------------------------
Statistics
Scanned:
Files: 18655
System: 3962
Not scanned: 6
Actions:
Disinfected: 0
Renamed: 20
Deleted: 0
None: 3
Submitted: 0
Files not scanned:
C:\PAGEFILE.SYS
C:\HIBERFIL.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP222\A0033256.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP220\A0033102.EXE
C:\DOCUMENTS AND SETTINGS\TOMMY PLANT\LOCAL SETTINGS\TEMP\ME_HTMG9QWSC4CGPUS
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
Laguna
09-29-2006, 02:09 PM
The computer is running a lot better than it was.No more error messages after fixing the rundll item in HJT.But I am afraid to take Kerio off the machine as when I went on the internet before I put Kerio on it got riddled again.
The reason I am taking Kerio off is because he wouldn't have a clue how to use it.
Budfred
09-29-2006, 07:56 PM
You needed to reset System Restore, but run one more fix first...
Download SDFix (http://downloads.andymanchesta.com/RemovalTools/SDFix.zip) and save it to your desktop.
Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
In Safe Mode, right click the SDFix.zip folder and choose Extract All,
Open the extracted folder and double click RunThis.bat to start the script.
Type Y to begin the script.
It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
Your system will take longer that normal to restart as the fixtool will be running and removing files.
When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt back onto the forum with a new HijackThis log
Laguna
09-30-2006, 05:40 AM
Here is the SDFix log and the new HJT log will follow.
SDFix: Version 1.26
-------------------
Scan run on:
Sat 09/30/2006
Time:
12:22 AM
Microsoft Windows XP [Version 5.1.2600]
Running from: C:\Documents and Settings\tommy plant\Desktop\SDFix\SDFix
Stage One...
Checking Services...
Name:
-----
Path:
----
Repairing Registry...
Restoring Default Hosts File...
Stage One Complete
Rebooting!
Stage Two...
Registry Cleaning Finished...
Checking For Malware Files:
--------------------------
C:\WINDOWS\Prefetch\ERASEME_00571.EXE-2550A648.pf
C:\WINDOWS\system32\lviss.exe
Backing Up and Removing any Files Found...
Final Check:
Remaining Services:
------------------
Remaining Files:
--------------
*Any removed Files are saved in the SDFix\backups Folder*
*FINISHED*
Seems to have found that file I couldn't.
Laguna
09-30-2006, 05:40 AM
Logfile of HijackThis v1.99.1
Scan saved at 9:33:18 AM, on 9/30/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\PROGRA~1\GENIUS~1\GNETMOUS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Acer\eManager\anbmServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\bmwebcfg.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\UAService7.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Documents and Settings\tommy plant\Desktop\hijackthis\HijackThis.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\GENIUS~1\GNETMOUS.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Broken Internet access because of LSP provider 'bmnet.dll' missing
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - C:\WINDOWS\System32\bmwebcfg.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: SpIDer Guard for Windows NT (spidernt) - Unknown owner - C:\PROGRA~1\DrWeb\SpiderNT.exe (file missing)
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe
***Edit***
Ok I scanned with Ewido on the other account on the computer.
And it found just one infection.
Backdoor.SdBot.avd.
But where is it coming from?Is it just that I scanned this account or is it coming back from something previously removed?
Budfred
09-30-2006, 09:18 AM
The log looks okay... The thing that Ewido picked up may be the tool you used last... However, it would probably be a good idea to run some scans on any account on the computer... I think it may be clean, but we can run a couple more scans to check if you would like... Is is running okay??
Laguna
09-30-2006, 11:03 AM
Yeah it's running a lot better now.
I ran Ewido, SpyBot, Ad-Aware and AVG and cleaned out anything that was found.Nothing major anyway just bits and pieces of what was found and removed already.
I still need to know what to do with the dvv.exe file.
Jotti seems to be busy 24/7.So what should I do with it?
Also I'm not sure how to re-set system restore.
And I also am just waiting for the all clear from you to install SP2.
And anything you think is worth running to make sure it's clean just say.
Budfred
09-30-2006, 11:39 AM
Try a rename on the dvv file and then run a bunch of stuff to see if it makes a difference... If it doesn't I would either leave it somewhere with the .old extension or delete it...
You can try a SilentRunners log to see if we missed anything:
Please download SilentRunners from here:
http://www.silentrunners.org/Silent%20Runners.zip
Unzip it to the desktop and double-click on it. If you get any kind of warning message about scripts, please choose to allow the script to run. When the scan is finished, it will create a logfile on the desktop. Please post the entire contents of this logfile for me to see.
