cmdService

[Grandterminus]

Grinding!

Tea,

"Hate to do this to me"??? I am very grateful that you are!!! I will crack on this tonight/tomorrow and post everything you've asked. Thanks for the help!resent:

 

[Grandterminus]

Crackalackin!

Alright, did as requested though I could not run updates to ewido before scanning as my POS laptop refuses to get online even though I can ping and tracert etc. I ran ewido in Windows stadard operating mode because I forgot to reboot to safe mode. Thus I have included the 1st scan in standard mode and then the 2nd scan log from when I ran it again in Safe Mode. I have also included the BFU log.

ewido log 1 (standard)

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 12:01:58 PM 9/14/2006

+ Scan result:



C:\WINNT\icont.exe -> Adware.AdURL : No action taken.
C:\System Volume Information\_restore{330F9500-EA78-4C62-843B-78611BFDE72B}\RP453\A0061180.dll -> Adware.CASClient : No action taken.
C:\System Volume Information\_restore{330F9500-EA78-4C62-843B-78611BFDE72B}\RP476\A0069226.exe -> Adware.Suggestor : No action taken.
C:\System Volume Information\_restore{330F9500-EA78-4C62-843B-78611BFDE72B}\RP476\A0069231.exe -> Adware.Suggestor : No action taken.
C:\System Volume Information\_restore{330F9500-EA78-4C62-843B-78611BFDE72B}\RP476\A0069235.exe -> Adware.Suggestor : No action taken.
C:\Limewire\Microsoft Project Professional 2003.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\Microsoft Project Professional 2003.rar/zia02176/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\Microsoft Project Professional 2003.rar/zia04008/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\1 Click Boost v2.4.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\1st SMTP Server 2.8.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\3D Gamestudio A6.22 Professional.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\44 GameLoft Games for Mobile Phones.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\A Breath of Scandal 1960 DVDRip XviD-iMMORTALs.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\AIO Pocket PC Vol2.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\AWinstall v4.3.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Abomination The Nemesis Project.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Acala DVD Ripper v2.3.2.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Acala DVD to Pocket PC Movie v2.3.2.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Acoustica CD DVD Label Maker v2.55.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Actual Window Manager v4.1.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Advanced Encryption Package 2006 4.4.13.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Advanced System Optimizer 2.10.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Advanced Windows Optimizer v.5.1.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Advanced Woman Calendar v1.0.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Aeon Flux DVDRip Xvid.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Aibase-CS v1.184.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Aikido Videoz.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Allok MPEG4 Converter 1.4.2.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Allok Video to MP4 Converter 1.4.2.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Allok Video to PSP Converter 1.7.4.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\AnyDVD v5.6.3.1.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Aplus DVD Copy 3.0.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Apollo DVD Creator 3.3.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Apollo PSP Video Converter v.3.0.2.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Arc DVD Copy v1.3.5.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Ashampoo AudioCD MP3 Studio 3.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Ashampoo Burning Studio 6.20.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Ashampoo Magical Defrag v1.11.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Atani 3.8.9.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Atmosphere Deluxe.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Audio Video To MP3 Maker 3.1.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\AutoRun Design Specialty v5.0.0.6.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Avast Professional Edition 4.7.869 EN.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Avi Divx Wmv Real Mp3 Media Fixer Pro v6.5.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Bandidas DVDScr Xvid.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Barnyard The Original Party Animals 2006 CAM.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\BattleField 2 DVD iSO.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\BearShare Pro 5.2.5.3.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Big Kahuna Reef 2 - Chain Reaction.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Big Mommas House 2 DVDRip Xvid.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Big Oil Build an Oil Empire.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Bitplane Imaris 5.0.1.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Bob Ross - The Joy of Painting Video Collection.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Brother Bear 2 2006 TS Xvid.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Bubbles 1.0.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Bulletproof Public PC v3.3.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\CafeSuite 3.39.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Call of Cthulhu Dark Corners of the Earth.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Canasta 2006.1. 60804.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Caretta GUI Design Studio v2.1.52.0.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Catch 22 - Permanent Revolution (2006).rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Chipscope Pro v8.2i.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Click 2.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\CloneDVD v2.8.9.9.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Close Combat III The Russian Front.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Code Weaver 1.6.4.0.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\CoffeeCup Megapack.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\ColorPilot Slide Show Pilot v1.6.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\CommView Remote Agent v2.0.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Comodo AIO.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\CuteFTP Pro 7.2.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\DOOM DVDRip Xvid.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\DVD Cover Searcher v3.2.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\DVD X Software Powerpack Pro.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\DVD to 3GP Converter.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\DVD to IPOD Ripper 4.38.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\DVD to IPOD Ripper v4.38.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\DVDFab Platinum 2.9.8.1.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\DVDIdle Pro 5.9.8.3.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\DVDIdle Pro v5.9.8.3.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\DVDIdle Pro v5.983.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Dedaulus SC last build.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Deep Freeze v6.00.020.1523.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Deskshare Appz AIO.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Desktop Icon Toy v.1.2.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Dolphins Software Conversions v1.10.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Dr. Dolittle 3 (2006).rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Dr.DivX 2.0.0.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Dual DVD copy Gold 4.09.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\EA Sports NHL 2006 iSO.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Easy CD-DA Extractor Pro v10.0.2.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Ellusionist - GutBuster.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Eltima Serial Port Monitor v3.0.0.101.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Email Programs AIO.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Email Security 2.81.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Encrypt My Information v3.00.263.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Envelope Printer v7.0.060722.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\European Thought And Culture In The 19th Centu.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Evonsoft Advanced Spyware Remover Pro v1.90.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Ewido Security Suite 4.0.0.172c.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\FPS Creator 1 + Model Packs + Video.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.

