PDA

View Full Version : Command service, Mirrar, possibly surfsidekick 3



Spritex
2006-08-17, 09:41
I've had all these, they say they are gone. I still get many popups and programs keep downloading themselves. I get a series of popups even with a browser closed. I also keep hearing a bubble sound, which is annoying because I will be typing something and the bubble sound comes and I have to reclick what I was typing on because it removes my cursor from the typing space, or whatnot.

Logfile of HijackThis v1.99.1
Scan saved at 1:29:10 AM, on 8/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\{88AE4325-07E2-1033-0522-020329200001}\Update.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\802.11g Wireless LAN\Monitor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Owner\Desktop\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us5.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us5.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us5.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\otyes.exe
F2 - REG:system.ini: UserInit=userinit.exe,apfidbt.exe
O2 - BHO: SSL encrypt - {746455FE-D059-47e7-AF0E-140E03F5A447} - C:\WINDOWS\system32\nsp7.dll
O2 - BHO: Related Page - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB58.dll
O2 - BHO: Ozbyq Class - {D623BC2F-A58D-4A75-A10D-CC244A702A35} - C:\WINDOWS\system32\xeymi.dll (file missing)
O3 - Toolbar: &hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB58.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunServices: [p2p networking] p2pnetworking.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Monitor.lnk = C:\Program Files\802.11g Wireless LAN\Monitor.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136858234105
O16 - DPF: {886DDE35-E955-11D0-A707-000000881958} - http://69.56.176.75/webplugin.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter: text/html - {B5F86455-BF18-4E12-965A-6642A0AC0549} - C:\WINDOWS\system32\xeymi.dll
O20 - Winlogon Notify: App Management - C:\WINDOWS\system32\hr2q05f5e.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

pskelley
2006-08-22, 13:41
Welcome to the forum. Listen up, you are badly infected, I see several including possible Look2me and a Qoologic trojan. I advise you to keep this computer offline until you are clean, this junk does attract others and your security has been weakened by it. We need do do this first.

1) If I can't see it I can't help you fix it. You are running MSConfig in Selective Startup mode. Post all logs in Normal Mode with no formating just as you posted this first one.

2) Please download Look2Me-Destroyer.exe (http://www.atribune.org/ccount/click.php?id=7) to your desktop.
Close all windows before continuing.
Double-click Look2Me-Destroyer.exe to run it.
Put a check next to Run this program as a task.
You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK
When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
Once it's done scanning, click the Remove L2M button.
You will receive a Done Scanning message, click OK.
When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
Your computer will then shutdown.
Turn your computer back on.
Please post the contents of C:\Look2Me-Destroyer.txt and a new HiJackThis log.

If Look2Me-Destroyer does not reopen automatically, reboot and try again.

If you receive a message from your firewall about this program accessing the internet please allow it.

If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.
http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX

More info:

If for some reason Look2Me-Destroyer doesn't reopen check that task scheduler is running.
If it isnt you can use sc.exe to start it

start>run sc start schedule press enter.

Post the two logs bolded above in Normal Mode in MSConfig. Add any comments you think will help. Use the "Post Reply" button to add information and stay in this same topic.

Thanks...pskelley
Safer Networking Forums

Spritex
2006-08-22, 17:41
When I run look2me it blocks off my screen in white and shows nothing but the look2me program, I didn't know if it was supposed to do that.
Other then that, here is the hijackthis log with all the programs loaded in startup mode. It was in normal mode when I was selecting what I wanted to run, not in selective mode.