To reset System Restore... Go to Start, Control Panel, System and select the System Restore tab... Put a check in Turn Off System Restore and press Apply... Press Okay and it will close... Reopen it and uncheck Turn Off System Restore...
Laguna
09-30-2006, 12:43 PM
Ok, I will do that and post up the results next.
For now, here is a Dr Web CureIt log.
nwnmff_e16.exe_tobedeleted;C:\;Adware.DollarRevenu e;Deleted.;
Process.exe;C:\WINDOWS\system32;Tool.Prockill;;
zn[1].exe;C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Y9ML6HCD;Win32.HLLW.MyBot;Delete d.;
DFNDRFF_E[3].0XE;C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Y9ML6HCD;Trojan.Click.1452;Delet ed.;
DR[1].0XE;C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\I3SZO9C3;Adware.Zango;Deleted.;
DFNDRFF_E_UIT[1].0XE;C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\I3SZO9C3;Adware.DollarRevenue;De leted.;
NWNMFF_E[1].0XE;C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPQRSTUV;Adware.DollarRevenue;De leted.;
kybrdff_e[1].exe;C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPQRSTUV;Adware.DollarRevenue;De leted.;
Process.exe;C:\Documents and Settings\tommy plant\Desktop\SmitfraudFix\SmitfraudFix;Tool.Prock ill;;
restart.exe;C:\Documents and Settings\tommy plant\Desktop\SmitfraudFix\SmitfraudFix;Tool.ShutD own.11;;
Process.exe;C:\Documents and Settings\tommy plant\Desktop\SDFix\SDFix\apps;Tool.Prockill;;
A0031653.0XE;C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP219;BackDoor.Yabo;Deleted.;
A0031864.DLL;C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP219;Adware.Msearch;Deleted.;
A0031865.scr;C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP219;Adware.Msearch;Deleted.;
A0031867.DLL;C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP219;Adware.Funweb;Incurable.Delete d.;
A0031868.DLL;C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP219;Adware.Msearch;Deleted.;
A0031869.DLL;C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP219;Adware.Msearch;Deleted.;
A0031870.DLL;C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP219;Adware.Msearch;Deleted.;
A0031871.SCR;C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP219;Adware.Msearch;Deleted.;
A0031872.DLL;C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP219;Adware.Msearch;Deleted.;
A0031873.DLL;C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP219;Adware.Msearch;Deleted.;
A0031874.EXE;C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP219;Adware.Msearch;Deleted.;
A0031875.DLL;C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP219;Adware.Msearch;Deleted.;
A0031876.DLL;C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP219;Adware.Msearch;Deleted.;
A0031877.DLL;C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP219;Adware.Msearch;Deleted.;
A0031878.DLL;C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP219;Adware.Msearch;Deleted.;
A0031879.EXE;C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP219;Adware.Msearch;Deleted.;
A0031880.DLL;C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP219;Adware.Msearch;Deleted.;
A0031881.DLL;C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP219;Adware.Msearch;Deleted.;
A0031891.DLL;C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP219;Adware.Websearch;Deleted.;
A0031929.dll;C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP219;Adware.Websearch;Deleted.;
A0033032.0XE;C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP220;Adware.DollarRevenue;Deleted.;
A0033279.0XE;C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP222;Adware.DollarRevenue;Deleted.;
A0033280.0XE;C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP222;Trojan.Click.1452;Deleted.;
A0033287.exe;C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP222;Adware.DollarRevenue;Deleted.;
A0033288.exe;C:\System Volume Information\_restore{AA2ADEB9-2BF2-41CC-BB68-2E8E1E4EA929}\RP222;Adware.DollarRevenue;Deleted.;
Laguna
09-30-2006, 12:56 PM
I reset system restore.
The DVV.exe file seems to have already been renamed DVV.OXE by something, but I renamed it .old anyway. Everything has been running fine with it renamed. So will I leave it or delete it?
The SilentRunners Log will follow.
Laguna
09-30-2006, 01:01 PM
"Silent Runners.vbs", revision 48, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run \ {++}
"ctfmon.exe" = "C:\WINDOWS\System32\ctfmon.exe" [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run \ {++}
"LaunchApp" = "Alaunch" ["Acer Inc."]
"SynTPLpr" = "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" ["Synaptics, Inc."]
"SynTPEnh" = "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" ["Synaptics, Inc."