 

[Grandterminus]

Crackalackin! Pt2

<cont>
ewido log 1 (standard windows mode)

C:\Limewire\_\FTP Now 2.6.45.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Fable The Lost Chapters.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\File Access Scheduler v4.3.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\File and Folder Privacy v2.6.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\FinePrint Pdf Factory Pro 3.00.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\FlashyEffects v1.1.0.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Flatout 2.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Fly DVD Copier v4.3.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Forum Proxy Leecher 1.07.712 Full.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Frankenthumb.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\From Autumn To Ashes - The Fiction We Live.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\From Autumn To Ashes - Too Bad Your Beautiful.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\From Autumn to Ashes - Abandon Your Friends.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\FullShot Enterprise 9.3.0.1.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Game Copy Protections Tools (AIO) 30in1.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Garfield A Tail Of Two Kitties CAM VCD-PreVail.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Global Clipboard 2.1.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Google Earth Pro 3.0.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Grabber 1.4.4b.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Grand Theft Auto San Andreas iSO.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Graphics Converter Pro 6.62.60728.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Graphics Converter Pro For Vector v7.62.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Graphics Converter Pro v6.62.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Guardian II v2.0.6.0.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Gumboy Crazy Adventures v0.934.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Hackers Black Book.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Hard Drive Inspector 1.85.950.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Hard Truck 18 Wheels of Steel.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Hard Truck 18 Wheels of Steel.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\History A Very Short Introduction.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Hitman 3 Contracts.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Hitman Blood Money iSo.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Holy War Holy Peace How Religion Can Bring Pe.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Hoodwinked DVDRip Xvid.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\House Of The Dead 3-RELOADED iSO.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\ISD My Tattoo ID v5.1.3.3.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Ice Age 2 The Meltdown.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\IconCool Editor v5.14.60622.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\IconCool Editor v5.25.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Ill Nino - Confession.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Inca Quest.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Inside Website Logger v2.2.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Install Unattended Enterprise v3.0.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Internet Download Manager 5.04 Build 2.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Irreversible - the cruel.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\IsItUp Network Monitor 5.0.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\JFK Reloaded 1.1.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\John Tucker Must Die (2006).rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\John Tucker Must Die 2006.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Keeping Mum.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Kenan and Kel - Two Heads Are Better than None DVDRip Xvid.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Kingdom Under Fire Gold Edition.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Kingdom of Haven.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Kiss MyImage v1.0.4.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Lady in the Water movie cam.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Latex.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Learning Express How to Study.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Learning Express Just in Time Algebra.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Learning Express Math for the Trades.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\LearningExpress Improve Your Math.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\LimeWire Pro 4.12.4.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Little Man 2006 TS Xvid.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Loan Spread Calculator Pro v4.3.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Local SMTP Relay Server 2.8.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Local SMTP Server Pro 2.8.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Lock My Computer v3.6.260.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Lucky Number Slevin - DVDScr Xvid.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\MOnica bellucci-MALENA.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\MP3 WAV Studio v6.12.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Macromedia AIO.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\MagicISO Maker 5.3.216.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\MarketDelta DTN IQFeed v3.2.1.5.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Master Mind Vol.2 - Self Levitation.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\McAfee AntiVirus 2006.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\McAfee Internet Security Suite 2006 Version 8.0.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Mechwarrior 4 Mercenaries.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Miami Vice TC Xvid-PUKKA.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Mission Impossible 3 TS Xvid-maVen.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Mission Impossible.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Monica Bellucci in Malena DVDRip Xvid.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\MorphBuster 7.1.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\My Buddy Icons v4.62.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\NOD32 v2.51.30.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Nancy Drew Danger by Design.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Nature Illusion Studio v1.30.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\NetCafe Softs (5 in 1).rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Network File Monitor Professional 2.26.7.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Norton Antivirus 2006.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Orchid Medical Spa v6.0.2.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\PC Accelerator 2007 Pro 1.1.16.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\PC Auto Shutdown v2.2.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\PDF Maker Pilot 1.28.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Passware Kit 7.9.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Personal Mail Server Pro 1.7.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Phat Girlz 2006 DVDRip Xvid-FW.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\PhotoMagic v2.0.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Photometrix iWitness v1.2.1.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Picture Doctor v1.5.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Ping Probe v1.1.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Pinnacle Studio 10.5.1 Titanium + Pinnacle Studio 10 Plus.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Pirates of the Caribbean 2 Dead Mans Chest TC Xvid-PUKKA.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Pirates of the Caribbean 2 Dead Mans Chest TC Xvid-PUKK.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Pitfall The Lost Expedition iSO.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Plato DVD Copy v4.51.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Portable DVD2one v2.0.5.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Prey PC RiP.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Privacy Shield.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\ProCAD 2D Designer v2007.0.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\ProShow Producer v2.6.1745.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Proxy Switcher Pro 3.7.3646.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Proxy Switcher Pro v3.7.3647.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Pussycat Dolls - Loosen Up My Buttons (Video).rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Rapidshare Premium Pack 2006.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\RawShooter Premium 2006.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Re-Volt.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Record-Anything v2.92.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Red Orchestra Ostfront 41-45 iSO.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Red Orchestra Ostfront 41-45 iSO.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Relentless Rapidshare Helper Pack 2006.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\SafeCracker.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Saint Paint Studio v12.0.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Save Flash v3.0.0067.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Scarabs Of Pharaoh v1.03.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Security Administrator 10.51.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Serenity (2005).rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Smart Undelete 2.8.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Snappy Fax v3.71.1.1.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\SolSuite 2006 6.8.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Soldner Secret Wars.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Sopranos New Season 6.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Speed DVD Creator v4.0.19.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Speed Video Converter v3.0.19.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Speed Video Converter v3.0.21.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Splinter Cell Pandoras Tomorrow.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Springboard 0.75.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Spy Sniper 3.0.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Spy Sweeper 5.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Spyware Doctor 4.0.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Stronghold iSO.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\TOCA Race Driver 3.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Tactical Ops Assault on Terror.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Talladega Nights VCD CAM-Marakki.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Tally 7.2 Gold.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Tetris Arena 1.3.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\The 40 Year Old Virgin DVDRip.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\The Fast And The Furious Tokyo Drift TS Xvid.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\The Girl Next Door.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\The Movies Stunts And Effects-RELOADED iSO.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\The Night Listener (2006).rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\The Piano Tuner Of Earthquakes 2005 DVDRip XviD-WRD.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\The Pin Up Art of Archie Dickens Volume One.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\The Plan-PLEX iSO.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\The Pledge DVDRip Xvid.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\The Punisher.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\The Quakers in English Society 1655 To 1725.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\The descent.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\The girl next door - Elisha cuthbert.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\The pirates of the caribbean.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Thumbtanic.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Tony Hawks American Wasteland iSO.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Topmpx Software by Virus-24 7.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\TracePlus Winsock 8.10.000.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\UCINET V6.135.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\UberSoldier iSO.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Ulead DVD Movie Factory 5.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\UltraISO Premium Edition v.8.1.2.1625.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Underworld 2 Evolution.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\V for Vendetta.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\VA - Summer Heat 2006.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\VMware Virtual Center 1.3.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\VariCAD 2005 v1.09.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Vietcong 2 iSO.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\WISCO Word Power 2.00.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\WS FTP Professional 2006.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\WWW File Share Pro 5.0.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\WWW File Share Pro v5.0.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Water Illusion Professional v2.80.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Web Gallery Builder v1.3.0.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Web Page Maker 2.3.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Webroot Spy Sweeper 5.0.7.1608.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\WiFi Hopper 1.1.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Win Rar Crystal edition v3.51.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Win XP Pro Corp. July 2006 (100%Working).rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\WinPatrol 10.0.3.0.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\WinRAR 3.60 Corporate Edition no serial+themes.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\WinTools.net Professional 7.7.1.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\WinZip Self-Extractor v3.0.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Windows XP Pro SP2 Full Student Release.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Windows XP SP3 Update (vista Look).rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Windws XP Pro SP3 Unattended (2006).rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Without a Paddle DVDRip Xvid.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\WordHacker Golden Edition v4.1.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Worms 4 Mayhem.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\Worms Fort Under Siege.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\X-Men The Last Stand TC XviD-ASTEROiDS.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\X-NetStat Professional v5.49A.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\X-Setup Pro 8.1.110.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\X-Win32 v8.0.2082.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\XP Codec Pack 2.0.3.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\XoftSpySE 4.29.194.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\YearPlanner v2.4.8.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\dual DVD copy Silver 3.10.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\eDonkey 2000 1.4.5 Pro.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\Limewire\_\n00zn00zn00zn00z.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.