Logfile of HijackThis v1.99.1
Scan saved at 9:27:11 AM, on 8/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\U3RhY2V5IFlvY2tleQ\command.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\win32107-200184546.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Duce6.exe
C:\WINDOWS\sys02001845467-2.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\S3apphk.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\thiselt.exe
C:\Program Files\LClock\LClock.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\802.11g Wireless LAN\Monitor.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\Common Files\{88AE4325-07E1-1033-0522-020329200001}\Update.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Documents and Settings\Owner\Desktop\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\otyes.exe
F2 - REG:system.ini: UserInit=userinit.exe,apfidbt.exe
O2 - BHO: SSL encrypt - {746455FE-D059-47e7-AF0E-140E03F5A447} - C:\WINDOWS\system32\nsvD.dll
O2 - BHO: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll
O2 - BHO: Banner Rotator - {D117A61F-92C3-4450-A0C8-F425B14D4127} - C:\WINDOWS\system32\adrotate.dll
O2 - BHO: Ozbyq Class - {D623BC2F-A58D-4A75-A10D-CC244A702A35} - C:\WINDOWS\system32\xeymi.dll (file missing)
O3 - Toolbar: &hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [win32107-200184546] C:\WINDOWS\win32107-200184546.exe
O4 - HKLM\..\Run: [win320967-20018454] C:\WINDOWS\win320967-20018454.exe
O4 - HKLM\..\Run: [w73305f7.dll] RUNDLL32.EXE w73305f7.dll,I2 003082e6073305f7
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\Duce6.exe
O4 - HKLM\..\Run: [sys02001845467-2] C:\WINDOWS\sys02001845467-2.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM\..\Run: [S3apphk] S3apphk.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [pop06apelt] C:\WINDOWS\thiselt.exe
O4 - HKLM\..\Run: [p2p networking] p2pnetworking.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [npegrsmA] C:\WINDOWS\npegrsmA.exe
O4 - HKLM\..\Run: [newname] C:\\nwnmfh_10.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdfh_10.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [k6mmN5IOU] "C:\WINDOWS\system32\wfxqhv.exe"
O4 - HKLM\..\Run: [jfk082e8] RUNDLL32.EXE w732f2fb.dll,n 003082e500000003732f2fb
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1151359460\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Glass2k] C:\Program Files\Glass2k\Glass2k.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [defender] C:\\dfndrfh_10.exe
O4 - HKLM\..\Run: [DDCM] "C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe" -Background
O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot
O4 - HKLM\..\Run: [ACTX1] C:\WINDOWS\v1201.exe
O4 - HKLM\..\Run: [adstart] "iexplore.exe" "-embedding http://iesettingsupdate"
O4 - HKLM\..\RunServices: [p2p networking] p2pnetworking.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Longhorn SideBar] C:\WINDOWS\SideBar\SideBar.exe
O4 - HKCU\..\Run: [irzw] C:\Program Files\InetGet2\stub_109_4_0_4_0.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: Monitor.lnk = C:\Program Files\802.11g Wireless LAN\Monitor.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com
O16 - DPF: {886DDE35-E955-11D0-A707-000000881958} - http://69.56.176.75/webplugin.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter: text/html - {B5F86455-BF18-4E12-965A-6642A0AC0549} - C:\WINDOWS\system32\xeymi.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\U3RhY2V5IFlvY2tleQ\command.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

pskelley
2006-08-22, 18:49
You have a load of junk that was not showing when you were starting the log in Selective Startup, look at the two logs, this second one is loaded with malware.
This line in the HJT log indicates Selective Startup in MSConfig!
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

We need to get Look2me to run before we move on, go back to the instructions and read them through, and run it again.

Post both logs again.

Thanks

Spritex
2006-08-22, 21:12
Look2Me-Destroyer V1.0.12

Scanning for infected files.....
Scan started at 8/22/2006 12:31:04 PM

Infected! C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP188\A0093436.dll
Infected! C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP188\A0093437.dll

Attempting to delete infected files...

Attempting to delete: C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP188\A0093436.dll
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP188\A0093436.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP188\A0093437.dll
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP188\A0093437.dll Deleted successfully!

Making registry repairs.


Restoring Windows certificates.

Replaced hosts file with default windows hosts file


Restoring SeDebugPrivilege for Administrators - Succeeded


-------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 1:00:01 PM, on 8/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\U3RhY2V5IFlvY2tleQ\command.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Duce6.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\S3apphk.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\thiselt.exe
C:\Program Files\LClock\LClock.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\windows\system\hpsysdrv.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\sys0301845467-20.exe
C:\Program Files\Common Files\{88AE4325-07E2-1033-0522-020329200001}\Update.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\PROGRA~1\COMMON~1\wzri\wzrim.exe
C:\PROGRA~1\COMMON~1\wzri\wzria.exe
C:\Program Files\802.11g Wireless LAN\Monitor.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\win320967-20018454.exe
C:\WINDOWS\win32107-200184546.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\Owner\Desktop\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\otyes.exe
F2 - REG:system.ini: UserInit=userinit.exe,apfidbt.exe
O2 - BHO: SSL encrypt - {746455FE-D059-47e7-AF0E-140E03F5A447} - C:\WINDOWS\system32\nszC.dll
O2 - BHO: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll
O2 - BHO: Banner Rotator - {D117A61F-92C3-4450-A0C8-F425B14D4127} - C:\WINDOWS\system32\adrotate.dll
O2 - BHO: Ozbyq Class - {D623BC2F-A58D-4A75-A10D-CC244A702A35} - C:\WINDOWS\system32\xeymi.dll (file missing)
O3 - Toolbar: &hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll
O4 - HKLM\..\Run: [adstart] "iexplore.exe" "-embedding http://iesettingsupdate"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [win32107-200184546] C:\WINDOWS\win32107-200184546.exe
O4 - HKLM\..\Run: [win320967-20018454] C:\WINDOWS\win320967-20018454.exe
O4 - HKLM\..\Run: [w73305f7.dll] RUNDLL32.EXE w73305f7.dll,I2 003082e6073305f7
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\Duce6.exe
O4 - HKLM\..\Run: [sys02001845467-2] C:\WINDOWS\sys02001845467-2.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM\..\Run: [S3apphk] S3apphk.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [pop06apelt] C:\WINDOWS\thiselt.exe
O4 - HKLM\..\Run: [p2p networking] p2pnetworking.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [npegrsmA] C:\WINDOWS\npegrsmA.exe
O4 - HKLM\..\Run: [newname] C:\\nwnmfh_10.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdfh_10.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [k6mmN5IOU] "C:\WINDOWS\system32\wfxqhv.exe"
O4 - HKLM\..\Run: [jfk082e8] RUNDLL32.EXE w732f2fb.dll,n 003082e500000003732f2fb
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1151359460\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Glass2k] C:\Program Files\Glass2k\Glass2k.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [defender] C:\\dfndrfh_10.exe
O4 - HKLM\..\Run: [DDCM] "C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe" -Background
O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot
O4 - HKLM\..\Run: [ACTX1] C:\WINDOWS\v1201.exe
O4 - HKLM\..\Run: [sys0301845467-20] C:\WINDOWS\sys0301845467-20.exe
O4 - HKLM\..\RunServices: [p2p networking] p2pnetworking.exe
O4 - HKCU\..\Run: [wzri] C:\PROGRA~1\COMMON~1\wzri\wzrim.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Longhorn SideBar] C:\WINDOWS\SideBar\SideBar.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Monitor.lnk = C:\Program Files\802.11g Wireless LAN\Monitor.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com
O16 - DPF: {886DDE35-E955-11D0-A707-000000881958} - http://69.56.176.75/webplugin.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter: text/html - {B5F86455-BF18-4E12-965A-6642A0AC0549} - C:\WINDOWS\system32\xeymi.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\U3RhY2V5IFlvY2tleQ\command.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

pskelley
2006-08-23, 00:17
I want to remind you that this computer is severely infected. Taking it on the internet will get you more infected and you have you share now.

1) I see no antivirus program running in this log, if you have none download, install, update and run this free program as soon as possible: http://free.grisoft.com/freeweb.php stick with the free program, do not download any trial versions or paid version.

2) See this information: C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
For your information, Viewpoint is installed by aol probably without your knowledge. Use Add Remove programs in your Control Panel and uninstall it.
http://www.clickz.com/news/article.php/3561546
http://www.greatis.com/appdata/u/v/viewmgr.exe.htm
http://www.spywareinfo.com/newsletter/archives/2005/nov4.php#viewpoint

The instructions must be followed exactly if you wish to be successful, we have our work cut out for us!

Thanks to LonnyRJones and any others who helped with this fix.

3) Download Brute Force Uninstaller (http://www.merijn.org/files/bfu.zip) to your desktop.
Right click the file on your Desktop, and choose Extract All.
Click Next.
In the box to choose where to extract the files to:
Click Browse.
Click on the + sign next to My Computer
Click on Local Disk (C: ) or whatever your primary drive is.
Click Make New Folder
Type in BFU
Click Next, and uncheck the Show Extracted Files box and then click Finish.
Download sidekickFix.bat (http://downloads.subratam.org/Lon/sidekickFix.bat) (rightclick on that link and choose save as)
Place sidekickFix.bat in your C:\BFU - folder. (Important!)
Close all browsers and explorer folders.
Double-click on sidekickFix.bat
Click Yes and follow the prompts, when prompted to restart the PC please do so.

_________________________________________________________

Thanks to Metallica and any others who helped with this fix.

4) 1. Please download Ewido Anti-Malware (http://www.ewido.net/en/download/)
Install ewido anti-malware
Launch ewido, there should be an icon on your desktop, double-click it.
The program will now open to the main screen.
When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.

You will need to update ewido to the latest definition files.
On the left hand side of the main screen click update.
Then click on Start Update.

The update will start and a progress bar will show the updates being installed.
(the status bar at the bottom will display ("Update successful")
Exit Ewido, do not run the scan yet!
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates (http://download.ewido.net/ewido-signatures-full-current.exe)

2. Please download Brute Force Uninstaller (http://www.merijn.org/files/bfu.zip) to your desktop.
Right click the BFU folder on your desktop, and choose Extract All
Click "Next"
In the box to choose where to extract the files to,
Click "Browse"
Click on the + sign next to "My Computer"
Click on "Local Disk (C: ) or whatever your primary drive is
Click "Make New Folder"
Type in BFU
Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
3. RIGHT-CLICK HERE (http://metallica.geekstogo.com/alcanshorty.bfu) and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.
Save it in the same folder you made earlier (c:\BFU).