<cont next post>>

 

[Grandterminus]

Crackalackin! Pt3

<cont>

C:\System Volume Information\_restore{330F9500-EA78-4C62-843B-78611BFDE72B}\RP457\A0062465.exe -> Backdoor.IRCBot.dd : No action taken.
C:\t.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\System Volume Information\_restore{330F9500-EA78-4C62-843B-78611BFDE72B}\RP455\A0062245.dll -> Downloader.Agent.agw : No action taken.
C:\WINNT\system32\dmonwv.dll_tobedeleted -> Downloader.Agent.agw : No action taken.
C:\System Volume Information\_restore{330F9500-EA78-4C62-843B-78611BFDE72B}\RP476\A0069245.exe -> Downloader.Qoologic.bj : No action taken.
C:\System Volume Information\_restore{330F9500-EA78-4C62-843B-78611BFDE72B}\RP453\A0059828.exe -> Downloader.Small.ajc : No action taken.
C:\System Volume Information\_restore{330F9500-EA78-4C62-843B-78611BFDE72B}\RP453\A0059829.exe -> Downloader.Small.ajc : No action taken.
C:\Program Files\Messenger\sale.dll -> Downloader.Small.ctp : No action taken.
C:\System Volume Information\_restore{330F9500-EA78-4C62-843B-78611BFDE72B}\RP453\A0060904.exe -> Downloader.TSUpdate.f : No action taken.
C:\System Volume Information\_restore{330F9500-EA78-4C62-843B-78611BFDE72B}\RP453\A0060902.exe -> Downloader.TSUpdate.n : No action taken.
:mozilla.6:C:\Documents and Settings\shawnn\Application Data\Mozilla\Firefox\Profiles\dua68u64.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.7:C:\Documents and Settings\shawnn\Application Data\Mozilla\Firefox\Profiles\dua68u64.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.8:C:\Documents and Settings\shawnn\Application Data\Mozilla\Firefox\Profiles\dua68u64.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.9:C:\Documents and Settings\shawnn\Application Data\Mozilla\Firefox\Profiles\dua68u64.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.23:C:\Documents and Settings\shawnn\Application Data\Mozilla\Firefox\Profiles\dua68u64.default\cookies.txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.24:C:\Documents and Settings\shawnn\Application Data\Mozilla\Firefox\Profiles\dua68u64.default\cookies.txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.25:C:\Documents and Settings\shawnn\Application Data\Mozilla\Firefox\Profiles\dua68u64.default\cookies.txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.26:C:\Documents and Settings\shawnn\Application Data\Mozilla\Firefox\Profiles\dua68u64.default\cookies.txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.27:C:\Documents and Settings\shawnn\Application Data\Mozilla\Firefox\Profiles\dua68u64.default\cookies.txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.28:C:\Documents and Settings\shawnn\Application Data\Mozilla\Firefox\Profiles\dua68u64.default\cookies.txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.29:C:\Documents and Settings\shawnn\Application Data\Mozilla\Firefox\Profiles\dua68u64.default\cookies.txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.50:C:\Documents and Settings\shawnn\Application Data\Mozilla\Firefox\Profiles\dua68u64.default\cookies.txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.51:C:\Documents and Settings\shawnn\Application Data\Mozilla\Firefox\Profiles\dua68u64.default\cookies.txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.52:C:\Documents and Settings\shawnn\Application Data\Mozilla\Firefox\Profiles\dua68u64.default\cookies.txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.53:C:\Documents and Settings\shawnn\Application Data\Mozilla\Firefox\Profiles\dua68u64.default\cookies.txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.54:C:\Documents and Settings\shawnn\Application Data\Mozilla\Firefox\Profiles\dua68u64.default\cookies.txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.55:C:\Documents and Settings\shawnn\Application Data\Mozilla\Firefox\Profiles\dua68u64.default\cookies.txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.56:C:\Documents and Settings\shawnn\Application Data\Mozilla\Firefox\Profiles\dua68u64.default\cookies.txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.49:C:\Documents and Settings\shawnn\Application Data\Mozilla\Firefox\Profiles\dua68u64.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.30:C:\Documents and Settings\shawnn\Application Data\Mozilla\Firefox\Profiles\dua68u64.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.31:C:\Documents and Settings\shawnn\Application Data\Mozilla\Firefox\Profiles\dua68u64.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.32:C:\Documents and Settings\shawnn\Application Data\Mozilla\Firefox\Profiles\dua68u64.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
C:\Documents and Settings\shawnn.THEVARK\Cookies\shawnn@banners.searchingbooth[1].txt -> TrackingCookie.Searchingbooth : No action taken.
C:\Documents and Settings\Administrator\Cookies\administrator@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : No action taken.
C:\System Volume Information\_restore{330F9500-EA78-4C62-843B-78611BFDE72B}\RP476\A0069227.dll -> Trojan.Agent.sx : No action taken.
C:\System Volume Information\_restore{330F9500-EA78-4C62-843B-78611BFDE72B}\RP476\A0069228.exe -> Trojan.Agent.sx : No action taken.
C:\System Volume Information\_restore{330F9500-EA78-4C62-843B-78611BFDE72B}\RP455\A0062244.exe -> Trojan.Qoologic : No action taken.