Do not do anything with these yet!

Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping F8 until a menu appears. Highlight Safe Mode and hit enter.

4. Once in Safe Mode, Open Ewido:
Click on scanner
Click on Complete System Scan and the scan will begin.
You will be prompted to clean the first infection.
Select "Perform action on all infections", then proceed.
Once the scan has completed, there will be a button located on the bottom of the screen named Save report
Click Save report.
Save the report .txt file to your desktop or a location where you can find it easily.
Close ewido anti-malware.

5. Then, please go to Start > My Computer and navigate to the C:\BFU folder.
Start the Brute Force Uninstaller by doubleclicking BFU.exe
Behind the scriptline to execute field click the folder icon http://metallica.geekstogo.com/foldericon.png and select alcanshorty.bfu
Press Execute and let the program do it’s job. (You ought to see a progress bar if you did this correctly.)
Wait for the complete script execution box to pop up and press OK.
Press exit to terminate the BFU program.
Reboot into normal windows and post the contents of Ewido text report that you saved and a new HiJackThis log.

Thanks, please add any comments you think will help.

Spritex
2006-08-25, 01:53
Logfile of HijackThis v1.99.1
Scan saved at 5:39:26 PM, on 8/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\win320967-20018454.exe
C:\WINDOWS\win3208467-2001845.exe
C:\WINDOWS\sys0301845467-20.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\S3apphk.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\LClock\LClock.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\{88AE4325-07E2-1033-0522-020329200001}\Update.exe
C:\Program Files\802.11g Wireless LAN\Monitor.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Duce6.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\Owner\Desktop\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\otyes.exe
F2 - REG:system.ini: UserInit=userinit.exe,apfidbt.exe
O2 - BHO: SSL encrypt - {746455FE-D059-47e7-AF0E-140E03F5A447} - C:\WINDOWS\system32\nszC.dll
O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll (file missing)
O2 - BHO: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll (file missing)
O2 - BHO: Banner Rotator - {D117A61F-92C3-4450-A0C8-F425B14D4127} - C:\WINDOWS\system32\adrotate.dll
O3 - Toolbar: &hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll (file missing)
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [win320967-20018454] C:\WINDOWS\win320967-20018454.exe
O4 - HKLM\..\Run: [win3208467-2001845] C:\WINDOWS\win3208467-2001845.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Program Files\webHancer\Programs\whsurvey.exe
O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
O4 - HKLM\..\Run: [w73305f7.dll] RUNDLL32.EXE w73305f7.dll,I2 003082e6073305f7
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [sys0301845467-20] C:\WINDOWS\sys0301845467-20.exe
O4 - HKLM\..\Run: [sys02001845467-2] C:\WINDOWS\sys02001845467-2.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM\..\Run: [S3apphk] S3apphk.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [npegrsmA] C:\WINDOWS\npegrsmA.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [jfk082e8] RUNDLL32.EXE w732f2fb.dll,n 003082e500000003732f2fb
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1151359460\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Glass2k] C:\Program Files\Glass2k\Glass2k.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DDCM] "C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe" -Background
O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\Duce6.exe
O4 - HKLM\..\Run: [adstart] "iexplore.exe" "http://iesettingsupdate"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Longhorn SideBar] C:\WINDOWS\SideBar\SideBar.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: Monitor.lnk = C:\Program Files\802.11g Wireless LAN\Monitor.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com
O16 - DPF: {886DDE35-E955-11D0-A707-000000881958} - http://69.56.176.75/webplugin.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter: text/html - {B5F86455-BF18-4E12-965A-6642A0AC0549} - (no file)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Spritex
2006-08-25, 01:55
+ Scan result:



C:\WINDOWS\thiselt.exe -> Adware.Agent : No action taken.
C:\WINDOWS\U3RhY2V5IFlvY2tleQ\asappsrv.dll -> Adware.CommAd : No action taken.
C:\WINDOWS\U3RhY2V5IFlvY2tleQ\command.exe -> Adware.CommAd : No action taken.
C:\WINDOWS\em.ocx -> Adware.MediaMotor : No action taken.
C:\Documents and Settings\Owner\Desktop\HijackThis\backups\backup-20060818-030128-636.dll -> Adware.Mirar : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\NNBar_VCSetup_876072.exe -> Adware.Mirar : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\mit6.tmp.cab/NNBar_VCSetup_876072.exe -> Adware.Mirar : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\mit6.tmp/NNBar_VCSetup_876072.exe -> Adware.Mirar : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\A9E168.tmp/cvn0.exe -> Adware.SearchAssistant : No action taken.
C:\WINDOWS\system32\bez6n4r21.exe -> Adware.SearchAssistant : No action taken.
C:\WINDOWS\system32bez6n4r21.exe -> Adware.SearchAssistant : No action taken.
C:\WINDOWS\system32ghynf.exe -> Adware.SearchAssistant : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\A9E168.tmp/wfxqhv.exe -> Adware.Suggestor : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\A9E168.tmp/zqskw.exe -> Adware.Suggestor : No action taken.
C:\WINDOWS\system32\iqqr.exe -> Adware.Suggestor : No action taken.
C:\WINDOWS\system32\n9nyb.exe -> Adware.Suggestor : No action taken.
C:\WINDOWS\system32n9nyb.exe -> Adware.Suggestor : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\i16E.tmp -> Adware.SurfSide : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\iA.tmp -> Adware.SurfSide : No action taken.
C:\Program Files\Common Files\wzri\wzrid\wzric.dll -> Adware.TargetServer : No action taken.
C:\Program Files\ToolBar888 -> Adware.ToolBar888 : No action taken.
C:\Program Files\ToolBar888\Activate.exe -> Adware.ToolBar888 : No action taken.
C:\Program Files\ToolBar888\MyToolBar.dll -> Adware.ToolBar888 : No action taken.
C:\Program Files\ToolBar888\Uninst.exe -> Adware.ToolBar888 : No action taken.
C:\Program Files\webHancer -> Adware.Webhancer : No action taken.
C:\Program Files\webHancer\Programs -> Adware.Webhancer : No action taken.
C:\Program Files\webHancer\Programs\license.txt -> Adware.Webhancer : No action taken.
C:\Program Files\webHancer\Programs\readme.txt -> Adware.Webhancer : No action taken.
C:\Program Files\webHancer\Programs\sporder.dll -> Adware.Webhancer : No action taken.
C:\Program Files\webHancer\Programs\webhdll.dll -> Adware.Webhancer : No action taken.
C:\Program Files\webHancer\Programs\whagent.exe -> Adware.Webhancer : No action taken.
C:\Program Files\webHancer\Programs\whagent.ini -> Adware.Webhancer : No action taken.
C:\Program Files\webHancer\Programs\whiehlpr.dll -> Adware.Webhancer : No action taken.
C:\Program Files\webHancer\Programs\whinstaller.exe -> Adware.Webhancer : No action taken.
C:\Program Files\webHancer\Programs\whsurvey.exe -> Adware.Webhancer : No action taken.
C:\Program Files\whInstall -> Adware.Webhancer : No action taken.
C:\Program Files\whInstall\license.txt -> Adware.Webhancer : No action taken.
C:\Program Files\whInstall\readme.txt -> Adware.Webhancer : No action taken.
C:\Program Files\whInstall\whAgent.ini -> Adware.Webhancer : No action taken.
HKLM\SOFTWARE\Classes\WhIeHelperObj.WhIeHelperObj -> Adware.WebHancer : No action taken.
HKLM\SOFTWARE\Classes\WhIeHelperObj.WhIeHelperObj.1 -> Adware.WebHancer : No action taken.
HKLM\SOFTWARE\Classes\WhIeHelperObj.WhIeHelperObj\CurVer -> Adware.WebHancer : No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webHancer Agent -> Adware.WebHancer : No action taken.
HKLM\SOFTWARE\webhancer -> Adware.WebHancer : No action taken.
HKLM\SOFTWARE\webhancer\CC -> Adware.WebHancer : No action taken.
HKLM\SOFTWARE\webhancer\ESO -> Adware.WebHancer : No action taken.
C:\Documents and Settings\Owner\Shared\_\1st SMTP Server 2.8.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\1st Security Agent Pro 6.5.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\ALO Audio Editor 2.1.32.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\AVG Anti-Virus 7.1.405a.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\AVI DivX to DVD VCD Converter 2.0.2.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\AbleFTP 7.07.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Abrosoft FantaMorph Pro 3.6.3.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Access Manager for Windows 6.4.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Adobe Premiere Pro 2.0.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Advanced Desktop Shield 1.8.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Advanced Emailer 3.1.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Alarm Clock Pro 7.8.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Alchemy Mindworks Animation Workshop v2.0a..rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Alchemy Mindworks Presentation Wizard v2.0a.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Alcohol 120% 1.9.5.4327.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Aloaha PDF Crypter 2.1.311.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Aloaha PDF Crypter 2.1.314.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Aloaha PDF Saver 2.1.311.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Aloaha PDF Signator 2.1.311.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Annapolis DVDRip.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\AnyDVD 6.0.4.2.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Apollo DVD Creator v3.0.0.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Archangel iSO.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Arsenal - 49 The Complete Unbeaten Record DVDRip Xvid.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Audio Edit Magic 8.6.3.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Auto Power-On & Shut-Down v2.02.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Avast Professional Edition v4.7.871.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Avira AntiVir PersonalEdition Premium 7.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\BSPlayer Pro v1.42.833.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Babylon Pro 6.0.0.20 Inc ALL Premium Content.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Backup machine 1.1.48.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Battlefield 2-RELOADED iSO.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\BearShare Pro 5.2.5.3.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Beastie Boys Anthology.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Corporate Network Security 1.6.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Cyberlink PowerDVD Deluxe 7.0.1813.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\DFX Audio Enhancer v7.300.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\DJ Java Decompiler 3.9.9.91.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\DVDBuilder Pro 3.0.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Dameware.NT.Utilities.v5.1.3.0.Incl.Keymaker.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Deep Freeze v6.00.020.1523.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Digital Audio Editor v7.0.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\DiskShop v2.9.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Dvddecrypter 3.5.4.0.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Easy CD-DA Extractor Pro v10.0.2.1.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Eight Below DVDRip.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Email Privacy 2.7.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Enemy at the Gates DVDRip Xvid.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Eset NOD32 AntiVirus 2.51.26.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Evidence Destructor 2.2.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Evidence Exterminator 2.2.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\ExcellenceSoft Flash Speed 200 v3.2.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Family Tree v7.8.160706 Multilingual.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Fast Mailer Pro 3.1.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\FileName Pro 2.0.13.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\FileRecoveryAngel v1.14.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Filerecoveryangel 1.14.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Flash Player Pro v2.6.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Flv Flash Movie Powertools.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Font Fitting Room Deluxe v2.7.0.9.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Forty Shades Of Blue DVDRip.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\GIF Construction Set Professional v3.0a.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\GetRight Professional 6.0b Final.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Gladiator-Sword Of Vengeance iSO.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Google Earth 4B1693 Final.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Google Earth 4B1693.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Graphics Converter Pro v6.62.60728.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\HTML To Image v2.0.2006.708.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Hard Truck Apocalypse-RELOADED iSO.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\HardCopy Pro 2.7.4.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Harry Potter and the Goblet of Fire DVDRip.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Im Translator 3.0.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\ImTOO AVI MPEG Converter 3.1.8.0720b.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\ImTOO AVI MPEG Converter v3.1.8.0720b.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\ImTOO DVD Ripper Platinum v4.0.53.0721.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\ImTOO DVD to iPod Converter v4.0.53.0721.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\ImTOO DivX to DVD Converter v2.0.12.0720.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\ImTOO WMA MP3 Converter v2.1.58.0720.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\ImTOO iPod Movie Converter 3.1.8.0720b.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\InkSaver v2.0.500.0066.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.