::Report end

This is the log from the second scan in Safe Mode

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 4:36:30 PM 9/14/2006

+ Scan result:



C:\System Volume Information\_restore{330F9500-EA78-4C62-843B-78611BFDE72B}\RP478\A0069298.exe -> Adware.AdURL : Cleaned with backup (quarantined).
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Adware.Aws : Cleaned with backup (quarantined).
C:\WINNT\system32\iqqr.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{330F9500-EA78-4C62-843B-78611BFDE72B}\RP453\A0060805.exe -> Downloader.Agent.aaf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{330F9500-EA78-4C62-843B-78611BFDE72B}\RP455\A0062241.exe -> Downloader.Agent.aaf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{330F9500-EA78-4C62-843B-78611BFDE72B}\RP453\A0060810.exe -> Downloader.Agent.ala : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{330F9500-EA78-4C62-843B-78611BFDE72B}\RP453\A0060794.exe -> Downloader.Qoologic.at : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{330F9500-EA78-4C62-843B-78611BFDE72B}\RP455\A0062246.dll -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{330F9500-EA78-4C62-843B-78611BFDE72B}\RP456\A0062386.dll -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{330F9500-EA78-4C62-843B-78611BFDE72B}\RP459\A0062576.exe -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\WINNT\pss\pabld.exeCommon Startup -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{330F9500-EA78-4C62-843B-78611BFDE72B}\RP455\A0062242.dll -> Downloader.Small : Cleaned with backup (quarantined).
C:\WINNT\dunq.dll -> Downloader.Small.ajc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{330F9500-EA78-4C62-843B-78611BFDE72B}\RP478\A0069297.dll -> Downloader.Small.ctp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{330F9500-EA78-4C62-843B-78611BFDE72B}\RP453\A0060804.exe -> Downloader.Small.cyh : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{330F9500-EA78-4C62-843B-78611BFDE72B}\RP453\A0060816.exe -> Dropper.Agent.hl : Cleaned with backup (quarantined).


::Report end

BFU v1.00.9
Windows XP SP2 (WinNT 5.01.2600 SP2)
Script started at 4:49:02 PM, on 9/14/2006

Option Unload Explorer: Yes
Failed: DllUnregister C:\WINNT\DH.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\Deskbar\deskbar.dll|1 (file not found)
Failed: DllUnregister \asappsrv.dll|1 (file not found)
Failed: ServiceStop Network Monitor (service not found)
Failed: ServiceStop cmdService (service not found)
Failed: ServiceDisable Network Monitor (service not found)
Failed: ServiceDisable cmdService (service not found)
Failed: ServiceDelete Network Monitor (service not found)
Failed: ServiceDelete cmdService (service not found)
Failed: RegDelValue HKCU\System\CurrentControlSet\Control\Lsa|p2pnetwork (key not found)
Failed: RegDelValue HKCU\SOFTWARE\Microsoft\OLE|p2pnetwork (key not found)
Failed: RegDelValue HKCU\SOFTWARE\Microsoft\OLE|winlog (key not found)
Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations|LowRiskFileTypes (key not found)
Failed: RegDelValue HKCU\Microsoft\Windows\CurrentVersion\policies\Explorer\Run|WinUpdate.exe (key not found)
Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|CU1 (key not found)
Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|CU2 (key not found)
Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|services32 (key not found)
Option pause between commands: 300 ms
Option pause between commands: 50 ms
Failed: FolderDelete C:\Program Files\MsConfigs (folder not found)
Failed: FolderDelete C:\Program Files\winupdates (folder not found)
Failed: FolderDelete C:\Program Files\winupdate (folder not found)
Failed: FolderDelete C:\Program Files\winsupdater (folder not found)
Failed: FolderDelete C:\Program Files\MsUpdate (folder not found)
Failed: FolderDelete C:\Program Files\MsMovies (folder not found)
Failed: FolderDelete C:\Program Files\wmplayer (folder not found)
Failed: FolderDelete C:\Program Files\outlook (folder not found)
Failed: FileDelete C:\Program Files\Common Files\Windows\mc-*-*.exe (operation failed)
Failed: FileDelete C:\Program Files\Common Files\Download\mc-*-*.exe (operation failed)
Failed: FileDelete C:\DOCUME~1\shawnn\LOCALS~1\Temp\Perflib_Perfdata_3e8.dat (operation failed)
Failed: FileDelete C:\DOCUME~1\shawnn\LOCALS~1\Temp\~DF93D.tmp (operation failed)
Failed: FolderDelete C:\Program Files\Maxifiles (folder not found)
Failed: FolderDelete C:\Program Files\DNS (folder not found)
Failed: FolderDelete C:\Program Files\EQAdvice (folder not found)
Failed: FolderDelete C:\Program Files\FCAdvice (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\FreeProd1 (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\FreeProd2 (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\InetGet (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\InetGet2 (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\svchostsys (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\simtest (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\misc001 (folder not found)
Failed: FolderDelete C:\Program Files\InetGet2 (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\VCClient (folder not found)
Failed: FolderDelete C:\Program Files\Network Monitor (folder not found)
Failed: FolderDelete C:\WINNT\inet20001 (folder not found)
Failed: FolderDelete C:\Program Files\Update06 (folder not found)
Failed: FolderDelete C:\Program Files\Update03 (folder not found)
Failed: FolderDelete C:\Program Files\Update04 (folder not found)
Failed: FolderDelete C:\Program Files\Update08 (folder not found)
Failed: FolderDelete C:\Program Files\W-Update (folder not found)
Failed: FolderDelete C:\Program Files\Yazzle Sudoku (folder not found)
Failed: FolderDelete C:\Program Files\Cas (folder not found)
Failed: FolderDelete C:\Program Files\CasStub (folder not found)
Failed: FolderDelete C:\Program Files\Cas2Stub (folder not found)
Failed: FolderDelete C:\Program Files\ipwins (folder not found)
Failed: FolderDelete C:\temp (folder not found)
Failed: FolderDelete C:\WINNT\mdrive (folder not found)
Failed: FolderDelete C:\Program Files\PECarlin (folder not found)
Failed: FolderDelete C:\Program Files\AXVenore (folder not found)
Failed: FolderDelete C:\Program Files\SDVita (folder not found)
Failed: FolderDelete C:\Program Files\EQBranch (folder not found)
Failed: FolderDelete C:\Program Files\EQArticle (folder not found)
Failed: FolderDelete C:\Program Files\PSHope (folder not found)
Failed: FolderDelete C:\Program Files\Batty (folder not found)
Failed: FolderDelete C:\Program Files\Batty2 (folder not found)
Failed: FolderDelete C:\Program Files\AXFibula (folder not found)
Failed: FolderDelete C:\Program Files\CMFibula (folder not found)
Failed: FolderDelete C:\Program Files\PSLister (folder not found)
Failed: FolderDelete C:\Program Files\PSCloner (folder not found)
Failed: FolderDelete C:\Program Files\cmapp (folder not found)
Failed: FolderDelete C:\Program Files\cmman (folder not found)
Failed: FolderDelete C:\Program Files\cmsystem (folder not found)
Failed: FolderDelete C:\Program Files\fcengine (folder not found)
Failed: FolderDelete C:\Program Files\wincmapp (folder not found)
Failed: FolderDelete C:\Program Files\Deskbar\Cache (folder not found)
Failed: FolderDelete C:\Program Files\popupwithcast (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\cloader (folder not found)
Failed: FolderDelete C:\WINNT\system32\crunner (folder not found)
Failed: FolderCreate C:\bintheredunthat (folder already exists)
Failed: FileMove C:\WINNT\win*-*.exe|C:\bintheredunthat (source file not found)
Script completed.

 

[Grandterminus]

Correction

The first Ewido log shows (no action) on everything because ewido locked in process. I ran ewido a second time in standard operating mode and it picked up the same list as above and quarantined/removed everything without a problem. The second log (ran ewido in safe mode) picked up the additional items listed and cleaned them as well.

 

[Grandterminus]

Grrrrr

FYI, After our most recent operations, Tenebril (SpyCatcher) is still showing something called "dollar revenue" from running on my system it references a file c:\WINNT\system32\wshtcpip.dll. I ran a search for the file being referenced and it only pops up in c:\WINNT\$NtServicePackUninstall$ and c:\WINNT\ServicePackFiles\i386 :fear:

 

[teacup61]

Hello,

After seeing that.....do you realize how badly your computer is compromised? All those cracks off of Limewire. Your best, and safest bet, would be to reformat and reinstall. I'll do my best to help you, but I can't promise you it'll ever be really safe again. The damage has been done. It really is best that you can't get online right now, especially if you have any sensitive info (banking, bills, etc.....).

I'll ask that you consider this information, and let me know what you decide you want to do.

Regards,
tea

 

[Grandterminus]

Moving Right Along

You're the volunteer...I'm game if you are. The great irony of all of this is I think I was compromised by downloading ad-aware from Limewire...not because I was having problems with Spyware, but because I thought I needed to have something "just in case". Yeah I didn't even realize I had 5,000 files like that in Limewire. Anyway...if you want a tough one for the record books, I'm yer huckleberry...but if you want to tell me to bugger off, I understand.

Thanks!

 

[teacup61]

Hello,

I'm yer huckleberry

Well then yer a daisy if ya do!

Now being in and from the south, I'd better know where that came from anyway, but I also happen to be reading one of the many books about Mr. John Henry Holliday right now. :

Why were you downloading a protection program from Limewire that's free? Ad Aware is free, unless you insist on having Ad Watch.

Okay, it's been 3 days. We'll kind of start again, using what you already have to see where we are now, and what else they might remove. Please run ComboFix first, then Ewido, then show me a HijackThis log made in normal mode, with everything enabled. Also post the logs from the other two.

Thanks,
tea

 

[Grandterminus]

Heh!

It seemed like a good idea at the time??? I was in market for some rather hard to find items to do with Ai Sora and figured I'd make a run for something to protect against infections and the last time I looked for adaware online I hit about four dummy sites before figuring out which one was right (can never remember who makes it) LAME excuse I know...forgive me it was late and I had left my logic chip in the kitchen.

NEway, I will get on the tasks you have requested and get back with you. THANKS!!!

 

[Grandterminus]

ComboFix

Here is the ComboFix log.

shawnn - 06-09-19 8:40:00.67
ComboFix 06.09.11B - Running from: C:\

Microsoft Windows XP [Version 5.1.2600]