Spritex
2006-08-25, 01:59
C:\Documents and Settings\Owner\Shared\_\Internet Business Promoter (IBP) 9.2.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Internet Download Manager v5.04.2.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Kabhi Alvida Naa Kehna (Hindi).rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Kaspersky Internet Security 2006 6.0.0.303.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\KeepItUp v5.6.2.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Label Maker Wizard v2.04.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Lenogo Ipod To Pc Transfer.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Magic Utilities 2006 v4.32.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Magical Jelly Bean Keyfinder v1.51 Final.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Mastermix Classic Vol 01 To 10.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Mastodon - Blood Mountain (2006).rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Miami Vice TELESYNC.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Ministry of Sound Trance Nation 3 - mixed by Ferry.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Motion Studio 4.0.111.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\My Super Ex Girlfriend XViD TS-maVen.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\MyVideoConverter v1.26.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Nero 7 Premium 7.2.3.2b.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\NikSaver v1.5.3.168.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Nine 1 2 Weeks DVDRip.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\No Adware v4.0.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Norloth v1.0.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Online Holdem Inspector 2.29d2.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Open Video Capture v1.24.215.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Open Video Converter v3.0.1.315.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Paint Shop Pro 9.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Path Styler Pro v1.11.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\PayWindow Payroll System 4.0.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Pdf Password Remover V2.5.05312006.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Pdf2htmlpdf To Html Function And Face.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Pestpatrol 5.0 With Serial Numbers.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\PictureRelate v2.5.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Plato DVD To iPod Converter v2.20.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Plato Video to iPod PSP 3GP 3.27.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Pluginz for GIF Construction Set Professional v3.0.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Power Autoplay Menu Creator V6.3.170306.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\ProxyInspector for ISA Server 2.6i.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Quick Memory Editor v2.0.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\QuickTime 7.1 for Windows.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\QuickTime Pro 7.1.0.210.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\RM to AVI MPEG WMV VCD DVD Converter 3.5.0.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Radar Website Monitor v4.5.8.5.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Reba McEntire Greatest Hits.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Runaway Vacation DVDRip XviD-DiAMOND.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\SPAMfighter Pro 4.6.4.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Safer Mail v4.01 German.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Save Flash v3.0.0067.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Selteco Flash Designer 6.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\ShareAlarmPro v1.6.6.0.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Silent Hill DVDRip.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Slither DVDSCR Xvid.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Slither DVDSCR.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Smart DVD CD Burner 3.0.57.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\SmartCode VNC Manager Enterprise v3.5.19.0.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Some amazing Drum 'n Bass MP3's by SUWU3.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Splinter Cell - Chaos Theory iSO.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Splitter XP v2.57.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Spyware Doctor v4.0.0.2603.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Super Utilities Pro v6.4.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Symantec Norton Ghost v10.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Techsmith SnagIt v8.1.0.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\TextAloud 2.194.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\The Da Vinci Code CloneDVD-iTWINS iSO.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\The Elder Scrolls IV - Oblivion iSO.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\The Erotic Chess Game full.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\The Shawshank Redemption DVDRip.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Three DvDrip Xvid-aXXo.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Torque Game Builder v1.1.1.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\TweakNow PowerPack 2006 Professional v1.1.7.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\UK Top 40 singles - 30-07-2006.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\USB Admin Pro 1.1.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\V.A- Summer Zone (2006 Dance).rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\VA - Hardcore Nation 3 (3cd) (2006).rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\VA-Miami Vice-OST-2006.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\VB Net to C Sharp Converter v2.03.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Valentina 2 for Director 2.4.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\VideoCharge 3.6.6.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Visual Studio 2005 Professional.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\VueScan Professional v8.3.55.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Water Illusion Professional 2.30.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\WebBounds v1.0.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Webcam and Screen Recorder 1.527.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\WebcamMax v2.0.0.2.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Webroot Spy Sweeper 5.0.7 Build of 1608.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Webroot Window Washer Retail 6.02 411 Full Version.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Whos Calling 4.6.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Win Xp Pro Student Edition.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\WinHex v13.0 SR-13.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\World Trade Center CAM.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\X-Men The Last Stand TS Xvid.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\Xilisoft MP4 iPod Converter 3.1.8.0720b.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\XtraTools 2006 v6.20.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\eBook RAR Cracker v3.0.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\n00zn00zn00zn00z.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Documents and Settings\Owner\Shared\_\watchDirectory 4.0.47.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\WINDOWS\system32\p2pnetworking.exe -> Backdoor.IRCBot.dd : No action taken.
C:\WINDOWS\system32\dr.exe -> Downloader.Adload.ds : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\f679531.exe -> Downloader.Qoologic.bj : No action taken.
C:\WINDOWS\system32\eiwde.dat -> Downloader.Qoologic.bj : No action taken.
[756] C:\WINDOWS\system32\frhajef.dll -> Downloader.Qoologic.bj : No action taken.
C:\WINDOWS\system32\w002e219.dll -> Downloader.Small : No action taken.
C:\WINDOWS\system32\w732f2fb.dll -> Downloader.Small : No action taken.
C:\WINDOWS\cesfnjrjcg.dll -> Downloader.Small.ajc : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\ac2_0004.exe -> Downloader.Small.cpu : No action taken.
C:\Program Files\Internet Explorer\hosecu.dll -> Downloader.Small.ctp : No action taken.
C:\WINDOWS\ac3_0002.exe -> Downloader.Small.cyh : No action taken.

Spritex
2006-08-25, 02:00
C:\Program Files\Common Files\wzri\wzrip.exe -> Downloader.TSUpdate.f : No action taken.
C:\Program Files\Common Files\wzri\wzria.exe -> Downloader.TSUpdate.l : No action taken.
C:\Program Files\Common Files\wzri\wzrim.exe -> Downloader.TSUpdate.n : No action taken.
C:\Program Files\Common Files\wzri\wzril.exe -> Downloader.TSUpdate.r : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\pre.exe -> Dropper.Agent.hl : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\KXMJC1IZ\popup[1].htm -> Hijacker.Agent.a : No action taken.
C:\Program Files\Messenger\kybe.html -> Hijacker.Small.jf : No action taken.
C:\Program Files\Windows NT\hoxyma.html -> Hijacker.Small.jf : No action taken.
C:\WINDOWS\npegrsm.exe -> Hijacker.VB.ij : No action taken.
C:\Program Files\Network Monitor\netmon.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@tcompany.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@adbrite[1].txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@adbrite[1].txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@ads.addynamix[1].txt -> TrackingCookie.Addynamix : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@adrevolver[1].txt -> TrackingCookie.Adrevolver : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@www.adtrak[1].txt -> TrackingCookie.Adtrak : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@www.adtrak[1].txt -> TrackingCookie.Adtrak : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@install.bestoffersnetworks[2].txt -> TrackingCookie.Bestoffersnetworks : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@bluestreak[1].txt -> TrackingCookie.Bluestreak : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@citi.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@burstnet[1].txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@www.burstnet[2].txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@casinotropez[1].txt -> TrackingCookie.Casinotropez : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@www.casinotropez[1].txt -> TrackingCookie.Casinotropez : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : No action taken.
:mozilla.9:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\33vlp1rf.default\cookies.txt -> TrackingCookie.Enhance : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@c.enhance[1].txt -> TrackingCookie.Enhance : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@www.epilot[1].txt -> TrackingCookie.Epilot : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@as-eu.falkag[1].txt -> TrackingCookie.Falkag : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@as-us.falkag[1].txt -> TrackingCookie.Falkag : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@findwhat[1].txt -> TrackingCookie.Findwhat : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@c.goclick[2].txt -> TrackingCookie.Goclick : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@hypertracker[2].txt -> TrackingCookie.Hypertracker : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@kmpads[2].txt -> TrackingCookie.Kmpads : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@kmpads[1].txt -> TrackingCookie.Kmpads : No action taken.
C:\WINDOWS\Temp\Cookies\owner@kmpads[1].txt -> TrackingCookie.Kmpads : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@sales.liveperson[2].txt -> TrackingCookie.Liveperson : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@data1.perf.overture[1].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@data2.perf.overture[2].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@data3.perf.overture[1].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@overture[1].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@perf.overture[1].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@ads.pointroll[2].txt -> TrackingCookie.Pointroll : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@qksrv[1].txt -> TrackingCookie.Qksrv : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@questionmarket[1].txt -> TrackingCookie.Questionmarket : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@ads.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@revenue[1].txt -> TrackingCookie.Revenue : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@edge.ru4[2].txt -> TrackingCookie.Ru4 : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@banners.searchingbooth[1].txt -> TrackingCookie.Searchingbooth : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@banners.searchingbooth[1].txt -> TrackingCookie.Searchingbooth : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@searchingbooth[1].txt -> TrackingCookie.Searchingbooth : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@serving-sys[2].txt -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@h.starware[1].txt -> TrackingCookie.Starware : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@try.starware[1].txt -> TrackingCookie.Starware : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@h.starware[2].txt -> TrackingCookie.Starware : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@statcounter[2].txt -> TrackingCookie.Statcounter : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@anad.tacoda[2].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@anat.tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@tacoda[2].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@anad.tacoda[2].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@media.top-banners[1].txt -> TrackingCookie.Top-banners : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@trafficmp[2].txt -> TrackingCookie.Trafficmp : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@ac2.valuead[1].txt -> TrackingCookie.Valuead : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@reduxads.valuead[1].txt -> TrackingCookie.Valuead : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[4].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@zedo[1].txt -> TrackingCookie.Zedo : No action taken.
C:\WINDOWS\unwn.exe -> Trojan.Qoologic : No action taken.
C:\WINDOWS\SYSC00.exe -> Trojan.VB.tg : No action taken.
C:\WINDOWS\uni_eh.exe -> Trojan.VB.tg : No action taken.
C:\WINDOWS\uni_ehhhh.exe -> Trojan.VB.tg : No action taken.
C:\WINDOWS\unin101.exe -> Trojan.VB.tg : No action taken.
C:\WINDOWS\uninst104.exe -> Trojan.VB.tg : No action taken.