Files Created from 2006-08-19 to 2006-09-19

2006-09-12 00:17 275,806 -a- C:\combofix.exe


(( Find3M Report

2006-09-15 08:29 - d- C:\Program Files\Mozilla Firefox
2006-09-14 16:54 - d- C:\Program Files\ewido anti-spyware 4.0
2006-09-14 16:53 - d- C:\Program Files\BOINC
2006-09-14 13:31 - d- C:\Program Files\Messenger
2006-09-12 00:18 - d- C:\Program Files\Common Files
2006-09-09 04:21 - d- C:\Program Files\HijackThis
2006-08-20 03:42 - d- C:\Documents and Settings\shawnn.THEVARK\Application Data\.gaim
2006-08-20 03:40 - d- C:\Program Files\Gaim
2006-08-15 13:21 - d- C:\Program Files\smartkiller
2006-08-12 16:36 - d- C:\Program Files\Internet Explorer
2006-08-12 08:25 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-08-11 21:01 435 --a------ C:\WINNT\vnvqn.dll
2006-08-11 20:09 1167 --a------ C:\WINNT\system32\jqwd09d3.sys
2006-08-10 00:41 -------- d-------- C:\Program Files\LimeWire
2006-08-10 00:32 -------- d-------- C:\Documents and Settings\shawnn.THEVARK\Application Data\Tenebril
2006-08-10 00:01 -------- d-------- C:\Program Files\Common Files\ummq
2006-08-09 23:52 -------- d-------- C:\Program Files\SpyCatcher 2006
2006-08-09 21:34 -------- d-------- C:\Program Files\Lavasoft
2006-08-09 21:34 -------- d-------- C:\Documents and Settings\shawnn.THEVARK\Application Data\Lavasoft
2006-08-09 16:54 -------- d-------- C:\Program Files\Online Services
2006-08-09 16:54 -------- d-------- C:\Program Files\ComPlus Applications
2006-08-09 16:52 61952 --a------ C:\WINNT\system32\jqwd09d3.dll
2006-08-09 16:48 20480 --a------ C:\WINNT\system32\dr.exe
2006-08-09 16:48 186 --a------ C:\WINNT\system32\n.bat
2006-08-09 16:48 147456 --a------ C:\WINNT\system32\vbzip10.dll
2006-08-09 03:12 -------- d-------- C:\Program Files\mIRC
2006-08-05 16:36 -------- d-------- C:\Documents and Settings\shawnn.THEVARK\Application Data\ArcSoft
2006-08-05 16:34 -------- d-------- C:\Program Files\ArcSoft
2006-08-05 06:08 -------- d-------- C:\Program Files\Canon
2006-08-05 05:47 -------- d-------- C:\Program Files\Common Files\Canon
2006-07-29 00:47 -------- d-------- C:\Documents and Settings\shawnn.THEVARK\Application Data\LimeWire
2006-07-27 07:24 679424 --a------ C:\WINNT\system32\inetcomm.dll
2006-07-27 00:52 -------- d-------- C:\Documents and Settings\shawnn.THEVARK\Application Data\CyberLink
2006-07-23 00:38 -------- d-------- C:\Program Files\Trymedia
2006-07-21 15:41 -------- d-------- C:\Program Files\Java
2006-07-21 02:24 72704 --a------ C:\WINNT\system32\hlink.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINNT\\system32\\ctfmon.exe"
"H/PC Connection Agent"="\"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TabletTip"="\"C:\\Program Files\\Common Files\\microsoft shared\\ink\\tabtip.exe\" /resume"
"HotKeysCmds"="C:\\WINNT\\system32\\hkcmd.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"PRONoMgr.exe"="c:\\Program Files\\Intel\\PROSetWireless\\NCS\\PROSet\\PRONoMgr.exe"
"IgfxTray"="C:\\WINNT\\system32\\igfxtray.exe"
"vptray"="C:\\PROGRA~1\\NavNT\\vptray.exe"
"TabletWizard"="C:\\WINNT\\help\\SplshWrp.exe"
"SpyCatcher Reminder"="\"C:\\Program Files\\SpyCatcher 2006\\SpyCatcher.exe\" reminder"
"SpybotSnD"="\"C:\\Program Files\\Spybot - Search & Destroy\\SpybotSD.exe\" /autocheck /autofix /autoclose"
"!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="C:\\Program Files\\ComPlus Applications\\visenegy.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,e8,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=dword:40000001
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="C:\\Program Files\\Online Services\\saqy.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,ea,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=dword:40000001
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\2]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,00,03,00,00,ec,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=dword:40000004
"OriginalStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,00,03,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,00,03,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Acrobat Assistant.lnk"
"backup"="C:\\WINNT\\pss\\Acrobat Assistant.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Distillr\\AcroTray.exe "
"item"="Acrobat Assistant"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Logitech Desktop Messenger.lnk"
"backup"="C:\\WINNT\\pss\\Logitech Desktop Messenger.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Logitech\\DESKTO~1\\8876480\\Program\\LDMConf.exe /start"
"item"="Logitech Desktop Messenger"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Logitech SetPoint.lnk"
"backup"="C:\\WINNT\\pss\\Logitech SetPoint.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Logitech\\SetPoint\\SetPoint.exe "
"item"="Logitech SetPoint"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^pabld.exe]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\pabld.exe"
"backup"="C:\\WINNT\\pss\\pabld.exeCommon Startup"
"location"="Common Startup"
"command"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\pabld.exe"
"item"="pabld"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^shawnn.THEVARK^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk]
"path"="C:\\Documents and Settings\\shawnn.THEVARK\\Start Menu\\Programs\\Startup\\Microsoft Office OneNote 2003 Quick Launch.lnk"
"backup"="C:\\WINNT\\pss\\Microsoft Office OneNote 2003 Quick Launch.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\MICROS~2\\OFFICE11\\ONENOTEM.EXE /tsr"
"item"="Microsoft Office OneNote 2003 Quick Launch"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^shawnn.THEVARK^Start Menu^Programs^Startup^Sticky Notes.lnk]
"path"="C:\\Documents and Settings\\shawnn.THEVARK\\Start Menu\\Programs\\Startup\\Sticky Notes.lnk"
"backup"="C:\\WINNT\\pss\\Sticky Notes.lnkStartup"
"location"="Startup"
"command"="C:\\WINNT\\system32\\stikynot.exe "
"item"="Sticky Notes"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ACUMon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ACUMon"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Cisco Systems\\Aironet Client Monitor\\ACUMon.Exe\" -a"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\AIM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="aim"
"hkey"="HKCU"
"command"="C:\\PROGRA~1\\AIM\\aim.exe -cnetwait.odl"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\CAS2]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="System"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\System Files\\System.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\defender]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dfndrff_8"
"hkey"="HKLM"
"command"="C:\\\\dfndrff_8.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Eraser]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="eraser"
"hkey"="HKCU"
"command"="C:\\Program Files\\Eraser\\eraser.exe -hide"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Gaim]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="gaim"
"hkey"="HKCU"
"command"="C:\\Program Files\\Gaim\\gaim.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Gateway Ink Monitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GWInkMonitor"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Gateway\\Gateway Ink Monitor\\GWInkMonitor.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\googletalk]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="googletalk"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Google\\Google Talk\\googletalk.exe\" /autostart"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\H/PC Connection Agent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WCESCOMM"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\IgfxTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="igfxtray"
"hkey"="HKLM"
"command"="C:\\WINNT\\System32\\igfxtray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\jqwd09d3]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RUNDLL32"
"hkey"="HKLM"
"command"="RUNDLL32.EXE w2ec5443.dll,n 002d09d1000000032ec5443"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\k6mmN5IOU]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="wfxqhv"
"hkey"="HKLM"
"command"="\"C:\\WINNT\\system32\\wfxqhv.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\LDM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LogitechDesktopMessenger"
"hkey"="HKCU"
"command"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Logitech Hardware Abstraction Layer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="KHALMNPR"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Logitech\\KhalShared\\KHALMNPR.EXE\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MediaLifeService]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MediaLifeService"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Logitech\\MediaLife\\MediaLifeService.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MimBoot]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mimboot"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\MUSICM~1\\MUSICM~1\\mimboot.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\mmtask]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mmtask"
"hkey"="HKLM"
"command"="c:\\Program Files\\MusicMatch\\MusicMatch Jukebox\\mmtask.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NAV CfgWiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CfgWiz"
"hkey"="HKLM"
"command"="c:\\Program Files\\Common Files\\Symantec Shared\\CfgWiz.exe /GUID NAV /CMDLINE \"REBOOT\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINNT\\System32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\newname]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwnmff_8"
"hkey"="HKLM"
"command"="C:\\\\nwnmff_8.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\RemoteControl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDVDServ"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\sgbdx]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="wspkww"
"hkey"="HKCU"
"command"="C:\\WINNT\\system32\\wspkww.exe reg_run"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SpyCatcher Reminder]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SpyCatcher"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\SpyCatcher 2006\\SpyCatcher.exe\" reminder"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_03\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\TabletWizard]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SplshWrp"
"hkey"="HKLM"
"command"="C:\\WINNT\\help\\SplshWrp.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ViewMgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ViewMgr"
"hkey"="HKLM"
"command"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\wcmdmgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="wcmdmgrl"
"hkey"="HKLM"
"command"="C:\\WINNT\\wt\\updater\\wcmdmgrl.exe -launch"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\wktcwv]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="wspkww"
"hkey"="HKLM"
"command"="C:\\WINNT\\system32\\wspkww.exe reg_run"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ypager"
"hkey"="HKCU"
"command"="C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe -quiet"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\services]
"PrismXL"=dword:00000002
"VSS"=dword:00000003
"LBTServ"=dword:00000002


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Completion time: Tue 09/19/2006 8:42:09.40
ComboFix.txt
ComboFix2.txt

 

[Grandterminus]

Ewido Log

Looks like we are making progress

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:15:38 AM 9/19/2006

+ Scan result:



C:\System Volume Information\_restore{330F9500-EA78-4C62-843B-78611BFDE72B}\RP479\A0069305.dll -> Adware.Aws : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{330F9500-EA78-4C62-843B-78611BFDE72B}\RP479\A0069306.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{330F9500-EA78-4C62-843B-78611BFDE72B}\RP479\A0069304.dll -> Downloader.Small.ajc : Cleaned with backup (quarantined).


::Report end

 

[Grandterminus]

HiJackThis!

:spider: Our latest log...


Logfile of HijackThis v1.99.1
Scan saved at 10:23:37 AM, on 9/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\S24EvMon.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\cisvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\System32\RegSrvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\WINNT\system32\hkcmd.exe
C:\WINNT\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINNT\system32\igfxtray.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINNT\system32\cidaemon.exe
C:\WINNT\system32\mmc.exe
C:\Program Files\SpyCatcher 2006\SpyCatcher.exe
C:\WINNT\system32\cidaemon.exe
C:\WINNT\system32\NOTEPAD.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aimhome.netscape.com/aimhome.adp
O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NavNT\vptray.exe
O4 - HKLM\..\Run: [TabletWizard] C:\WINNT\help\SplshWrp.exe
O4 - HKLM\..\Run: [SpyCatcher Reminder] "C:\Program Files\SpyCatcher 2006\SpyCatcher.exe" reminder
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autofix /autoclose
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
O4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher 2006\Scheduler daemon.exe
O4 - Global Startup: SpyCatcher Protector.lnk = C:\Program Files\SpyCatcher 2006\Protector.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/profiler/PCPitStop.CAB
O16 - DPF: {42780420-E62F-490A-82FC-D626BE90B302} (ASAP! Session Class) - http://192.168.1.10/AntiSpamGateway/Cabs/Mapicom.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1147378105417
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - http://www.jaffets.com/msrdp.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://192.168.1.202/activex/AxisCamControl.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - https://livewc03.custhelp.com/7520-b289h-turbotax/rnl/java/RntX.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = thevark.com
O17 - HKLM\Software\..\Telephony: DomainName = thevark.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = thevark.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = thevark.com
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: Interceptor.dll
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINNT\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINNT\System32\S24EvMon.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe

 

[teacup61]

Hello,

Please download Qoofix by RubbeR DuckY from http://www.malwarebytes.org/Qoofix.zip

1. Unzip all files to a convenient location such as C:\Qoofix.
2. Go to the folder you unzipped all files and run Qoofix.exe.
3. Click Begin Removal and wait for the scan to finish.
4. If an infection has been found, select yes to restart your computer.

Navigate to and delete the following files, if present:

C:\\Program Files\\Online Services\\saqy.html
C:\\Program Files\\ComPlus Applications\\visenegy.html
C:\\\\dfndrff_8.exe
C:\\WINNT\\system32\\wfxqhv.exe
C:\\\\nwnmff_8.exe
C:\\WINNT\\system32\\wspkww.exe
C:\\Program Files\\System Files\\System.exe

Search for this file and delete it : w2ec5443.dll

Go to start -> control panel -> Display properties -> Desktop -> Customize Desktop... -> Web tab, then uncheck and delete everything you find in there (except for "My current home page"),

Also remove the checkmark from the the Lock Desktop Items box if it is checked.
Apply.
Apply and Exit Display properties.

I see this in there as well. C:\\Program Files\\Java\\jre1.5.0_03\\bin\\jusched.exe
Is this the newest version you have installed? If it is, then I want you to look in Add/Remove Programs and UNinstall ALL the older versions. Those are not helping by lurking around in your computer, and they need to go.

* Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

• Doubleclick the drweb-cureit.exe file and Allow to run the express scan
• This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
• Once the short scan has finished, mark the drives that you want to scan.
• Select all drives. A red dot shows which drives have been chosen.
• Click the green arrow at the right, and the scan will start.
• Click 'Yes to all' if it asks if you want to cure/move the file.
• When the scan has finished, look if you can click next icon next to the files found:
  
• If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
  
  
  
  This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
• After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
• Save the report to your desktop. The report will be called DrWeb.csv
• Close Dr.Web Cureit.
• Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
• After reboot, post the contents of the log from Dr.Web you saved previously,the contents of the Qoofix logfile, along with a new HijackThis log in your next reply.

How is it running now?

Thanks,
tea

 

[Grandterminus]

Rollin rollin rollin....

Get them doggies rollin...I can't believe I was usin' Norton RAWHIDE!!! The Dr. Web app found a bunch of junk. I'm impressed. However, right after reboot I got two notices from SpyCatcher telling me spyware was afoot. "pautoenr.dll located at C:\WINNT\system32\pautoenr.dll" and "dollar revenue located at C:\WINNT\system32\wshtcpip.dll.