Spritex
2006-08-25, 02:03
Okay, as an added note. I'm still in popup hell, sorry for the multi posts - 2000 char rule. I just now noticed I saved the log before I clicked the fix problems button, I can rescan if you want. Sorry :thud:

pskelley
2006-08-31, 12:30
I need to apologize, the notifications that are supposed to let me know when you post failed, and tashi let me know this happened this morning, Once again I am sorry for the software failure.

If you wish to continue the cleanup, you can start with running ewido again and make sure you run it in safe mode. The last time you ran it you choose: No action taken, so nothing happened to the junk ewido found. This time choose to delete everything it locates unless you know it is not bad. When you finish, you may edit out the cookies, I do not need to see them again. After this is done, restart the computer and post the ewido scan results and a new HJT log. I would also like you to look at the instructions for running Alcra PLUS Remover, I can see in that log that stuff it should remove is still there, so there is a very good chance instructions were not followed corrrectly. It would not hurt to run that tool again and this time read and follow the instructions. It is much more difficult to remove the stuff manually and that is what you will have to do if you do not use the removal tool properly. We still have a Qoologic trojan to deal with also.

Thanks

tashi
2006-09-03, 06:16
Still with us Spritex? :)

tashi
2006-09-06, 08:15
This topic has been closed to prevent others with similar issues posting in it.
If you need it re-opened please send me or your helper a private message (pm) and provide a link to the thread.

Applies only to the original topic starter.