Dr. Web Report
prompt[1].htm;C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\CIOCRVI3;Trojan.Isbar.83;Deleted.;
RegUBP2b-shawnn.reg;C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots;Trojan.StartPage.1505;Deleted.;
WxBug.EXE;C:\Program Files\AIM\Sysfiles;Adware.Aws;Incurable.Moved.;
mirc.exe;C:\Program Files\mIRC;Program.mIRC.617;Incurable.Moved.;
A0060806.exe;C:\System Volume Information\_restore{330F9500-EA78-4C62-843B-78611BFDE72B}\RP453;Adware.DollarRevenue;Incurable.Moved.;
A0060807.exe;C:\System Volume Information\_restore{330F9500-EA78-4C62-843B-78611BFDE72B}\RP453;Adware.DollarRevenue;Incurable.Moved.;
A0060808.exe;C:\System Volume Information\_restore{330F9500-EA78-4C62-843B-78611BFDE72B}\RP453;Adware.DollarRevenue;Incurable.Moved.;
A0060809.exe;C:\System Volume Information\_restore{330F9500-EA78-4C62-843B-78611BFDE72B}\RP453;Adware.DollarRevenue;Incurable.Moved.;
A0060811.exe;C:\System Volume Information\_restore{330F9500-EA78-4C62-843B-78611BFDE72B}\RP453;Adware.SaveNow;Incurable.Moved.;
A0060813.exe;C:\System Volume Information\_restore{330F9500-EA78-4C62-843B-78611BFDE72B}\RP453;Trojan.DownLoader.11969;Deleted.;
A0060817.exe;C:\System Volume Information\_restore{330F9500-EA78-4C62-843B-78611BFDE72B}\RP453;Adware.DollarRevenue;Incurable.Moved.;
A0060838.exe;C:\System Volume Information\_restore{330F9500-EA78-4C62-843B-78611BFDE72B}\RP453;Adware.SearchAid;Incurable.Moved.;
A0060839.exe\data001;C:\System Volume Information\_restore{330F9500-EA78-4C62-843B-78611BFDE72B}\RP453\A0060839.exe;Adware.SearchAid;;
A0060839.exe\data003;C:\System Volume Information\_restore{330F9500-EA78-4C62-843B-78611BFDE72B}\RP453\A0060839.exe;Adware.SearchAid;;
A0060839.exe;C:\System Volume Information\_restore{330F9500-EA78-4C62-843B-78611BFDE72B}\RP453;Archive contains infected objects;Moved.;
A0060903.exe;C:\System Volume Information\_restore{330F9500-EA78-4C62-843B-78611BFDE72B}\RP453;Trojan.DownLoader.11355;Deleted.;
A0061181.exe;C:\System Volume Information\_restore{330F9500-EA78-4C62-843B-78611BFDE72B}\RP453;Adware.Consumeralert;Incurable.Moved.;
A0061196.exe;C:\System Volume Information\_restore{330F9500-EA78-4C62-843B-78611BFDE72B}\RP453;Trojan.DownLoader.11354;Deleted.;
A0062267.exe;C:\System Volume Information\_restore{330F9500-EA78-4C62-843B-78611BFDE72B}\RP455;Probably DLOADER.Trojan;Incurable.Moved.;
A0062307.exe;C:\System Volume Information\_restore{330F9500-EA78-4C62-843B-78611BFDE72B}\RP455;Probably DLOADER.Trojan;Incurable.Moved.;
A0064749.reg;C:\System Volume Information\_restore{330F9500-EA78-4C62-843B-78611BFDE72B}\RP467;Trojan.StartPage.1505;Deleted.;
A0069224.exe;C:\System Volume Information\_restore{330F9500-EA78-4C62-843B-78611BFDE72B}\RP476;Trojan.Click.1360;Deleted.;
A0069225.exe;C:\System Volume Information\_restore{330F9500-EA78-4C62-843B-78611BFDE72B}\RP476;Adware.SearchAid;Incurable.Moved.;
A0069230.exe\data001;C:\System Volume Information\_restore{330F9500-EA78-4C62-843B-78611BFDE72B}\RP476\A0069230.exe;Adware.Yavak;;
A0069230.exe\data002;C:\System Volume Information\_restore{330F9500-EA78-4C62-843B-78611BFDE72B}\RP476\A0069230.exe;Adware.Yavak;;
A0069230.exe;C:\System Volume Information\_restore{330F9500-EA78-4C62-843B-78611BFDE72B}\RP476;Archive contains infected objects;Moved.;
A0069233.exe;C:\System Volume Information\_restore{330F9500-EA78-4C62-843B-78611BFDE72B}\RP476;Adware.SearchAid;Incurable.Moved.;
A0069237.exe;C:\System Volume Information\_restore{330F9500-EA78-4C62-843B-78611BFDE72B}\RP476;Trojan.DownLoader.11989;Deleted.;
A0069307.dll;C:\System Volume Information\_restore{330F9500-EA78-4C62-843B-78611BFDE72B}\RP479;Adware.Yavak;Incurable.Moved.;
A0070426.reg;C:\System Volume Information\_restore{330F9500-EA78-4C62-843B-78611BFDE72B}\RP485;Trojan.StartPage.1505;Deleted.;
dr.exe;C:\WINNT\system32;Adware.DollarRevenue;Incurable.Moved.;

 

[Grandterminus]

Rollin rollin rollin....2

HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 9:07:35 AM, on 9/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\S24EvMon.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\cisvc.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\System32\RegSrvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\WINNT\system32\hkcmd.exe
C:\WINNT\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINNT\system32\igfxtray.exe
C:\PROGRA~1\NavNT\vptray.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINNT\system32\userinit.exe
C:\WINNT\system32\cidaemon.exe
C:\WINNT\system32\cidaemon.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aimhome.netscape.com/aimhome.adp
O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NavNT\vptray.exe
O4 - HKLM\..\Run: [TabletWizard] C:\WINNT\help\SplshWrp.exe
O4 - HKLM\..\Run: [SpyCatcher Reminder] "C:\Program Files\SpyCatcher 2006\SpyCatcher.exe" reminder
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autofix /autoclose
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
O4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher 2006\Scheduler daemon.exe
O4 - Global Startup: SpyCatcher Protector.lnk = C:\Program Files\SpyCatcher 2006\Protector.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/profiler/PCPitStop.CAB
O16 - DPF: {42780420-E62F-490A-82FC-D626BE90B302} (ASAP! Session Class) - http://192.168.1.10/AntiSpamGateway/Cabs/Mapicom.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1147378105417
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - http://www.jaffets.com/msrdp.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://192.168.1.202/activex/AxisCamControl.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - https://livewc03.custhelp.com/7520-b289h-turbotax/rnl/java/RntX.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = thevark.com
O17 - HKLM\Software\..\Telephony: DomainName = thevark.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = thevark.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = thevark.com
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: Interceptor.dll
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINNT\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINNT\System32\S24EvMon.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe

QooFix

Qoofix v1.03 by http://www.malwarebytes.org
Scan started on [9/20/2006] at [1:43:36 PM]
-------------------------------------------------------------
No malicious modules found!
-------------------------------------------------------------
No Qoologic infected files found!
-------------------------------------------------------------
Scan COMPLETED SUCCESSFULLY on [9/20/2006] at [1:44:27 PM]

Note: Some registry keys may have been removed.

 

[teacup61]

Hello,

Still can't get online? This file C:\WINNT\system32\wshtcpip.dll is bothering me. It's actually a legit file, but showing you that it's infected? I sure would like to have it uploaded and scanned. That may be your problem here, but if you can't get online I cannot know.

Let me know if there's any luck in that department. If not, I'll figure something out.

Thanks,
tea

 

[Grandterminus]

Thought

I can certainly try copying it off to another PC and scanning it. Course that might have some inherent infection risks, but I'm game. I'm in this for the long run! :bigthumb:

 

[teacup61]

The only way I see that happening is if you're on a network and can share.

 

[Grandterminus]

Hmmm

Well, I'm gonna try copying it anyhow!!!!! Wish me luck! : Oh wait...where do I go to get a scan on the files you want scanned? URL?